diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-11-08 16:42:59 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-11-08 16:42:59 +0100 |
commit | 52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7 (patch) | |
tree | b296172ec3dd56948b48244314f57978f139f67e /pkgs/tools/networking/openssh | |
parent | 065493284f3d831b9ad8af6be8a7f781a7c11420 (diff) | |
download | nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar.gz nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar.bz2 nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar.lz nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar.xz nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.tar.zst nixlib-52ad0eaca5f5cbb01bf6689bbfc1001ebc62a4e7.zip |
openssh: Security fix
CVE-2013-4548
Diffstat (limited to 'pkgs/tools/networking/openssh')
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/gcmrekey.patch | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 35586031ef55..7d2ae9c5bb4b 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; - patches = [ ./locale_archive.patch ]; + patches = [ ./locale_archive.patch ./gcmrekey.patch ]; buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ (if withKerberos then [ kerberos ] else []) diff --git a/pkgs/tools/networking/openssh/gcmrekey.patch b/pkgs/tools/networking/openssh/gcmrekey.patch new file mode 100644 index 000000000000..ddb694af1ddb --- /dev/null +++ b/pkgs/tools/networking/openssh/gcmrekey.patch @@ -0,0 +1,18 @@ +http://www.openssh.com/txt/gcmrekey.adv + +Index: monitor_wrap.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v +retrieving revision 1.76 +diff -u -p -u -r1.76 monitor_wrap.c +--- a/monitor_wrap.c 17 May 2013 00:13:13 -0000 1.76 ++++ b/monitor_wrap.c 6 Nov 2013 16:31:26 -0000 +@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b + buffer_init(&b); + buffer_append(&b, blob, blen); + +- newkey = xmalloc(sizeof(*newkey)); ++ newkey = xcalloc(1, sizeof(*newkey)); + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; |