public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #53896 from andir/openssh

Browse Source 
openssh: apply CVE-2018-20685 patch
This commit is contained in:
Andreas Rammhold 2019-01-13 22:45:09 +01:00 committed by GitHub
commit 2013d86a5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/tools/networking/openssh/default.nix
View File

@ -41,6 +41,15 @@ stdenv.mkDerivation rec {
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966 # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
./dont_create_privsep_path.patch ./dont_create_privsep_path.patch
# CVE-2018-20685, can probably be dropped with next version bump
# See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
# for details
(fetchpatch {
name = "CVE-2018-20685.patch";
url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch;
sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds";
})
] ]
++ optional withGssapiPatches (assert withKerberos; gssapiPatch); ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);