From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 04 Apr 2022 12:46:01 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nbKDj-005Yi9-78 for lore@lore.pengutronix.de; Mon, 04 Apr 2022 12:46:01 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nbKDf-0008Cl-Hq; Mon, 04 Apr 2022 12:45:59 +0200 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nbKDZ-0008BK-Eu; Mon, 04 Apr 2022 12:45:53 +0200 Received: from rhi by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1nbKDY-0000dK-OU; Mon, 04 Apr 2022 12:45:52 +0200 Date: Mon, 4 Apr 2022 12:45:52 +0200 From: Roland Hieber To: Christian Melki Message-ID: <20220404104552.3rh5cv6ho7ywzidi@pengutronix.de> References: <20220330201706.1065700-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220330201706.1065700-1-christian.melki@t2data.com> User-Agent: NeoMutt/20180716 Subject: Re: [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Wed, Mar 30, 2022 at 10:17:06PM +0200, Christian Melki wrote: > Security miss, integer overflow in the user auth path. > Not exploitable due to privsep. > > * Update license. md5crypt removed, bcrypt relicensed. > 4-Clause license removed. > * Minor spelling fixes in the license file. > * Remove configure option due to the removal of md5crypt. > * Add patch to improve detection of -fzero-call-used-regs=all on arm. > * Add rerun of autotools since patch touces m4 files. > > Signed-off-by: Christian Melki > --- > ...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++ > patches/openssh-8.9p1/autogen.sh | 1 + > patches/openssh-8.9p1/series | 4 +++ I guess rules/openssh.make is the same as in v2? - Roland > 3 files changed, 36 insertions(+) > create mode 100644 patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch > create mode 120000 patches/openssh-8.9p1/autogen.sh > create mode 100644 patches/openssh-8.9p1/series > > diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch > new file mode 100644 > index 000000000..70b075ae7 > --- /dev/null > +++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch > @@ -0,0 +1,31 @@ > +From: Colin Watson > +Date: Thu, 24 Feb 2022 16:04:18 +0000 > +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support > + > +GCC doesn't tell us whether this option is supported unless it runs into > +the situation where it would need to emit corresponding code. > +--- > + m4/openssh.m4 | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/m4/openssh.m4 b/m4/openssh.m4 > +index 4f9c3792dc17..8c33c701b8b4 100644 > +--- a/m4/openssh.m4 > ++++ b/m4/openssh.m4 > +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ > + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ > + #include > + #include > ++/* Trivial function to help test for -fzero-call-used-regs */ > ++void f(int n) {} > + int main(int argc, char **argv) { > + (void)argv; > + /* Some math to catch -ftrapv problems in the toolchain */ > +@@ -21,6 +23,7 @@ int main(int argc, char **argv) { > + float l = i * 2.1; > + double m = l / 0.5; > + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; > ++ f(0); > + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); > + /* > + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does > diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh > new file mode 120000 > index 000000000..9f8a4cb7d > --- /dev/null > +++ b/patches/openssh-8.9p1/autogen.sh > @@ -0,0 +1 @@ > +../autogen.sh > \ No newline at end of file > diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series > new file mode 100644 > index 000000000..eb319a82b > --- /dev/null > +++ b/patches/openssh-8.9p1/series > @@ -0,0 +1,4 @@ > +# generated by git-ptx-patches > +#tag:base --start-number 1 > +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch > +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic > -- > 2.32.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de