diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/openssh')
-rw-r--r-- | nixpkgs/pkgs/tools/networking/openssh/common.nix | 12 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/networking/openssh/default.nix | 16 |
2 files changed, 18 insertions, 10 deletions
diff --git a/nixpkgs/pkgs/tools/networking/openssh/common.nix b/nixpkgs/pkgs/tools/networking/openssh/common.nix index f3028573c05c..d29f45e8af2f 100644 --- a/nixpkgs/pkgs/tools/networking/openssh/common.nix +++ b/nixpkgs/pkgs/tools/networking/openssh/common.nix @@ -13,6 +13,8 @@ # package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606 , pkgs , fetchurl +, fetchpatch +, autoreconfHook , zlib , openssl , libedit @@ -42,6 +44,14 @@ stdenv.mkDerivation { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch + + # Pull upstream zlib-1.3 support. + # The patch changes configure.ac, uses autoreconfHook. + (fetchpatch { + name = "zlib-1.3.patch"; + url = "https://github.com/openssh/openssh-portable/commit/cb4ed12ffc332d1f72d054ed92655b5f1c38f621.patch"; + hash = "sha256-3Gx0/I2n9/XaWCIefVYtvk5f+VgH6MlhMBse+PMyf34="; + }) ] ++ extraPatches; postPatch = @@ -52,7 +62,7 @@ stdenv.mkDerivation { ''; strictDeps = true; - nativeBuildInputs = [ pkg-config ] + nativeBuildInputs = [ autoreconfHook pkg-config ] # This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is # needed here to access krb5-config in order to cross compile. See: # https://github.com/NixOS/nixpkgs/pull/107606 diff --git a/nixpkgs/pkgs/tools/networking/openssh/default.nix b/nixpkgs/pkgs/tools/networking/openssh/default.nix index ba0ce50d3fba..42f7220da559 100644 --- a/nixpkgs/pkgs/tools/networking/openssh/default.nix +++ b/nixpkgs/pkgs/tools/networking/openssh/default.nix @@ -3,14 +3,13 @@ let common = opts: callPackage (import ./common.nix opts) { }; in { - openssh = common rec { pname = "openssh"; - version = "9.3p2"; + version = "9.4p1"; src = fetchurl { url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; - hash = "sha256-IA6+FH9ss/EB/QzfngJEKvfdyimN/9n0VoeOfMrGdug="; + hash = "sha256-Ngj9kIjbIWPOs+YAyFq3nQ3j0iHlkZLqGSPiMmOGaoU="; }; extraPatches = [ ./ssh-keysign-8.5.patch ]; @@ -19,12 +18,12 @@ in openssh_hpn = common rec { pname = "openssh-with-hpn"; - version = "9.3p2"; + version = "9.4p1"; extraDesc = " with high performance networking patches"; src = fetchurl { url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; - hash = "sha256-IA6+FH9ss/EB/QzfngJEKvfdyimN/9n0VoeOfMrGdug="; + hash = "sha256-Ngj9kIjbIWPOs+YAyFq3nQ3j0iHlkZLqGSPiMmOGaoU="; }; extraPatches = let url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/700625bcd86b74cf3fb9536aeea250d7f8cd1fd5/security/openssh-portable/files/extra-patch-hpn"; in @@ -59,12 +58,12 @@ in openssh_gssapi = common rec { pname = "openssh-with-gssapi"; - version = "9.0p1"; + version = "9.4p1"; extraDesc = " with GSSAPI support"; src = fetchurl { url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; - sha256 = "12m2f9czvgmi7akp7xah6y7mrrpi280a3ksk47iwr7hy2q1475q3"; + sha256 = "sha256-Ngj9kIjbIWPOs+YAyFq3nQ3j0iHlkZLqGSPiMmOGaoU="; }; extraPatches = [ @@ -73,11 +72,10 @@ in (fetchpatch { name = "openssh-gssapi.patch"; url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%25${version}-1/debian/patches/gssapi.patch"; - sha256 = "sha256-VG7+2dfu09nvHWuSAB6sLGMmjRCDCysl/9FR1WSF21k="; + sha256 = "sha256-E36jxnPcu6RTyXXb9yVBCoFIVchiOSLX7L74ng1Dmao="; }) ]; extraNativeBuildInputs = [ autoreconfHook ]; - extraMeta.knownVulnerabilities = [ "CVE-2023-28531" ]; }; } |