Merge pull request #19730 from aneeshusa/fix-openssh-CVE-2016-8858
openssh: Patch CVE-2016-8858
This commit is contained in:
commit
4d10b58cc1
2 changed files with 13 additions and 1 deletions
|
@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
|
||||
./dont_create_privsep_path.patch
|
||||
./fix-CVE-2016-8858.patch
|
||||
]
|
||||
++ optional withGssapiPatches gssapiSrc;
|
||||
|
||||
|
@ -92,7 +93,7 @@ stdenv.mkDerivation rec {
|
|||
description = "An implementation of the SSH protocol";
|
||||
license = stdenv.lib.licenses.bsd2;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ eelco ];
|
||||
maintainers = with maintainers; [ eelco aneeshusa ];
|
||||
broken = hpnSupport; # probably after 6.7 update
|
||||
};
|
||||
}
|
||||
|
|
11
pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch
Normal file
11
pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch
Normal file
|
@ -0,0 +1,11 @@
|
|||
diff -u -r1.126 -r1.127
|
||||
--- ssh/kex.c 2016/09/28 21:44:52 1.126
|
||||
+++ ssh/kex.c 2016/10/10 19:28:48 1.127
|
||||
@@ -461,6 +461,7 @@
|
||||
if (kex == NULL)
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
|
||||
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
|
||||
ptr = sshpkt_ptr(ssh, &dlen);
|
||||
if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
|
||||
return r;
|
Loading…
Reference in a new issue