From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 30 Mar 2022 19:49:21 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1nZcRZ-00BafR-R4
	for lore@lore.pengutronix.de; Wed, 30 Mar 2022 19:49:21 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1nZcRc-0008L6-Hu; Wed, 30 Mar 2022 19:49:20 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1nZcQz-0008Kw-U9; Wed, 30 Mar 2022 19:48:41 +0200
Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1nZcQw-0042A2-8Q; Wed, 30 Mar 2022 19:48:40 +0200
Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1nZcQx-00GpJS-Lg; Wed, 30 Mar 2022 19:48:39 +0200
Date: Wed, 30 Mar 2022 19:48:39 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Christian Melki <christian.melki@t2data.com>
Message-ID: <YkSX95RmYJcO1ppd@pengutronix.de>
Mail-Followup-To: Christian Melki <christian.melki@t2data.com>,
 ptxdist@pengutronix.de
References: <20220330132539.3414144-1-christian.melki@t2data.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20220330132539.3414144-1-christian.melki@t2data.com>
X-Sent-From: Pengutronix Hildesheim
X-URL: http://www.pengutronix.de/
X-IRC: #ptxdist @freenode
X-Accept-Language: de,en
X-Accept-Content-Type: text/plain
Subject: Re: [ptxdist] [PATCH] openssh: Version bump. v8.8p1 -> v8.9p1
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

On Wed, Mar 30, 2022 at 03:25:39PM +0200, Christian Melki wrote:
> Security miss, integer overflow in the user auth path.
> Not exploitable due to privsep.
> 
> * Update license. md5crypt removed, bcrypt relicensed.
> 4-Clause license removed.
> * Minor spelling fixes in the license file.
> * Remove configure option due to the removal of md5crypt.

Fails to build here with:

ssherr.c: In function 'ssh_err':
ssherr.c:151:1: sorry, unimplemented: '-fzero-call-used-regs' not supported on this target
make: *** [Makefile:200: ssherr.o] Error 1

The stange thing is there is a configure check for it that that one
succeeds:

checking if arm-v7a-linux-gnueabihf-gcc supports compile flag -fzero-call-used-regs=all... yes

Michael

> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  rules/openssh.make | 11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/rules/openssh.make b/rules/openssh.make
> index c801d8a6a..8f48e426e 100644
> --- a/rules/openssh.make
> +++ b/rules/openssh.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSSH) += openssh
>  #
>  # Paths and names
>  #
> -OPENSSH_VERSION	:= 8.8p1
> -OPENSSH_MD5	:= 8ce5f390958baeeab635aafd0ef41453
> +OPENSSH_VERSION	:= 8.9p1
> +OPENSSH_MD5	:= f33910174f0af52491277211e2b105bb
>  OPENSSH		:= openssh-$(OPENSSH_VERSION)
>  OPENSSH_SUFFIX	:= tar.gz
>  OPENSSH_URL	:= \
> @@ -25,8 +25,8 @@ OPENSSH_URL	:= \
>  
>  OPENSSH_SOURCE	:= $(SRCDIR)/$(OPENSSH).$(OPENSSH_SUFFIX)
>  OPENSSH_DIR	:= $(BUILDDIR)/$(OPENSSH)
> -OPENSSH_LICENSE	:= BSD AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND MIT AND Beerware AND ISC
> -OPENSSH_LICENSE_FILES := file://LICENCE;md5=d9d2753bdef9f19466dc7bc959114b11
> +OPENSSH_LICENSE	:= BSD AND BSD-2-Clause AND BSD-3-Clause AND MIT AND Beerware AND ISC
> +OPENSSH_LICENSE_FILES := file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> @@ -78,8 +78,7 @@ OPENSSH_CONF_OPT	:= \
>  	--with-privsep-user=sshd \
>  	--with-sandbox=$(OPENSSH_SANDBOX-y) \
>  	--$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \
> -	--with-privsep-path=/var/run/sshd \
> -	--without-md5-passwords
> +	--with-privsep-path=/var/run/sshd
>  
>  # ----------------------------------------------------------------------------
>  # Target-Install
> -- 
> 2.32.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de