GNU bug report logs - #32545
[PATCH] gnu: dropbear: Fix CVE-2018-15599.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 27 Aug 2018 20:44:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #25 received at 32545 <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 32545 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: Re: [bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.
Date: Wed, 29 Aug 2018 23:55:39 +0200

Hello Ludovic,

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hello,
>
> Clément Lassieur <clement <at> lassieur.org> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>>
>>> Hi!
>>>
>>> Leo Famulari <leo <at> famulari.name> skribis:
>>>
>>>> Dropbear users, please test!
>>>>
>>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>>
>>> I haven’t tested it but the patch LGTM, FWIW.  You can also run “make
>>> check-system TESTS=dropbear” if you haven’t already, to make sure the
>>> basics work.
>>
>> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>>
>>     $ ~/.guix$ make check-system TESTS="dropbear"
>>     Compiling Scheme modules...
>>     Running 0 system tests...
>>     TOTAL: 0
>
> “rm gnu/tests/ssh.go && make” will fix it.
>
> The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
> ABI of <openssh-configuration>.  Thus, gnu/tests/ssh.go is stale, and if
> you try to load it manually, you get the “ABI mismatch” error that
> invites you to recompile.
>
> The command above uses (guix discovery) to find system tests exported by
> modules under (gnu tests …).  Since it fails to load (gnu tests ssh), it
> just silently skips it and concludes that there’s no “dropbear” test.
>
> Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
> in this case.
>
> Thanks,
> Ludo’.

Understood, thank you for the explanation!
This bug report was last modified 6 years and 350 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.