GNU bug report logs -
#32545
[PATCH] gnu: dropbear: Fix CVE-2018-15599.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 27 Aug 2018 20:44:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hello Ludovic,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hello,
>
> Clément Lassieur <clement <at> lassieur.org> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>>
>>> Hi!
>>>
>>> Leo Famulari <leo <at> famulari.name> skribis:
>>>
>>>> Dropbear users, please test!
>>>>
>>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>>
>>> I haven’t tested it but the patch LGTM, FWIW. You can also run “make
>>> check-system TESTS=dropbear” if you haven’t already, to make sure the
>>> basics work.
>>
>> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>>
>> $ ~/.guix$ make check-system TESTS="dropbear"
>> Compiling Scheme modules...
>> Running 0 system tests...
>> TOTAL: 0
>
> “rm gnu/tests/ssh.go && make” will fix it.
>
> The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
> ABI of <openssh-configuration>. Thus, gnu/tests/ssh.go is stale, and if
> you try to load it manually, you get the “ABI mismatch” error that
> invites you to recompile.
>
> The command above uses (guix discovery) to find system tests exported by
> modules under (gnu tests …). Since it fails to load (gnu tests ssh), it
> just silently skips it and concludes that there’s no “dropbear” test.
>
> Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
> in this case.
>
> Thanks,
> Ludo’.
Understood, thank you for the explanation!
This bug report was last modified 6 years and 350 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.