Bug#675080: marked as done (openssh: Possible switch to libbsd?)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 2 Apr 2017 02:20:37 +0100
with message-id <20170402012037.GA7613@riva.ucam.org>
and subject line Re: Bug#675080: openssh: Possible switch to libbsd?
has caused the Debian Bug report #675080,
regarding openssh: Possible switch to libbsd?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
675080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675080
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: openssh: Possible switch to libbsd?
• From: Guillem Jover <guillem@debian.org>
• Date: Tue, 29 May 2012 21:00:56 +0200
• Message-id: <20120529190056.GA24075@gaara.hadrons.org>

Source: openssh
Source-Version: 1:6.0p1-1
Severity: wishlist

Hi!

OpenSSH contains an embedded BSD compat layer under openbsd-compat/,
most of the stuff used by OpenSSH on GNU systems is now provided by
libbsd (I've been adding stuff after checking users like OpenSSH).

Before starting to work on a patch, which should mostly involve the
build system, I was wondering if you'd be interested in it, given
possible security implications? Regarding new dependencies, I don't
think that'd be a problem as openssh-client uses libedit which in
turn uses libbsd already.

After a quick look on the latest version I can see that at least the
following could be switched over to libbsd:

  bsd-arc4random.c bsd-closefrom.c bsd-getpeereid.c readpassphrase.c
  strlcat.c strlcpy.c getopt.c vis.c strmode.c strtonum.c sys-queue.h
  sys-tree.h

And I'm always interested in adding new BSD compat stuff to libbsd,
in case it's missing there.

thanks,
guillem

--- End Message ---

--- Begin Message ---

• To: 675080-close@bugs.debian.org
• Subject: Re: Bug#675080: openssh: Possible switch to libbsd?
• From: Colin Watson <cjwatson@debian.org>
• Date: Sun, 2 Apr 2017 02:20:37 +0100
• Message-id: <20170402012037.GA7613@riva.ucam.org>
• In-reply-to: <20120529222304.GA3430@riva.dynamic.greenend.org.uk>
• References: <20120529190056.GA24075@gaara.hadrons.org> <20120529222304.GA3430@riva.dynamic.greenend.org.uk>

Control: tag -1 wontfix

On Tue, May 29, 2012 at 11:23:04PM +0100, Colin Watson wrote:
> On Tue, May 29, 2012 at 09:00:56PM +0200, Guillem Jover wrote:
> > OpenSSH contains an embedded BSD compat layer under openbsd-compat/,
> > most of the stuff used by OpenSSH on GNU systems is now provided by
> > libbsd (I've been adding stuff after checking users like OpenSSH).
> > 
> > Before starting to work on a patch, which should mostly involve the
> > build system, I was wondering if you'd be interested in it, given
> > possible security implications?
> 
> Making that stuff diverge from OpenSSH upstream scares me, quite
> honestly.  What if they make a security-critical change in
> openbsd-compat/ that you don't notice and sync into libbsd in time?
> 
> If you're going to do this, I think you should send it upstream as an
> option that *they* explicitly support, and that way they've bought into
> the notion that whatever they do needs to be in libbsd too.

For this reason, I don't intend to accept any change along those lines
as a Debian patch.  If it's needed, it needs to go upstream first, and
in that case I'll certainly switch on the necessary build-dependencies
and such - but to be honest I think a lot of that code is tightly-enough
integrated with OpenSSH that upstream would be justified in saying that
they'd rather keep tight control of it.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---