OpenSSH: signature verification nondeterministic spurious failure

[bwendling]

There appears to be a bug with -fzero-call-used-regs in OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=3475

[llvmbot]

@llvm/issue-subscribers-bug

[bwendling]

/s : @nickdesaulniers @kees

[thesamesam]

See also #57692.

[thesamesam]

cc @nikic

[nickdesaulniers]

#57692 has been closed. Is this fixed, or is there more than one bug with -fzero-call-used-regs?

[nikic]

The bugzilla comments indicate that this still occurs with 15.0.6 which should include the aforementioned patch, so this should be another issue.

[nickdesaulniers]

ClangBuiltLinux/linux#1766 is another crash that seems to be with clang 15.0.6. I've asked the reporter for more info though to confirm.

[bwendling]

It looks like https://reviews.llvm.org/D139679 fixes the OpenSSH issue.

[nickdesaulniers]

14d4cdd has landed. I would kindly ask the release folks if this warrants a 15.0.7 release; it's a pretty bad bug affecting both the Linux kernel and OpenSSL.

cc @tstellar

[nickdesaulniers]

cc @tru

[tru]

Hm, we have generally closed the book on 15.x and are planning to rev up 16.x release in the beginning of next year. This does seem bad though, so I am sure we can consider it.

Tom is out until early January and I suspect most release testers are as well, so I doubt we can get a release out before then. I'll note it down and talk to Tom about it when he's back online.

[tstellar]

This seems severe enough to me to warrant another release. I think we could do one Tue Jan 10.

[thesamesam]

There's also #59792 which is quite serious.

[tstellar]

/cherry-pick 14d4cdd

[llvmbot]

/branch llvm/llvm-project-release-prs/issue59242

[llvmbot]

/pull-request llvm/llvm-project-release-prs#223