Merge pull request #153475 from wahjava/update-openssh-hpn

openssh_hpn: 8.4p1 -> 8.8p1
2022-01-05 10:29:39 +01:00 · 2022-01-05 10:29:39 +01:00 · 38bb3aeed9
commit 38bb3aeed9
parent e114f0a58d 95fee491d9
2 changed files with 17 additions and 14 deletions
--- a/pkgs/tools/networking/openssh/common.nix
+++ b/pkgs/tools/networking/openssh/common.nix
@ -4,6 +4,7 @@
 , src
 , extraPatches ? []
 , extraNativeBuildInputs ? []
 , extraConfigureFlags ? []
 , extraMeta ? {}
 }:
@ -94,7 +95,8 @@ stdenv.mkDerivation rec {
    ++ optional withFIDO "--with-security-key-builtin=yes"
    ++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
    ++ optional stdenv.isDarwin "--disable-libutil"
-    ++ optional (!linkOpenssl) "--without-openssl";
+    ++ optional (!linkOpenssl) "--without-openssl"
    ++ extraConfigureFlags;
  buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@ -19,29 +19,30 @@ in
  openssh_hpn = common rec {
    pname = "openssh-with-hpn";
-    version = "8.4p1";
+    version = "8.8p1";
    extraDesc = " with high performance networking patches";
-    src = fetchFromGitHub {
+    src = fetchurl {
-      owner = "rapier1";
+      url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
-      repo = "openssh-portable";
+      sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425";
      rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}";
      hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY=";
    };
    extraPatches = [
-      ./ssh-keysign-8.4.patch
+      ./ssh-keysign-8.5.patch
-      # See https://github.com/openssh/openssh-portable/pull/206
+      # HPN Patch from FreeBSD ports
-      ./ssh-copy-id-fix-eof.patch
+      (fetchpatch {
        name = "ssh-hpn.patch";
        url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn";
        stripLen = 1;
        sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64=";
      })
    ];
    extraNativeBuildInputs = [ autoreconfHook ];
-    extraMeta.knownVulnerabilities = [
+    extraConfigureFlags = [ "--with-hpn" ];
-      "CVE-2021-28041"
+    extraMeta.maintainers = with lib.maintainers; [ abbe ];
      "CVE-2021-41617"
    ];
  };
  openssh_gssapi = common rec {