[bug#32545] [PATCH] gnu: dropbear: Fix CVE-2018-15599.

[Clément Lassieur]

Hello Ludovic,

Ludovic Courtès <address@hidden> writes:

> Hello,
>
> Clément Lassieur <address@hidden> skribis:
>
>> Ludovic Courtès <address@hidden> writes:
>>
>>> Hi!
>>>
>>> Leo Famulari <address@hidden> skribis:
>>>
>>>> Dropbear users, please test!
>>>>
>>>> * gnu/packages/patches/dropbear-CVE-2018-15599.patch: New file.
>>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>>> * gnu/packages/ssh.scm (dropbear)[source]: Use it.
>>>
>>> I haven’t tested it but the patch LGTM, FWIW.  You can also run “make
>>> check-system TESTS=dropbear” if you haven’t already, to make sure the
>>> basics work.
>>
>> Leo said on IRC that this produces 0 tests, and I can reproduce this:
>>
>>     $ ~/.guix$ make check-system TESTS="dropbear"
>>     Compiling Scheme modules...
>>     Running 0 system tests...
>>     TOTAL: 0
>
> “rm gnu/tests/ssh.go && make” will fix it.
>
> The reason is that 6772ed1e07d6b8ce557199d91aaa1442c77186c7 changed the
> ABI of <openssh-configuration>.  Thus, gnu/tests/ssh.go is stale, and if
> you try to load it manually, you get the “ABI mismatch” error that
> invites you to recompile.
>
> The command above uses (guix discovery) to find system tests exported by
> modules under (gnu tests …).  Since it fails to load (gnu tests ssh), it
> just silently skips it and concludes that there’s no “dropbear” test.
>
> Commit d258c791441b46705f4360cf141343363d1751f2 has a warning displayed
> in this case.
>
> Thanks,
> Ludo’.

Understood, thank you for the explanation!