public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openssh: Patch CVE-2016-8858 

Also add myself as a maintainer.
This commit is contained in:
Aneesh Agrawal 2016-10-20 14:49:08 -04:00
parent 4de7cbdf04
commit 7374105a96
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/tools/networking/openssh/default.nix
View File

@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966 # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
./dont_create_privsep_path.patch ./dont_create_privsep_path.patch
./fix-CVE-2016-8858.patch
] ]
++ optional withGssapiPatches gssapiSrc; ++ optional withGssapiPatches gssapiSrc;
@ -92,7 +93,7 @@ stdenv.mkDerivation rec {
description = "An implementation of the SSH protocol"; description = "An implementation of the SSH protocol";
license = stdenv.lib.licenses.bsd2; license = stdenv.lib.licenses.bsd2;
platforms = platforms.unix; platforms = platforms.unix;
maintainers = with maintainers; [ eelco ]; maintainers = with maintainers; [ eelco aneeshusa ];
broken = hpnSupport; # probably after 6.7 update broken = hpnSupport; # probably after 6.7 update
}; };
} }

11
pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch Normal file
View File

@ -0,0 +1,11 @@
diff -u -r1.126 -r1.127
--- ssh/kex.c 2016/09/28 21:44:52 1.126
+++ ssh/kex.c 2016/10/10 19:28:48 1.127
@@ -461,6 +461,7 @@
if (kex == NULL)
return SSH_ERR_INVALID_ARGUMENT;
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
ptr = sshpkt_ptr(ssh, &dlen);
if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
return r;