[bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
@ 2023-12-21  5:33 Jack Hill
  2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jack Hill @ 2023-12-21  5:33 UTC (permalink / raw)
  To: 67948

Fixes CVE-2023-48795.

* gnu/packages/ssh.scm (openssh): Update to 9.6p1
[arguments]<#:parallel-tests?>: Disable.

Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
---

This may fix additional security problem as well, but the openssh
release notes don't list them:

https://www.openssh.com/releasenotes.html#9.6p1


 gnu/packages/ssh.scm | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 47089b197d..565ac3b079 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -198,7 +198,7 @@ (define-public libssh2
 (define-public openssh
   (package
    (name "openssh")
-   (version "9.5p1")
+   (version "9.6p1")
    (source
     (origin
       (method url-fetch)
@@ -206,11 +206,14 @@ (define-public openssh
                           "openssh-" version ".tar.gz"))
       (patches (search-patches "openssh-trust-guix-store-directory.patch"))
       (sha256
-       (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
+       (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
    (build-system gnu-build-system)
    (arguments
     (list
      #:test-target "tests"
+     ;; Not all of the tests can be run in parallel
+     ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
+     #:parallel-tests? #f
      ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
      #:make-flags
      #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")

base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 4+ messages in thread

* bug#67948: [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
  2023-12-21  5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
@ 2023-12-21 19:28 ` John Kehayias via Guix-patches via
  2023-12-24  8:10 ` [bug#67948] " Marcel van der Boom
  2023-12-31 20:02 ` John Kehayias via Guix-patches via
  2 siblings, 0 replies; 4+ messages in thread
From: John Kehayias via Guix-patches via @ 2023-12-21 19:28 UTC (permalink / raw)
  To: Jack Hill; +Cc: 67948-done

On Thu, Dec 21, 2023 at 12:33 AM, Jack Hill wrote:

> Fixes CVE-2023-48795.
>
> * gnu/packages/ssh.scm (openssh): Update to 9.6p1
> [arguments]<#:parallel-tests?>: Disable.
>
> Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
> ---
>
> This may fix additional security problem as well, but the openssh
> release notes don't list them:
>
> https://www.openssh.com/releasenotes.html#9.6p1
>
>
>  gnu/packages/ssh.scm | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index 47089b197d..565ac3b079 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -198,7 +198,7 @@ (define-public libssh2
>  (define-public openssh
>    (package
>     (name "openssh")
> -   (version "9.5p1")
> +   (version "9.6p1")
>     (source
>      (origin
>        (method url-fetch)
> @@ -206,11 +206,14 @@ (define-public openssh
>                            "openssh-" version ".tar.gz"))
>        (patches (search-patches "openssh-trust-guix-store-directory.patch"))
>        (sha256
> -       (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
> +       (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
>     (build-system gnu-build-system)
>     (arguments
>      (list
>       #:test-target "tests"
> +     ;; Not all of the tests can be run in parallel
> +     ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
> +     #:parallel-tests? #f
>       ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
>       #:make-flags
>       #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
>
> base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365

Thanks for this one as well! Pushed as
04b63ea195cbcbcf519b7dd52546c6d56be6741b.





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
  2023-12-21  5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
  2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
@ 2023-12-24  8:10 ` Marcel van der Boom
  2023-12-31 20:02 ` John Kehayias via Guix-patches via
  2 siblings, 0 replies; 4+ messages in thread
From: Marcel van der Boom @ 2023-12-24  8:10 UTC (permalink / raw)
  To: 67948



Note that this breaks OpenSSH building on powerpc64le platforms

See:

https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd

for upstream patch




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
  2023-12-21  5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
  2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
  2023-12-24  8:10 ` [bug#67948] " Marcel van der Boom
@ 2023-12-31 20:02 ` John Kehayias via Guix-patches via
  2 siblings, 0 replies; 4+ messages in thread
From: John Kehayias via Guix-patches via @ 2023-12-31 20:02 UTC (permalink / raw)
  To: Marcel van der Boom; +Cc: Jack Hill, 67948

Hi,

On Sun, Dec 24, 2023 at 09:10 AM, Marcel van der Boom wrote:

> Note that this breaks OpenSSH building on powerpc64le platforms
>
> See:
>
> https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
>
> for upstream patch

Looks like you just sent this to the debbugs address so no one got it.
I've cc'ed the original author manually.

I happened to see this when searching for something else, so it would be
good to open a separate issue (or better yet with a patch) for this. You
could CC Efraim as he is usually on top of powerpc64le stuff in my
experience.

Thanks,
John

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-12-31 20:03 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-21  5:33 [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes] Jack Hill
2023-12-21 19:28 ` bug#67948: " John Kehayias via Guix-patches via
2023-12-24  8:10 ` [bug#67948] " Marcel van der Boom
2023-12-31 20:02 ` John Kehayias via Guix-patches via

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).