Please refer to https://www.openssh.com/txt/release-8.2 for release announcements. Since glibc < 2.31 is used, no additional patching was required in order to restore correct login functionality.
Cc: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/rootfiles/common/openssh | 2 ++ lfs/openssh | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index b41190a47..f2f8ea6c5 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper +usr/lib/openssh/ssh-sk-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 @@ -35,4 +36,5 @@ usr/sbin/sshd #usr/share/man/man8/sftp-server.8 #usr/share/man/man8/ssh-keysign.8 #usr/share/man/man8/ssh-pkcs11-helper.8 +#usr/share/man/man8/ssh-sk-helper.8 #usr/share/man/man8/sshd.8 diff --git a/lfs/openssh b/lfs/openssh index 64e72d654..68a7d63cd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.1p1 +VER = 8.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0 +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 21 Mar 2020, at 20:08, Peter Müller peter.mueller@ipfire.org wrote:
Please refer to https://www.openssh.com/txt/release-8.2 for release announcements. Since glibc < 2.31 is used, no additional patching was required in order to restore correct login functionality.
Cc: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/common/openssh | 2 ++ lfs/openssh | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index b41190a47..f2f8ea6c5 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper +usr/lib/openssh/ssh-sk-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 @@ -35,4 +36,5 @@ usr/sbin/sshd #usr/share/man/man8/sftp-server.8 #usr/share/man/man8/ssh-keysign.8 #usr/share/man/man8/ssh-pkcs11-helper.8 +#usr/share/man/man8/ssh-sk-helper.8 #usr/share/man/man8/sshd.8 diff --git a/lfs/openssh b/lfs/openssh index 64e72d654..68a7d63cd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.1p1 +VER = 8.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0 +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
-- 2.16.4
We need the patches for glibc-2.31 because this update is also planned.
Michael has already send the patches but I have not pushed this yet because at least netsnmpd fails.
Arne
Am 2020-03-21 21:08, schrieb Peter Müller:
Please refer to https://www.openssh.com/txt/release-8.2 for release announcements. Since glibc < 2.31 is used, no additional patching was required in order to restore correct login functionality.
Cc: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/common/openssh | 2 ++ lfs/openssh | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index b41190a47..f2f8ea6c5 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper +usr/lib/openssh/ssh-sk-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 @@ -35,4 +36,5 @@ usr/sbin/sshd #usr/share/man/man8/sftp-server.8 #usr/share/man/man8/ssh-keysign.8 #usr/share/man/man8/ssh-pkcs11-helper.8 +#usr/share/man/man8/ssh-sk-helper.8 #usr/share/man/man8/sshd.8 diff --git a/lfs/openssh b/lfs/openssh index 64e72d654..68a7d63cd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@
############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.1p1 +VER = 8.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0 +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
Hello Arne,
to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based login is possible in a testing VM using a clean build of the next branch with this patch applied.
Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it).
In my opinion, this patch can be merged straight away.
Thanks, and best regards, Peter Müller
We need the patches for glibc-2.31 because this update is also planned.
Michael has already send the patches but I have not pushed this yet because at least netsnmpd fails.
Arne
Am 2020-03-21 21:08, schrieb Peter Müller:
Please refer to https://www.openssh.com/txt/release-8.2 for release announcements. Since glibc < 2.31 is used, no additional patching was required in order to restore correct login functionality.
Cc: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/common/openssh | 2 ++ lfs/openssh | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index b41190a47..f2f8ea6c5 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper +usr/lib/openssh/ssh-sk-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 @@ -35,4 +36,5 @@ usr/sbin/sshd #usr/share/man/man8/sftp-server.8 #usr/share/man/man8/ssh-keysign.8 #usr/share/man/man8/ssh-pkcs11-helper.8 +#usr/share/man/man8/ssh-sk-helper.8 #usr/share/man/man8/sshd.8 diff --git a/lfs/openssh b/lfs/openssh index 64e72d654..68a7d63cd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.1p1 +VER = 8.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0 +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
Great!
Thanks for testing and the feedback.
-Michael
On 24 Mar 2020, at 13:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello Arne,
to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based login is possible in a testing VM using a clean build of the next branch with this patch applied.
Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it).
In my opinion, this patch can be merged straight away.
Thanks, and best regards, Peter Müller
We need the patches for glibc-2.31 because this update is also planned.
Michael has already send the patches but I have not pushed this yet because at least netsnmpd fails.
Arne
Am 2020-03-21 21:08, schrieb Peter Müller:
Please refer to https://www.openssh.com/txt/release-8.2 for release announcements. Since glibc < 2.31 is used, no additional patching was required in order to restore correct login functionality.
Cc: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/common/openssh | 2 ++ lfs/openssh | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index b41190a47..f2f8ea6c5 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -21,6 +21,7 @@ usr/bin/ssh-keyscan usr/lib/openssh/sftp-server usr/lib/openssh/ssh-keysign usr/lib/openssh/ssh-pkcs11-helper +usr/lib/openssh/ssh-sk-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 @@ -35,4 +36,5 @@ usr/sbin/sshd #usr/share/man/man8/sftp-server.8 #usr/share/man/man8/ssh-keysign.8 #usr/share/man/man8/ssh-pkcs11-helper.8 +#usr/share/man/man8/ssh-sk-helper.8 #usr/share/man/man8/sshd.8 diff --git a/lfs/openssh b/lfs/openssh index 64e72d654..68a7d63cd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@
############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.1p1 +VER = 8.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 513694343631a99841e815306806edf0 +$(DL_FILE)_MD5 = 3076e6413e8dbe56d33848c1054ac091
install : $(TARGET)
Am 2020-03-24 14:18, schrieb Peter Müller:
Hello Arne,
to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based login is possible in a testing VM using a clean build of the next branch with this patch applied.
Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it).
In my opinion, this patch can be merged straight away.
But i can reproduce it. OpenSSH 8.2p1 doesn't ask for the credentials and simple close the connection on i586.
Tested as update and on a new i586 flashimage
I think i have to revert it...
Arne
Hi,
Arne and I just wasted an hour on trying to figure out why.
The getpeername() syscall seems to fail. It is not included in the seccomp filter, but adding it does not seem to be enough.
Maybe someone can find the time to file a bug upstream. Otherwise we have to wait for a new release.
Best, -Michael
On 9 Apr 2020, at 17:51, Arne Fitzenreiter arne_f@ipfire.org wrote:
Am 2020-03-24 14:18, schrieb Peter Müller:
Hello Arne, to my surprise, OpenSSH 8.2p1 works fine against glibc 2.31, too. Password-based login is possible in a testing VM using a clean build of the next branch with this patch applied. Whatever it was Marcel stumbled across, I cannot reproduce it (or do not see it). In my opinion, this patch can be merged straight away.
But i can reproduce it. OpenSSH 8.2p1 doesn't ask for the credentials and simple close the connection on i586.
Tested as update and on a new i586 flashimage
I think i have to revert it...
Arne
-
Arne Fitzenreiter -
Michael Tremer -
Peter Müller