[PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].

Done

Details

2 participants

Efraim Flashner
Leo Famulari

Owner: unassigned

Submitted by: Leo Famulari

Severity: normal

Leo Famulari wrote on 20 Mar 2019 21:31

Recipients:(address . guix-patches@gnu.org)

Message-ID:128204645081af4cc1e10f5aef21b9b4e6dc9d81.1553113916.git.leo@famulari.name

Fixes CVE-2019-{3855,3856,3857,3858,3859,3860,3861,3862,3863}.

---

gnu/packages/ssh.scm | 16 ++++++++++++++++

1 file changed, 16 insertions(+)

Toggle diff (36 lines)diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index dc81736f06..ec81844b93 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -111,6 +111,7 @@ applications.")
 (define-public libssh2
   (package
    (name "libssh2")
+   (replacement libssh2-1.8.1)
    (version "1.8.0")
    (source (origin
             (method url-fetch)
@@ -143,6 +144,21 @@ a server that supports the SSH-2 protocol.")
    (license license:bsd-3)
    (home-page "https://www.libssh2.org/")))
 
+(define-public libssh2-1.8.1
+  (package
+    (inherit libssh2)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                    "https://www.libssh2.org/download/libssh2-"
+                    version ".tar.gz"))
+             (sha256
+              (base32
+               "0ngif3ynk6xqzy5nlfjs7bsmfm81g9f145av0z86kf0vbgrigda0"))
+             (patches
+              (search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))))
+
 (define-public openssh
   (package
    (name "openssh")
-- 
2.21.0

Efraim Flashner wrote on 20 Mar 2019 21:35

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 34926@debbugs.gnu.org)

Message-ID:20190320203504.GA3879@macbook41

Is the patch already in the repo or did you forget to attach it?

Efraim Flashner <efraim@flashner.co.il> ????? ?????

GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351

Confidentiality cannot be guaranteed on emails sent or received unencrypted

Leo Famulari wrote on 20 Mar 2019 21:42

(no subject)

Recipients:(address . control@debbugs.gnu.org)

Message-ID:20190320204246.GA21432@jasmine.lan

tags 34926 security patch

Leo Famulari wrote on 20 Mar 2019 21:43

Re: [bug#34926] [PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].

Recipients:(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 34926@debbugs.gnu.org)

Message-ID:20190320204348.GB21181@jasmine.lan

On Wed, Mar 20, 2019 at 10:35:04PM +0200, Efraim Flashner wrote:

Toggle quote (2 lines)

> Is the patch already in the repo or did you forget to attach it?

I'm not sure what happened but I did sent it with `git send-email`:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34926#5

Leo Famulari wrote on 21 Mar 2019 18:38

Recipients:(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 34926-done@debbugs.gnu.org)

Message-ID:20190321173851.GA14834@jasmine.lan

I've pushed a variant of this patch as

af8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 34926@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 34926

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date