* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
@ 2023-12-21 5:33 Jack Hill
2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jack Hill @ 2023-12-21 5:33 UTC (permalink / raw)
To: 67948
Fixes CVE-2023-48795.
* gnu/packages/ssh.scm (openssh): Update to 9.6p1
[arguments]<#:parallel-tests?>: Disable.
Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
---
This may fix additional security problem as well, but the openssh
release notes don't list them:
https://www.openssh.com/releasenotes.html#9.6p1
gnu/packages/ssh.scm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 47089b197d..565ac3b079 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -198,7 +198,7 @@ (define-public libssh2
(define-public openssh
(package
(name "openssh")
- (version "9.5p1")
+ (version "9.6p1")
(source
(origin
(method url-fetch)
@@ -206,11 +206,14 @@ (define-public openssh
"openssh-" version ".tar.gz"))
(patches (search-patches "openssh-trust-guix-store-directory.patch"))
(sha256
- (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
+ (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
(build-system gnu-build-system)
(arguments
(list
#:test-target "tests"
+ ;; Not all of the tests can be run in parallel
+ ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
+ #:parallel-tests? #f
;; Otherwise, the test scripts try to use a nonexistent directory and fail.
#:make-flags
#~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365
--
2.41.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#67948: [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
2023-12-21 5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
@ 2023-12-21 19:28 ` John Kehayias via Guix-patches via
2023-12-24 8:10 ` [bug#67948] " Marcel van der Boom
2023-12-31 20:02 ` John Kehayias via Guix-patches via
2 siblings, 0 replies; 4+ messages in thread
From: John Kehayias via Guix-patches via @ 2023-12-21 19:28 UTC (permalink / raw)
To: Jack Hill; +Cc: 67948-done
On Thu, Dec 21, 2023 at 12:33 AM, Jack Hill wrote:
> Fixes CVE-2023-48795.
>
> * gnu/packages/ssh.scm (openssh): Update to 9.6p1
> [arguments]<#:parallel-tests?>: Disable.
>
> Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
> ---
>
> This may fix additional security problem as well, but the openssh
> release notes don't list them:
>
> https://www.openssh.com/releasenotes.html#9.6p1
>
>
> gnu/packages/ssh.scm | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index 47089b197d..565ac3b079 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -198,7 +198,7 @@ (define-public libssh2
> (define-public openssh
> (package
> (name "openssh")
> - (version "9.5p1")
> + (version "9.6p1")
> (source
> (origin
> (method url-fetch)
> @@ -206,11 +206,14 @@ (define-public openssh
> "openssh-" version ".tar.gz"))
> (patches (search-patches "openssh-trust-guix-store-directory.patch"))
> (sha256
> - (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
> + (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
> (build-system gnu-build-system)
> (arguments
> (list
> #:test-target "tests"
> + ;; Not all of the tests can be run in parallel
> + ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
> + #:parallel-tests? #f
> ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
> #:make-flags
> #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
>
> base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365
Thanks for this one as well! Pushed as
04b63ea195cbcbcf519b7dd52546c6d56be6741b.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
2023-12-21 5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
@ 2023-12-24 8:10 ` Marcel van der Boom
2023-12-31 20:02 ` John Kehayias via Guix-patches via
2 siblings, 0 replies; 4+ messages in thread
From: Marcel van der Boom @ 2023-12-24 8:10 UTC (permalink / raw)
To: 67948
Note that this breaks OpenSSH building on powerpc64le platforms
See:
https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
for upstream patch
^ permalink raw reply [flat|nested] 4+ messages in thread
* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
2023-12-21 5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
2023-12-24 8:10 ` [bug#67948] " Marcel van der Boom
@ 2023-12-31 20:02 ` John Kehayias via Guix-patches via
2 siblings, 0 replies; 4+ messages in thread
From: John Kehayias via Guix-patches via @ 2023-12-31 20:02 UTC (permalink / raw)
To: Marcel van der Boom; +Cc: Jack Hill, 67948
Hi,
On Sun, Dec 24, 2023 at 09:10 AM, Marcel van der Boom wrote:
> Note that this breaks OpenSSH building on powerpc64le platforms
>
> See:
>
> https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
>
> for upstream patch
Looks like you just sent this to the debbugs address so no one got it.
I've cc'ed the original author manually.
I happened to see this when searching for something else, so it would be
good to open a separate issue (or better yet with a patch) for this. You
could CC Efraim as he is usually on top of powerpc64le stuff in my
experience.
Thanks,
John
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-12-31 20:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-21 5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
2023-12-24 8:10 ` [bug#67948] " Marcel van der Boom
2023-12-31 20:02 ` John Kehayias via Guix-patches via
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).