From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 27 16:43:04 2018
Received: (at submit) by debbugs.gnu.org; 27 Aug 2018 20:43:04 +0000
Received: from localhost ([127.0.0.1]:34491 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fuOLi-0004aH-Mj
	for submit@debbugs.gnu.org; Mon, 27 Aug 2018 16:43:03 -0400
Received: from eggs.gnu.org ([208.118.235.92]:39043)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fuOLe-0004a3-UB
 for submit@debbugs.gnu.org; Mon, 27 Aug 2018 16:42:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fuOLT-0007TN-AS
 for submit@debbugs.gnu.org; Mon, 27 Aug 2018 16:42:49 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:35409)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fuOLL-0007Ni-FS
 for submit@debbugs.gnu.org; Mon, 27 Aug 2018 16:42:39 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59521)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fuOLH-0006gL-Nx
 for guix-patches@gnu.org; Mon, 27 Aug 2018 16:42:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fuO6p-00059h-QC
 for guix-patches@gnu.org; Mon, 27 Aug 2018 16:27:38 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:47345)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fuO6p-00059A-6u
 for guix-patches@gnu.org; Mon, 27 Aug 2018 16:27:35 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 560EB21BD8;
 Mon, 27 Aug 2018 16:27:34 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Mon, 27 Aug 2018 16:27:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:message-id:subject:to:x-me-sender:x-me-sender
 :x-sasl-enc; s=mesmtp; bh=Cxyn8Lbt1QbLl6EmmVnQ28akZxoHR+fjAhcTmp
 3E6wg=; b=s2GP/n9PA268rRcNxT4sT+sI/Y7UkbIKSBmYvYVFRVfQMef15WDv8J
 7P9FZOYSdMNYD2ICn0a5X3E8v6fESQqxiHYykWGuaXiwg86pI1fTpshZzq/EzdCc
 b9o+jihUsXlrMd1F5m6dfB5IUqj4VLtfYGRvUSlnnLbsQ8ioX27zU=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Cxyn8Lbt1QbLl6Emm
 VnQ28akZxoHR+fjAhcTmp3E6wg=; b=EZDv2RW3Ao2Ngm5Qg1mmPhfN12z6+Zn6A
 LEp+IyZT4oldhxtEotBaDKdTyNVboPKy0v9npVfRfsLtCi6GX6qbtqs5QWtC8Q7K
 FlZD+ylK8/nr1WtgWn36cQGgralSw26mHUgenHU9VKeVCNP4qaMaVZ1Yph1p++Ag
 WaAaECLPLA5+AaSX6SBtz8W4fzbQt/vMyykBWje1+LYlm2PJtiiCzR0EIl3TkiVw
 8DTpGtQjb2xCKqDOrPKtAup0fuewsHSrfGwGTjWXC33Tc4DTJkZpMkkW1W/58Gx2
 xXs+3s4olcKUScE13hP+SMcXU8R8Xdx9iKQuOMknyL+vEBXXIBdQA==
X-ME-Proxy: <xmx:tF6EW2x5IYnrrRQI4c1NjsMbbgnskxGQ3FTmuCrg3_HMchfipBOHaA>
 <xmx:tF6EW7ydWEng_ekm6gyb5v1S0QZPNYCappAJbTTAXlrueTXt90v_7Q>
 <xmx:tF6EW8k9dXySYnM7LkE8FPjysSvy1NiTrn7fzJEPrwSeZxVMtdWScA>
 <xmx:tF6EW0EvNwVba_7V2zPh-Scn_ZgRVsYfmpIvf2d7_SvCi0pzls9-Zg>
 <xmx:tF6EWwjVvLjhieJY1Q9odDGkHEnO52IASTNWLIa9SUGaWP7jzGS7lw>
 <xmx:tl6EW_MJEEqKnJSN6erEq2gD3IoWc4e0aklZxmQfBM72m7b4u4hW2w>
X-ME-Sender: <xms:tF6EW65FFujXr8GuJsK9uMt1Wnge895uRmpJ7TtOByZVaUUACsfGfw>
Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net
 [76.124.202.137])
 by mail.messagingengine.com (Postfix) with ESMTPA id 51802E405E
 for <guix-patches@gnu.org>; Mon, 27 Aug 2018 16:27:32 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: dropbear: Fix CVE-2018-15599.
Date: Mon, 27 Aug 2018 16:27:28 -0400
Message-Id: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
X-Mailer: git-send-email 2.18.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.1 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.1 (-----)

Dropbear users, please test!

* gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (dropbear)[source]: Use it.
---
 gnu/local.mk                                  |   1 +
 .../patches/dropbear-CVE-2018-15599.patch     | 240 ++++++++++++++++++
 gnu/packages/ssh.scm                          |   1 +
 3 files changed, 242 insertions(+)
 create mode 100644 gnu/packages/patches/dropbear-CVE-2018-15599.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index d0e84c597..6a6486354 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -651,6 +651,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch	\
   %D%/packages/patches/doxygen-gcc-ice.patch			\
   %D%/packages/patches/doxygen-test.patch			\
+  %D%/packages/patches/dropbear-CVE-2018-15599.patch		\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elogind-glibc-2.27.patch			\
diff --git a/gnu/packages/patches/dropbear-CVE-2018-15599.patch b/gnu/packages/patches/dropbear-CVE-2018-15599.patch
new file mode 100644
index 000000000..a474552cd
--- /dev/null
+++ b/gnu/packages/patches/dropbear-CVE-2018-15599.patch
@@ -0,0 +1,240 @@
+Fix CVE-2018-15599:
+
+http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599
+
+Patch copied from upstream source repository:
+
+https://github.com/mkj/dropbear/commit/52adbb34c32d3e2e1bcdb941e20a6f81138b8248
+
+From 52adbb34c32d3e2e1bcdb941e20a6f81138b8248 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Thu, 23 Aug 2018 23:43:12 +0800
+Subject: [PATCH] Wait to fail invalid usernames
+
+---
+ auth.h           |  6 +++---
+ svr-auth.c       | 19 +++++--------------
+ svr-authpam.c    | 26 ++++++++++++++++++++++----
+ svr-authpasswd.c | 27 ++++++++++++++-------------
+ svr-authpubkey.c | 11 ++++++++++-
+ 5 files changed, 54 insertions(+), 35 deletions(-)
+
+diff --git a/auth.h b/auth.h
+index da498f5b..98f54683 100644
+--- a/auth.h
++++ b/auth.h
+@@ -37,9 +37,9 @@ void recv_msg_userauth_request(void);
+ void send_msg_userauth_failure(int partial, int incrfail);
+ void send_msg_userauth_success(void);
+ void send_msg_userauth_banner(const buffer *msg);
+-void svr_auth_password(void);
+-void svr_auth_pubkey(void);
+-void svr_auth_pam(void);
++void svr_auth_password(int valid_user);
++void svr_auth_pubkey(int valid_user);
++void svr_auth_pam(int valid_user);
+ 
+ #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+ int svr_pubkey_allows_agentfwd(void);
+diff --git a/svr-auth.c b/svr-auth.c
+index c19c0901..edde86bc 100644
+--- a/svr-auth.c
++++ b/svr-auth.c
+@@ -149,10 +149,8 @@ void recv_msg_userauth_request() {
+ 		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+ 				strncmp(methodname, AUTH_METHOD_PASSWORD,
+ 					AUTH_METHOD_PASSWORD_LEN) == 0) {
+-			if (valid_user) {
+-				svr_auth_password();
+-				goto out;
+-			}
++			svr_auth_password(valid_user);
++			goto out;
+ 		}
+ 	}
+ #endif
+@@ -164,10 +162,8 @@ void recv_msg_userauth_request() {
+ 		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+ 				strncmp(methodname, AUTH_METHOD_PASSWORD,
+ 					AUTH_METHOD_PASSWORD_LEN) == 0) {
+-			if (valid_user) {
+-				svr_auth_pam();
+-				goto out;
+-			}
++			svr_auth_pam(valid_user);
++			goto out;
+ 		}
+ 	}
+ #endif
+@@ -177,12 +173,7 @@ void recv_msg_userauth_request() {
+ 	if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
+ 			strncmp(methodname, AUTH_METHOD_PUBKEY,
+ 				AUTH_METHOD_PUBKEY_LEN) == 0) {
+-		if (valid_user) {
+-			svr_auth_pubkey();
+-		} else {
+-			/* pubkey has no failure delay */
+-			send_msg_userauth_failure(0, 0);
+-		}
++		svr_auth_pubkey(valid_user);
+ 		goto out;
+ 	}
+ #endif
+diff --git a/svr-authpam.c b/svr-authpam.c
+index 05e4f3e5..d201bc96 100644
+--- a/svr-authpam.c
++++ b/svr-authpam.c
+@@ -178,13 +178,14 @@ pamConvFunc(int num_msg,
+  * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it
+  * gets very messy trying to send the interactive challenges, and read the
+  * interactive responses, over the network. */
+-void svr_auth_pam() {
++void svr_auth_pam(int valid_user) {
+ 
+ 	struct UserDataS userData = {NULL, NULL};
+ 	struct pam_conv pamConv = {
+ 		pamConvFunc,
+ 		&userData /* submitted to pamvConvFunc as appdata_ptr */ 
+ 	};
++	const char* printable_user = NULL;
+ 
+ 	pam_handle_t* pamHandlep = NULL;
+ 
+@@ -204,12 +205,23 @@ void svr_auth_pam() {
+ 
+ 	password = buf_getstring(ses.payload, &passwordlen);
+ 
++	/* We run the PAM conversation regardless of whether the username is valid
++	in case the conversation function has an inherent delay.
++	Use ses.authstate.username rather than ses.authstate.pw_name.
++	After PAM succeeds we then check the valid_user flag too */
++
+ 	/* used to pass data to the PAM conversation function - don't bother with
+ 	 * strdup() etc since these are touched only by our own conversation
+ 	 * function (above) which takes care of it */
+-	userData.user = ses.authstate.pw_name;
++	userData.user = ses.authstate.username;
+ 	userData.passwd = password;
+ 
++	if (ses.authstate.pw_name) {
++		printable_user = ses.authstate.pw_name;
++	} else {
++		printable_user = "<invalid username>";
++	}
++
+ 	/* Init pam */
+ 	if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
+ 		dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", 
+@@ -242,7 +254,7 @@ void svr_auth_pam() {
+ 				rc, pam_strerror(pamHandlep, rc));
+ 		dropbear_log(LOG_WARNING,
+ 				"Bad PAM password attempt for '%s' from %s",
+-				ses.authstate.pw_name,
++				printable_user,
+ 				svr_ses.addrstring);
+ 		send_msg_userauth_failure(0, 1);
+ 		goto cleanup;
+@@ -253,12 +265,18 @@ void svr_auth_pam() {
+ 				rc, pam_strerror(pamHandlep, rc));
+ 		dropbear_log(LOG_WARNING,
+ 				"Bad PAM password attempt for '%s' from %s",
+-				ses.authstate.pw_name,
++				printable_user,
+ 				svr_ses.addrstring);
+ 		send_msg_userauth_failure(0, 1);
+ 		goto cleanup;
+ 	}
+ 
++	if (!valid_user) {
++		/* PAM auth succeeded but the username isn't allowed in for another reason
++		(checkusername() failed) */
++		send_msg_userauth_failure(0, 1);
++	}
++
+ 	/* successful authentication */
+ 	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+ 			ses.authstate.pw_name,
+diff --git a/svr-authpasswd.c b/svr-authpasswd.c
+index bdee2aa1..69c7d8af 100644
+--- a/svr-authpasswd.c
++++ b/svr-authpasswd.c
+@@ -48,22 +48,14 @@ static int constant_time_strcmp(const char* a, const char* b) {
+ 
+ /* Process a password auth request, sending success or failure messages as
+  * appropriate */
+-void svr_auth_password() {
++void svr_auth_password(int valid_user) {
+ 	
+ 	char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
+ 	char * testcrypt = NULL; /* crypt generated from the user's password sent */
+-	char * password;
++	char * password = NULL;
+ 	unsigned int passwordlen;
+-
+ 	unsigned int changepw;
+ 
+-	passwdcrypt = ses.authstate.pw_passwd;
+-
+-#ifdef DEBUG_HACKCRYPT
+-	/* debugging crypt for non-root testing with shadows */
+-	passwdcrypt = DEBUG_HACKCRYPT;
+-#endif
+-
+ 	/* check if client wants to change password */
+ 	changepw = buf_getbool(ses.payload);
+ 	if (changepw) {
+@@ -73,12 +65,21 @@ void svr_auth_password() {
+ 	}
+ 
+ 	password = buf_getstring(ses.payload, &passwordlen);
+-
+-	/* the first bytes of passwdcrypt are the salt */
+-	testcrypt = crypt(password, passwdcrypt);
++	if (valid_user) {
++		/* the first bytes of passwdcrypt are the salt */
++		passwdcrypt = ses.authstate.pw_passwd;
++		testcrypt = crypt(password, passwdcrypt);
++	}
+ 	m_burn(password, passwordlen);
+ 	m_free(password);
+ 
++	/* After we have got the payload contents we can exit if the username
++	is invalid. Invalid users have already been logged. */
++	if (!valid_user) {
++		send_msg_userauth_failure(0, 1);
++		return;
++	}
++
+ 	if (testcrypt == NULL) {
+ 		/* crypt() with an invalid salt like "!!" */
+ 		dropbear_log(LOG_WARNING, "User account '%s' is locked",
+diff --git a/svr-authpubkey.c b/svr-authpubkey.c
+index aa6087c9..ff481c87 100644
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -79,7 +79,7 @@ static int checkfileperm(char * filename);
+ 
+ /* process a pubkey auth request, sending success or failure message as
+  * appropriate */
+-void svr_auth_pubkey() {
++void svr_auth_pubkey(int valid_user) {
+ 
+ 	unsigned char testkey; /* whether we're just checking if a key is usable */
+ 	char* algo = NULL; /* pubkey algo */
+@@ -102,6 +102,15 @@ void svr_auth_pubkey() {
+ 	keybloblen = buf_getint(ses.payload);
+ 	keyblob = buf_getptr(ses.payload, keybloblen);
+ 
++	if (!valid_user) {
++		/* Return failure once we have read the contents of the packet
++		required to validate a public key. 
++		Avoids blind user enumeration though it isn't possible to prevent
++		testing for user existence if the public key is known */
++		send_msg_userauth_failure(0, 0);
++		goto out;
++	}
++
+ 	/* check if the key is valid */
+ 	if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
+ 		send_msg_userauth_failure(0, 0);
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index a58ebff48..03c4e3cc0 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -440,6 +440,7 @@ TCP, not the SSH protocol.")
               (uri (string-append
                     "https://matt.ucc.asn.au/" name "/releases/"
                     name "-" version ".tar.bz2"))
+              (patches (search-patches "dropbear-CVE-2018-15599.patch"))
               (sha256
                (base32
                 "0rgavbzw7jrs5wslxm0dnwx2m409yzxd9hazd92r7kx8xikr3yzj"))))
-- 
2.18.0





From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 28 08:06:37 2018
Received: (at 32545) by debbugs.gnu.org; 28 Aug 2018 12:06:37 +0000
Received: from localhost ([127.0.0.1]:34957 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fuclY-000657-75
	for submit@debbugs.gnu.org; Tue, 28 Aug 2018 08:06:37 -0400
Received: from eggs.gnu.org ([208.118.235.92]:39745)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1fuclV-00064k-5M
 for 32545@debbugs.gnu.org; Tue, 28 Aug 2018 08:06:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1fuclK-0007UF-T9
 for 32545@debbugs.gnu.org; Tue, 28 Aug 2018 08:06:27 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42207)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1fuclK-0007Tm-Na; Tue, 28 Aug 2018 08:06:22 -0400
Received: from [193.50.110.186] (port=34996 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1fuclK-0002oH-DW; Tue, 28 Aug 2018 08:06:22 -0400
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
Date: Tue, 28 Aug 2018 14:06:19 +0200
In-Reply-To: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
 (Leo Famulari's message of "Mon, 27 Aug 2018 16:27:28 -0400")
Message-ID: <87r2iilmpw.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 32545
Cc: 32545@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

Hi!

Leo Famulari <leo@famulari.name> skribis:

> Dropbear users, please test!
>
> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ssh.scm (dropbear)[source]: Use it.

I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run =E2=
=80=9Cmake
check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, to m=
ake sure the
basics work.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 28 08:23:04 2018
Received: (at 32545) by debbugs.gnu.org; 28 Aug 2018 12:23:04 +0000
Received: from localhost ([127.0.0.1]:34996 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fud1U-0008WM-EW
	for submit@debbugs.gnu.org; Tue, 28 Aug 2018 08:23:04 -0400
Received: from mail.lassieur.org ([83.152.10.219]:53202)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <clement@lassieur.org>) id 1fud1S-0008Vg-1K
 for 32545@debbugs.gnu.org; Tue, 28 Aug 2018 08:23:02 -0400
Received: from newt (smtp.parrot.biz [62.23.167.188])
 by mail.lassieur.org (OpenSMTPD) with ESMTPSA id 51b4102e
 (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256:NO); 
 Tue, 28 Aug 2018 12:21:02 +0000 (UTC)
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
 <87r2iilmpw.fsf@gnu.org>
User-agent: mu4e 1.0; emacs 26.1
From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
In-reply-to: <87r2iilmpw.fsf@gnu.org>
Date: Tue, 28 Aug 2018 14:22:59 +0200
Message-ID: <87y3cqwuho.fsf@lassieur.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 32545
Cc: 32545@debbugs.gnu.org, Leo Famulari <leo@famulari.name>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hi!
>
> Leo Famulari <leo@famulari.name> skribis:
>
>> Dropbear users, please test!
>>
>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>
> I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run =
=E2=80=9Cmake
> check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, to=
 make sure the
> basics work.

Leo said on IRC that this produces 0 tests, and I can reproduce this:

    $ ~/.guix$ make check-system TESTS=3D"dropbear"
    Compiling Scheme modules...
    Running 0 system tests...
    TOTAL: 0




From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 28 15:12:28 2018
Received: (at 32545-done) by debbugs.gnu.org; 28 Aug 2018 19:12:28 +0000
Received: from localhost ([127.0.0.1]:35909 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fujPg-00082Z-L8
	for submit@debbugs.gnu.org; Tue, 28 Aug 2018 15:12:28 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54269)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fujPe-00082R-Mu
 for 32545-done@debbugs.gnu.org; Tue, 28 Aug 2018 15:12:27 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 4AA1D21BBA;
 Tue, 28 Aug 2018 15:12:26 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Tue, 28 Aug 2018 15:12:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 mesmtp; bh=p/yg6BnwNrSMGUMBA6JjjDTnjQHeoeDJTSdPRyfh8Fw=; b=Pk18h
 BJDfdfl4gwxMEXyzcI49pf+gr/gxgz5xLsrlgUB21p4sntC6mgfEZrcL1S3JQg3n
 tNZUaNfBa9rzNjqa8h5u5HEId1tLQvyC+sSXJQEy1RuPRfgjxUNSBXzSK1li1hbK
 JYhrX9EnDj5ApI0TS1HPEKbYCNuTbadfKFyte4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=p/yg6BnwNrSMGUMBA6JjjDTnjQHeo
 eDJTSdPRyfh8Fw=; b=ksh6ZCCwzDp+/kz3TSs5JQeteCvQTqEe8n56UCN4lmt5G
 WuegNrNp3SIYUx1LKj7ajNvRpezv5cfgGJYJOrjUl+xABslMAv6fwYNH1AQx1bW2
 RrnzCwt5rQ4Bxyva1+rcAaZqg3fzJ7vzM0gH6g9Y+Z2Lzo+mfvyk9sgi2kJw0GJ+
 wcG9Ys5yQDgXGJM/R7MAEQh8t6K1OpRu1thIk9UGnWyKhbkKapEYfDE5MZC5YKif
 uZd1x536VpQ5jQoj5XQw+EewEjAdJYA7DZnXIqWdIumb3YOrYS76GJ4qVGQ2HHx6
 ulA9/INm13NIkMUjQgfX/iZ51aH6UoGIEbAERQ0Qg==
X-ME-Proxy: <xmx:l56FWxuG9_KGGwaPDQbZHtj5vJDjBdPoxKHzvifVnoCgqbG8uykXqA>
 <xmx:l56FW6nsfyOY3LDaesYdmdJZ6fFyQM_e7eGIMNKYPlYcxH4LMimV4w>
 <xmx:l56FW8OuGE2fejTAtcSwFQq8217hqkgSrw13C-Xn_n9yu1W_At2cyA>
 <xmx:l56FW-w6EON4OXkp_rH9bboNSNPVNgqtOIKqB4R8f42Sds0SiyFNJQ>
 <xmx:l56FW5tC0Fces5dKKkqsZypC9gqmGlVc0V8LgqfLVrztfp3C-1k2Aw>
 <xmx:mp6FW6iw7NOD1vb4AX72TjWotuDKAOAM3G-QVNrsLTiEnTffy5Td2w>
X-ME-Sender: <xms:l56FW8chKR1Ye4Wtd5Ywbw9tgXQYjb_2QNL-KwDS915Wmnbgk6g8LQ>
Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net
 [76.124.202.137])
 by mail.messagingengine.com (Postfix) with ESMTPA id 8452E10293;
 Tue, 28 Aug 2018 15:12:23 -0400 (EDT)
Date: Tue, 28 Aug 2018 15:12:22 -0400
From: Leo Famulari <leo@famulari.name>
To: =?iso-8859-1?Q?Cl=E9ment?= Lassieur <clement@lassieur.org>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
Message-ID: <20180828191222.GB11946@jasmine.lan>
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
 <87r2iilmpw.fsf@gnu.org> <87y3cqwuho.fsf@lassieur.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="EuxKj2iCbKjpUGkD"
Content-Disposition: inline
In-Reply-To: <87y3cqwuho.fsf@lassieur.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 32545-done
Cc: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>, bug-guix@gnu.org,
 32545-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--EuxKj2iCbKjpUGkD
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 28, 2018 at 02:22:59PM +0200, Cl=C3=A9ment Lassieur wrote:
> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
> > I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run=
 =E2=80=9Cmake
> > check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, =
to make sure the
> > basics work.

Thanks! Pushed as 8a5a1eff422c5e3bca785f3967d444d0eafcf9c3

> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>=20
>     $ ~/.guix$ make check-system TESTS=3D"dropbear"
>     Compiling Scheme modules...
>     Running 0 system tests...
>     TOTAL: 0

Yes, I'm starting a new bug for this :)

--EuxKj2iCbKjpUGkD
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAluFnpYACgkQJkb6MLrK
fwi8/g/+JBbIyXjI30KtcGUtzKrpsARrvtcVdqztshRT54n4WtXC4RfOdbrwQEqV
jRNtThAvNixHYStb2R+aBIjK3Y6k/kxNUZDyc0hYNBL5L2lTOt1XpoXQdTGwyDd9
0jV19MDysS7N1ra8vubnbk4bydMnouiZjdx9XF1CDaMcpypWX9TzS24oE8NIb3C/
kfEBQLcGR4hJye4Jf/G/WTM1Zb7CANzslvTBQzoNyDs2O1lBRxS6UDl6E7lMuMYV
n6XG0L2zHbpRhU63Z86j/t2kxMgEh/4jd2sbz/JxHVz511IGJB3RmnKQLM6SG9jW
urSIQ76sAs1rUq5z8Ia3inH+oGppKZ8fxQ7CaNAV1ze635CbRJsd3NjSgXhv71wd
exiV8ttEaBktUfM/FOAoSKbMToPacaFybzIKN3OgVNZdMjdTLoLbfz5Y2JAODUBw
t8KFCgzNb9Fu7iNUPLwfgfJRVBEzYLnAN25z+RnAzj5rzO9ztG7rTLOjk2nBS8Pk
OHx3xCEiT3y0K0O1yvFtoF0n7iS+dI74GGVzTaaXmEaoPKCmKERzrgUyic0jqLjX
EX++BpczVMS1tveC0+NsL5M14ZnlNg1eTQavTynU4Z+QNlIQOghk2f4gnhKCby0T
eOy2cxT5AsELxkLAmHjQrYlkIu+Gptc8RWKJtv+aCf9cNjKTBD4=
=e+If
-----END PGP SIGNATURE-----

--EuxKj2iCbKjpUGkD--




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 29 17:33:01 2018
Received: (at 32545) by debbugs.gnu.org; 29 Aug 2018 21:33:01 +0000
Received: from localhost ([127.0.0.1]:37570 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fv85F-0005wi-70
	for submit@debbugs.gnu.org; Wed, 29 Aug 2018 17:33:01 -0400
Received: from eggs.gnu.org ([208.118.235.92]:47259)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1fv85C-0005wQ-Q8
 for 32545@debbugs.gnu.org; Wed, 29 Aug 2018 17:32:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1fv856-0002CH-UG
 for 32545@debbugs.gnu.org; Wed, 29 Aug 2018 17:32:53 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59258)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1fv856-0002CD-QV; Wed, 29 Aug 2018 17:32:52 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=44906 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1fv856-0007y0-Iw; Wed, 29 Aug 2018 17:32:52 -0400
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
 <87r2iilmpw.fsf@gnu.org> <87y3cqwuho.fsf@lassieur.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 12 Fructidor an 226 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Wed, 29 Aug 2018 23:32:51 +0200
In-Reply-To: <87y3cqwuho.fsf@lassieur.org> (=?utf-8?Q?=22Cl=C3=A9ment?=
 Lassieur"'s message of "Tue, 28 Aug 2018 14:22:59 +0200")
Message-ID: <87o9dk6epo.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 32545
Cc: 32545@debbugs.gnu.org, Leo Famulari <leo@famulari.name>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

Hello,

Cl=C3=A9ment Lassieur <clement@lassieur.org> skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>
>> Hi!
>>
>> Leo Famulari <leo@famulari.name> skribis:
>>
>>> Dropbear users, please test!
>>>
>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>
>> I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run =
=E2=80=9Cmake
>> check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, t=
o make sure the
>> basics work.
>
> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>
>     $ ~/.guix$ make check-system TESTS=3D"dropbear"
>     Compiling Scheme modules...
>     Running 0 system tests...
>     TOTAL: 0

=E2=80=9Crm gnu/tests/ssh.go && make=E2=80=9D will fix it.

The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
ABI of <openssh-configuration>.  Thus, gnu/tests/ssh.go is stale, and if
you try to load it manually, you get the =E2=80=9CABI mismatch=E2=80=9D err=
or that
invites you to recompile.

The command above uses (guix discovery) to find system tests exported by
modules under (gnu tests =E2=80=A6).  Since it fails to load (gnu tests ssh=
), it
just silently skips it and concludes that there=E2=80=99s no =E2=80=9Cdropb=
ear=E2=80=9D test.

Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
in this case.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 29 17:55:43 2018
Received: (at 32545) by debbugs.gnu.org; 29 Aug 2018 21:55:43 +0000
Received: from localhost ([127.0.0.1]:37590 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fv8RD-0008Uw-9Y
	for submit@debbugs.gnu.org; Wed, 29 Aug 2018 17:55:43 -0400
Received: from mail.lassieur.org ([83.152.10.219]:53370)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <clement@lassieur.org>) id 1fv8RB-0008Un-EO
 for 32545@debbugs.gnu.org; Wed, 29 Aug 2018 17:55:42 -0400
Received: from rodion (88.191.118.83 [88.191.118.83])
 by mail.lassieur.org (OpenSMTPD) with ESMTPSA id fe5b3a11
 (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256:NO); 
 Wed, 29 Aug 2018 21:53:26 +0000 (UTC)
References: <524f9e5c18a1ef1e5d86b05510da177cf1d530f1.1535401642.git.leo@famulari.name>
 <87r2iilmpw.fsf@gnu.org> <87y3cqwuho.fsf@lassieur.org>
 <87o9dk6epo.fsf@gnu.org>
User-agent: mu4e 1.0; emacs 26.1
From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
In-reply-to: <87o9dk6epo.fsf@gnu.org>
Date: Wed, 29 Aug 2018 23:55:39 +0200
Message-ID: <87wos8ald0.fsf@lassieur.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 32545
Cc: 32545@debbugs.gnu.org, Leo Famulari <leo@famulari.name>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello Ludovic,

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hello,
>
> Cl=C3=A9ment Lassieur <clement@lassieur.org> skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>>
>>> Hi!
>>>
>>> Leo Famulari <leo@famulari.name> skribis:
>>>
>>>> Dropbear users, please test!
>>>>
>>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>>
>>> I haven=E2=80=99t tested it but the patch LGTM, FWIW.  You can also run=
 =E2=80=9Cmake
>>> check-system TESTS=3Ddropbear=E2=80=9D if you haven=E2=80=99t already, =
to make sure the
>>> basics work.
>>
>> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>>
>>     $ ~/.guix$ make check-system TESTS=3D"dropbear"
>>     Compiling Scheme modules...
>>     Running 0 system tests...
>>     TOTAL: 0
>
> =E2=80=9Crm gnu/tests/ssh.go && make=E2=80=9D will fix it.
>
> The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
> ABI of <openssh-configuration>.  Thus, gnu/tests/ssh.go is stale, and if
> you try to load it manually, you get the =E2=80=9CABI mismatch=E2=80=9D e=
rror that
> invites you to recompile.
>
> The command above uses (guix discovery) to find system tests exported by
> modules under (gnu tests =E2=80=A6).  Since it fails to load (gnu tests s=
sh), it
> just silently skips it and concludes that there=E2=80=99s no =E2=80=9Cdro=
pbear=E2=80=9D test.
>
> Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
> in this case.
>
> Thanks,
> Ludo=E2=80=99.

Understood, thank you for the explanation!




From unknown Wed Sep 10 12:14:38 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Thu, 27 Sep 2018 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator