From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 30 Mar 2022 19:49:21 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nZcRZ-00BafR-R4 for lore@lore.pengutronix.de; Wed, 30 Mar 2022 19:49:21 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nZcRc-0008L6-Hu; Wed, 30 Mar 2022 19:49:20 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nZcQz-0008Kw-U9; Wed, 30 Mar 2022 19:48:41 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1nZcQw-0042A2-8Q; Wed, 30 Mar 2022 19:48:40 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1nZcQx-00GpJS-Lg; Wed, 30 Mar 2022 19:48:39 +0200 Date: Wed, 30 Mar 2022 19:48:39 +0200 From: Michael Olbrich To: Christian Melki Message-ID: Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20220330132539.3414144-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220330132539.3414144-1-christian.melki@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH] openssh: Version bump. v8.8p1 -> v8.9p1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Wed, Mar 30, 2022 at 03:25:39PM +0200, Christian Melki wrote: > Security miss, integer overflow in the user auth path. > Not exploitable due to privsep. > > * Update license. md5crypt removed, bcrypt relicensed. > 4-Clause license removed. > * Minor spelling fixes in the license file. > * Remove configure option due to the removal of md5crypt. Fails to build here with: ssherr.c: In function 'ssh_err': ssherr.c:151:1: sorry, unimplemented: '-fzero-call-used-regs' not supported on this target make: *** [Makefile:200: ssherr.o] Error 1 The stange thing is there is a configure check for it that that one succeeds: checking if arm-v7a-linux-gnueabihf-gcc supports compile flag -fzero-call-used-regs=all... yes Michael > Signed-off-by: Christian Melki > --- > rules/openssh.make | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/rules/openssh.make b/rules/openssh.make > index c801d8a6a..8f48e426e 100644 > --- a/rules/openssh.make > +++ b/rules/openssh.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSSH) += openssh > # > # Paths and names > # > -OPENSSH_VERSION := 8.8p1 > -OPENSSH_MD5 := 8ce5f390958baeeab635aafd0ef41453 > +OPENSSH_VERSION := 8.9p1 > +OPENSSH_MD5 := f33910174f0af52491277211e2b105bb > OPENSSH := openssh-$(OPENSSH_VERSION) > OPENSSH_SUFFIX := tar.gz > OPENSSH_URL := \ > @@ -25,8 +25,8 @@ OPENSSH_URL := \ > > OPENSSH_SOURCE := $(SRCDIR)/$(OPENSSH).$(OPENSSH_SUFFIX) > OPENSSH_DIR := $(BUILDDIR)/$(OPENSSH) > -OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND MIT AND Beerware AND ISC > -OPENSSH_LICENSE_FILES := file://LICENCE;md5=d9d2753bdef9f19466dc7bc959114b11 > +OPENSSH_LICENSE := BSD AND BSD-2-Clause AND BSD-3-Clause AND MIT AND Beerware AND ISC > +OPENSSH_LICENSE_FILES := file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9 > > # ---------------------------------------------------------------------------- > # Prepare > @@ -78,8 +78,7 @@ OPENSSH_CONF_OPT := \ > --with-privsep-user=sshd \ > --with-sandbox=$(OPENSSH_SANDBOX-y) \ > --$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \ > - --with-privsep-path=/var/run/sshd \ > - --without-md5-passwords > + --with-privsep-path=/var/run/sshd > > # ---------------------------------------------------------------------------- > # Target-Install > -- > 2.32.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de