diff -Nru klibc-2.0.4/debian/changelog klibc-2.0.4/debian/changelog --- klibc-2.0.4/debian/changelog 2022-04-13 08:41:23.000000000 +0000 +++ klibc-2.0.4/debian/changelog 2022-04-25 14:39:01.000000000 +0000 @@ -1,3 +1,15 @@ +klibc (2.0.4-9ubuntu2.2) bionic; urgency=medium + + [ Khaled Elmously ] + * d/p/lp1947099-honour-user-requested-timeouts-in-all-cases.patch: + Honour user-specified timeouts even in error cases. (LP: #1947099) + + [ Mauricio Faria de Oliveira ] + * d/p/lp1947099-fix-for-no-timeout-specified.patch: Check for an + user-specified timeout before checking/adjusting timeout values. + + -- Mauricio Faria de Oliveira Mon, 25 Apr 2022 11:39:01 -0300 + klibc (2.0.4-9ubuntu2.1) bionic-security; urgency=medium * SECURITY UPDATE: integer overflow in calloc diff -Nru klibc-2.0.4/debian/patches/lp1947099-fix-for-no-timeout-specified.patch klibc-2.0.4/debian/patches/lp1947099-fix-for-no-timeout-specified.patch --- klibc-2.0.4/debian/patches/lp1947099-fix-for-no-timeout-specified.patch 1970-01-01 00:00:00.000000000 +0000 +++ klibc-2.0.4/debian/patches/lp1947099-fix-for-no-timeout-specified.patch 2022-04-25 14:38:36.000000000 +0000 @@ -0,0 +1,23 @@ +Description: Check for an user-specified timeout before checking/adjusting timeout values. + If there's no '-t' parameter, then loop_timeout == -1, which breaks the + check/adjust introduced here; thus check for '>= 0' as in the inner loop. + . + This should be forwarded upstream as part of the discussion on the patch. +Author: Mauricio Faria de Oliveira +Forwarded: no +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1947099 + +Index: klibc-2.0.4/usr/kinit/ipconfig/main.c +=================================================================== +--- klibc-2.0.4.orig/usr/kinit/ipconfig/main.c ++++ klibc-2.0.4/usr/kinit/ipconfig/main.c +@@ -445,7 +445,8 @@ static int loop(void) + /* Compensate for already-lost time */ + /* Make sure to never exceed user-specified timeouts */ + gettimeofday(&now, NULL); +- if (now.tv_sec + timeout > start + loop_timeout) { ++ if (loop_timeout >= 0 && ++ now.tv_sec + timeout > start + loop_timeout) { + timeout = loop_timeout - (now.tv_sec - start); + printf("Lowered timeout to match user request = (%d s) \n", timeout); + } diff -Nru klibc-2.0.4/debian/patches/lp1947099-honour-user-requested-timeouts-in-all-cases.patch klibc-2.0.4/debian/patches/lp1947099-honour-user-requested-timeouts-in-all-cases.patch --- klibc-2.0.4/debian/patches/lp1947099-honour-user-requested-timeouts-in-all-cases.patch 1970-01-01 00:00:00.000000000 +0000 +++ klibc-2.0.4/debian/patches/lp1947099-honour-user-requested-timeouts-in-all-cases.patch 2022-04-25 14:38:36.000000000 +0000 @@ -0,0 +1,29 @@ +Description: Honour user-specified timeouts even in error cases. + This change has been made to avoid 10 second timeout in case of + an error if this would validate an earlier timeout specified by the user. + . + klibc (2.0.4-9ubuntu3) bionic; urgency=medium + . + [Khaled Elmously] + * Honour user-specified timeouts even in error cases. (LP: #1947099) +Author: Khaled Elmously +Forwarded: https://lists.zytor.com/archives/klibc/2021-December/004629.html +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1947099 + +--- klibc-2.0.4.orig/usr/kinit/ipconfig/main.c ++++ klibc-2.0.4/usr/kinit/ipconfig/main.c +@@ -442,6 +442,14 @@ static int loop(void) + if (pending == 0 || (bringup_first && done)) + break; + ++ /* Compensate for already-lost time */ ++ /* Make sure to never exceed user-specified timeouts */ ++ gettimeofday(&now, NULL); ++ if (now.tv_sec + timeout > start + loop_timeout) { ++ timeout = loop_timeout - (now.tv_sec - start); ++ printf("Lowered timeout to match user request = (%d s) \n", timeout); ++ } ++ + timeout_ms = timeout * 1000; + + for (x = 0; x < 2; x++) { diff -Nru klibc-2.0.4/debian/patches/series klibc-2.0.4/debian/patches/series --- klibc-2.0.4/debian/patches/series 2022-04-13 08:40:59.000000000 +0000 +++ klibc-2.0.4/debian/patches/series 2022-04-25 14:38:36.000000000 +0000 @@ -24,3 +24,5 @@ CVE-2021-31871.patch CVE-2021-31872.patch CVE-2021-31873.patch +lp1947099-honour-user-requested-timeouts-in-all-cases.patch +lp1947099-fix-for-no-timeout-specified.patch