Ubuntu
openssh package

Merge ~athos-ribeiro/ubuntu/+source/openssh:lp1903516-timeout-impish into ubuntu/+source/openssh:ubuntu/impish-devel

  1. Git
  2. lp:~athos-ribeiro/ubuntu/+source/openssh
  3. lp1903516-timeout-impish
  4. Merge into ubuntu/impish-devel
Proposed by Athos Ribeiro
Status: Merged
Merged at revision: a86456014bf66d0c597cb2351855d7a0635525fe
Proposed branch: ~athos-ribeiro/ubuntu/+source/openssh:lp1903516-timeout-impish
Merge into: ubuntu/+source/openssh:ubuntu/impish-devel
Diff against target: 62 lines (+40/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-connect-timeout-overflow.patch (+32/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server Pending
Review via email: mp+417971@code.launchpad.net

Description of the change

This is an SRU proposal for LP: #1903516 for impish. Due to its size and relevance, the idea is to stage the SRU.

A PPA with the proposed changes is available at

https://launchpad.net/~athos-ribeiro/+archive/ubuntu/openssh-lp1903516-timeout/+packages

I ran the autopkgtest suite locally, here is the result summary:

autopkgtest [14:01:54]: @@@@@@@@@@@@@@@@@@@@ summary
regress PASS

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'll take a look at this one.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

LGTM.

Patch is trivial and does indeed fix the bug. I also agree with staging this SRU. The SRU template looks great; kudos for the perl magic to make the test generic :-).

+1

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Uploaded:

$ dput openssh_8.4p1-6ubuntu2.2_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openssh/openssh_8.4p1-6ubuntu2.2_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openssh/openssh_8.4p1-6ubuntu2.2.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openssh_8.4p1-6ubuntu2.2.dsc: done.
  Uploading openssh_8.4p1-6ubuntu2.2.debian.tar.xz: done.
  Uploading openssh_8.4p1-6ubuntu2.2_source.buildinfo: done.
  Uploading openssh_8.4p1-6ubuntu2.2_source.changes: done.
Successfully uploaded packages.

Feel free to tag the bug as block-proposed-impish to stage the upload.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 858e1a7..036593f 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+openssh (1:8.4p1-6ubuntu2.2) impish; urgency=medium
7+
8+ * d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
9+ (LP: #1903516)
10+
11+ -- Athos Ribeiro <athos.ribeiro@canonical.com> Wed, 30 Mar 2022 09:40:10 -0300
12+
13 openssh (1:8.4p1-6ubuntu2.1) impish; urgency=medium
14
15 * d/p/match-host-certs-w-public-keys.patch: Add patch
16diff --git a/debian/patches/fix-connect-timeout-overflow.patch b/debian/patches/fix-connect-timeout-overflow.patch
17new file mode 100644
18index 0000000..2a761e9
19--- /dev/null
20+++ b/debian/patches/fix-connect-timeout-overflow.patch
21@@ -0,0 +1,32 @@
22+From 819b44e8b9af6ce18d3ec7505b9f461bf7991a1f Mon Sep 17 00:00:00 2001
23+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
24+Date: Thu, 12 Nov 2020 22:38:57 +0000
25+Subject: [PATCH] upstream: Prevent integer overflow when ridiculously large
26+
27+ConnectTimeout is specified, capping the effective value (for most platforms)
28+at 24 days. bz#3229, ok djm@
29+
30+OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
31+
32+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3229
33+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1903516
34+Origin: upstream, http://anongit.mindrot.org/openssh.git/commit/?id=819b44e8b9af6ce18d3ec7505b9f461bf7991a1f
35+Last-Update: 2022-03-30
36+---
37+ ssh.c | 7 +++++--
38+ 1 file changed, 5 insertions(+), 2 deletions(-)
39+
40+--- a/ssh.c
41++++ b/ssh.c
42+@@ -1540,7 +1540,10 @@
43+ cleanup_exit(255); /* resolve_host logs the error */
44+ }
45+
46+- timeout_ms = options.connection_timeout * 1000;
47++ if (options.connection_timeout >= INT_MAX/1000)
48++ timeout_ms = INT_MAX;
49++ else
50++ timeout_ms = options.connection_timeout * 1000;
51+
52+ /* Open a connection to the remote host. */
53+ if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port,
54diff --git a/debian/patches/series b/debian/patches/series
55index 59b8e4b..892a191 100644
56--- a/debian/patches/series
57+++ b/debian/patches/series
58@@ -31,3 +31,4 @@ ssh-agent-double-free.patch
59 1bb130ed34721d46452529d094d9bbf045607d79.patch
60 regress-includes.patch
61 match-host-certs-w-public-keys.patch
62+fix-connect-timeout-overflow.patch

Subscribers

People subscribed via source and target branches