* [PATCH] OpenSSH: update to 8.2p1
@ 2020-03-21 20:08 Peter Müller
2020-03-22 9:24 ` Michael Tremer
2020-03-22 15:52 ` Arne Fitzenreiter
0 siblings, 2 replies; 7+ messages in thread
From: Peter Müller @ 2020-03-21 20:08 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2267 bytes --]
Please refer to https://www.openssh.com/txt/release-8.2 for release
announcements. Since glibc < 2.31 is used, no additional patching was
required in order to restore correct login functionality.
Cc: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/common/openssh | 2 ++
lfs/openssh | 6 +++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index b41190a47..f2f8ea6c5 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -21,6 +21,7 @@ usr/bin/ssh-keyscan
usr/lib/openssh/sftp-server
usr/lib/openssh/ssh-keysign
usr/lib/openssh/ssh-pkcs11-helper
+usr/lib/openssh/ssh-sk-helper
usr/sbin/sshd
#usr/share/man/man1/scp.1
#usr/share/man/man1/sftp.1
@@ -35,4 +36,5 @@ usr/sbin/sshd
#usr/share/man/man8/sftp-server.8
#usr/share/man/man8/ssh-keysign.8
#usr/share/man/man8/ssh-pkcs11-helper.8
+#usr/share/man/man8/ssh-sk-helper.8
#usr/share/man/man8/sshd.8
diff --git a/lfs/openssh b/lfs/openssh
index 64e72d654..68a7d63cd 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 8.1p1
+VER = 8.2p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0
+$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
--
2.16.4
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-03-21 20:08 [PATCH] OpenSSH: update to 8.2p1 Peter Müller
@ 2020-03-22 9:24 ` Michael Tremer
2020-03-22 15:52 ` Arne Fitzenreiter
1 sibling, 0 replies; 7+ messages in thread
From: Michael Tremer @ 2020-03-22 9:24 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2506 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 21 Mar 2020, at 20:08, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Please refer to https://www.openssh.com/txt/release-8.2 for release
> announcements. Since glibc < 2.31 is used, no additional patching was
> required in order to restore correct login functionality.
>
> Cc: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/rootfiles/common/openssh | 2 ++
> lfs/openssh | 6 +++---
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
> index b41190a47..f2f8ea6c5 100644
> --- a/config/rootfiles/common/openssh
> +++ b/config/rootfiles/common/openssh
> @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan
> usr/lib/openssh/sftp-server
> usr/lib/openssh/ssh-keysign
> usr/lib/openssh/ssh-pkcs11-helper
> +usr/lib/openssh/ssh-sk-helper
> usr/sbin/sshd
> #usr/share/man/man1/scp.1
> #usr/share/man/man1/sftp.1
> @@ -35,4 +36,5 @@ usr/sbin/sshd
> #usr/share/man/man8/sftp-server.8
> #usr/share/man/man8/ssh-keysign.8
> #usr/share/man/man8/ssh-pkcs11-helper.8
> +#usr/share/man/man8/ssh-sk-helper.8
> #usr/share/man/man8/sshd.8
> diff --git a/lfs/openssh b/lfs/openssh
> index 64e72d654..68a7d63cd 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 8.1p1
> +VER = 8.2p1
>
> THISAPP = openssh-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0
> +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
>
> install : $(TARGET)
>
> --
> 2.16.4
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-03-21 20:08 [PATCH] OpenSSH: update to 8.2p1 Peter Müller
2020-03-22 9:24 ` Michael Tremer
@ 2020-03-22 15:52 ` Arne Fitzenreiter
2020-03-24 13:18 ` Peter Müller
1 sibling, 1 reply; 7+ messages in thread
From: Arne Fitzenreiter @ 2020-03-22 15:52 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2636 bytes --]
We need the patches for glibc-2.31 because this update is also planned.
Michael has already send the patches but I have not pushed this yet
because
at least netsnmpd fails.
Arne
Am 2020-03-21 21:08, schrieb Peter Müller:
> Please refer to https://www.openssh.com/txt/release-8.2 for release
> announcements. Since glibc < 2.31 is used, no additional patching was
> required in order to restore correct login functionality.
>
> Cc: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/rootfiles/common/openssh | 2 ++
> lfs/openssh | 6 +++---
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/config/rootfiles/common/openssh
> b/config/rootfiles/common/openssh
> index b41190a47..f2f8ea6c5 100644
> --- a/config/rootfiles/common/openssh
> +++ b/config/rootfiles/common/openssh
> @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan
> usr/lib/openssh/sftp-server
> usr/lib/openssh/ssh-keysign
> usr/lib/openssh/ssh-pkcs11-helper
> +usr/lib/openssh/ssh-sk-helper
> usr/sbin/sshd
> #usr/share/man/man1/scp.1
> #usr/share/man/man1/sftp.1
> @@ -35,4 +36,5 @@ usr/sbin/sshd
> #usr/share/man/man8/sftp-server.8
> #usr/share/man/man8/ssh-keysign.8
> #usr/share/man/man8/ssh-pkcs11-helper.8
> +#usr/share/man/man8/ssh-sk-helper.8
> #usr/share/man/man8/sshd.8
> diff --git a/lfs/openssh b/lfs/openssh
> index 64e72d654..68a7d63cd 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -1,7 +1,7 @@
>
> ###############################################################################
> #
> #
> # IPFire.org - A linux based firewall
> #
> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
> #
> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org>
> #
> #
> #
> # This program is free software: you can redistribute it and/or modify
> #
> # it under the terms of the GNU General Public License as published by
> #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 8.1p1
> +VER = 8.2p1
>
> THISAPP = openssh-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0
> +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
>
> install : $(TARGET)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-03-22 15:52 ` Arne Fitzenreiter
@ 2020-03-24 13:18 ` Peter Müller
2020-03-24 14:29 ` Michael Tremer
2020-04-09 16:51 ` Arne Fitzenreiter
0 siblings, 2 replies; 7+ messages in thread
From: Peter Müller @ 2020-03-24 13:18 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3367 bytes --]
Hello Arne,
to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based
login is possible in a testing VM using a clean build of the next branch with this
patch applied.
Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it).
In my opinion, this patch can be merged straight away.
Thanks, and best regards,
Peter Müller
> We need the patches for glibc-2.31 because this update is also planned.
>
> Michael has already send the patches but I have not pushed this yet because
> at least netsnmpd fails.
>
> Arne
>
>
> Am 2020-03-21 21:08, schrieb Peter Müller:
>> Please refer to https://www.openssh.com/txt/release-8.2 for release
>> announcements. Since glibc < 2.31 is used, no additional patching was
>> required in order to restore correct login functionality.
>>
>> Cc: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> config/rootfiles/common/openssh | 2 ++
>> lfs/openssh | 6 +++---
>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
>> index b41190a47..f2f8ea6c5 100644
>> --- a/config/rootfiles/common/openssh
>> +++ b/config/rootfiles/common/openssh
>> @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan
>> usr/lib/openssh/sftp-server
>> usr/lib/openssh/ssh-keysign
>> usr/lib/openssh/ssh-pkcs11-helper
>> +usr/lib/openssh/ssh-sk-helper
>> usr/sbin/sshd
>> #usr/share/man/man1/scp.1
>> #usr/share/man/man1/sftp.1
>> @@ -35,4 +36,5 @@ usr/sbin/sshd
>> #usr/share/man/man8/sftp-server.8
>> #usr/share/man/man8/ssh-keysign.8
>> #usr/share/man/man8/ssh-pkcs11-helper.8
>> +#usr/share/man/man8/ssh-sk-helper.8
>> #usr/share/man/man8/sshd.8
>> diff --git a/lfs/openssh b/lfs/openssh
>> index 64e72d654..68a7d63cd 100644
>> --- a/lfs/openssh
>> +++ b/lfs/openssh
>> @@ -1,7 +1,7 @@
>>
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER = 8.1p1
>> +VER = 8.2p1
>>
>> THISAPP = openssh-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0
>> +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
>>
>> install : $(TARGET)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-03-24 13:18 ` Peter Müller
@ 2020-03-24 14:29 ` Michael Tremer
2020-04-09 16:51 ` Arne Fitzenreiter
1 sibling, 0 replies; 7+ messages in thread
From: Michael Tremer @ 2020-03-24 14:29 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3312 bytes --]
Great!
Thanks for testing and the feedback.
-Michael
> On 24 Mar 2020, at 13:18, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello Arne,
>
> to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based
> login is possible in a testing VM using a clean build of the next branch with this
> patch applied.
>
> Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it).
>
> In my opinion, this patch can be merged straight away.
>
> Thanks, and best regards,
> Peter Müller
>
>
>> We need the patches for glibc-2.31 because this update is also planned.
>>
>> Michael has already send the patches but I have not pushed this yet because
>> at least netsnmpd fails.
>>
>> Arne
>>
>>
>> Am 2020-03-21 21:08, schrieb Peter Müller:
>>> Please refer to https://www.openssh.com/txt/release-8.2 for release
>>> announcements. Since glibc < 2.31 is used, no additional patching was
>>> required in order to restore correct login functionality.
>>>
>>> Cc: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
>>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>>> ---
>>> config/rootfiles/common/openssh | 2 ++
>>> lfs/openssh | 6 +++---
>>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
>>> index b41190a47..f2f8ea6c5 100644
>>> --- a/config/rootfiles/common/openssh
>>> +++ b/config/rootfiles/common/openssh
>>> @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan
>>> usr/lib/openssh/sftp-server
>>> usr/lib/openssh/ssh-keysign
>>> usr/lib/openssh/ssh-pkcs11-helper
>>> +usr/lib/openssh/ssh-sk-helper
>>> usr/sbin/sshd
>>> #usr/share/man/man1/scp.1
>>> #usr/share/man/man1/sftp.1
>>> @@ -35,4 +36,5 @@ usr/sbin/sshd
>>> #usr/share/man/man8/sftp-server.8
>>> #usr/share/man/man8/ssh-keysign.8
>>> #usr/share/man/man8/ssh-pkcs11-helper.8
>>> +#usr/share/man/man8/ssh-sk-helper.8
>>> #usr/share/man/man8/sshd.8
>>> diff --git a/lfs/openssh b/lfs/openssh
>>> index 64e72d654..68a7d63cd 100644
>>> --- a/lfs/openssh
>>> +++ b/lfs/openssh
>>> @@ -1,7 +1,7 @@
>>>
>>> ###############################################################################
>>> # #
>>> # IPFire.org - A linux based firewall #
>>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>>> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
>>> # #
>>> # This program is free software: you can redistribute it and/or modify #
>>> # it under the terms of the GNU General Public License as published by #
>>> @@ -24,7 +24,7 @@
>>>
>>> include Config
>>>
>>> -VER = 8.1p1
>>> +VER = 8.2p1
>>>
>>> THISAPP = openssh-$(VER)
>>> DL_FILE = $(THISAPP).tar.gz
>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>
>>> -$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0
>>> +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
>>>
>>> install : $(TARGET)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-03-24 13:18 ` Peter Müller
2020-03-24 14:29 ` Michael Tremer
@ 2020-04-09 16:51 ` Arne Fitzenreiter
2020-04-09 20:58 ` Michael Tremer
1 sibling, 1 reply; 7+ messages in thread
From: Arne Fitzenreiter @ 2020-04-09 16:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 598 bytes --]
Am 2020-03-24 14:18, schrieb Peter Müller:
> Hello Arne,
>
> to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too.
> Password-based
> login is possible in a testing VM using a clean build of the next
> branch with this
> patch applied.
>
> Whatever it was Marcel stumbled across, I cannot reproduce it (or do
> not see it).
>
> In my opinion, this patch can be merged straight away.
But i can reproduce it. OpenSSH 8.2p1 doesn't ask for the credentials
and simple close the connection on i586.
Tested as update and on a new i586 flashimage
I think i have to revert it...
Arne
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] OpenSSH: update to 8.2p1
2020-04-09 16:51 ` Arne Fitzenreiter
@ 2020-04-09 20:58 ` Michael Tremer
0 siblings, 0 replies; 7+ messages in thread
From: Michael Tremer @ 2020-04-09 20:58 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]
Hi,
Arne and I just wasted an hour on trying to figure out why.
The getpeername() syscall seems to fail. It is not included in the seccomp filter, but adding it does not seem to be enough.
Maybe someone can find the time to file a bug upstream. Otherwise we have to wait for a new release.
Best,
-Michael
> On 9 Apr 2020, at 17:51, Arne Fitzenreiter <arne_f(a)ipfire.org> wrote:
>
> Am 2020-03-24 14:18, schrieb Peter Müller:
>> Hello Arne,
>> to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based
>> login is possible in a testing VM using a clean build of the next
>> branch with this
>> patch applied.
>> Whatever it was Marcel stumbled across, I cannot reproduce it (or do
>> not see it).
>> In my opinion, this patch can be merged straight away.
>
> But i can reproduce it. OpenSSH 8.2p1 doesn't ask for the credentials and simple close the connection on i586.
>
> Tested as update and on a new i586 flashimage
>
> I think i have to revert it...
>
> Arne
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-04-09 20:58 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-21 20:08 [PATCH] OpenSSH: update to 8.2p1 Peter Müller
2020-03-22 9:24 ` Michael Tremer
2020-03-22 15:52 ` Arne Fitzenreiter
2020-03-24 13:18 ` Peter Müller
2020-03-24 14:29 ` Michael Tremer
2020-04-09 16:51 ` Arne Fitzenreiter
2020-04-09 20:58 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox