Hi all, The voting is canceled and I restarted the vote process for 11.0.0-RC0
Thanks for testing the release and providing feedback Best regards Alin Jerpelea -----Original Message----- From: alin.jerpe...@sony.com <alin.jerpe...@sony.com> Sent: den 12 augusti 2022 08:49 To: dev@nuttx.apache.org Subject: RE: [VOTE] Apache NuttX 10.4.0 (incubating) RC0 release Hi Alan, Thanks for investigating the issue. Did you fix the hash ? Do you retract your -1 ? @Petro Thanks for providing a explanation for the issue Best regards Alin -----Original Message----- From: Alan Carvalho de Assis <acas...@gmail.com> Sent: den 12 augusti 2022 02:38 To: dev@nuttx.apache.org Subject: Re: [VOTE] Apache NuttX 10.4.0 (incubating) RC0 release The most important I forgot to say: Alin: reverting Petro's commit solves the issue, but is not the solution. He fixed the issue, it is just incompatible with old hash. The solution is to fix the hash. BR, Alan On 8/11/22, Alan Carvalho de Assis <acas...@gmail.com> wrote: > Hi Petro, > > I think we don't want to be compatible with it if it was in fact faulty. > > The TEA algorithm by itself has some weakness as people can see here: > > https://urldefense.com/v3/__https://en.wikipedia.org/wiki/Tiny_Encrypt > ion_Algorithm__;!!JmoZiZGBv3RvKRSx!-xb49ukgyjFVAohl5rByBw6U6G89QqC7-aO > 7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_su8CI-UD$ > > "TEA has a few weaknesses. Most notably, it suffers from equivalent > keys—each key is equivalent to three others, which means that the > effective key size is only 126 bits.[5] As a result, TEA is especially > bad as a cryptographic hash function. This weakness led to a method > for hacking Microsoft's Xbox game console, where the cipher was used > as a hash function." > > We could keep TEA support as an option (maybe for devices that don't > need strong security) but the default algo could be XTEA or some other > without known weakness. > > Just my 2 cents. > > BR, > > Alan > > On 8/11/22, Petro Karashchenko <petro.karashche...@gmail.com> wrote: >> The code had an obvious bug when memory was accessed out of bounds. >> >> In some of the cases it was accessing zeroes and producing some >> output, but after my changes it started to work "as designed" and use >> "space" (not >> zero) as padding. >> >> I'm not sure what is the best way to fix this. Changing padding >> symbol from "space" to zero should also make decryption working. I >> really do not know what is the best solution and what is better "to >> be right" or "to be backward compatible". >> >> Best regards, >> Petro >> >> On Thu, Aug 11, 2022, 10:10 PM Alan Carvalho de Assis >> <acas...@gmail.com> >> wrote: >> >>> ACK >>> >>> Strange, the previous email went only to you! >>> >>> On 8/11/22, Alin Jerpelea <jerpe...@gmail.com> wrote: >>> > @Alan Carvalho de Assis <acas...@gmail.com> please confirm that >>> > works after revert >>> > >>> > On Thu, 11 Aug 2022, 20:22 Petro Karashchenko, >>> > <petro.karashche...@gmail.com> >>> > wrote: >>> > >>> >> Hello Alan, >>> >> >>> >> Seems that the root cause is my change >>> >> https://urldefense.com/v3/__https://github.com/apache/incubator-n >>> >> uttx-apps/pull/1097__;!!JmoZiZGBv3RvKRSx!-xb49ukgyjFVAohl5rByBw6U >>> >> 6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_ss9mT39r$ >>> >> >>> >> I think that all previously generated passwords need to be >>> >> re-generated. >>> >> >>> >> Best regards, >>> >> Petro >>> >> >>> >> On Thu, Aug 11, 2022, 8:49 PM Alan Carvalho de Assis >>> >> <acas...@gmail.com >>> > >>> >> wrote: >>> >> >>> >> > Alin, >>> >> > >>> >> > I want to redraw my vote, I found the first regression, so my >>> >> > vote >>> >> > is: >>> >> > >>> >> > -1 >>> >> > >>> >> > Seems like the console login is not working, I'm using user: >>> >> > admin and >>> >> > password: Administrator >>> >> > >>> >> > $ ./tools/configure.sh sim:nsh >>> >> > >>> >> > $ make -j >>> >> > >>> >> > $ ./nuttx >>> >> > login: admin >>> >> > password: >>> >> > Invalid username or password >>> >> > login: admin >>> >> > password: >>> >> > Invalid username or password >>> >> > login: admin >>> >> > password: >>> >> > Invalid username or password >>> >> > Login failed! >>> >> > >>> >> > I double checked the /etc/passwd file and it is correct: >>> >> > >>> >> > nsh> cat /etc/passwd >>> >> > admin:8Tv+Hbmr3pLddSjtzL0kwC:0:0:/ >>> >> > >>> >> > Please help me to find the offending commit. >>> >> > >>> >> > BR, >>> >> > >>> >> > Alan >>> >> > >>> >> > On 8/8/22, Alin Jerpelea <jerpe...@gmail.com> wrote: >>> >> > > Hello all, >>> >> > > Apache NuttX (Incubating) 10.4.0 RC0 has been staged under >>> >> > > [1] and it's time to vote on accepting it for release. If >>> >> > > approved we will seek final release approval from the IPMC. >>> >> > > Voting will be open for 72hr. >>> >> > > >>> >> > > A minimum of 3 binding +1 votes and more binding +1 than >>> >> > > binding >>> >> > > -1 >>> >> > > are >>> >> > > required to pass. >>> >> > > >>> >> > > The Apache requirements for approving a release can be found >>> >> > > here >>> [3] >>> >> > > "Before voting +1 [P]PMC members are required to download the >>> >> > > signed source code package, compile it as provided, and test >>> >> > > the resulting executable on their own platform, along with >>> >> > > also verifying that the package meets the requirements of the >>> >> > > ASF policy on releases." >>> >> > > >>> >> > > A document to walk through some of this process has been >>> >> > > published >>> on >>> >> > > our project wiki and can be found here [4]. >>> >> > > >>> >> > > [ ] +1 accept (indicate what you validated - e.g. performed >>> >> > > the non-RM items in [4]) [ ] -1 reject (explanation required) >>> >> > > >>> >> > > Thank you all, >>> >> > > Alin Jerpelea >>> >> > > >>> >> > > SCM Information: >>> >> > > Release tag: nuttx-10.4.0-RC0 >>> >> > > Hash for the release incubating-nuttx tag: >>> >> > > dd718e78f70f9350ac648067509672c5051841b9 >>> >> > > Hash for the release incubating-nuttx-apps tag: >>> >> > > 8b43f9f9ca30f44c1cccae9a9078d5d45b776d35 >>> >> > > >>> >> > > [1] >>> >> > > https://urldefense.com/v3/__https://dist.apache.org/repos/dis >>> >> > > t/dev/incubator/nuttx/10.4.0-RC0/__;!!JmoZiZGBv3RvKRSx!-xb49u >>> >> > > kgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2F >>> >> > > CiH6_svBrs-6p$ >>> >> > > [2] >>> >> > >>> >> >>> https://urldefense.com/v3/__https://raw.githubusercontent.com/apache >>> /incubator-nuttx/nuttx-10.4.0-RC0/ReleaseNotes__;!!JmoZiZGBv3RvKRSx! >>> -xb49ukgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FC >>> iH6_skWpoohx$ >>> >> > > [3] >>> >> > > https://urldefense.com/v3/__https://www.apache.org/dev/releas >>> >> > > e.html*approving-a-release__;Iw!!JmoZiZGBv3RvKRSx!-xb49ukgyjF >>> >> > > VAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_ >>> >> > > soa8eYeo$ >>> >> > > [4] >>> >> > >>> >> >>> https://urldefense.com/v3/__https://cwiki.apache.org/confluence/disp >>> lay/NUTTX/Validating*a*staged*Release__;Kysr!!JmoZiZGBv3RvKRSx!-xb49 >>> ukgyjFVAohl5rByBw6U6G89QqC7-aO7eJyN4-0ToLVA9ga3FbLyC0QLlERRU2FCiH6_s >>> ulzkgLj$ >>> >> > > >>> >> > >>> >> >>> > >>> >> >
