diff options
| author | Aneesh Agrawal <aneeshusa@gmail.com> | 2016-10-20 14:49:08 -0400 |
|---|---|---|
| committer | Aneesh Agrawal <aneeshusa@gmail.com> | 2016-10-20 14:55:14 -0400 |
| commit | 7374105a96ee7d925b3e0530685c21566fa2a32c (patch) | |
| tree | afbf3176afe1b3f5ff4f49f747fd886510215175 /pkgs/tools/networking/openssh | |
| parent | 4de7cbdf04940da9715925d6db25509e661c79c8 (diff) | |
| download | nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar.gz nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar.bz2 nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar.lz nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar.xz nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.tar.zst nixlib-7374105a96ee7d925b3e0530685c21566fa2a32c.zip | |
openssh: Patch CVE-2016-8858
Also add myself as a maintainer.
Diffstat (limited to 'pkgs/tools/networking/openssh')
| -rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch | 11 |
2 files changed, 13 insertions, 1 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index fabcda902be3..064f68947b80 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -50,6 +50,7 @@ stdenv.mkDerivation rec { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch + ./fix-CVE-2016-8858.patch ] ++ optional withGssapiPatches gssapiSrc; @@ -92,7 +93,7 @@ stdenv.mkDerivation rec { description = "An implementation of the SSH protocol"; license = stdenv.lib.licenses.bsd2; platforms = platforms.unix; - maintainers = with maintainers; [ eelco ]; + maintainers = with maintainers; [ eelco aneeshusa ]; broken = hpnSupport; # probably after 6.7 update }; } diff --git a/pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch b/pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch new file mode 100644 index 000000000000..e526161083c0 --- /dev/null +++ b/pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch @@ -0,0 +1,11 @@ +diff -u -r1.126 -r1.127 +--- ssh/kex.c 2016/09/28 21:44:52 1.126 ++++ ssh/kex.c 2016/10/10 19:28:48 1.127 +@@ -461,6 +461,7 @@ + if (kex == NULL) + return SSH_ERR_INVALID_ARGUMENT; + ++ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); + ptr = sshpkt_ptr(ssh, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) + return r; |