Summary: | net-misc/openssh-6.6.1[hpn] interferes with curve25519 kex | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | mancha <mancha1> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | greg_g, whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 524662 | ||
Bug Blocks: | |||
Attachments: | ebuild: fix hpn curve25519 conflict |
Description
mancha
2014-09-28 17:29:50 UTC
Thanks for the bug. Did you inform the people responsible for the hpn patches as well? I doubt we can simply go and assign a new value for SSH_BUG_LARGEWINDOW by ourselves. Imagine others would do the same and do not use the same value... Lars, you maybe want to set the value to "0x80000000": https://github.com/freebsd/freebsd/commit/e1e5f20b8815dab6b04e73d6ba98044da9075bbc Created attachment 385692 [details, diff]
ebuild: fix hpn curve25519 conflict
(In reply to Lars Wendler (Polynomial-C) from comment #1) > Thanks for the bug. Did you inform the people responsible for the hpn > patches as well? I doubt we can simply go and assign a new value for > SSH_BUG_LARGEWINDOW by ourselves. Imagine others would do the same and do > not use the same value... The bugzilla was down or I'd have answered sooner. I didn't report this to HPN but I checked their site and they support up through OpenSSH 6.6p1 (last upstream release). They might not be aware there was an official OOB hotfix that bumped things up to 6.6.1p1 and introduced SSH_BUG_CURVE25519PAD. I'll leave it up to Gentoo to decide how it wants to fix its broken package: a) lobby HPN for a patch against a hotfixed OpenSSH or b) fix it in-house. If you go with b), the attached diff to the ebuild will do. There's no reason to worry about others changing the flag to something else. --mancha net-misc/openssh-6.6.1_p1-r4 is now in the tree trying to address this bug. Unfortunately I set the value of SSH_BUG_LARGEWINDOW to 0x20000000 before I saw comment #2. As a result I now sent a mail to the hpn devs asking for their help/input. Let's keep this bug open until I got reply from them. Your change is fine as is. The commit referenced in comment #2 chose to leave space for two possible future flag additions by OpenSSH. OpenSSH hotfixes occur once every 143 years so the next time a flag might be added is with a release (say 6.7p1). When this happens HPN will have to re-base its patch anyways. I wouldn't over-think this. The issue is solved. --mancha Hello, I write here to report that there is a problem when getting the patch from the mirrors, the updated patch isn't actually picked up: From /usr/portage/net-misc/openssh/Manifest: ... openssh-6.6.1p1-hpnssh14v5.diff.xz 20952 SHA256 fe31dfbc934be7c7c07ddcd2aef01083c62f225ee8097622aec23d536e118053 ... From Lars' devspace (new version of the patch, from Sep 28): $ wget http://dev.gentoo.org/~polynomial-c/openssh-6.6.1p1-hpnssh14v5.diff.xz ... $ sha256sum openssh-6.6.1p1-hpnssh14v5.diff.xz fe31dfbc934be7c7c07ddcd2aef01083c62f225ee8097622aec23d536e118053 openssh-6.6.1p1-hpnssh14v5.diff.xz From mirrors (_old_ version of the patch, from Sep 8): $ wget http://gentoo.osuosl.org/distfiles/openssh-6.6.1p1-hpnssh14v5.diff.xz ... $ sha256sum openssh-6.6.1p1-hpnssh14v5.diff.xz 674de88b158c3b305f720ad86f917be79cd6bd9b47cf33f56b1d92eee9440b8e openssh-6.6.1p1-hpnssh14v5.diff.xz should be fixed in the latest versions |