GNU bug report logs -
#67948
[PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
Previous Next
Reported by: Jack Hill <jackhill <at> jackhill.us>
Date: Thu, 21 Dec 2023 05:35:02 UTC
Severity: normal
Tags: patch
Done: John Kehayias <john.kehayias <at> protonmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 67948 in the body.
You can then email your comments to 67948 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#67948; Package
guix-patches.
(Thu, 21 Dec 2023 05:35:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jack Hill <jackhill <at> jackhill.us>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 21 Dec 2023 05:35:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2023-48795.
* gnu/packages/ssh.scm (openssh): Update to 9.6p1
[arguments]<#:parallel-tests?>: Disable.
Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
---
This may fix additional security problem as well, but the openssh
release notes don't list them:
https://www.openssh.com/releasenotes.html#9.6p1
gnu/packages/ssh.scm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 47089b197d..565ac3b079 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -198,7 +198,7 @@ (define-public libssh2
(define-public openssh
(package
(name "openssh")
- (version "9.5p1")
+ (version "9.6p1")
(source
(origin
(method url-fetch)
@@ -206,11 +206,14 @@ (define-public openssh
"openssh-" version ".tar.gz"))
(patches (search-patches "openssh-trust-guix-store-directory.patch"))
(sha256
- (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
+ (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
(build-system gnu-build-system)
(arguments
(list
#:test-target "tests"
+ ;; Not all of the tests can be run in parallel
+ ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
+ #:parallel-tests? #f
;; Otherwise, the test scripts try to use a nonexistent directory and fail.
#:make-flags
#~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365
--
2.41.0
Reply sent
to
John Kehayias <john.kehayias <at> protonmail.com>:
You have taken responsibility.
(Thu, 21 Dec 2023 19:29:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jack Hill <jackhill <at> jackhill.us>:
bug acknowledged by developer.
(Thu, 21 Dec 2023 19:29:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 67948-done <at> debbugs.gnu.org (full text, mbox):
On Thu, Dec 21, 2023 at 12:33 AM, Jack Hill wrote:
> Fixes CVE-2023-48795.
>
> * gnu/packages/ssh.scm (openssh): Update to 9.6p1
> [arguments]<#:parallel-tests?>: Disable.
>
> Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
> ---
>
> This may fix additional security problem as well, but the openssh
> release notes don't list them:
>
> https://www.openssh.com/releasenotes.html#9.6p1
>
>
> gnu/packages/ssh.scm | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index 47089b197d..565ac3b079 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -198,7 +198,7 @@ (define-public libssh2
> (define-public openssh
> (package
> (name "openssh")
> - (version "9.5p1")
> + (version "9.6p1")
> (source
> (origin
> (method url-fetch)
> @@ -206,11 +206,14 @@ (define-public openssh
> "openssh-" version ".tar.gz"))
> (patches (search-patches "openssh-trust-guix-store-directory.patch"))
> (sha256
> - (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
> + (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
> (build-system gnu-build-system)
> (arguments
> (list
> #:test-target "tests"
> + ;; Not all of the tests can be run in parallel
> + ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
> + #:parallel-tests? #f
> ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
> #:make-flags
> #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
>
> base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365
Thanks for this one as well! Pushed as
04b63ea195cbcbcf519b7dd52546c6d56be6741b.
Information forwarded
to
guix-patches <at> gnu.org:
bug#67948; Package
guix-patches.
(Sun, 24 Dec 2023 08:12:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 67948 <at> debbugs.gnu.org (full text, mbox):
Note that this breaks OpenSSH building on powerpc64le platforms
See:
https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
for upstream patch
Information forwarded
to
guix-patches <at> gnu.org:
bug#67948; Package
guix-patches.
(Sun, 31 Dec 2023 20:03:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 67948 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Sun, Dec 24, 2023 at 09:10 AM, Marcel van der Boom wrote:
> Note that this breaks OpenSSH building on powerpc64le platforms
>
> See:
>
> https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd
>
> for upstream patch
Looks like you just sent this to the debbugs address so no one got it.
I've cc'ed the original author manually.
I happened to see this when searching for something else, so it would be
good to open a separate issue (or better yet with a patch) for this. You
could CC Efraim as he is usually on top of powerpc64le stuff in my
experience.
Thanks,
John
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 29 Jan 2024 12:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.