From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 05 Apr 2022 19:30:12 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nbn0P-007ZEm-DD for lore@lore.pengutronix.de; Tue, 05 Apr 2022 19:30:12 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nbn0M-0005Os-Vd; Tue, 05 Apr 2022 19:30:10 +0200 Received: from mail-eopbgr70053.outbound.protection.outlook.com ([40.107.7.53] helo=EUR04-HE1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nbmzp-0005Of-Ey for ptxdist@pengutronix.de; Tue, 05 Apr 2022 19:29:38 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PK8TOa6u0xtPaSO4QkfJPR6eQ8bCn87/1NNqexlnss6Tns7DRq1WEOUbjPAh0xikghZR59nznJpBR501jmq7zNMAfmG4wf571IrAXFERxryb6rA1K/yumA6O3vUQYQaRNtB11OhDRNsv4bHKvlaPQuxlyggpdgQNOnfYAayRfIudtb6LGvhar/fAa9lfjcbbw7Rndu1c+ypBbLwmh4ThLOHnNU85Tgusqz61fe8msYKxDCCuwZS2fN20g0gLpSFiLuk3iYzzovkCEuZ80/pfMUlAgyhB5Isq+nE9jvofCjran0oMd1D7RBlWuQszUJH82vGHQUUrp6EgZLWvrjHGDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=26ACL1tm5HLVj4zi8vcBsXCP6jiNslbahIyRh2gNSLs=; b=Z/x6BkTalbigEifNQ38NtBuhIdTIp6+400rmElAh6h0diQ63SBVORnE5W9R+OHuPctViDLQdwu9CXcI5R2NW/eTYL6l3Yu3RcC5Rw+eFTYi/vNx0iUOjPu+x88vWAWig+8/tp/iD+xmdHd8hbqnRtUKT6Jbj2oYkLsFPta8OvAL8A/qPx2ckbv7E9BvD37EchWJ7cCwKRNMxb1pdTsTlLkspg+8C6u4BOyARh1uRHZlbOpXwF6RxMoABr+GJ/UbERMGgpCjw3SN3YUnkTc00ZMWV/KpmeCL0jlcenIHL/C1L6jwZFuwPC4e8jrfqSmL5do3jRULNSGRay2fO6AkskQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=26ACL1tm5HLVj4zi8vcBsXCP6jiNslbahIyRh2gNSLs=; b=S1X0+VriKOiA2oU9+IXc0p1SL7zyAGzTTW+U0/MA04I0UzP+gx/pHLGpZfalu2JEozsUuOPa5fOitFF4MeTanJh5bsNyX6pVgy5KxWL7JTvjWmccjVAJaK2Opr5mP1UfO84JvdtVDpScK09WQGOPoKVxLcB9CS7XsF5Qbt+iE50= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AM9P251MB0368.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:41f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Tue, 5 Apr 2022 17:29:34 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::3ded:58a4:e21d:33db]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::3ded:58a4:e21d:33db%4]) with mapi id 15.20.5123.031; Tue, 5 Apr 2022 17:29:34 +0000 Message-ID: <393e567a-aa96-c4be-a629-ae358b3fc88c@t2data.com> Date: Tue, 5 Apr 2022 19:28:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US To: "ptxdist@pengutronix.de" References: <20220330132539.3414144-1-christian.melki@t2data.com> <004e99ad-45a3-e67c-cd27-7d01c554b029@t2data.com> <20220405102036.GE3322@pengutronix.de> From: Christian Melki In-Reply-To: <20220405102036.GE3322@pengutronix.de> X-ClientProxiedBy: GV3P280CA0036.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:9::23) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c9e451a9-98ba-4e49-b9d8-08da1729d9b8 X-MS-TrafficTypeDiagnostic: AM9P251MB0368:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: f8uadN/Yg9o16oDDHS0sF0+pOxDgTrVNNqYSxWAkqIpkvg13iJKLGkElDALnOAj9pbbj91iwLrijrgBvBQ4kTiddSaKzAAkB7OIR7sew75D6Fjrzh22tJggKKkR6ahgHYQXGWSGB2XIJTKPBMXYYtc2k5dT35B5ilVsMBhknksMETxbYlPUwm+9Wcq24yWXJEmRjTvdAAhMtiuSyN3n0Ojod/ibFHpGyq7gh0gEisSGgeuExNER8MNVOGv8gQ1LpwOVTtThZNo16b8CvIqeJnv6B3a8lbcO6G0wpOC8pz+3qG5eYEZ10cz1sfiWirA7RzAsJeHx1gFu9LsqwG6Rt3ylwFmZMIOgE7SdDLlyytfNDZhos1rLrN451f5BTcKLauaI7NV7dvwcYN38LTrBk0I6tz7f/mrYtS4ZGfB/CAgbgya8QrWpZBlVqxJU4xzsR0DqjDj1BiT0m/hJKpN6VkRXz3R5f+UXAUgNxdT0qVkHOxB2+/8o7NOSV2DYOgzkVxrQV3s/8iDyrpbYN/H9TFI0EuloI4hx3kgo3cj1OB+hgoqQBtDU0T9ejG0MoW2WkXFJfC70Vgzq7hqlzDkNi926a9kqi7d9SRtRKezj37tPl4uYHFxXzimhXbYWWjxGDQQq6T/Bl0WpfbnbX45Nfrbl47GX1POwRqeEMBTSP+T64YtxHmYhxjxalLOm91cdFihixBaLb+eQ5hpwlOhRqxRMAcnVVwj0ZLnMgK2TI1x+Ew6tKotTMTXdDD6qgJVwsHU8W0JHskciS5NrpdaDGmg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(376002)(346002)(136003)(366004)(396003)(39830400003)(36756003)(508600001)(44832011)(8936002)(86362001)(3450700001)(2906002)(31696002)(8676002)(5660300002)(38350700002)(66556008)(6512007)(38100700002)(26005)(2616005)(186003)(6506007)(52116002)(53546011)(6666004)(6486002)(66946007)(66476007)(6916009)(83380400001)(316002)(31686004)(43740500002)(45980500001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TitHMmVmaUVZUjgyamxuV2tqT0U3MmdhcWZxeHU4RTNHM3dLVG16c2pDTkxx?= =?utf-8?B?NHY5aFhyMHVrSTN1U3JEUUVnMEhYbVBidFl2QzV3Z3BLZE12Q0tLN3d1VUE3?= =?utf-8?B?V05DNE5ucjFXRThIZlh0MEd2eXNjT0FyYVB1Vk04QTA4aHRDYmdrTXBMd09C?= =?utf-8?B?R2VDUDkyR3dkUUdvWE16WlltdUZGaDhmYnVpdFNTK09zaDB1TmVTeS9kY29G?= =?utf-8?B?by95bWVyeGpZdS9PZVYyTXBKRXlqK1c5MGljbWhST3hPREczTnh0bnlROVZx?= =?utf-8?B?TFBPS29yR2tML2gxcEZOKzBwQXI3Y0Z4aTAxVWZvUnNJL0hMMFlVQnhXV0VZ?= =?utf-8?B?YTRWMk8yUVgrZ0g0MEp1ZCtMQno3Unl4cm1mWE5EcFlqNnp5YnZwOXVkSGJh?= =?utf-8?B?WlJIRnQyL25LcDBaOHlWK2NUYTVsLzNJc1VXY2tBVDV2eG5ycWhneXlzanEr?= =?utf-8?B?Szd5RnJ3d0hBRE8vODB1RWRHbFpxS1YyQzRMTHE2YXdpWmQyd0RIM1dSN3gz?= =?utf-8?B?RllXZkM3Z0RGdmk4NDU5K2RWWVpkNTFVdTVDeFJNUHV1ZkJyam9lb3h5Ylcr?= =?utf-8?B?RWpnRmM4N3ZhM0xMeTBuTFNHdzh6bm1RaDFmcFo2Ym9EckZ5TXZ4U00yakRx?= =?utf-8?B?VE85UHdIaVdJU3JoODN6Z2xpQ21DdEx2cXQ1Mmk4Mmk2SUtTVmdkRndBYjV4?= =?utf-8?B?N0tzSUs5UU1QbTRPT2NPRzZVeDd2dzhoczF2cG41dDE0cjJpWFFhMjZrOXZo?= =?utf-8?B?NSt1Q3U4K2Q0OFpDaXJCR1FMVUpMK2dEQXZyOWkzNDlxWlNIZWtja1VScDg0?= =?utf-8?B?cEowL2V6M2svamo5K0NNeUhxU1YyVDdiL3I3bjdVN1JOTGhkNldwbVZKQ0gy?= =?utf-8?B?by9tblErN3M5UUM2NzhLSDFFZzE1SHlTZlZxYURnclA3UFRQVlMxRDZnOUhK?= =?utf-8?B?YmozOVdXQ2NsMjRVUlQyeWxzdG9OVTBmMzBwaDhlaUp6Q0hKeUhKWW9rRjJl?= =?utf-8?B?T0pQWnVzN0kzd0VVbEFmY1hlZWZra0tPYnZwZUFXcXFmUEJLVGRaaUVjTytt?= =?utf-8?B?dVc2M3JDUnE0WGUyTkMxY2NjczRSSEJ5cGo1YXp5N3FIeS9VN1ZacFB0eWlM?= =?utf-8?B?d3k2VXh0UVcvM3lFSEFQWDR4WnpLSGJsdUFYcm1WaXRCNDNNd0ZIeU41NXFo?= =?utf-8?B?aVdQZmo4cEwrcTBxOWtLRWFVZHRGYS9lbmFaNnBXdGxkS2hEbmVxaUd3TVhy?= =?utf-8?B?RU5LUE8rcHArcWQvMVNVT3FVVjFXVE5ySVRMNlk3aGFVcnJoZTFuSDUxbDBh?= =?utf-8?B?dFhORXR1QlBuQWloSWFzRXhCRjBTaFlCQlFsRmwvZkprL0NxUlR6OStWQTdn?= =?utf-8?B?N0J4b1d5VjFDb1dlbStabG1tWm1ONmxyN0dyWVYwNmtXWkJqZU5jcGh5UVNz?= =?utf-8?B?OFJTQmE2UDJJR1A3MXh3Z25BbWxqNC8rTXU2WkdIa3lOOE1ySytYWDUwVzlt?= =?utf-8?B?NTB3TVp6UmJVMnI0Mm9EdXo2SC8vaUU2Vlhnb2RETlBUVkNweU1yTWVwakFh?= =?utf-8?B?V29INlJWRlhsZ0gzSC9CZkwvU3ppeUoyMU1wVzJGcDRObXdaWkhrZ3BCdkdo?= =?utf-8?B?T1UzSFhjTWdKU1M0Ymh6ZmJkbXJOdmJ2WVZHUnZ2VU5ZVm90OUFkL25oekFs?= =?utf-8?B?Q3hPeGJnYjNDUTRnRFhvVlFRVGkvK29YWHhBb2w2VHB6OXVINmhSdnJpaFlE?= =?utf-8?B?ZTFmT0VDd1N3Wnc2TEpMbVBlN1ZDMEw3SGw3VGFMK0RQSFQ3SVlpNU03Uml1?= =?utf-8?B?NmJnM2ljQnY1aHM2TndrNlIwaGlhK1EzTjlCNkhUV0h6RFY0K09zdTFyU0Vp?= =?utf-8?B?VFRvbktMWGlMTDRTbmp5UkFNWUNxSGdMVGozbndXaGI4Wm5iVEU1VDhjVDIy?= =?utf-8?B?Q1V1THFnby9EeThPWUFqazhHcjZRbllFcFZtL0JMV0FyVFVtTVdvcW80WUNz?= =?utf-8?B?K1lzcE9jLzIrN212YmYwcDBDRy9kNW8yaW9jUG5YSTIrMzY5MnlCT0JoRExV?= =?utf-8?B?d1A4Rjl0NW5nbzNlaW9yN3Y2UlBkZXB1eXRpMkhreFFHNUFjQjRtVTJ1dEVB?= =?utf-8?B?NjBDQ2sySlVySjZud0h4dm5CNWdRa3MrV0NES250dlhkZmpMV0lSMStOQW1E?= =?utf-8?B?Qm54NUxjbjE3VEVZMHkwV2c1bzlBaUd0Lzh1TDA2bHpqd01XVkZBR2p2dWlZ?= =?utf-8?B?ZlptVG5KdCtJemZrc2g3MzNkRlUxVUNjWVpCekRmVHROaTJhZHBweVNMRE1t?= =?utf-8?B?ZHFBQlN0ZDRiR2xSMlo0dVh4Q3NNUlVyL3RKc1NzRld6ZncvZ3lxMGlFK1Vl?= =?utf-8?Q?xBnRjwV9q/UXQgSY=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: c9e451a9-98ba-4e49-b9d8-08da1729d9b8 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2022 17:29:34.0988 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MGV2wPpZja56AjGtu5JTLtcke3O0bgAMGe9AmjsoZC/M1IR/6rHot4KnYFhjUePJjxiGIiAUGuJRJ5SGoYeX3v8fOnPONwuEfPAiMieAEok= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P251MB0368 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] openssh: Version bump. v8.8p1 -> v8.9p1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de, christian.melki@t2data.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On 4/5/22 12:20, Michael Olbrich wrote: > On Wed, Mar 30, 2022 at 08:53:47PM +0200, Christian Melki wrote: >> On 3/30/22 19:48, Michael Olbrich wrote: >>> On Wed, Mar 30, 2022 at 03:25:39PM +0200, Christian Melki wrote: >>>> Security miss, integer overflow in the user auth path. >>>> Not exploitable due to privsep. >>>> >>>> * Update license. md5crypt removed, bcrypt relicensed. >>>> 4-Clause license removed. >>>> * Minor spelling fixes in the license file. >>>> * Remove configure option due to the removal of md5crypt. >>> >>> Fails to build here with: >>> >>> ssherr.c: In function 'ssh_err': >>> ssherr.c:151:1: sorry, unimplemented: '-fzero-call-used-regs' not supported on this target >>> make: *** [Makefile:200: ssherr.o] Error 1 >>> >>> The stange thing is there is a configure check for it that that one >>> succeeds: >>> >>> checking if arm-v7a-linux-gnueabihf-gcc supports compile flag -fzero-call-used-regs=all... yes >>> >>> Michael >>> >> >> Ack. Will look into it. Could you please tell me which gcc version >> you've used? >> I've successfully built it for an armv7-a target, but I am using 11.2. > > gcc 11.1 from OSELAS.Toolchain-2021.07.0. Or maybe this was triggered by > one of the hardening options in the platformconfig: > > PTXCONF_TARGET_HARDEN_STACK_STRONG=y > PTXCONF_TARGET_HARDEN_FORTIFY=y > PTXCONF_TARGET_HARDEN_RELRO=y > PTXCONF_TARGET_HARDEN_BINDNOW=y > PTXCONF_TARGET_HARDEN_PIE=y > PTXCONF_TARGET_HARDEN_GLIBCXX_ASSERTIONS=y > > Michael > I have approx the same hardening enabled. It's a new function. Introduced in GCC11 I believe? Don't remember but I don't think ARM support was really that complete early on. x86_64 and aarch64 should work though. Anyway. Did the patch help? Regards, Christian >>>> Signed-off-by: Christian Melki >>>> --- >>>> rules/openssh.make | 11 +++++------ >>>> 1 file changed, 5 insertions(+), 6 deletions(-) >>>> >>>> diff --git a/rules/openssh.make b/rules/openssh.make >>>> index c801d8a6a..8f48e426e 100644 >>>> --- a/rules/openssh.make >>>> +++ b/rules/openssh.make >>>> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSSH) += openssh >>>> # >>>> # Paths and names >>>> # >>>> -OPENSSH_VERSION := 8.8p1 >>>> -OPENSSH_MD5 := 8ce5f390958baeeab635aafd0ef41453 >>>> +OPENSSH_VERSION := 8.9p1 >>>> +OPENSSH_MD5 := f33910174f0af52491277211e2b105bb >>>> OPENSSH := openssh-$(OPENSSH_VERSION) >>>> OPENSSH_SUFFIX := tar.gz >>>> OPENSSH_URL := \ >>>> @@ -25,8 +25,8 @@ OPENSSH_URL := \ >>>> >>>> OPENSSH_SOURCE := $(SRCDIR)/$(OPENSSH).$(OPENSSH_SUFFIX) >>>> OPENSSH_DIR := $(BUILDDIR)/$(OPENSSH) >>>> -OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND MIT AND Beerware AND ISC >>>> -OPENSSH_LICENSE_FILES := file://LICENCE;md5=d9d2753bdef9f19466dc7bc959114b11 >>>> +OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND MIT AND Beerware AND ISC >>>> +OPENSSH_LICENSE_FILES := file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9 >>>> >>>> # ---------------------------------------------------------------------------- >>>> # Prepare >>>> @@ -78,8 +78,7 @@ OPENSSH_CONF_OPT := \ >>>> --with-privsep-user=sshd \ >>>> --with-sandbox=$(OPENSSH_SANDBOX-y) \ >>>> --$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \ >>>> - --with-privsep-path=/var/run/sshd \ >>>> - --without-md5-passwords >>>> + --with-privsep-path=/var/run/sshd >>>> >>>> # ---------------------------------------------------------------------------- >>>> # Target-Install >>>> -- >>>> 2.32.0 >>>> >>>> >>>> _______________________________________________ >>>> ptxdist mailing list >>>> ptxdist@pengutronix.de >>>> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de >>>> >>> >> >> > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de