diff options
| author | Ashish SHUKLA <ashish.is@lostca.se> | 2022-01-04 19:07:16 +0530 |
|---|---|---|
| committer | Ashish SHUKLA <ashish.is@lostca.se> | 2022-01-05 00:04:02 +0530 |
| commit | 95fee491d98b90f8127654688c462f1755b756e4 (patch) | |
| tree | 199aa86e79b3606a6cb93744073bf779fc32b8e6 /pkgs/tools/networking/openssh | |
| parent | adf7f03d3bfceaba64788e1e846191025283b60d (diff) | |
| download | nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar.gz nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar.bz2 nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar.lz nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar.xz nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.tar.zst nixpkgs-95fee491d98b90f8127654688c462f1755b756e4.zip | |
openssh_hpn: 8.4p1 -> 8.8p1
- Switch to using patch from the FreeBSD port security/openssh-portable which is regularly maintained - Add myself as maintainer for openssh_hpn
Diffstat (limited to 'pkgs/tools/networking/openssh')
| -rw-r--r-- | pkgs/tools/networking/openssh/common.nix | 4 | ||||
| -rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 27 |
2 files changed, 17 insertions, 14 deletions
diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix index ee8d2a92697..229edd37eee 100644 --- a/pkgs/tools/networking/openssh/common.nix +++ b/pkgs/tools/networking/openssh/common.nix @@ -4,6 +4,7 @@ , src , extraPatches ? [] , extraNativeBuildInputs ? [] +, extraConfigureFlags ? [] , extraMeta ? {} }: @@ -94,7 +95,8 @@ stdenv.mkDerivation rec { ++ optional withFIDO "--with-security-key-builtin=yes" ++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}") ++ optional stdenv.isDarwin "--disable-libutil" - ++ optional (!linkOpenssl) "--without-openssl"; + ++ optional (!linkOpenssl) "--without-openssl" + ++ extraConfigureFlags; buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ]; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 4bc18171716..e8cad75698f 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -19,29 +19,30 @@ in openssh_hpn = common rec { pname = "openssh-with-hpn"; - version = "8.4p1"; + version = "8.8p1"; extraDesc = " with high performance networking patches"; - src = fetchFromGitHub { - owner = "rapier1"; - repo = "openssh-portable"; - rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}"; - hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY="; + src = fetchurl { + url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; + sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425"; }; extraPatches = [ - ./ssh-keysign-8.4.patch + ./ssh-keysign-8.5.patch - # See https://github.com/openssh/openssh-portable/pull/206 - ./ssh-copy-id-fix-eof.patch + # HPN Patch from FreeBSD ports + (fetchpatch { + name = "ssh-hpn.patch"; + url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn"; + stripLen = 1; + sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64="; + }) ]; extraNativeBuildInputs = [ autoreconfHook ]; - extraMeta.knownVulnerabilities = [ - "CVE-2021-28041" - "CVE-2021-41617" - ]; + extraConfigureFlags = [ "--with-hpn" ]; + extraMeta.maintainers = with lib.maintainers; [ abbe ]; }; openssh_gssapi = common rec { |