diff options
author | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
commit | 203846b9de3bc67e77c93be9d111408286a17d5d (patch) | |
tree | 3306a68a635fad0de834440c25f7e1b69b1e4b10 /pkgs/tools/networking/openssh | |
parent | 6539901c7f5eeb18cf5e9a493c230a912ff27f82 (diff) | |
parent | b54009fdfb7951bb5423c4fabcb28b70581b5ba8 (diff) | |
download | nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.gz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.bz2 nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.lz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.xz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.zst nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools/networking/openssh')
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 8 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/dont_create_privsep_path.patch | 11 |
2 files changed, 14 insertions, 5 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 064745f88558..a0cb0795a261 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -45,6 +45,9 @@ stdenv.mkDerivation rec { ./locale_archive.patch ./fix-host-key-algorithms-plus.patch ./CVE-2015-8325.patch + + # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 + ./dont_create_privsep_path.patch ] ++ optional withGssapiPatches gssapiSrc; @@ -66,11 +69,6 @@ stdenv.mkDerivation rec { ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; - preConfigure = '' - configureFlagsArray+=("--with-privsep-path=$out/empty") - mkdir -p $out/empty - ''; - enableParallelBuilding = true; hardeningEnable = [ "pie" ]; diff --git a/pkgs/tools/networking/openssh/dont_create_privsep_path.patch b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch new file mode 100644 index 000000000000..b6d432d5c5de --- /dev/null +++ b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch @@ -0,0 +1,11 @@ +diff -ur openssh-7.2p2_orig/Makefile.in openssh-7.2p2/Makefile.in +--- openssh-7.2p2_orig/Makefile.in 2016-03-09 19:04:48.000000000 +0100 ++++ openssh-7.2p2/Makefile.in 2016-07-16 09:56:05.643903293 +0200 +@@ -301,7 +301,6 @@ + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 + $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) +- (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) |