Merge pull request #153475 from wahjava/update-openssh-hpn

openssh_hpn: 8.4p1 -> 8.8p1
This commit is contained in:
Janne Heß 2022-01-05 10:29:39 +01:00 committed by GitHub
commit 38bb3aeed9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 14 deletions

View file

@ -4,6 +4,7 @@
, src
, extraPatches ? []
, extraNativeBuildInputs ? []
, extraConfigureFlags ? []
, extraMeta ? {}
}:
@ -94,7 +95,8 @@ stdenv.mkDerivation rec {
++ optional withFIDO "--with-security-key-builtin=yes"
++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
++ optional stdenv.isDarwin "--disable-libutil"
++ optional (!linkOpenssl) "--without-openssl";
++ optional (!linkOpenssl) "--without-openssl"
++ extraConfigureFlags;
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];

View file

@ -19,29 +19,30 @@ in
openssh_hpn = common rec {
pname = "openssh-with-hpn";
version = "8.4p1";
version = "8.8p1";
extraDesc = " with high performance networking patches";
src = fetchFromGitHub {
owner = "rapier1";
repo = "openssh-portable";
rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}";
hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY=";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425";
};
extraPatches = [
./ssh-keysign-8.4.patch
./ssh-keysign-8.5.patch
# See https://github.com/openssh/openssh-portable/pull/206
./ssh-copy-id-fix-eof.patch
# HPN Patch from FreeBSD ports
(fetchpatch {
name = "ssh-hpn.patch";
url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn";
stripLen = 1;
sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64=";
})
];
extraNativeBuildInputs = [ autoreconfHook ];
extraMeta.knownVulnerabilities = [
"CVE-2021-28041"
"CVE-2021-41617"
];
extraConfigureFlags = [ "--with-hpn" ];
extraMeta.maintainers = with lib.maintainers; [ abbe ];
};
openssh_gssapi = common rec {