about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/networking/openssh/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/openssh/default.nix')
-rw-r--r--nixpkgs/pkgs/tools/networking/openssh/default.nix24
1 files changed, 11 insertions, 13 deletions
diff --git a/nixpkgs/pkgs/tools/networking/openssh/default.nix b/nixpkgs/pkgs/tools/networking/openssh/default.nix
index bb51e3153e13..90ecba0891d6 100644
--- a/nixpkgs/pkgs/tools/networking/openssh/default.nix
+++ b/nixpkgs/pkgs/tools/networking/openssh/default.nix
@@ -12,17 +12,15 @@ let
   # **please** update this patch when you update to a new openssh release.
   gssapiPatch = fetchpatch {
     name = "openssh-gssapi.patch";
-    url = "https://salsa.debian.org/ssh-team/openssh/raw/"
-      + "d80ebbf028196b2478beebf5a290b97f35e1eed9"
-      + "/debian/patches/gssapi.patch";
-    sha256 = "14j9cabb3gkhkjc641zbiv29mbvsmgsvis3fbj8ywsd21zc7m2wv";
+    url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%258.1p1-2/debian/patches/gssapi.patch";
+    sha256 = "0zfxx46a5lpjp317z354yyswa2wvmb1pp5p0nxsbhsrzw94jvxsj";
   };
 
 in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   pname = "openssh";
-  version = if hpnSupport then "7.8p1" else "7.9p1";
+  version = if hpnSupport then "7.8p1" else "8.1p1";
 
   src = if hpnSupport then
       fetchurl {
@@ -32,7 +30,7 @@ stdenv.mkDerivation rec {
     else
       fetchurl {
         url = "mirror://openbsd/OpenSSH/portable/${pname}-${version}.tar.gz";
-        sha256 = "1b8sy6v0b8v4ggmknwcqx3y1rjcpsll0f1f8f4vyv11x4ni3njvb";
+        sha256 = "1zwk3g57gb13br206k6jdhgnp6y1nibwswzraqspbl1m73pxpx82";
       };
 
   patches =
@@ -42,6 +40,8 @@ stdenv.mkDerivation rec {
       # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
       ./dont_create_privsep_path.patch
 
+      ./ssh-keysign.patch
+    ] ++ optional hpnSupport
       # CVE-2018-20685, can probably be dropped with next version bump
       # See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
       # for details
@@ -50,9 +50,6 @@ stdenv.mkDerivation rec {
         url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch;
         sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds";
       })
-
-      ./ssh-keysign.patch
-    ]
     ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
 
   postPatch =
@@ -62,11 +59,9 @@ stdenv.mkDerivation rec {
       substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
     '';
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ pkgconfig ] ++ optional (hpnSupport || withGssapiPatches) autoreconfHook;
   buildInputs = [ zlib openssl libedit pam ]
-    ++ optional withKerberos kerberos
-    ++ optional hpnSupport autoreconfHook
-    ;
+    ++ optional withKerberos kerberos;
 
   preConfigure = ''
     # Setting LD causes `configure' and `make' to disagree about which linker
@@ -89,6 +84,8 @@ stdenv.mkDerivation rec {
     ++ optional stdenv.isDarwin "--disable-libutil"
     ++ optional (!linkOpenssl) "--without-openssl";
 
+  buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
+
   enableParallelBuilding = true;
 
   hardeningEnable = [ "pie" ];
@@ -111,5 +108,6 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.bsd2;
     platforms = platforms.unix ++ platforms.windows;
     maintainers = with maintainers; [ eelco aneeshusa ];
+    broken = hpnSupport;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-17 18:36:59 +0000