-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins ver. 2.121.3 Standalone install
Subversion Plug-in 2.11.1
-
-
2.12.0
After upgrading sshd on subversion server, jenkins subversion plugin stopped working. The problem is that the jenkins subversion plugin has no longer compatible ciphers to negotiate with server.
Subversion plugin bundles trilead-ssh2-1.0.0-build221.jar and this is used when communicating with the svn+ssh protocol.
Other plugins have had the same issues and therefore Jenkins core is patched with a version of the lib called trilead-ssh2-build-217-jenkins-11.jar. Since subversion plugin bundles its own that outdated version is used.
Here is a obfuscated stack trace that proves above (notice the KexManager:413 row in the latest jenkins core one it should have been KexManager:408):
ERROR: Failed to update svn+ssh://[host]/[path]ERROR: Failed to update svn+ssh://[host]/[path]org.tmatesoft.svn.core.SVNException: svn: E210002: There was a problem while connecting to [host] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51) at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:145) at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.open(SVNConnection.java:77) at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1273) at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:99) at org.tmatesoft.svn.core.io.SVNRepository.getRepositoryUUID(SVNRepository.java:283) at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.createRepository(SvnRepositoryAccess.java:110) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepository(SvnNgRepositoryAccess.java:210) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.updateInternal(SvnNgAbstractUpdate.java:194) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.update(SvnNgAbstractUpdate.java:111) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:38) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:18) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20) at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21) at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1235) at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:311) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:291) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:387) at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:158) at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162) at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:996) at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972) at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948) at hudson.FilePath.act(FilePath.java:990) at hudson.FilePath.act(FilePath.java:968) at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897) at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833) at hudson.scm.SCM.checkout(SCM.java:485) at hudson.model.AbstractProject.checkout(AbstractProject.java:1269) at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607) at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529) at hudson.model.Run.execute(Run.java:1738) at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:531) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:410)Caused by: java.io.IOException: There was a problem while connecting to [host] at com.trilead.ssh2.Connection.connect(Connection.java:817) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openConnection(SshHost.java:225) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openSession(SshHost.java:153) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshSessionPool.openSession(SshSessionPool.java:85) at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:122) ... 35 moreCaused by: java.io.IOException: Key exchange was not finished, connection is closed. at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:92) at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:231) at com.trilead.ssh2.Connection.connect(Connection.java:769) ... 39 moreCaused by: java.io.IOException: Cannot negotiate, proposals do not match. at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:413) at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:765) at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:480) at java.lang.Thread.run(Thread.java:745)ERROR: Subversion update failedjava.io.IOException at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:212) at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162) at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:996) at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972) at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948) at hudson.FilePath.act(FilePath.java:990) at hudson.FilePath.act(FilePath.java:968) at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897) at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833) at hudson.scm.SCM.checkout(SCM.java:485) at hudson.model.AbstractProject.checkout(AbstractProject.java:1269) at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:607) at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529) at hudson.model.Run.execute(Run.java:1738) at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:531) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:410)Caused by: hudson.scm.subversion.UpdaterException: failed to perform svn update ... 18 moreCaused by: org.tmatesoft.svn.core.SVNException: svn: E210002: There was a problem while connecting to [host] at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:64) at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51) at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:145) at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.open(SVNConnection.java:77) at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1273) at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:99) at org.tmatesoft.svn.core.io.SVNRepository.getRepositoryUUID(SVNRepository.java:283) at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.createRepository(SvnRepositoryAccess.java:110) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepository(SvnNgRepositoryAccess.java:210) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.updateInternal(SvnNgAbstractUpdate.java:194) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.update(SvnNgAbstractUpdate.java:111) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:38) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgUpdate.run(SvnNgUpdate.java:18) at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20) at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21) at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1235) at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:311) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:291) at org.tmatesoft.svn.core.wc.SVNUpdateClient.doUpdate(SVNUpdateClient.java:387) at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:158) ... 17 moreCaused by: java.io.IOException: There was a problem while connecting to [host] at com.trilead.ssh2.Connection.connect(Connection.java:817) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openConnection(SshHost.java:225) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshHost.openSession(SshHost.java:153) at org.tmatesoft.svn.core.internal.io.svn.ssh.SshSessionPool.openSession(SshSessionPool.java:85) at org.tmatesoft.svn.core.internal.io.svn.SVNSSHConnector.open(SVNSSHConnector.java:122) ... 35 moreCaused by: java.io.IOException: Key exchange was not finished, connection is closed. at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:92) at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:231) at com.trilead.ssh2.Connection.connect(Connection.java:769) ... 39 moreCaused by: java.io.IOException: Cannot negotiate, proposals do not match. at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:413) at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:765) at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:480) at java.lang.Thread.run(Thread.java:745)
We have found a workaround to manual patch the subversion plugin, but this will obviously break next subversion plugin update.
(to manually patch: remove subversion plugin dependency from cmdline and copy latest patched version there instead)
Alternatively if you don't have strong sec requirements and a path forward you could reenable the weak algos. Not recommended.
Steps to reproduce:
You need a subversion server with svn+ssh protocol. The sshd needs to be patched and not allow algorithms and cipher generally considered weak. We had to manually rewrite logging on trilead to understand which algo caused our problems since the client used several outdated algos.
- links to