summary refs log tree commit diff
path: root/pkgs/tools/networking/openssh
diff options
context:
space:
mode:
authorWilliam A. Kennington III <william@wkennington.com>2013-12-29 10:50:16 -0600
committerWilliam A. Kennington III <william@wkennington.com>2013-12-30 02:42:12 -0600
commitc4e03f07394017d6f537308506019d6d63e17676 (patch)
tree7d7fafe1314f9a54d992f067a78b3867c68c15ab /pkgs/tools/networking/openssh
parent4cc859c6be2b7c99640f964cdba4a5c5e04ef5ca (diff)
downloadnixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar.gz
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar.bz2
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar.lz
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar.xz
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.tar.zst
nixpkgs-c4e03f07394017d6f537308506019d6d63e17676.zip
openssh: Update from 6.2p2 -> 6.4p1
This patch also bumps up the HPN version of openssh so that it compiles
on top of 6.4. Along with the bump, a package was added for the high
performance networking version.

The gcmrekey patch was removed as this vulnerability is fixed in
version 6.4 onward. http://www.openssh.org/txt/gcmrekey.adv
Diffstat (limited to 'pkgs/tools/networking/openssh')
-rw-r--r--pkgs/tools/networking/openssh/default.nix10
-rw-r--r--pkgs/tools/networking/openssh/gcmrekey.patch18
2 files changed, 5 insertions, 23 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 7d2ae9c5bb4..1f785fdf730 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -10,18 +10,18 @@ assert withKerberos -> kerberos != null;
 let
 
   hpnSrc = fetchurl {
-    url = http://tarballs.nixos.org/openssh-6.1p1-hpn13v14.diff.gz;
-    sha256 = "14das6lim6fxxnx887ssw76ywsbvx3s4q3n43afgh5rgvs4xmnnq";
+    url = mirror://sourceforge/hpnssh/openssh-6.3p1-hpnssh14v2.diff.gz;
+    sha256 = "1jldqjwry9qpxxzb3mikfmmmv90mfb7xkmcfdbvwqac6nl3r7bi3";
   };
 
 in
 
 stdenv.mkDerivation rec {
-  name = "openssh-6.2p2";
+  name = "openssh-6.4p1";
 
   src = fetchurl {
     url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz";
-    sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba";
+    sha256 = "1lkmi7v83qvpcc04qrrqk4k7mafnmwxkfk1ccsisw51va4bgcc2m";
   };
 
   prePatch = stdenv.lib.optionalString hpnSupport
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches = [ ./locale_archive.patch ./gcmrekey.patch ];
+  patches = [ ./locale_archive.patch ];
 
   buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
     (if withKerberos then [ kerberos ] else [])
diff --git a/pkgs/tools/networking/openssh/gcmrekey.patch b/pkgs/tools/networking/openssh/gcmrekey.patch
deleted file mode 100644
index ddb694af1dd..00000000000
--- a/pkgs/tools/networking/openssh/gcmrekey.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-http://www.openssh.com/txt/gcmrekey.adv
-
-Index: monitor_wrap.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
-retrieving revision 1.76
-diff -u -p -u -r1.76 monitor_wrap.c
---- a/monitor_wrap.c	17 May 2013 00:13:13 -0000	1.76
-+++ b/monitor_wrap.c	6 Nov 2013 16:31:26 -0000
-@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b
- 	buffer_init(&b);
- 	buffer_append(&b, blob, blen);
- 
--	newkey = xmalloc(sizeof(*newkey));
-+	newkey = xcalloc(1, sizeof(*newkey));
- 	enc = &newkey->enc;
- 	mac = &newkey->mac;
- 	comp = &newkey->comp;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 13:55:53 +0000