From: Christian Melki <christian.melki@t2data.com>
To: Roland Hieber <rhi@pengutronix.de>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v3] openssh: Version bump. v8.8p1 -> v8.9p1
Date: Mon, 4 Apr 2022 13:01:26 +0200 [thread overview]
Message-ID: <bd729b8c-a220-c2ef-40bf-24d54c0746e7@t2data.com> (raw)
In-Reply-To: <20220404104552.3rh5cv6ho7ywzidi@pengutronix.de>
On 4/4/22 12:45 PM, Roland Hieber wrote:
> On Wed, Mar 30, 2022 at 10:17:06PM +0200, Christian Melki wrote:
>> Security miss, integer overflow in the user auth path.
>> Not exploitable due to privsep.
>>
>> * Update license. md5crypt removed, bcrypt relicensed.
>> 4-Clause license removed.
>> * Minor spelling fixes in the license file.
>> * Remove configure option due to the removal of md5crypt.
>> * Add patch to improve detection of -fzero-call-used-regs=all on arm.
>> * Add rerun of autotools since patch touces m4 files.
>>
>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>> ...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++
>> patches/openssh-8.9p1/autogen.sh | 1 +
>> patches/openssh-8.9p1/series | 4 +++
>
> I guess rules/openssh.make is the same as in v2?
>
> - Roland
>
Yes, the only addition in v3 being the regeneration of autoconf stuff
due to touching m4 files. Hence the last comment.
I missed that one in v2 after I added the patch.
I haven't been able to reproduce the actual error Mol triggered, but the
fix seems to target precisely that issue, so I was hoping it fixed his
build errors on ARM.
>> 3 files changed, 36 insertions(+)
>> create mode 100644 patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> create mode 120000 patches/openssh-8.9p1/autogen.sh
>> create mode 100644 patches/openssh-8.9p1/series
>>
>> diff --git a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> new file mode 100644
>> index 000000000..70b075ae7
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> @@ -0,0 +1,31 @@
>> +From: Colin Watson <cjwatson@debian.org>
>> +Date: Thu, 24 Feb 2022 16:04:18 +0000
>> +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
>> +
>> +GCC doesn't tell us whether this option is supported unless it runs into
>> +the situation where it would need to emit corresponding code.
>> +---
>> + m4/openssh.m4 | 3 +++
>> + 1 file changed, 3 insertions(+)
>> +
>> +diff --git a/m4/openssh.m4 b/m4/openssh.m4
>> +index 4f9c3792dc17..8c33c701b8b4 100644
>> +--- a/m4/openssh.m4
>> ++++ b/m4/openssh.m4
>> +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
>> + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
>> + #include <stdlib.h>
>> + #include <stdio.h>
>> ++/* Trivial function to help test for -fzero-call-used-regs */
>> ++void f(int n) {}
>> + int main(int argc, char **argv) {
>> + (void)argv;
>> + /* Some math to catch -ftrapv problems in the toolchain */
>> +@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
>> + float l = i * 2.1;
>> + double m = l / 0.5;
>> + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
>> ++ f(0);
>> + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
>> + /*
>> + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
>> diff --git a/patches/openssh-8.9p1/autogen.sh b/patches/openssh-8.9p1/autogen.sh
>> new file mode 120000
>> index 000000000..9f8a4cb7d
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/autogen.sh
>> @@ -0,0 +1 @@
>> +../autogen.sh
>> \ No newline at end of file
>> diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
>> new file mode 100644
>> index 000000000..eb319a82b
>> --- /dev/null
>> +++ b/patches/openssh-8.9p1/series
>> @@ -0,0 +1,4 @@
>> +# generated by git-ptx-patches
>> +#tag:base --start-number 1
>> +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>> +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
>> --
>> 2.32.0
>>
>>
>> _______________________________________________
>> ptxdist mailing list
>> ptxdist@pengutronix.de
>> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>>
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
next prev parent reply other threads:[~2022-04-04 11:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 20:17 Christian Melki
2022-04-04 10:45 ` Roland Hieber
2022-04-04 11:01 ` Christian Melki [this message]
2022-04-08 13:35 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bd729b8c-a220-c2ef-40bf-24d54c0746e7@t2data.com \
--to=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
--cc=rhi@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox