tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-25 11:40:30 +02:00
Code Activity

gnu: openssh: Update to 10.3p1 [security-fixes].

Browse Source 
Release notes since 10.2p1 (2025-10-10):
- 10.3p1 (2026-04-02)
  <https://www.openssh.org/txt/release-10.3>.

Contains fixes for:
CVE-2026-35385: A file downloaded by scp may be installed setuid or setgid, an
                outcome contrary to some users' expectations, if the download is
                performed as root with -O (legacy scp protocol) and without -p
                (preserve mode).
CVE-2026-35386: Command execution can occur via shell metacharacters in a
                username within a command line. This requires a scenario where
                the username on the command line is untrusted, and also requires
                a non-default configurations of % in ssh_config.
CVE-2026-35387: OpenSSH can use unintended ECDSA algorithms. Listing of any
                ECDSA algorithm in PubkeyAcceptedAlgorithms or
                HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA
                algorithms.
CVE-2026-35388: OpenSSH before omits connection multiplexing confirmation for
                proxy-mode multiplexing sessions.
CVE-2026-35414: OpenSSH mishandles the authorized_keys principals option in
                uncommon scenarios involving a principals list in conjunction
                with a Certificate Authority that makes certain use of comma
                characters.

* gnu/packages/ssh.scm (openssh): Update to 10.3p1.

Merges: https://codeberg.org/guix/guix/pulls/7695
Change-Id: I9e90c3ef02f567d0f5b2485c4e0bcfaa1a1f31c8
Reviewed-by: Nguyễn Gia Phong <cnx@loang.net>
Reviewed-by: Jonas Meeuws <jonas.meeuws@gmail.com>
Reviewed-by: Cayetano Santos <csantosb@inventati.org>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
This commit is contained in:
Ashish SHUKLA
2026-04-05 21:37:06 +02:00
committed by Andreas Enge
parent d7056c6899
commit d0d7604458
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gnu/packages/ssh.scm
View File

@@ -19,7 +19,7 @@
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2023 Simon Streit <simon@netpanic.org>
;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
;;; Copyright © 2024, 2025 Ashish SHUKLA <ashish.is@lostca.se>
;;; Copyright © 2024-2026 Ashish SHUKLA <ashish.is@lostca.se>
;;; Copyright © 2024, 2025 Sharlatan Hellseher <sharlatanus@gmail.com>
;;; Copyright © 2025 Ghislain Vaillant <ghislain.vaillant@inria.fr>
;;; Copyright © 2025 Cayetano Santos <csantosb@inventati.org>
@@ -237,7 +237,7 @@ a server that supports the SSH-2 protocol.")
(define-public openssh
(package
(name "openssh")
(version "10.2p1")
(version "10.3p1")
(source
(origin
(method url-fetch)
@@ -245,7 +245,7 @@ a server that supports the SSH-2 protocol.")
"openssh-" version ".tar.gz"))
(patches (search-patches "openssh-trust-guix-store-directory.patch"))
(sha256
(base32 "1clqyxh6mrbwjg964df0hjwmd361mxnx3nx17wk5jyck3422ri6c"))))
(base32 "1x25iv8yfcfpf3b1ap72indbfna0wz48xz8ny2sg9p4jpcv2ls2n"))))
(build-system gnu-build-system)
(arguments
(list