-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkg/debug: update openssh to version 9.8p1 #4042
pkg/debug: update openssh to version 9.8p1 #4042
Conversation
b45b0d0
to
61bb801
Compare
Any indication when Alpine might have a fix? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@christoph-zededa , please, check first all patches from Alpine package and see if they already applied to the version you are fetching....
[Edited: Updates below]
Latest version tagged yesterday:
https://pkgs.alpinelinux.org/package/edge/main/x86_64/openssh#
here is the repo for this version (notice that there is no CVE patches, so sources must be updated. However, there are still some custom patches):
https://git.alpinelinux.org/aports/tree/main/openssh?h=master
https://git.alpinelinux.org/aports/commit/?id=e4bc62018e1fcd89bfa14970d0cd501502e816a5
FWIW, here is an example on how to build Alpine packages from Dockerfile: https://github.com/lf-edge/eve/blob/master/pkg/cross-compilers/Dockerfile |
Hard to say. |
@christoph-zededa , you can try to build the latest package from edge, the one I pointed in the comments... it's using 9.7p1 but you can try to bump to 9.8p1... |
But they didn't update the version in their git repository either ...
|
See #4042 (comment) |
There is a ticket from @famleebob #3994 regarding alpine upgrade. Also cc @shjala |
f8388b5
to
e86e7e8
Compare
@rouming that would be great, but I it seems they didn't update it: #4042 (comment) |
I also found sshd service starting with SOME docker-compose file: Line 174 in 0ee0516
Do we know if the file is used by any part of the system?... |
@OhmSpectator , this file is used for |
@christoph-zededa , I still wondering about this patch:
|
TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit :-( |
We should replace this message with something like "NO MORE BUILDS, FEIERABEND!" |
Maybe this will help: #4043 |
6cf2caa
to
e527c39
Compare
e527c39
to
f519477
Compare
LGTM |
Should this be also backported to LTS versions, i.e. have the "stable" label? |
@@ -63,13 +63,54 @@ ADD https://github.com/pixel/hexedit/archive/refs/tags/1.5.tar.gz ../1.5.tar.gz | |||
RUN tar -C .. -xzvf ../1.5.tar.gz | |||
RUN ./autogen.sh && ./configure && make DESTDIR=/out install | |||
|
|||
WORKDIR /usr/src | |||
ADD https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz /usr/src |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sig verify is appreciated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome!
f519477
to
966e7cc
Compare
according to https://fosstodon.org/@musl/112711796005712271 it should "only" be a deadlock for us for more information about CVE-2024-6387 see also https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt Signed-off-by: Christoph Ostarek <christoph@zededa.com>
Signed-off-by: Christoph Ostarek <christoph@zededa.com>
966e7cc
to
171b425
Compare
according to https://fosstodon.org/@musl/112711796005712271 it should "only" be a deadlock for us
for more information about CVE-2024-6387 see also
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt