Bug#1007950: bullseye-pu: package tinyssh/20190101-1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
After upgrade openssh client from 8.8 to 8.9 rejects tinyssh
connections.
[ Reason ]
Tinyssh has very strict packet_length checking and when
client doesn't horor max. packet lenght, closes the connection.
[ Impact ]
Using new openss client 8.9 stoped tinyssh working,
rejects all connections.
[ Tests ]
The bug was catched by autopkgtest e.g. here:
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/t/tinyssh/20220226_180547_e244f@/log.gz
And can be triggered manually using 2 versions openssh:
~~~
openssh-8.8p1# ./ssh test@127.0.0.1 "cat >/tmp/testfile2" < /tmp/testfile1 && echo OK || echo BAD
OK
openssh-8.9p1# ./ssh test@127.0.0.1 "cat >/tmp/testfile2" < /tmp/testfile1 && echo OK || echo BAD
client_loop: send disconnect: Broken pipe
BAD
~~~
After fix:
~~~
openssh-8.9p1# ./ssh test@127.0.0.1 "cat >/tmp/testfile2" < /tmp/testfile1 && echo OK || echo BAD
OK
~~~
[ Risks ]
Patch is trivial.
And already applied in ubuntu: http://launchpadlibrarian.net/590133636/tinyssh_20190101-1build1_20190101-1ubuntu1.diff.gz
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
diff -Nru tinyssh-20190101/debian/changelog tinyssh-20190101/debian/changelog
--- tinyssh-20190101/debian/changelog 2019-01-02 06:01:58.000000000 +0100
+++ tinyssh-20190101/debian/changelog 2022-03-19 08:28:29.000000000 +0100
@@ -1,3 +1,10 @@
+tinyssh (20190101-1+deb11u1) bullseye; urgency=medium
+
+ * Workaround for incoming packets that doesn't honor
+ the max. packet length (Closes: 1006801)
+
+ -- Jan Mojžíš <jan.mojzis@gmail.com> Sat, 19 Mar 2022 08:28:29 +0100
+
tinyssh (20190101-1) unstable; urgency=medium
* d/tests - added 03exitcodes test, it creates ssh connection, exits
diff -Nru tinyssh-20190101/debian/patches/series tinyssh-20190101/debian/patches/series
--- tinyssh-20190101/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ tinyssh-20190101/debian/patches/series 2022-03-19 08:28:29.000000000 +0100
@@ -0,0 +1 @@
+workaround-1006801-packet-length.patch
diff -Nru tinyssh-20190101/debian/patches/workaround-1006801-packet-length.patch tinyssh-20190101/debian/patches/workaround-1006801-packet-length.patch
--- tinyssh-20190101/debian/patches/workaround-1006801-packet-length.patch 1970-01-01 01:00:00.000000000 +0100
+++ tinyssh-20190101/debian/patches/workaround-1006801-packet-length.patch 2022-03-19 08:28:29.000000000 +0100
@@ -0,0 +1,24 @@
+From: Jan Mojzis <jan.mojzis@gmail.com>
+Date: Sat, 19 Mar 2022 08:36:48 +0100
+Origin: https://github.com/janmojzis/tinyssh/commit/0613ae9ef2fbac88522c8312456fb64d14020597
+Subject: Workaround for incoming packets that doesn't honor
+ the max. packet length
+
+Index: tinyssh-20190101/tinyssh/packet_channel_open.c
+===================================================================
+--- tinyssh-20190101.orig/tinyssh/packet_channel_open.c
++++ tinyssh-20190101/tinyssh/packet_channel_open.c
+@@ -49,7 +49,12 @@ int packet_channel_open(struct buf *b1,
+ buf_putnum32(b2, id); /* uint32 recipient channel */
+ buf_putnum32(b2, id); /* uint32 sender channel */
+ buf_putnum32(b2, localwindow); /* uint32 initial window size */
+- buf_putnum32(b2, PACKET_LIMIT); /* uint32 maximum packet size */
++ /*
++ XXX
++ use PACKET_LIMIT/2 as maximum packet size,
++ workaround for miscalculated packet_length
++ */
++ buf_putnum32(b2, PACKET_LIMIT / 2); /* uint32 maximum packet size */
+ packet_put(b2);
+ buf_purge(b2);
+ return 1;
Reply to: