Package: guix-patches;
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 16 Oct 2018 18:23:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Leo Famulari <leo <at> famulari.name> To: 33067 <at> debbugs.gnu.org Cc: ludo <at> gnu.org Subject: [bug#33067] [PATCH] gnu: libssh: Update to 0.7.6 [fixes CVE-2018-10933]. Date: Tue, 16 Oct 2018 14:22:09 -0400
This update should be tested with users of guile-ssh.
Also, Ludo, the bug report of the patch removed here is no longer online
(they have a new bug tracker at <https://bugs.libssh.org/>). The patch
doesn't apply, but since I can't read the bug report, I don't know if
the problem is fixed upstream, or if we should adapt our patch.
* gnu/packages/ssh.scm (libssh): Update to 0.7.6.
[source]: Remove 'libssh-hostname-parser-bug.patch'.
* gnu/packages/patches/libssh-hostname-parser-bug.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
.../patches/libssh-hostname-parser-bug.patch | 31 ---------
gnu/packages/ssh.scm | 63 +++++++++----------
3 files changed, 29 insertions(+), 66 deletions(-)
delete mode 100644 gnu/packages/patches/libssh-hostname-parser-bug.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index b8248e8da..8171fb2db 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -901,7 +901,6 @@ dist_patch_DATA = \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
%D%/packages/patches/libsndfile-CVE-2017-12562.patch \
- %D%/packages/patches/libssh-hostname-parser-bug.patch \
%D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtheora-config-guess.patch \
diff --git a/gnu/packages/patches/libssh-hostname-parser-bug.patch b/gnu/packages/patches/libssh-hostname-parser-bug.patch
deleted file mode 100644
index 69f46cbdd..000000000
--- a/gnu/packages/patches/libssh-hostname-parser-bug.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix "Hostname" parsing in OpenSSH config files, as reported
-at <https://red.libssh.org/issues/260>.
-
-From: Niels Ole Salscheider <niels_ole <at> salscheider-online.de>
-Date: Mon, 8 May 2017 17:36:13 +0200
-Subject: [PATCH] Fix reading of the first parameter
-
-This is a fixup for 7b8b5eb4eac314a3a29be812bef0264c6611f6e7.
-Previously, it would return as long as the parameter was _not_ seen
-before. It also did not handle the case for the unsupported opcode (-1)
-which would cause a segfault when accessing the "seen" array.
----
- src/config.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/config.c b/src/config.c
-index 7c03b27..238a655 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -218,8 +218,9 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
- }
-
- opcode = ssh_config_get_opcode(keyword);
-- if (*parsing == 1 && opcode != SOC_HOST) {
-- if (seen[opcode] == 0) {
-+ if (*parsing == 1 && opcode != SOC_HOST &&
-+ opcode > SOC_UNSUPPORTED && opcode < SOC_END) {
-+ if (seen[opcode] == 1) {
- return 0;
- }
- seen[opcode] = 1;
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 362d427a2..6ade3e55b 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -65,40 +65,35 @@
#:use-module (srfi srfi-1))
(define-public libssh
- ;; This commit from the 'v0-7' branch contains 7 memory-management-related
- ;; bug fixes that we'd rather have.
- (let ((commit "239d0f75b5f909174c2ef7fb08d23bcfa6b20ba0")
- (revision "0"))
- (package
- (name "libssh")
- (version (git-version "0.7.5" revision commit))
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://git.libssh.org/projects/libssh.git")
- (commit commit)))
- (sha256
- (base32
- "01w72w1jsgs9ilj3n1gp6qkmdxr9n74i5h2nipi3x1vzm7bv8na1"))
- (patches (search-patches "libssh-hostname-parser-bug.patch"))
- (file-name (git-file-name name version))))
- (build-system cmake-build-system)
- (outputs '("out" "debug"))
- (arguments
- '(#:configure-flags '("-DWITH_GCRYPT=ON")
-
- ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
- #:tests? #f))
- (inputs `(("zlib" ,zlib)
- ("libgcrypt" ,libgcrypt)))
- (synopsis "SSH client library")
- (description
- "libssh is a C library implementing the SSHv2 and SSHv1 protocol for
-client and server implementations. With libssh, you can remotely execute
-programs, transfer files, and use a secure and transparent tunnel for your
-remote applications.")
- (home-page "https://www.libssh.org")
- (license license:lgpl2.1+))))
+ (package
+ (name "libssh")
+ (version "0.7.6")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.libssh.org/projects/libssh.git")
+ (commit (string-append "libssh-" version))))
+ (sha256
+ (base32
+ "0slwqa36mhyb6brdv2jvb9fxp7rvsv3ziv67kaxx615jxn52l5pa"))
+ (file-name (git-file-name name version))))
+ (build-system cmake-build-system)
+ (outputs '("out" "debug"))
+ (arguments
+ '(#:configure-flags '("-DWITH_GCRYPT=ON")
+
+ ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
+ #:tests? #f))
+ (inputs `(("zlib" ,zlib)
+ ("libgcrypt" ,libgcrypt)))
+ (synopsis "SSH client library")
+ (description
+ "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
+and server implementations. With libssh, you can remotely execute programs,
+transfer files, and use a secure and transparent tunnel for your remote
+applications.")
+ (home-page "https://www.libssh.org")
+ (license license:lgpl2.1+)))
(define-public libssh2
(package
--
2.19.1
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.