From patchwork Thu Dec 21 05:33:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jack Hill <jackhill@jackhill.us>
X-Patchwork-Id: 57944
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 87D0F27BBEA; Thu, 21 Dec 2023 05:35:18 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 5052C27BBE2
	for <patchwork@mira.cbaines.net>; Thu, 21 Dec 2023 05:35:17 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1rGBi0-0000hW-DB; Thu, 21 Dec 2023 00:35:00 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rGBhz-0000hJ-1v
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:34:59 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rGBhy-0001mq-PX
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:34:58 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rGBi2-0008In-E6
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:35:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67948] [PATCH] gnu: openssh: Update to 9.6p1 [security-fixes].
Resent-From: Jack Hill <jackhill@jackhill.us>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 21 Dec 2023 05:35:02 +0000
Resent-Message-ID: <handler.67948.B.170313687431864@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 67948
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67948@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.170313687431864
 (code B ref -1); Thu, 21 Dec 2023 05:35:02 +0000
Received: (at submit) by debbugs.gnu.org; 21 Dec 2023 05:34:34 +0000
Received: from localhost ([127.0.0.1]:42247 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rGBhZ-0008Hs-Rf
 for submit@debbugs.gnu.org; Thu, 21 Dec 2023 00:34:34 -0500
Received: from lists.gnu.org ([2001:470:142::17]:57330)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jackhill@jackhill.us>) id 1rGBhW-0008Hc-Uc
 for submit@debbugs.gnu.org; Thu, 21 Dec 2023 00:34:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jackhill@jackhill.us>)
 id 1rGBhN-0000ek-VE
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:34:21 -0500
Received: from minsky.hcoop.net ([104.248.1.95])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jackhill@jackhill.us>)
 id 1rGBhM-0001jS-5S
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:34:21 -0500
Received: from lib-its13.lib.duke.edu ([152.3.118.151]
 helo=localhost.localdomain)
 by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <jackhill@jackhill.us>)
 id 1rGBhL-0004AK-4f
 for guix-patches@gnu.org; Thu, 21 Dec 2023 00:34:19 -0500
From: Jack Hill <jackhill@jackhill.us>
Date: Thu, 21 Dec 2023 00:33:08 -0500
Message-ID: 
 <e54b8cccc03a565c16bcbfc562fd966d5ef08e1c.1703136788.git.jackhill@jackhill.us>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Received-SPF: pass client-ip=104.248.1.95; envelope-from=jackhill@jackhill.us;
 helo=minsky.hcoop.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Fixes CVE-2023-48795.

* gnu/packages/ssh.scm (openssh): Update to 9.6p1
[arguments]<#:parallel-tests?>: Disable.

Change-Id: I8b7707894d904ec8bcccb943908fff2e69a1a027
---

This may fix additional security problem as well, but the openssh
release notes don't list them:

https://www.openssh.com/releasenotes.html#9.6p1


 gnu/packages/ssh.scm | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)


base-commit: aa22cdd363d3b2cf64586ccee918531aa53ef365

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 47089b197d..565ac3b079 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -198,7 +198,7 @@ (define-public libssh2
 (define-public openssh
   (package
    (name "openssh")
-   (version "9.5p1")
+   (version "9.6p1")
    (source
     (origin
       (method url-fetch)
@@ -206,11 +206,14 @@ (define-public openssh
                           "openssh-" version ".tar.gz"))
       (patches (search-patches "openssh-trust-guix-store-directory.patch"))
       (sha256
-       (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
+       (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
    (build-system gnu-build-system)
    (arguments
     (list
      #:test-target "tests"
+     ;; Not all of the tests can be run in parallel
+     ;; https://marc.info/?l=openssh-unix-dev&m=170313565518842&w=2
+     #:parallel-tests? #f
      ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
      #:make-flags
      #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")