Hi Alin, I fixed it here: https://github.com/apache/incubator-nuttx/pull/6843
Please test to confirm it work for you before creating RC1. BR, Alan On 8/12/22, alin.jerpe...@sony.com <alin.jerpe...@sony.com> wrote: > Hi Alan, > Thanks for investigating the issue. Did you fix the hash ? Do you retract > your -1 ? > > @Petro Thanks for providing a explanation for the issue > > Best regards > Alin > > -----Original Message----- > From: Alan Carvalho de Assis <acas...@gmail.com> > Sent: den 12 augusti 2022 02:38 > To: dev@nuttx.apache.org > Subject: Re: [VOTE] Apache NuttX 10.4.0 (incubating) RC0 release > > The most important I forgot to say: > > Alin: reverting Petro's commit solves the issue, but is not the solution. > > He fixed the issue, it is just incompatible with old hash. The solution is > to fix the hash. > > BR, > > Alan > > On 8/11/22, Alan Carvalho de Assis <acas...@gmail.com> wrote: >> Hi Petro, >> >> I think we don't want to be compatible with it if it was in fact faulty. >> >> The TEA algorithm by itself has some weakness as people can see here: >> >> https://urldefense.com/v3/__https://en.wikipedia.org/wiki/Tiny_Encrypt >> ion_Algorithm__;!!JmoZiZGBv3RvKRSx!-xb49ukgyjFVAohl5rByBw6U6G89QqC7-aO >> 7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_su8CI-UD$ >> >> "TEA has a few weaknesses. Most notably, it suffers from equivalent >> keys—each key is equivalent to three others, which means that the >> effective key size is only 126 bits.[5] As a result, TEA is especially >> bad as a cryptographic hash function. This weakness led to a method >> for hacking Microsoft's Xbox game console, where the cipher was used >> as a hash function." >> >> We could keep TEA support as an option (maybe for devices that don't >> need strong security) but the default algo could be XTEA or some other >> without known weakness. >> >> Just my 2 cents. >> >> BR, >> >> Alan >> >> On 8/11/22, Petro Karashchenko <petro.karashche...@gmail.com> wrote: >>> The code had an obvious bug when memory was accessed out of bounds. >>> >>> In some of the cases it was accessing zeroes and producing some >>> output, but after my changes it started to work "as designed" and use >>> "space" (not >>> zero) as padding. >>> >>> I'm not sure what is the best way to fix this. Changing padding >>> symbol from "space" to zero should also make decryption working. I >>> really do not know what is the best solution and what is better "to >>> be right" or "to be backward compatible". >>> >>> Best regards, >>> Petro >>> >>> On Thu, Aug 11, 2022, 10:10 PM Alan Carvalho de Assis >>> <acas...@gmail.com> >>> wrote: >>> >>>> ACK >>>> >>>> Strange, the previous email went only to you! >>>> >>>> On 8/11/22, Alin Jerpelea <jerpe...@gmail.com> wrote: >>>> > @Alan Carvalho de Assis <acas...@gmail.com> please confirm that >>>> > works after revert >>>> > >>>> > On Thu, 11 Aug 2022, 20:22 Petro Karashchenko, >>>> > <petro.karashche...@gmail.com> >>>> > wrote: >>>> > >>>> >> Hello Alan, >>>> >> >>>> >> Seems that the root cause is my change >>>> >> https://urldefense.com/v3/__https://github.com/apache/incubator-n >>>> >> uttx-apps/pull/1097__;!!JmoZiZGBv3RvKRSx!-xb49ukgyjFVAohl5rByBw6U >>>> >> 6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_ss9mT39r$ >>>> >> >>>> >> I think that all previously generated passwords need to be >>>> >> re-generated. >>>> >> >>>> >> Best regards, >>>> >> Petro >>>> >> >>>> >> On Thu, Aug 11, 2022, 8:49 PM Alan Carvalho de Assis >>>> >> <acas...@gmail.com >>>> > >>>> >> wrote: >>>> >> >>>> >> > Alin, >>>> >> > >>>> >> > I want to redraw my vote, I found the first regression, so my >>>> >> > vote >>>> >> > is: >>>> >> > >>>> >> > -1 >>>> >> > >>>> >> > Seems like the console login is not working, I'm using user: >>>> >> > admin and >>>> >> > password: Administrator >>>> >> > >>>> >> > $ ./tools/configure.sh sim:nsh >>>> >> > >>>> >> > $ make -j >>>> >> > >>>> >> > $ ./nuttx >>>> >> > login: admin >>>> >> > password: >>>> >> > Invalid username or password >>>> >> > login: admin >>>> >> > password: >>>> >> > Invalid username or password >>>> >> > login: admin >>>> >> > password: >>>> >> > Invalid username or password >>>> >> > Login failed! >>>> >> > >>>> >> > I double checked the /etc/passwd file and it is correct: >>>> >> > >>>> >> > nsh> cat /etc/passwd >>>> >> > admin:8Tv+Hbmr3pLddSjtzL0kwC:0:0:/ >>>> >> > >>>> >> > Please help me to find the offending commit. >>>> >> > >>>> >> > BR, >>>> >> > >>>> >> > Alan >>>> >> > >>>> >> > On 8/8/22, Alin Jerpelea <jerpe...@gmail.com> wrote: >>>> >> > > Hello all, >>>> >> > > Apache NuttX (Incubating) 10.4.0 RC0 has been staged under >>>> >> > > [1] and it's time to vote on accepting it for release. If >>>> >> > > approved we will seek final release approval from the IPMC. >>>> >> > > Voting will be open for 72hr. >>>> >> > > >>>> >> > > A minimum of 3 binding +1 votes and more binding +1 than >>>> >> > > binding >>>> >> > > -1 >>>> >> > > are >>>> >> > > required to pass. >>>> >> > > >>>> >> > > The Apache requirements for approving a release can be found >>>> >> > > here >>>> [3] >>>> >> > > "Before voting +1 [P]PMC members are required to download the >>>> >> > > signed source code package, compile it as provided, and test >>>> >> > > the resulting executable on their own platform, along with >>>> >> > > also verifying that the package meets the requirements of the >>>> >> > > ASF policy on releases." >>>> >> > > >>>> >> > > A document to walk through some of this process has been >>>> >> > > published >>>> on >>>> >> > > our project wiki and can be found here [4]. >>>> >> > > >>>> >> > > [ ] +1 accept (indicate what you validated - e.g. performed >>>> >> > > the non-RM items in [4]) [ ] -1 reject (explanation required) >>>> >> > > >>>> >> > > Thank you all, >>>> >> > > Alin Jerpelea >>>> >> > > >>>> >> > > SCM Information: >>>> >> > > Release tag: nuttx-10.4.0-RC0 >>>> >> > > Hash for the release incubating-nuttx tag: >>>> >> > > dd718e78f70f9350ac648067509672c5051841b9 >>>> >> > > Hash for the release incubating-nuttx-apps tag: >>>> >> > > 8b43f9f9ca30f44c1cccae9a9078d5d45b776d35 >>>> >> > > >>>> >> > > [1] >>>> >> > > https://urldefense.com/v3/__https://dist.apache.org/repos/dis >>>> >> > > t/dev/incubator/nuttx/10.4.0-RC0/__;!!JmoZiZGBv3RvKRSx!-xb49u >>>> >> > > kgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2F >>>> >> > > CiH6_svBrs-6p$ >>>> >> > > [2] >>>> >> > >>>> >> >>>> https://urldefense.com/v3/__https://raw.githubusercontent.com/apache >>>> /incubator-nuttx/nuttx-10.4.0-RC0/ReleaseNotes__;!!JmoZiZGBv3RvKRSx! >>>> -xb49ukgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FC >>>> iH6_skWpoohx$ >>>> >> > > [3] >>>> >> > > https://urldefense.com/v3/__https://www.apache.org/dev/releas >>>> >> > > e.html*approving-a-release__;Iw!!JmoZiZGBv3RvKRSx!-xb49ukgyjF >>>> >> > > VAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_ >>>> >> > > soa8eYeo$ >>>> >> > > [4] >>>> >> > >>>> >> >>>> https://urldefense.com/v3/__https://cwiki.apache.org/confluence/disp >>>> lay/NUTTX/Validating*a*staged*Release__;Kysr!!JmoZiZGBv3RvKRSx!-xb49 >>>> ukgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_s >>>> ulzkgLj$ >>>> >> > > >>>> >> > >>>> >> >>>> > >>>> >>> >> >
