From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47462)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fv8RZ-00026u-J9
	for guix-patches@gnu.org; Wed, 29 Aug 2018 17:56:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fv8RY-000771-07
	for guix-patches@gnu.org; Wed, 29 Aug 2018 17:56:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:60805)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fv8RW-00075L-3Y
	for guix-patches@gnu.org; Wed, 29 Aug 2018 17:56:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fv8RV-0008VS-VE
	for guix-patches@gnu.org; Wed, 29 Aug 2018 17:56:01 -0400
Subject: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
Resent-Message-ID: <handler.32545.B32545.153557974332674@debbugs.gnu.org>
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
	<87r2iilmpw.fsf@gnu.org> <87y3cqwuho.fsf@lassieur.org>
	<87o9dk6epo.fsf@gnu.org>
From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
In-reply-to: <87o9dk6epo.fsf@gnu.org>
Date: Wed, 29 Aug 2018 23:55:39 +0200
Message-ID: <87wos8ald0.fsf@lassieur.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 32545@debbugs.gnu.org

Hello Ludovic,

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hello,
>
> Cl=C3=A9ment Lassieur <clement@lassieur.org> skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>>
>>> Hi!
>>>
>>> Leo Famulari <leo@famulari.name> skribis:
>>>
>>>> Dropbear users, please test!
>>>>
>>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>>
>>> I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run=
 =E2=80=9Cmake
>>> check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, =
to make sure the
>>> basics work.
>>
>> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>>
>>     $ ~/.guix$ make check-system TESTS=3D"dropbear"
>>     Compiling Scheme modules...
>>     Running 0 system tests...
>>     TOTAL: 0
>
> =E2=80=9Crm gnu/tests/ssh.go && make=E2=80=9D will fix it.
>
> The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
> ABI of <openssh-configuration>.  Thus, gnu/tests/ssh.go is stale, and if
> you try to load it manually, you get the =E2=80=9CABI mismatch=E2=80=9D e=
rror that
> invites you to recompile.
>
> The command above uses (guix discovery) to find system tests exported by
> modules under (gnu tests =E2=80=A6).  Since it fails to load (gnu tests s=
sh), it
> just silently skips it and concludes that there=E2=80=99s no =E2=80=9Cdro=
pbear=E2=80=9D test.
>
> Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
> in this case.
>
> Thanks,
> Ludo=E2=80=99.

Understood, thank you for the explanation!