!91 修复ssh命令行选项ConnectTimeout超时溢出问题。

Merge pull request !91 from Rock/openEuler-20.03-LTS-SP3

backport-change-convtime-form-returning-long-to-returning-int.patch

@@ -0,0 +1,71 @@
+Reference:https://github.com/openssh/openssh-portable/commit/6d30673fedec
+---
+ misc.c      | 8 ++++----
+ misc.h      | 2 +-
+ ssh-agent.c | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/misc.c b/misc.c
+index 45d93b6..aa36684 100644
+--- a/misc.c
++++ b/misc.c
+@@ -490,7 +490,7 @@ a2tun(const char *s, int *remote)
+  *
+  * Return -1 if time string is invalid.
+  */
+-long
++int
+ convtime(const char *s)
+ {
+ 	long total, secs, multiplier = 1;
+@@ -507,7 +507,7 @@ convtime(const char *s)
+ 	while (*p) {
+ 		secs = strtol(p, &endp, 10);
+ 		if (p == endp ||
+-		    (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
++		    (errno == ERANGE && (secs == INT_MIN || secs == INT_MAX)) ||
+ 		    secs < 0)
+ 			return -1;
+ 
+@@ -537,10 +537,10 @@ convtime(const char *s)
+ 		default:
+ 			return -1;
+ 		}
+-		if (secs >= LONG_MAX / multiplier)
++		if (secs >= INT_MAX / multiplier)
+ 			return -1;
+ 		secs *= multiplier;
+-		if  (total >= LONG_MAX - secs)
++		if  (total >= INT_MAX - secs)
+ 			return -1;
+ 		total += secs;
+ 		if (total < 0)
+diff --git a/misc.h b/misc.h
+index 4a05db2..2f82f77 100644
+--- a/misc.h
++++ b/misc.h
+@@ -65,7 +65,7 @@ char	*colon(char *);
+ int	 parse_user_host_path(const char *, char **, char **, char **);
+ int	 parse_user_host_port(const char *, char **, char **, int *);
+ int	 parse_uri(const char *, const char *, char **, char **, int *, char **);
+-long	 convtime(const char *);
++int	 convtime(const char *);
+ char	*tilde_expand_filename(const char *, uid_t);
+ char	*percent_expand(const char *, ...) __attribute__((__sentinel__));
+ char	*tohex(const void *, size_t);
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 3bac42d..4818e56 100644
+--- a/ssh-agent.c
++++ b/ssh-agent.c
+@@ -163,7 +163,7 @@ u_char lock_salt[LOCK_SALT_SIZE];
+ extern char *__progname;
+ 
+ /* Default lifetime in seconds (0 == forever) */
+-static long lifetime = 0;
++static int lifetime = 0;
+ 
+ static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ 
+-- 
+1.8.3.1
+

backport-change-types-in-convtime-unit-test-to-int-to-match.patch

@@ -0,0 +1,25 @@
+Reference:https://github.com/openssh/openssh-portable/commit/02da325f10b
+---
+ misc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/misc.c b/misc.c
+index aa36684..ecd4ca0 100644
+--- a/misc.c
++++ b/misc.c
+@@ -537,10 +537,10 @@ convtime(const char *s)
+ 		default:
+ 			return -1;
+ 		}
+-		if (secs >= INT_MAX / multiplier)
++		if (secs > INT_MAX / multiplier)
+ 			return -1;
+ 		secs *= multiplier;
+-		if  (total >= INT_MAX - secs)
++		if  (total > INT_MAX - secs)
+ 			return -1;
+ 		total += secs;
+ 		if (total < 0)
+-- 
+1.8.3.1
+

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 15
+%global openssh_release 16
 
 Name:           openssh
 Version:        8.2p1
@@ -95,6 +95,8 @@ Patch62:        backport-move-closefrom-to-before-first-malloc.patch
 Patch63:        backport-CVE-2021-41617-1.patch
 Patch64:        backport-CVE-2021-41617-2.patch
 Patch65:        backport-CVE-2021-28041.patch
+Patch66:        backport-change-convtime-form-returning-long-to-returning-int.patch
+Patch67:        backport-change-types-in-convtime-unit-test-to-int-to-match.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -262,6 +264,8 @@ popd
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
+%patch66 -p1
+%patch67 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@@ -473,6 +477,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Tue Feb 8 2022 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:change convtime from returning long to returning int
+
 * Wed Dec 15 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
 - Type:cves
 - CVE:CVE-2021-28041