diff options
Diffstat (limited to 'pkgs/tools/networking/openssh/default.nix')
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 35586031ef55..fec6679a14b0 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -10,18 +10,19 @@ assert withKerberos -> kerberos != null; let hpnSrc = fetchurl { - url = http://tarballs.nixos.org/openssh-6.1p1-hpn13v14.diff.gz; - sha256 = "14das6lim6fxxnx887ssw76ywsbvx3s4q3n43afgh5rgvs4xmnnq"; + url = mirror://sourceforge/hpnssh/openssh-6.3p1-hpnssh14v2.diff.gz; + sha256 = "1jldqjwry9qpxxzb3mikfmmmv90mfb7xkmcfdbvwqac6nl3r7bi3"; }; + optionalString = stdenv.lib.optionalString; in stdenv.mkDerivation rec { - name = "openssh-6.2p2"; + name = "openssh-6.6p1"; src = fetchurl { - url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz"; - sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba"; + url = "http://ftp.nluug.nl/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz"; + sha256 = "1fq3w86q05y5nn6z878wm312k0svaprw8k007188fd259dkg1ha8"; }; prePatch = stdenv.lib.optionalString hpnSupport @@ -30,11 +31,20 @@ stdenv.mkDerivation rec { export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; - patches = [ ./locale_archive.patch ]; + patches = [ + ./locale_archive.patch + (fetchurl { + name = "CVE-2014-2653.patch"; + url = "http://anonscm.debian.org/gitweb/?p=pkg-ssh/openssh.git;a=blobdiff_plain;" + + "f=sshconnect.c;h=324f5e0a396a4da9885d121bbbef87f6ccf2b149;" + + "hp=87c3770c0fd5c7ff41227c45b4528985eaea54a6;hb=63d5fa28e16d96db6bac2dbe3fcecb65328f8966;" + + "hpb=9cbb60f5e4932634db04c330c88abc49cc5567bd"; + sha256 = "160c434igl2r8q4cavhdlwvnbqizx444sjrhg98f997pyhz524h9"; + }) + ]; - buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ - (if withKerberos then [ kerberos ] else []) - ; + buildInputs = [ zlib openssl libedit pkgconfig pam ] + ++ stdenv.lib.optional withKerberos [ kerberos ]; # I set --disable-strip because later we strip anyway. And it fails to strip # properly when cross building. @@ -44,8 +54,8 @@ stdenv.mkDerivation rec { --with-libedit=yes --disable-strip ${if pam != null then "--with-pam" else "--without-pam"} - ${if etcDir != null then "--sysconfdir=${etcDir}" else ""} - ${if withKerberos then "--with-kerberos5=${kerberos}" else ""} + ${optionalString (etcDir != null) "--sysconfdir=${etcDir}"} + ${optionalString withKerberos "--with-kerberos5=${kerberos}"} ''; preConfigure = @@ -67,11 +77,12 @@ stdenv.mkDerivation rec { installTargets = "install-nosysconf"; - meta = { - homepage = http://www.openssh.org/; + meta = with stdenv.lib; { + homepage = "http://www.openssh.org/"; description = "An implementation of the SSH protocol"; - license = "bsd"; - platforms = stdenv.lib.platforms.unix; - maintainers = stdenv.lib.maintainers.eelco; + license = "bsd"; # multi BSD GPL-2 + platforms = platforms.unix; + maintainers = with maintainers; [ eelco ]; + broken = hpnSupport; # cf. https://github.com/NixOS/nixpkgs/pull/1640 }; } |