From 95fee491d98b90f8127654688c462f1755b756e4 Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Tue, 4 Jan 2022 19:07:16 +0530 Subject: [PATCH] openssh_hpn: 8.4p1 -> 8.8p1 - Switch to using patch from the FreeBSD port security/openssh-portable which is regularly maintained - Add myself as maintainer for openssh_hpn --- pkgs/tools/networking/openssh/common.nix | 4 +++- pkgs/tools/networking/openssh/default.nix | 27 ++++++++++++----------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix index ee8d2a92697f..229edd37eeef 100644 --- a/pkgs/tools/networking/openssh/common.nix +++ b/pkgs/tools/networking/openssh/common.nix @@ -4,6 +4,7 @@ , src , extraPatches ? [] , extraNativeBuildInputs ? [] +, extraConfigureFlags ? [] , extraMeta ? {} }: @@ -94,7 +95,8 @@ stdenv.mkDerivation rec { ++ optional withFIDO "--with-security-key-builtin=yes" ++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}") ++ optional stdenv.isDarwin "--disable-libutil" - ++ optional (!linkOpenssl) "--without-openssl"; + ++ optional (!linkOpenssl) "--without-openssl" + ++ extraConfigureFlags; buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ]; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 4bc181717168..e8cad75698f4 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -19,29 +19,30 @@ in openssh_hpn = common rec { pname = "openssh-with-hpn"; - version = "8.4p1"; + version = "8.8p1"; extraDesc = " with high performance networking patches"; - src = fetchFromGitHub { - owner = "rapier1"; - repo = "openssh-portable"; - rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}"; - hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY="; + src = fetchurl { + url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; + sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425"; }; extraPatches = [ - ./ssh-keysign-8.4.patch + ./ssh-keysign-8.5.patch - # See https://github.com/openssh/openssh-portable/pull/206 - ./ssh-copy-id-fix-eof.patch + # HPN Patch from FreeBSD ports + (fetchpatch { + name = "ssh-hpn.patch"; + url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn"; + stripLen = 1; + sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64="; + }) ]; extraNativeBuildInputs = [ autoreconfHook ]; - extraMeta.knownVulnerabilities = [ - "CVE-2021-28041" - "CVE-2021-41617" - ]; + extraConfigureFlags = [ "--with-hpn" ]; + extraMeta.maintainers = with lib.maintainers; [ abbe ]; }; openssh_gssapi = common rec {