[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: libssh2: Update to 1.8.1 [security fixes].
|
From: |
guix-commits |
|
Subject: |
01/01: gnu: libssh2: Update to 1.8.1 [security fixes]. |
|
Date: |
Thu, 21 Mar 2019 13:37:14 -0400 (EDT) |
lfam pushed a commit to branch master
in repository guix.
commit af8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6
Author: Leo Famulari <address@hidden>
Date: Thu Mar 21 13:34:24 2019 -0400
gnu: libssh2: Update to 1.8.1 [security fixes].
Fixes CVE-2019-{3855,3856,3857,3858,3859,3860,3861,3862,3863}.
* gnu/packages/ssh.scm (libssh2): Update to 1.8.1.
(libssh2-1.8.0): New variable.
* gnu/packages/curl.scm (curl)[inputs]: Use libssh2-1.8.0.
---
gnu/packages/curl.scm | 10 +++++++---
gnu/packages/ssh.scm | 24 +++++++++++++++++++++---
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 456a180..a36a1ee 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2015 Mark H Weaver <address@hidden>
;;; Copyright © 2015 Tomáš Čech <address@hidden>
;;; Copyright © 2015 Ludovic Courtès <address@hidden>
-;;; Copyright © 2016, 2017 Leo Famulari <address@hidden>
+;;; Copyright © 2016, 2017, 2019 Leo Famulari <address@hidden>
;;; Copyright © 2017 Marius Bakke <address@hidden>
;;; Copyright © 2017 Efraim Flashner <address@hidden>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <address@hidden>
@@ -66,10 +66,14 @@
(inputs `(("gnutls" ,gnutls)
("gss" ,gss)
("libidn" ,libidn)
- ("libssh2" ,libssh2)
("openldap" ,openldap)
("nghttp2" ,nghttp2 "lib")
- ("zlib" ,zlib)))
+ ("zlib" ,zlib)
+ ;; TODO XXX <https://bugs.gnu.org/34927>
+ ;; Curl doesn't actually use or refer to libssh2 because the build
+ ;; is not configured with '--with-libssh2'. Remove this input
when
+ ;; a mass rebuild is appropriate (e.g. core-updates).
+ ("libssh2" ,libssh2-1.8.0)))
(native-inputs
`(("perl" ,perl)
;; to enable the --manual option and make test 1026 pass
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index dc81736..5b5890a 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2013, 2014 Andreas Enge <address@hidden>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
;;; Copyright © 2015, 2016, 2018 Efraim Flashner <address@hidden>
-;;; Copyright © 2016 Leo Famulari <address@hidden>
+;;; Copyright © 2016, 2019 Leo Famulari <address@hidden>
;;; Copyright © 2016 Nicolas Goaziou <address@hidden>
;;; Copyright © 2016 Christopher Allan Webber <address@hidden>
;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <address@hidden>
@@ -111,7 +111,7 @@ applications.")
(define-public libssh2
(package
(name "libssh2")
- (version "1.8.0")
+ (version "1.8.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -119,7 +119,7 @@ applications.")
version ".tar.gz"))
(sha256
(base32
- "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))
+ "0ngif3ynk6xqzy5nlfjs7bsmfm81g9f145av0z86kf0vbgrigda0"))
(patches
(search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))
(build-system gnu-build-system)
@@ -143,6 +143,24 @@ a server that supports the SSH-2 protocol.")
(license license:bsd-3)
(home-page "https://www.libssh2.org/";)))
+;; XXX A hidden special obsolete libssh2 for temporary use in the curl package.
+;; <https://bugs.gnu.org/34927>
+(define-public libssh2-1.8.0
+ (hidden-package
+ (package
+ (inherit libssh2)
+ (version "1.8.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://www.libssh2.org/download/libssh2-";
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))
+ (patches
+ (search-patches
"libssh2-fix-build-failure-with-gcrypt.patch")))))))
+
(define-public openssh
(package
(name "openssh")