diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 2004e453a0d9..50d53bdff2cd 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -17,11 +17,11 @@ let in with stdenv.lib; stdenv.mkDerivation rec { - name = "openssh-6.9p1"; + name = "openssh-7.1p1"; src = fetchurl { url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz"; - sha256 = "1zkci5nbpb4frmzj2vr3kv9j47x2h72kvybcpr0d8mzk73sls1vf"; + sha256 = "0a44mnr8bvw41zg83xh4sb55d8nds29j95gxvxk5qg863lnns2pw"; }; prePatch = optionalString hpnSupport @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; - patches = [ ./locale_archive.patch ./openssh-6.9p1-security-7.0.patch]; + patches = [ ./locale_archive.patch ]; buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ optional withKerberos [ kerberos ]; diff --git a/pkgs/tools/networking/openssh/openssh-6.9p1-security-7.0.patch b/pkgs/tools/networking/openssh/openssh-6.9p1-security-7.0.patch deleted file mode 100644 index 02e9eb3a9739..000000000000 --- a/pkgs/tools/networking/openssh/openssh-6.9p1-security-7.0.patch +++ /dev/null @@ -1,65 +0,0 @@ -http://pkgs.fedoraproject.org/cgit/openssh.git/commit/openssh-6.9p1-security-7.0.patch?h=f22&id=4776fad91e7e1f626f33e8c240d0ccecd663554d - -diff --git a/sshpty.c b/sshpty.c -index 7bb7641..15da8c6 100644 ---- a/sshpty.c -+++ b/sshpty.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */ -+/* $OpenBSD: sshpty.c,v 1.30 2015/07/30 23:09:15 djm Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -197,7 +197,7 @@ pty_setowner(struct passwd *pw, const char *tty) - /* Determine the group to make the owner of the tty. */ - grp = getgrnam("tty"); - gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid; -- mode = (grp != NULL) ? 0622 : 0600; -+ mode = (grp != NULL) ? 0620 : 0600; - - /* - * Change owner and mode of the tty as required. -diff --git a/monitor.c b/monitor.c -index b410965..f1b873d 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -1084,9 +1084,7 @@ extern KbdintDevice sshpam_device; - int - mm_answer_pam_init_ctx(int sock, Buffer *m) - { -- - debug3("%s", __func__); -- authctxt->user = buffer_get_string(m, NULL); - sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); - sshpam_authok = NULL; - buffer_clear(m); -@@ -1166,14 +1166,16 @@ mm_answer_pam_respond(int sock, Buffer *m) - int - mm_answer_pam_free_ctx(int sock, Buffer *m) - { -+ int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; - - debug3("%s", __func__); - (sshpam_device.free_ctx)(sshpam_ctxt); -+ sshpam_ctxt = sshpam_authok = NULL; - buffer_clear(m); - mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); - auth_method = "keyboard-interactive"; - auth_submethod = "pam"; -- return (sshpam_authok == sshpam_ctxt); -+ return r; - } - #endif - -diff --git a/monitor_wrap.c b/monitor_wrap.c -index e6217b3..eac421b 100644 ---- a/monitor_wrap.c -+++ b/monitor_wrap.c -@@ -614,7 +614,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt) - - debug3("%s", __func__); - buffer_init(&m); -- buffer_put_cstring(&m, authctxt->user); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); - debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);