From f04dca8eb750e44df9cda997089ee5657ce17516 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 9 Dec 2020 09:21:27 +0200 Subject: gnu: libssh2: Fix CVE-2019-17498. * gnu/packages/patches/ssh.scm (libssh2)[source]: Add patch. * gnu/packages/patches/libssh2-CVE-2019-17498.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/ssh.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gnu/packages/ssh.scm') diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 146177f7f3..0f2434d7c5 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2013, 2014 Andreas Enge ;;; Copyright © 2014, 2015, 2016 Mark H Weaver -;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner +;;; Copyright © 2015, 2016, 2018, 2019, 2020 Efraim Flashner ;;; Copyright © 2016, 2019 Leo Famulari ;;; Copyright © 2016 Nicolas Goaziou ;;; Copyright © 2016 Christopher Allan Webber @@ -165,7 +165,8 @@ applications.") version ".tar.gz")) (sha256 (base32 - "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")))) + "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")) + (patches (search-patches "libssh2-CVE-2019-17498.patch")))) (build-system gnu-build-system) ;; The installed libssh2.pc file does not include paths to libgcrypt and ;; zlib libraries, so we need to propagate the inputs. -- cgit v1.2.3 From da4483f3790a70058caeb7d208651b18d560ad60 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 26 Jan 2021 10:14:33 +0200 Subject: gnu: openssh: Build without pam for the Hurd. * gnu/packages/ssh.scm (openssh)[inputs]: Only add linux-pam when not building for the Hurd. [arguments]: Adjust configure flag to only use pam when not building for the Hurd. --- gnu/packages/ssh.scm | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'gnu/packages/ssh.scm') diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 0f2434d7c5..0afd8ed2b2 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2013, 2014 Andreas Enge ;;; Copyright © 2014, 2015, 2016 Mark H Weaver -;;; Copyright © 2015, 2016, 2018, 2019, 2020 Efraim Flashner +;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021 Efraim Flashner ;;; Copyright © 2016, 2019 Leo Famulari ;;; Copyright © 2016 Nicolas Goaziou ;;; Copyright © 2016 Christopher Allan Webber @@ -44,6 +44,7 @@ #:use-module (gnu packages gperf) #:use-module (gnu packages groff) #:use-module (gnu packages guile) + #:use-module (gnu packages hurd) #:use-module (gnu packages libedit) #:use-module (gnu packages linux) #:use-module (gnu packages logging) @@ -200,7 +201,9 @@ a server that supports the SSH-2 protocol.") ("pkg-config" ,pkg-config))) (inputs `(("libedit" ,libedit) ("openssl" ,openssl) - ("pam" ,linux-pam) + ,@(if (hurd-target?) + '() + `(("pam" ,linux-pam))) ("mit-krb5" ,mit-krb5) ("zlib" ,zlib) ("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y' @@ -223,7 +226,9 @@ a server that supports the SSH-2 protocol.") "--with-libedit" ;; Enable PAM support in sshd. - "--with-pam" + ,,@(if (hurd-target?) + '() + '("--with-pam")) ;; "make install" runs "install -s" by default, ;; which doesn't work for cross-compiled binaries -- cgit v1.2.3