On Wed, Mar 30, 2022 at 10:17:06PM +0200, Christian Melki wrote:
> Security miss, integer overflow in the user auth path.
> Not exploitable due to privsep.
>
> * Update license. md5crypt removed, bcrypt relicensed.
> 4-Clause license removed.
> * Minor spelling fixes in the license file.
> * Remove configure option due to the removal of md5crypt.
> * Add patch to improve detection of -fzero-call-used-regs=all on arm.
> * Add rerun of autotools since patch touces m4 files.
>
> Signed-off-by: Christian Melki <christian.me...@t2data.com>
> ---
> ...n-of-fzero-call-used-regs-all-suppor.patch | 31 +++++++++++++++++++
> patches/openssh-8.9p1/autogen.sh | 1 +
> patches/openssh-8.9p1/series | 4 +++
I guess rules/openssh.make is the same as in v2?
- Roland
> 3 files changed, 36 insertions(+)
> create mode 100644
> patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> create mode 120000 patches/openssh-8.9p1/autogen.sh
> create mode 100644 patches/openssh-8.9p1/series
>
> diff --git
> a/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
>
> b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> new file mode 100644
> index 000000000..70b075ae7
> --- /dev/null
> +++
> b/patches/openssh-8.9p1/0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> @@ -0,0 +1,31 @@
> +From: Colin Watson <cjwat...@debian.org>
> +Date: Thu, 24 Feb 2022 16:04:18 +0000
> +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
> +
> +GCC doesn't tell us whether this option is supported unless it runs into
> +the situation where it would need to emit corresponding code.
> +---
> + m4/openssh.m4 | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/m4/openssh.m4 b/m4/openssh.m4
> +index 4f9c3792dc17..8c33c701b8b4 100644
> +--- a/m4/openssh.m4
> ++++ b/m4/openssh.m4
> +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
> + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
> + #include <stdlib.h>
> + #include <stdio.h>
> ++/* Trivial function to help test for -fzero-call-used-regs */
> ++void f(int n) {}
> + int main(int argc, char **argv) {
> + (void)argv;
> + /* Some math to catch -ftrapv problems in the toolchain */
> +@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
> + float l = i * 2.1;
> + double m = l / 0.5;
> + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
> ++ f(0);
> + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
> + /*
> + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
> diff --git a/patches/openssh-8.9p1/autogen.sh
> b/patches/openssh-8.9p1/autogen.sh
> new file mode 120000
> index 000000000..9f8a4cb7d
> --- /dev/null
> +++ b/patches/openssh-8.9p1/autogen.sh
> @@ -0,0 +1 @@
> +../autogen.sh
> \ No newline at end of file
> diff --git a/patches/openssh-8.9p1/series b/patches/openssh-8.9p1/series
> new file mode 100644
> index 000000000..eb319a82b
> --- /dev/null
> +++ b/patches/openssh-8.9p1/series
> @@ -0,0 +1,4 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
> +# 35e561a03b8e1fd58ce4b40b565cdd3f - git-ptx-patches magic
> --
> 2.32.0
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to
> ptxdist-requ...@pengutronix.de
>
--
Roland Hieber, Pengutronix e.K. | r.hie...@pengutronix.de |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to
ptxdist-requ...@pengutronix.de
