* [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1
@ 2022-03-30 20:17 Christian Melki
2022-04-04 10:45 ` Roland Hieber
2022-04-08 13:35 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 2 replies; 4+ messages in thread
From: Christian Melki @ 2022-03-30 20:17 UTC (permalink / raw)
To: ptxdist
Security miss, integer overflow in the user auth path.
Not exploitable due to privsep.
* Update license. md5crypt removed, bcrypt relicensed.
4-Clause license removed.
* Minor spelling fixes in the license file.
* Remove configure option due to the removal of md5crypt.
* Add patch to improve detection of -fzero-call-used-regs=all on arm.
* Add rerun of autotools since patch touces m4 files.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++
patches/openssh-8.9p1/autogen.sh | 1 +
patches/openssh-8.9p1/series | 4 +++
3 files changed, 36 insertions(+)
create mode 100644 patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
create mode 120000 patches/openssh-8.9p1/autogen.sh
create mode 100644 patches/openssh-8.9p1/series
diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
new file mode 100644
index 000000000..70b075ae7
--- /dev/null
+++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
@@ -0,0 +1,31 @@
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 24 Feb 2022 16:04:18 +0000
+Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
+
+GCC doesn't tell us whether this option is supported unless it runs into
+the situation where it would need to emit corresponding code.
+---
+ m4/openssh.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/m4/openssh.m4 b/m4/openssh.m4
+index 4f9c3792dc17..8c33c701b8b4 100644
+--- a/m4/openssh.m4
++++ b/m4/openssh.m4
+@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <stdlib.h>
+ #include <stdio.h>
++/* Trivial function to help test for -fzero-call-used-regs */
++void f(int n) {}
+ int main(int argc, char **argv) {
+ (void)argv;
+ /* Some math to catch -ftrapv problems in the toolchain */
+@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
++ f(0);
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ /*
+ * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh
new file mode 120000
index 000000000..9f8a4cb7d
--- /dev/null
+++ b/patches/openssh-8.9p1/autogen.sh
@@ -0,0 +1 @@
+../autogen.sh
\ No newline at end of file
diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
new file mode 100644
index 000000000..eb319a82b
--- /dev/null
+++ b/patches/openssh-8.9p1/series
@@ -0,0 +1,4 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
+# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
--
2.32.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1
2022-03-30 20:17 [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1 Christian Melki
@ 2022-04-04 10:45 ` Roland Hieber
2022-04-04 11:01 ` Christian Melki
2022-04-08 13:35 ` [ptxdist] [APPLIED] " Michael Olbrich
1 sibling, 1 reply; 4+ messages in thread
From: Roland Hieber @ 2022-04-04 10:45 UTC (permalink / raw)
To: Christian Melki; +Cc: ptxdist
On Wed, Mar 30, 2022 at 10:17:06PM +0200, Christian Melki wrote:
> Security miss, integer overflow in the user auth path.
> Not exploitable due to privsep.
>
> * Update license. md5crypt removed, bcrypt relicensed.
> 4-Clause license removed.
> * Minor spelling fixes in the license file.
> * Remove configure option due to the removal of md5crypt.
> * Add patch to improve detection of -fzero-call-used-regs=all on arm.
> * Add rerun of autotools since patch touces m4 files.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> ...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++
> patches/openssh-8.9p1/autogen.sh | 1 +
> patches/openssh-8.9p1/series | 4 +++
I guess rules/openssh.make is the same as in v2?
- Roland
> 3 files changed, 36 insertions(+)
> create mode 100644 patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> create mode 120000 patches/openssh-8.9p1/autogen.sh
> create mode 100644 patches/openssh-8.9p1/series
>
> diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> new file mode 100644
> index 000000000..70b075ae7
> --- /dev/null
> +++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> @@ -0,0 +1,31 @@
> +From: Colin Watson <cjwatson@debian.org>
> +Date: Thu, 24 Feb 2022 16:04:18 +0000
> +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
> +
> +GCC doesn't tell us whether this option is supported unless it runs into
> +the situation where it would need to emit corresponding code.
> +---
> + m4/openssh.m4 | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/m4/openssh.m4 b/m4/openssh.m4
> +index 4f9c3792dc17..8c33c701b8b4 100644
> +--- a/m4/openssh.m4
> ++++ b/m4/openssh.m4
> +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
> + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
> + #include <stdlib.h>
> + #include <stdio.h>
> ++/* Trivial function to help test for -fzero-call-used-regs */
> ++void f(int n) {}
> + int main(int argc, char **argv) {
> + (void)argv;
> + /* Some math to catch -ftrapv problems in the toolchain */
> +@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
> + float l = i * 2.1;
> + double m = l / 0.5;
> + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
> ++ f(0);
> + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
> + /*
> + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
> diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh
> new file mode 120000
> index 000000000..9f8a4cb7d
> --- /dev/null
> +++ b/patches/openssh-8.9p1/autogen.sh
> @@ -0,0 +1 @@
> +../autogen.sh
> \ No newline at end of file
> diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
> new file mode 100644
> index 000000000..eb319a82b
> --- /dev/null
> +++ b/patches/openssh-8.9p1/series
> @@ -0,0 +1,4 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
> --
> 2.32.0
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1
2022-04-04 10:45 ` Roland Hieber
@ 2022-04-04 11:01 ` Christian Melki
0 siblings, 0 replies; 4+ messages in thread
From: Christian Melki @ 2022-04-04 11:01 UTC (permalink / raw)
To: Roland Hieber; +Cc: ptxdist
On 4/4/22 12:45 PM, Roland Hieber wrote:
> On Wed, Mar 30, 2022 at 10:17:06PM +0200, Christian Melki wrote:
>> Security miss, integer overflow in the user auth path.
>> Not exploitable due to privsep.
>>
>> * Update license. md5crypt removed, bcrypt relicensed.
>> 4-Clause license removed.
>> * Minor spelling fixes in the license file.
>> * Remove configure option due to the removal of md5crypt.
>> * Add patch to improve detection of -fzero-call-used-regs=all on arm.
>> * Add rerun of autotools since patch touces m4 files.
>>
>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>> ...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++
>> patches/openssh-8.9p1/autogen.sh | 1 +
>> patches/openssh-8.9p1/series | 4 +++
>
> I guess rules/openssh.make is the same as in v2?
>
> - Roland
>
Yes, the only addition in v3 being the regeneration of autoconf stuff
due to touching m4 files. Hence the last comment.
I missed that one in v2 after I added the patch.
I haven't been able to reproduce the actual error Mol triggered, but the
fix seems to target precisely that issue, so I was hoping it fixed his
build errors on ARM.
>> 3 files changed, 36 insertions(+)
>> create mode 100644 patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> create mode 120000 patches/openssh-8.9p1/autogen.sh
>> create mode 100644 patches/openssh-8.9p1/series
>>
>> diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> new file mode 100644
>> index 000000000..70b075ae7
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> @@ -0,0 +1,31 @@
>> +From: Colin Watson <cjwatson@debian.org>
>> +Date: Thu, 24 Feb 2022 16:04:18 +0000
>> +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
>> +
>> +GCC doesn't tell us whether this option is supported unless it runs into
>> +the situation where it would need to emit corresponding code.
>> +---
>> + m4/openssh.m4 | 3 +++
>> + 1 file changed, 3 insertions(+)
>> +
>> +diff --git a/m4/openssh.m4 b/m4/openssh.m4
>> +index 4f9c3792dc17..8c33c701b8b4 100644
>> +--- a/m4/openssh.m4
>> ++++ b/m4/openssh.m4
>> +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
>> + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
>> + #include <stdlib.h>
>> + #include <stdio.h>
>> ++/* Trivial function to help test for -fzero-call-used-regs */
>> ++void f(int n) {}
>> + int main(int argc, char **argv) {
>> + (void)argv;
>> + /* Some math to catch -ftrapv problems in the toolchain */
>> +@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
>> + float l = i * 2.1;
>> + double m = l / 0.5;
>> + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
>> ++ f(0);
>> + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
>> + /*
>> + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
>> diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh
>> new file mode 120000
>> index 000000000..9f8a4cb7d
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/autogen.sh
>> @@ -0,0 +1 @@
>> +../autogen.sh
>> \ No newline at end of file
>> diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
>> new file mode 100644
>> index 000000000..eb319a82b
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/series
>> @@ -0,0 +1,4 @@
>> +# generated by git-ptx-patches
>> +#tag:base --start-number 1
>> +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
>> --
>> 2.32.0
>>
>>
>> _______________________________________________
>> ptxdist mailing list
>> ptxdist@pengutronix.de
>> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>>
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [APPLIED] openssh: Version bump. v8.8p1 -> v8.9p1
2022-03-30 20:17 [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1 Christian Melki
2022-04-04 10:45 ` Roland Hieber
@ 2022-04-08 13:35 ` Michael Olbrich
1 sibling, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2022-04-08 13:35 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as f9d34a0230b7803df4f24b09371d463c25d241f6.
Michael
[sent from post-receive hook]
On Fri, 08 Apr 2022 15:35:59 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Security miss, integer overflow in the user auth path.
> Not exploitable due to privsep.
>
> * Update license. md5crypt removed, bcrypt relicensed.
> 4-Clause license removed.
> * Minor spelling fixes in the license file.
> * Remove configure option due to the removal of md5crypt.
> * Add patch to improve detection of -fzero-call-used-regs=all on arm.
> * Add rerun of autotools since patch touces m4 files.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20220330201706.1065700-1-christian.melki@t2data.com>
> [mol: readd lost openssh.make changes from v2]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> new file mode 100644
> index 000000000000..70b075ae7651
> --- /dev/null
> +++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> @@ -0,0 +1,31 @@
> +From: Colin Watson <cjwatson@debian.org>
> +Date: Thu, 24 Feb 2022 16:04:18 +0000
> +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
> +
> +GCC doesn't tell us whether this option is supported unless it runs into
> +the situation where it would need to emit corresponding code.
> +---
> + m4/openssh.m4 | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/m4/openssh.m4 b/m4/openssh.m4
> +index 4f9c3792dc17..8c33c701b8b4 100644
> +--- a/m4/openssh.m4
> ++++ b/m4/openssh.m4
> +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
> + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
> + #include <stdlib.h>
> + #include <stdio.h>
> ++/* Trivial function to help test for -fzero-call-used-regs */
> ++void f(int n) {}
> + int main(int argc, char **argv) {
> + (void)argv;
> + /* Some math to catch -ftrapv problems in the toolchain */
> +@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
> + float l = i * 2.1;
> + double m = l / 0.5;
> + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
> ++ f(0);
> + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
> + /*
> + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
> diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh
> new file mode 120000
> index 000000000000..9f8a4cb7ddcb
> --- /dev/null
> +++ b/patches/openssh-8.9p1/autogen.sh
> @@ -0,0 +1 @@
> +../autogen.sh
> \ No newline at end of file
> diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
> new file mode 100644
> index 000000000000..eb319a82b68a
> --- /dev/null
> +++ b/patches/openssh-8.9p1/series
> @@ -0,0 +1,4 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
> diff --git a/rules/openssh.make b/rules/openssh.make
> index c801d8a6a28c..8f48e426efd4 100644
> --- a/rules/openssh.make
> +++ b/rules/openssh.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSSH) += openssh
> #
> # Paths and names
> #
> -OPENSSH_VERSION := 8.8p1
> -OPENSSH_MD5 := 8ce5f390958baeeab635aafd0ef41453
> +OPENSSH_VERSION := 8.9p1
> +OPENSSH_MD5 := f33910174f0af52491277211e2b105bb
> OPENSSH := openssh-$(OPENSSH_VERSION)
> OPENSSH_SUFFIX := tar.gz
> OPENSSH_URL := \
> @@ -25,8 +25,8 @@ OPENSSH_URL := \
>
> OPENSSH_SOURCE := $(SRCDIR)/$(OPENSSH).$(OPENSSH_SUFFIX)
> OPENSSH_DIR := $(BUILDDIR)/$(OPENSSH)
> -OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND MIT AND Beerware AND ISC
> -OPENSSH_LICENSE_FILES := file://LICENCE;md5=d9d2753bdef9f19466dc7bc959114b11
> +OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND MIT AND Beerware AND ISC
> +OPENSSH_LICENSE_FILES := file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9
>
> # ----------------------------------------------------------------------------
> # Prepare
> @@ -78,8 +78,7 @@ OPENSSH_CONF_OPT := \
> --with-privsep-user=sshd \
> --with-sandbox=$(OPENSSH_SANDBOX-y) \
> --$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \
> - --with-privsep-path=/var/run/sshd \
> - --without-md5-passwords
> + --with-privsep-path=/var/run/sshd
>
> # ----------------------------------------------------------------------------
> # Target-Install
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-08 13:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-30 20:17 [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1 Christian Melki
2022-04-04 10:45 ` Roland Hieber
2022-04-04 11:01 ` Christian Melki
2022-04-08 13:35 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox