diff options
author | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-03-01 13:45:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-01 13:45:30 +0100 |
commit | 33133b2667a52dbd7b5a856390ae9231df34fea8 (patch) | |
tree | 7b32074f92bfbba4accb204ca0df5b4d23a9970c /pkgs/tools/networking | |
parent | 1b92a08a71c51733a19612c3fc84390700efc77f (diff) | |
parent | 79217339d26ff51ccacf10967de700d785f088e5 (diff) | |
download | nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.gz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.bz2 nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.lz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.xz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.zst nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.zip |
Merge pull request #81167 from NixOS/staging-next
Staging next
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/network-manager/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 27 |
2 files changed, 13 insertions, 18 deletions
diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix index 571b907ee2f1..bbec39b9502b 100644 --- a/pkgs/tools/networking/network-manager/default.nix +++ b/pkgs/tools/networking/network-manager/default.nix @@ -10,11 +10,11 @@ let pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]); in stdenv.mkDerivation rec { pname = "network-manager"; - version = "1.22.6"; + version = "1.22.8"; src = fetchurl { url = "mirror://gnome/sources/NetworkManager/${stdenv.lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz"; - sha256 = "0r65hk7nw44jq4k6h91wrprr0x9410ibd1n7mpmlh4f4kgy276dw"; + sha256 = "0kxbgln78lb1cxhd79vbpdbncsb0cppr15fycgqb9df6f8nbj4cm"; }; outputs = [ "out" "dev" "devdoc" "man" "doc" ]; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 90ecba0891d6..dd0151c89dac 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -4,6 +4,8 @@ , withKerberos ? true , withGssapiPatches ? false , kerberos +, libfido2 +, withFIDO ? stdenv.hostPlatform.isUnix , linkOpenssl? true }: @@ -12,25 +14,25 @@ let # **please** update this patch when you update to a new openssh release. gssapiPatch = fetchpatch { name = "openssh-gssapi.patch"; - url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%258.1p1-2/debian/patches/gssapi.patch"; - sha256 = "0zfxx46a5lpjp317z354yyswa2wvmb1pp5p0nxsbhsrzw94jvxsj"; + url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%258.2p1-1/debian/patches/gssapi.patch"; + sha256 = "081gryqkfr5zr4f5m4v0piq1sxz06sb38z5lqxccgpivql7pa8d8"; }; in with stdenv.lib; stdenv.mkDerivation rec { pname = "openssh"; - version = if hpnSupport then "7.8p1" else "8.1p1"; + version = if hpnSupport then "8.1p1" else "8.2p1"; src = if hpnSupport then fetchurl { - url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-7_8_P1.tar.gz"; - sha256 = "05q5hxx7fzcgd8a5i0zk4fwvmnz4xqk04j489irnwm7cka7xdqxw"; + url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-8_1_P1.tar.gz"; + sha256 = "1xiv28df9c15h44fv1i93fq8rvkyapjj9vj985ndnw3xk1nvqjyd"; } else fetchurl { url = "mirror://openbsd/OpenSSH/portable/${pname}-${version}.tar.gz"; - sha256 = "1zwk3g57gb13br206k6jdhgnp6y1nibwswzraqspbl1m73pxpx82"; + sha256 = "0wg6ckzvvklbzznijxkk28fb8dnwyjd0w30ra0afwv6gwr8m34j3"; }; patches = @@ -41,15 +43,7 @@ stdenv.mkDerivation rec { ./dont_create_privsep_path.patch ./ssh-keysign.patch - ] ++ optional hpnSupport - # CVE-2018-20685, can probably be dropped with next version bump - # See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt - # for details - (fetchpatch { - name = "CVE-2018-20685.patch"; - url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch; - sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds"; - }) + ] ++ optional withGssapiPatches (assert withKerberos; gssapiPatch); postPatch = @@ -61,6 +55,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ] ++ optional (hpnSupport || withGssapiPatches) autoreconfHook; buildInputs = [ zlib openssl libedit pam ] + ++ optional withFIDO libfido2 ++ optional withKerberos kerberos; preConfigure = '' @@ -80,6 +75,7 @@ stdenv.mkDerivation rec { "--disable-strip" (if pam != null then "--with-pam" else "--without-pam") ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}" + ++ optional withFIDO "--with-security-key-builtin=yes" ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}") ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; @@ -108,6 +104,5 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.bsd2; platforms = platforms.unix ++ platforms.windows; maintainers = with maintainers; [ eelco aneeshusa ]; - broken = hpnSupport; }; } |