-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d33a9b8
commit a3d10b7
Showing
3 changed files
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,10 @@ | ||
| openssh (1:9.7p1-4deepin2) unstable; urgency=medium | ||
|
|
||
| * SECURITY: Race condition in sshd. | ||
| https://www.mail-archive.com/[email protected]/msg00233.html | ||
|
|
||
| -- Tianyu Chen <[email protected]> Mon, 01 Jul 2024 16:25:58 +0800 | ||
|
|
||
| openssh (1:9.7p1-4deepin1) unstable; urgency=medium | ||
|
|
||
| * Refresh and re-apply deepin patches: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
debian/patches/upstream-when-sending-ObscureKeystrokeTiming-chaff-p.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| Subject: [PATCH] upstream: when sending ObscureKeystrokeTiming chaff packets, | ||
| we | ||
|
|
||
| can't rely on channel_did_enqueue to tell that there is data to send. This | ||
| flag indicates that the channels code enqueued a packet on _this_ ppoll() | ||
| iteration, not that data was enqueued in _any_ ppoll() iteration in the | ||
| timeslice. ok markus@ | ||
|
|
||
| OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 | ||
|
|
||
| --- a/clientloop.c | ||
| +++ b/clientloop.c | ||
| @@ -607,8 +607,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, | ||
| if (timespeccmp(&now, &chaff_until, >=)) { | ||
| /* Stop if there have been no keystrokes for a while */ | ||
| stop_reason = "chaff time expired"; | ||
| - } else if (timespeccmp(&now, &next_interval, >=)) { | ||
| - /* Otherwise if we were due to send, then send chaff */ | ||
| + } else if (timespeccmp(&now, &next_interval, >=) && | ||
| + !ssh_packet_have_data_to_write(ssh)) { | ||
| + /* If due to send but have no data, then send chaff */ | ||
| if (send_chaff(ssh)) | ||
| nchaff++; | ||
| } | ||
| -- | ||
| 2.43.4 | ||
|
|