Merge pull request #81167 from NixOS/staging-next

Staging next
author: Frederik Rietdijk <freddyrietdijk@fridh.nl> 2020-03-01 13:45:30 +0100
committer: GitHub <noreply@github.com> 2020-03-01 13:45:30 +0100
commit: 33133b2667a52dbd7b5a856390ae9231df34fea8 (patch)
tree: 7b32074f92bfbba4accb204ca0df5b4d23a9970c /pkgs/tools/networking
parent: 1b92a08a71c51733a19612c3fc84390700efc77f (diff)
parent: 79217339d26ff51ccacf10967de700d785f088e5 (diff)
download: nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.gz
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.bz2
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.lz
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.xz
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.zst
nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.zip
2 files changed, 13 insertions, 18 deletions
diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix
index 571b907ee2f1..bbec39b9502b 100644
--- a/pkgs/tools/networking/network-manager/default.nix
+++ b/pkgs/tools/networking/network-manager/default.nix
@@ -10,11 +10,11 @@ let
   pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]);
 in stdenv.mkDerivation rec {
   pname = "network-manager";
-  version = "1.22.6";
+  version = "1.22.8";
 
   src = fetchurl {
     url = "mirror://gnome/sources/NetworkManager/${stdenv.lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz";
-    sha256 = "0r65hk7nw44jq4k6h91wrprr0x9410ibd1n7mpmlh4f4kgy276dw";
+    sha256 = "0kxbgln78lb1cxhd79vbpdbncsb0cppr15fycgqb9df6f8nbj4cm";
   };
 
   outputs = [ "out" "dev" "devdoc" "man" "doc" ];
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 90ecba0891d6..dd0151c89dac 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -4,6 +4,8 @@
 , withKerberos ? true
 , withGssapiPatches ? false
 , kerberos
+, libfido2
+, withFIDO ? stdenv.hostPlatform.isUnix
 , linkOpenssl? true
 }:
 
@@ -12,25 +14,25 @@ let
   # **please** update this patch when you update to a new openssh release.
   gssapiPatch = fetchpatch {
     name = "openssh-gssapi.patch";
-    url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%258.1p1-2/debian/patches/gssapi.patch";
-    sha256 = "0zfxx46a5lpjp317z354yyswa2wvmb1pp5p0nxsbhsrzw94jvxsj";
+    url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%258.2p1-1/debian/patches/gssapi.patch";
+    sha256 = "081gryqkfr5zr4f5m4v0piq1sxz06sb38z5lqxccgpivql7pa8d8";
   };
 
 in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   pname = "openssh";
-  version = if hpnSupport then "7.8p1" else "8.1p1";
+  version = if hpnSupport then "8.1p1" else "8.2p1";
 
   src = if hpnSupport then
       fetchurl {
-        url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-7_8_P1.tar.gz";
-        sha256 = "05q5hxx7fzcgd8a5i0zk4fwvmnz4xqk04j489irnwm7cka7xdqxw";
+        url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-8_1_P1.tar.gz";
+        sha256 = "1xiv28df9c15h44fv1i93fq8rvkyapjj9vj985ndnw3xk1nvqjyd";
       }
     else
       fetchurl {
         url = "mirror://openbsd/OpenSSH/portable/${pname}-${version}.tar.gz";
-        sha256 = "1zwk3g57gb13br206k6jdhgnp6y1nibwswzraqspbl1m73pxpx82";
+        sha256 = "0wg6ckzvvklbzznijxkk28fb8dnwyjd0w30ra0afwv6gwr8m34j3";
       };
 
   patches =
@@ -41,15 +43,7 @@ stdenv.mkDerivation rec {
       ./dont_create_privsep_path.patch
 
       ./ssh-keysign.patch
-    ] ++ optional hpnSupport
-      # CVE-2018-20685, can probably be dropped with next version bump
-      # See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
-      # for details
-      (fetchpatch {
-        name = "CVE-2018-20685.patch";
-        url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch;
-        sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds";
-      })
+    ]
     ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
 
   postPatch =
@@ -61,6 +55,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkgconfig ] ++ optional (hpnSupport || withGssapiPatches) autoreconfHook;
   buildInputs = [ zlib openssl libedit pam ]
+    ++ optional withFIDO libfido2
     ++ optional withKerberos kerberos;
 
   preConfigure = ''
@@ -80,6 +75,7 @@ stdenv.mkDerivation rec {
     "--disable-strip"
     (if pam != null then "--with-pam" else "--without-pam")
   ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
+    ++ optional withFIDO "--with-security-key-builtin=yes"
     ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}")
     ++ optional stdenv.isDarwin "--disable-libutil"
     ++ optional (!linkOpenssl) "--without-openssl";
@@ -108,6 +104,5 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.bsd2;
     platforms = platforms.unix ++ platforms.windows;
     maintainers = with maintainers; [ eelco aneeshusa ];
-    broken = hpnSupport;
   };
 }
author	Frederik Rietdijk <freddyrietdijk@fridh.nl>	2020-03-01 13:45:30 +0100
committer	GitHub <noreply@github.com>	2020-03-01 13:45:30 +0100
commit	33133b2667a52dbd7b5a856390ae9231df34fea8 (patch)
tree	7b32074f92bfbba4accb204ca0df5b4d23a9970c /pkgs/tools/networking
parent	1b92a08a71c51733a19612c3fc84390700efc77f (diff)
parent	79217339d26ff51ccacf10967de700d785f088e5 (diff)
download	nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.gz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.bz2 nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.lz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.xz nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.tar.zst nixlib-33133b2667a52dbd7b5a856390ae9231df34fea8.zip