Message ID | e54b8cccc03a565c16bcbfc562fd966d5ef08e1c.1703136788.git.jackhill@jackhill.us |
---|---|
State | New |
Headers | show |
Series | [bug#67948] gnu: openssh: Update to 9.6p1 [security-fixes]. | expand |
On Thu, Dec 21, 2023 at 12:33 AM, Jack Hill wrote: > Fixes CVE-2023-48795. > > * gnu/packages/ssh.scm (openssh): Update to 9.6p1 > [arguments]<#:parallel-tests?>: Disable. > > Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027 > --- > > This may fix additional security problem as well, but the openssh > release notes don't list them: > > https://www.openssh.com/releasenotes.html#9.6p1 > > > gnu/packages/ssh.scm | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm > index 47089b197d..565ac3b079 100644 > --- a/gnu/packages/ssh.scm > +++ b/gnu/packages/ssh.scm > @@ -198,7 +198,7 @@ (define-public libssh2 > (define-public openssh > (package > (name "openssh") > - (version "9.5p1") > + (version "9.6p1") > (source > (origin > (method url-fetch) > @@ -206,11 +206,14 @@ (define-public openssh > "openssh-" version ".tar.gz")) > (patches (search-patches "openssh-trust-guix-store-directory.patch")) > (sha256 > - (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph")))) > + (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li")))) > (build-system gnu-build-system) > (arguments > (list > #:test-target "tests" > + ;; Not all of the tests can be run in parallel > + ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2 > + #:parallel-tests? #f > ;; Otherwise, the test scripts try to use a nonexistent directory and fail. > #:make-flags > #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"") > > base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365 Thanks for this one as well! Pushed as 04b63ea195cbcbcf519b7dd52546c6d56be6741b.
Note that this breaks OpenSSH building on powerpc64le platforms See: https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd for upstream patch
Hi, On Sun, Dec 24, 2023 at 09:10 AM, Marcel van der Boom wrote: > Note that this breaks OpenSSH building on powerpc64le platforms > > See: > > https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd > > for upstream patch Looks like you just sent this to the debbugs address so no one got it. I've cc'ed the original author manually. I happened to see this when searching for something else, so it would be good to open a separate issue (or better yet with a patch) for this. You could CC Efraim as he is usually on top of powerpc64le stuff in my experience. Thanks, John
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 47089b197d..565ac3b079 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -198,7 +198,7 @@ (define-public libssh2 (define-public openssh (package (name "openssh") - (version "9.5p1") + (version "9.6p1") (source (origin (method url-fetch) @@ -206,11 +206,14 @@ (define-public openssh "openssh-" version ".tar.gz")) (patches (search-patches "openssh-trust-guix-store-directory.patch")) (sha256 - (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph")))) + (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li")))) (build-system gnu-build-system) (arguments (list #:test-target "tests" + ;; Not all of the tests can be run in parallel + ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2 + #:parallel-tests? #f ;; Otherwise, the test scripts try to use a nonexistent directory and fail. #:make-flags #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")