about summary refs log tree commit diff
path: root/pkgs/tools/networking/openssh/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/networking/openssh/default.nix')
-rw-r--r--pkgs/tools/networking/openssh/default.nix43
1 files changed, 27 insertions, 16 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 35586031ef55..fec6679a14b0 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -10,18 +10,19 @@ assert withKerberos -> kerberos != null;
 let
 
   hpnSrc = fetchurl {
-    url = http://tarballs.nixos.org/openssh-6.1p1-hpn13v14.diff.gz;
-    sha256 = "14das6lim6fxxnx887ssw76ywsbvx3s4q3n43afgh5rgvs4xmnnq";
+    url = mirror://sourceforge/hpnssh/openssh-6.3p1-hpnssh14v2.diff.gz;
+    sha256 = "1jldqjwry9qpxxzb3mikfmmmv90mfb7xkmcfdbvwqac6nl3r7bi3";
   };
+  optionalString = stdenv.lib.optionalString;
 
 in
 
 stdenv.mkDerivation rec {
-  name = "openssh-6.2p2";
+  name = "openssh-6.6p1";
 
   src = fetchurl {
-    url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz";
-    sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba";
+    url = "http://ftp.nluug.nl/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz";
+    sha256 = "1fq3w86q05y5nn6z878wm312k0svaprw8k007188fd259dkg1ha8";
   };
 
   prePatch = stdenv.lib.optionalString hpnSupport
@@ -30,11 +31,20 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches = [ ./locale_archive.patch ];
+  patches = [
+    ./locale_archive.patch
+    (fetchurl {
+      name = "CVE-2014-2653.patch";
+      url = "http://anonscm.debian.org/gitweb/?p=pkg-ssh/openssh.git;a=blobdiff_plain;"
+        + "f=sshconnect.c;h=324f5e0a396a4da9885d121bbbef87f6ccf2b149;"
+        + "hp=87c3770c0fd5c7ff41227c45b4528985eaea54a6;hb=63d5fa28e16d96db6bac2dbe3fcecb65328f8966;"
+        + "hpb=9cbb60f5e4932634db04c330c88abc49cc5567bd";
+      sha256 = "160c434igl2r8q4cavhdlwvnbqizx444sjrhg98f997pyhz524h9";
+    })
+  ];
 
-  buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
-    (if withKerberos then [ kerberos ] else [])
-  ;
+  buildInputs = [ zlib openssl libedit pkgconfig pam ]
+    ++ stdenv.lib.optional withKerberos [ kerberos ];
 
   # I set --disable-strip because later we strip anyway. And it fails to strip
   # properly when cross building.
@@ -44,8 +54,8 @@ stdenv.mkDerivation rec {
       --with-libedit=yes
       --disable-strip
       ${if pam != null then "--with-pam" else "--without-pam"}
-      ${if etcDir != null then "--sysconfdir=${etcDir}" else ""}
-      ${if withKerberos  then "--with-kerberos5=${kerberos}" else ""}
+      ${optionalString (etcDir != null) "--sysconfdir=${etcDir}"}
+      ${optionalString withKerberos "--with-kerberos5=${kerberos}"}
     '';
 
   preConfigure =
@@ -67,11 +77,12 @@ stdenv.mkDerivation rec {
 
   installTargets = "install-nosysconf";
 
-  meta = {
-    homepage = http://www.openssh.org/;
+  meta = with stdenv.lib; {
+    homepage = "http://www.openssh.org/";
     description = "An implementation of the SSH protocol";
-    license = "bsd";
-    platforms = stdenv.lib.platforms.unix;
-    maintainers = stdenv.lib.maintainers.eelco;
+    license = "bsd"; # multi BSD GPL-2
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ eelco ];
+    broken = hpnSupport; # cf. https://github.com/NixOS/nixpkgs/pull/1640
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-17 16:40:46 +0000