From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 1/1] gnu: openssh: Fix CVE-2015-8325.
Date: Sun, 17 Apr 2016 16:26:06 +0200 [thread overview]
Message-ID: <87wpnw9url.fsf@gnu.org> (raw)
In-Reply-To: <20160415214709.GA11506@jasmine> (Leo Famulari's message of "Fri, 15 Apr 2016 17:47:09 -0400")
Leo Famulari <leo@famulari.name> skribis:
> On Fri, Apr 15, 2016 at 11:27:35PM +0200, Ludovic Courtès wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>>
>> > * gnu/packages/patches/openssh-CVE-2015-8325.patch: New file.
>> > * gnu-system.am (dist_patch_DATA): Add it.
>> > * gnu/packages/ssh.scm (openssh): Use it.
>>
>> The explanation in the OpenSSH commit log is clear IMO and the fix looks
>> reasonable, so I’d say go for it…
>>
>> … but I can’t seem to find the change in the authoritative repo:
>>
>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
>
> The web page for the portable version of OpenSSH [0] (which is what we
> package) says this:
>
> "Normal OpenSSH development produces a very small, secure, and easy to
> maintain version for the OpenBSD project. The OpenSSH Portability Team
> takes that pure version and adds portability code so that OpenSSH can
> run on many other operating systems (Unfortunately, in particular since
> OpenSSH does authentication, it runs into a *lot* of differences between
> Unix operating systems)."
>
> The bug is related to how sshd interacts with PAM. My understanding is
> that OpenBSD does not use PAM, so the bug would not exist in their
> repository.
>
> [0] FYI, I could not load this site over HTTPS
> http://www.openssh.com/portable.html This page also links to the
> repository that contains the patch.
Oh, OK, thanks for the clarification. Well, go for it!
Ludo’.
next prev parent reply other threads:[~2016-04-17 14:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-15 18:22 [PATCH 0/1] openssh: Fix CVE-2015-8325 Leo Famulari
2016-04-15 18:22 ` [PATCH 1/1] gnu: " Leo Famulari
2016-04-15 21:27 ` Ludovic Courtès
2016-04-15 21:47 ` Leo Famulari
2016-04-17 14:26 ` Ludovic Courtès [this message]
2016-04-17 17:56 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wpnw9url.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.