[PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].

DoneSubmitted by Leo Famulari.
Details
2 participants
  • Efraim Flashner
  • Leo Famulari
Owner
unassigned
Severity
normal
L
L
Leo Famulari wrote on 20 Mar 2019 21:31
(address . guix-patches@gnu.org)
128204645081af4cc1e10f5aef21b9b4e6dc9d81.1553113916.git.leo@famulari.name
Fixes CVE-2019-{3855,3856,3857,3858,3859,3860,3861,3862,3863}.--- gnu/packages/ssh.scm | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
Toggle diff (36 lines)diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scmindex dc81736f06..ec81844b93 100644--- a/gnu/packages/ssh.scm+++ b/gnu/packages/ssh.scm@@ -111,6 +111,7 @@ applications.") (define-public libssh2 (package (name "libssh2")+ (replacement libssh2-1.8.1) (version "1.8.0") (source (origin (method url-fetch)@@ -143,6 +144,21 @@ a server that supports the SSH-2 protocol.") (license license:bsd-3) (home-page "https://www.libssh2.org/"))) +(define-public libssh2-1.8.1+ (package+ (inherit libssh2)+ (version "1.8.1")+ (source (origin+ (method url-fetch)+ (uri (string-append+ "https://www.libssh2.org/download/libssh2-"+ version ".tar.gz"))+ (sha256+ (base32+ "0ngif3ynk6xqzy5nlfjs7bsmfm81g9f145av0z86kf0vbgrigda0"))+ (patches+ (search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))))+ (define-public openssh (package (name "openssh")-- 2.21.0
E
E
Efraim Flashner wrote on 20 Mar 2019 21:35
(name . Leo Famulari)(address . leo@famulari.name)(address . 34926@debbugs.gnu.org)
20190320203504.GA3879@macbook41
Is the patch already in the repo or did you forget to attach it?

-- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlySo/MACgkQQarn3Mo9g1FTExAAu3VrBD4HDylXzUXs7nKWfSkfMm5NgSNLbop9m88fOWsk5e4laANfPRXXArKj+Lik8LCKHUL59ZAo94xPUCtW5ERSCEGXEj7gHq9iXQOsDhmfzzpi4zeOcpN8Am7ypgxn0cJja9OiBCzaGtzkSt9KnfrJtPZbpO+lsbWuy8PS65PTRkcm9lH26lCbXNV4j0kHS+acF5Wn8DPkDJCBT6KvibNGQHKuFhzqTWNRlOhwNktk916kv1am8bmSKR/2UKSQUW3DUflxjeVRNab/NbYdRUWwimHafts7hWe5NBx+1u/kkpc50WkqgceAxkkn9L55VtVIvaLv3WxYT42IvqOE2AI1AVJKUQhB9z+OybEnqkKpA0I6fkk0SIqD8k1V08hbnhyZ2aDiDT8+r5pIqE/ls8PBAcmIREMKt3/sXFBv2SC36ktjnUokI4Hiph9XezDtGPsJba8drS4ntJHoTq1fwSvTCq/6P0k6geIYnPmrgJ3ZViBe70IiZcr7ubBCA1yzHX+JN9yb9YWZYMQn9SrJRnSMcYyZZk/cnAcQdcaP91P9S38LwzMyBEzQcOwPfir34HfYi147rzjiWInpAbn/xTie+HT+8Gu1Gwu/aBnH/UQWaepZhNB6RvHN73XVdVNqXW7nacvuXVeO3uEmY7ph7tTJxXzXdjhMWvDMxdCPMv8==KAY5-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 20 Mar 2019 21:42
(no subject)
(address . control@debbugs.gnu.org)
20190320204246.GA21432@jasmine.lan
tags 34926 security patch
L
L
Leo Famulari wrote on 20 Mar 2019 21:43
Re: [bug#34926] [PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 34926@debbugs.gnu.org)
20190320204348.GB21181@jasmine.lan
On Wed, Mar 20, 2019 at 10:35:04PM +0200, Efraim Flashner wrote:
Toggle quote (2 lines)> Is the patch already in the repo or did you forget to attach it?
I'm not sure what happened but I did sent it with `git send-email`:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34926#5
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlySpgQACgkQJkb6MLrKfwjSuRAA3G+nhOD9iMbSUUOTYPECJP87Kcpw+P5VQWmGi73rwNoR63qdblhnuvSgknM/M9SpiNZ3pQ8Y3PQyuZL4zx24RTlF77taj8P5iMsFpl1oC4ocU+1GS+T1+PZFToUs7IJWYPi+1ybeCciQAK0AHqlcdrVTGKWH6tdDp1rYQk/Df4ecY1uj+5ZtgyjaYf+2npXMQOpC3t4zYjsVkgbZp/Up+rLHLMoxA9JBcPS8iw4ecxGWIIy6e/8GZnsIUz9H4Q75zQ+YEtbMy5Xv4muhtt/1s29MgOCpfF8tWGhYTDfovd2DfTpglwlEn6cGF3F9DnFp/PuD9kysdsW4qz+QH4/VGA8O2Kkljo2hQvCD+Q2/prFUgR9tmX6aBABQyIOUYn76r4b++GaMbAH4ghIZIpgpEpmqKwpwh4jklelEP3xh16m49IqlJnbwMhc6cCoLj+zqWvXCnAtpcJD8o+zvdHTRdUnZDGdbFyU+bVtwb/O87GTRERoH3iZleYuPgo+uFzD1X+YszJ1dbBJkg2PXUGHQk01bWuM2StK4aNfEsFH3yPUOK9rU7gOkoaOrim2LNDuC7ef1DZd3jlVTQuGUFWOrPP61O1YdQAn0sJRsW3hp30gUUKweKtvSIFld7ERsLA2VEKHRordpigFtrOT0kctFAujEyIcxeqMkMGALiWxGsIU==0Fi8-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 21 Mar 2019 18:38
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 34926-done@debbugs.gnu.org)
20190321173851.GA14834@jasmine.lan
I've pushed a variant of this patch asaf8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlyTzCsACgkQJkb6MLrKfwjIjQ/9GrwofOgRTEvT6TjzXn3STDcvrs1Z41Q++7M2EM7EdbHTbImoTzlc08Q/4jHym+kXUHrAKznE1bYRFtNimjaG9aIFao17NYb2lBMUq0Pfu0geVQMzXTVUSWdnyQWvfzVDemJDXhandAgKsSMuMMrGTF2iBUsDMkT2RaxiXe4Z6Hy1ntD6uJwX8Uu1CDoiTf8PoEiq2j7CZ4a8YZtR86VqpKjQnoeqAzlLEzJiLopce6hC+bVRFvpaCGIgerpNlp0UqWTl8Et/QeCXfD+kdgU+w5A3T4TmmeXWWC1VUIXXMTQceEd4xZkzElNVvwFGsXvHHoViKUL9Xxdm4WYg5ihU6OJFX/LqG/6PSduudsVxl/iVgddIw+bZEYU+PUM1orBC6DedyYn9resiw3wz22EQ/avWSjZwPvyOn3q/6t/1ybs8S4Pb/0fIwdWER1VqUlIE5kSfT5/KpWL7oo3QCUlNGhldDl/98Vm3Z+rc/DcXKHG4iZwoRKLXU4tZbe2jIY1N42wqJbIFjKZAGVxdc85xhVM+yY0wC/EoKxQLoItlNrxPNtIyiH7sPvnLUd4Oym9Lp1hcy0YH1864eqonfNfvQOjUBQdJ7GiqKJhn7UxlyHLlhh3/US/IHG8vb1+A2AWBOR3uVoEi0nov3+5h5vxIQGPszKbfwCbaOPH4pKd07y4==sNlf-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 34926@debbugs.gnu.org