Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 770916

Summary: net-misc/dropbear-2020.81-r2 stabilization request
Product: Gentoo Linux Reporter: David Duchesne <aether>
Component: StabilizationAssignee: Embedded Gentoo Team <embedded>
Status: RESOLVED FIXED    
Severity: normal CC: ionen, sam
Priority: Normal Keywords: CC-ARCHES, PullRequest
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/19547
Whiteboard:
Package list:
net-misc/dropbear-2020.81-r2
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 762907    

Description David Duchesne 2021-02-16 09:52:04 UTC 
Please stabilize net-misc/dropbear-2020.81-r2

2020.81 - 29 October 2020

- Fix regression in 2020.79 which prevented connecting with some SSH 
  implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log 
  message if the limit is hit. This fixes interoperability with sshj 
  library (used by PyCharm), and GoAnywhere.
  Reported by Pirmin Walthert and Piotr Jurkiewicz

- Fix building with non-GCC compilers, reported by Kazuo Kuroi

- Fix potential long delay in dbclient, found by OSS Fuzz

- Fix null pointer dereference crash, found by OSS Fuzz

- libtommath now uses the same random source as Dropbear (in 2020.79 
  and 2020.80 used getrandom() separately)

- Some fuzzing improvements, start of a dbclient fuzzer

thanks
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-16 21:41:53 UTC 
It's only _just_ turning ready - on 17th January, I fixed the debundling of libtom. But sure.
Comment 2 David Duchesne 2021-02-16 22:44:50 UTC 
(In reply to Sam James from comment #1)
> It's only _just_ turning ready - on 17th January, I fixed the debundling of
> libtom. But sure.

There is no hurry indeed. I've thought it would be good since 2020.80 fails to build with gcc 10.x.x, I forgot to mention it.
Around gcc 10 stabilization then maybe ?

On a side note, I'm very pleased that almost all my packages are building fine with gcc 10, I wanted to try it a bit early.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-17 00:07:02 UTC 
arm done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-17 00:09:11 UTC 
s390 done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-18 17:13:24 UTC 
amd64 done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-18 23:25:23 UTC 
x86 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-19 16:22:23 UTC 
arm64 done

all arches done
Comment 8 Larry the Git Cow gentoo-dev 2021-02-19 18:59:56 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de1710d22934f8a96d3f2f4dfb9746548c2244ae

commit de1710d22934f8a96d3f2f4dfb9746548c2244ae
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2021-02-19 18:59:39 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-19 18:59:39 +0000

    net-misc/dropbear: Remove old
    
    Bug: https://bugs.gentoo.org/770916
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Signed-off-by: David Seifert <soap@gentoo.org>

 net-misc/dropbear/Manifest                   |   1 -
 net-misc/dropbear/dropbear-2020.80-r2.ebuild | 112 ---------------------------
 2 files changed, 113 deletions(-)