GNU bug report logs - #34926
[PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 20 Mar 2019 20:33:02 UTC

Severity: normal

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34926 in the body.
You can then email your comments to 34926 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#34926; Package guix-patches. (Wed, 20 Mar 2019 20:33:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Wed, 20 Mar 2019 20:33:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: libssh2: Update to 1.8.1 with a graft [security fixes].
Date: Wed, 20 Mar 2019 16:31:59 -0400

Fixes CVE-2019-{3855,3856,3857,3858,3859,3860,3861,3862,3863}.
---
 gnu/packages/ssh.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index dc81736f06..ec81844b93 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -111,6 +111,7 @@ applications.")
 (define-public libssh2
   (package
    (name "libssh2")
+   (replacement libssh2-1.8.1)
    (version "1.8.0")
    (source (origin
             (method url-fetch)
@@ -143,6 +144,21 @@ a server that supports the SSH-2 protocol.")
    (license license:bsd-3)
    (home-page "https://www.libssh2.org/")))
 
+(define-public libssh2-1.8.1
+  (package
+    (inherit libssh2)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append
+                    "https://www.libssh2.org/download/libssh2-"
+                    version ".tar.gz"))
+             (sha256
+              (base32
+               "0ngif3ynk6xqzy5nlfjs7bsmfm81g9f145av0z86kf0vbgrigda0"))
+             (patches
+              (search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))))
+
 (define-public openssh
   (package
    (name "openssh")
-- 
2.21.0
Information forwarded to guix-patches <at> gnu.org:
bug#34926; Package guix-patches. (Wed, 20 Mar 2019 20:36:01 GMT) Full text and rfc822 format available.

Message #8 received at 34926 <at> debbugs.gnu.org (full text, mbox):

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Leo Famulari <leo <at> famulari.name>
Cc: 34926 <at> debbugs.gnu.org
Subject: Re: [bug#34926] [PATCH] gnu: libssh2: Update to 1.8.1 with a graft
 [security fixes].
Date: Wed, 20 Mar 2019 22:35:04 +0200

[Message part 1 (text/plain, inline)]
Is the patch already in the repo or did you forget to attach it?


-- 
Efraim Flashner   <efraim <at> flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]
Added tag(s) security. Request was from Leo Famulari <leo <at> famulari.name> to control <at> debbugs.gnu.org. (Wed, 20 Mar 2019 20:43:02 GMT) Full text and rfc822 format available.
Information forwarded to guix-patches <at> gnu.org:
bug#34926; Package guix-patches. (Wed, 20 Mar 2019 20:44:02 GMT) Full text and rfc822 format available.

Message #13 received at 34926 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: 34926 <at> debbugs.gnu.org
Subject: Re: [bug#34926] [PATCH] gnu: libssh2: Update to 1.8.1 with a graft
 [security fixes].
Date: Wed, 20 Mar 2019 16:43:48 -0400

[Message part 1 (text/plain, inline)]
On Wed, Mar 20, 2019 at 10:35:04PM +0200, Efraim Flashner wrote:
> Is the patch already in the repo or did you forget to attach it?

I'm not sure what happened but I did sent it with `git send-email`:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34926#5

[signature.asc (application/pgp-signature, inline)]
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Thu, 21 Mar 2019 17:39:02 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Thu, 21 Mar 2019 17:39:03 GMT) Full text and rfc822 format available.

Message #18 received at 34926-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: 34926-done <at> debbugs.gnu.org
Subject: Re: [bug#34926] [PATCH] gnu: libssh2: Update to 1.8.1 with a graft
 [security fixes].
Date: Thu, 21 Mar 2019 13:38:51 -0400

[Message part 1 (text/plain, inline)]
I've pushed a variant of this patch as
af8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 19 Apr 2019 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 2 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.