openssh: Update from 6.2p2 -> 6.4p1

This patch also bumps up the HPN version of openssh so that it compiles on top of 6.4. Along with the bump, a package was added for the high performance networking version. The gcmrekey patch was removed as this vulnerability is fixed in version 6.4 onward. http://www.openssh.org/txt/gcmrekey.adv
2013-12-29 10:50:16 -06:00 · 2013-12-29 10:50:16 -06:00 · c4e03f0739
commit c4e03f0739
parent 4cc859c6be
3 changed files with 8 additions and 23 deletions
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@ -10,18 +10,18 @@ assert withKerberos -> kerberos != null;
 let

  hpnSrc = fetchurl {
-    url = http://tarballs.nixos.org/openssh-6.1p1-hpn13v14.diff.gz;
-    sha256 = "14das6lim6fxxnx887ssw76ywsbvx3s4q3n43afgh5rgvs4xmnnq";
+    url = mirror://sourceforge/hpnssh/openssh-6.3p1-hpnssh14v2.diff.gz;
+    sha256 = "1jldqjwry9qpxxzb3mikfmmmv90mfb7xkmcfdbvwqac6nl3r7bi3";
  };

 in

 stdenv.mkDerivation rec {
-  name = "openssh-6.2p2";
+  name = "openssh-6.4p1";

  src = fetchurl {
    url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz";
-    sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba";
+    sha256 = "1lkmi7v83qvpcc04qrrqk4k7mafnmwxkfk1ccsisw51va4bgcc2m";
  };

  prePatch = stdenv.lib.optionalString hpnSupport
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
      export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
    '';

-  patches = [ ./locale_archive.patch ./gcmrekey.patch ];
+  patches = [ ./locale_archive.patch ];

  buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
    (if withKerberos then [ kerberos ] else [])
--- a/pkgs/tools/networking/openssh/gcmrekey.patch
+++ b/pkgs/tools/networking/openssh/gcmrekey.patch
@ -1,18 +0,0 @@
-http://www.openssh.com/txt/gcmrekey.adv
-
-Index: monitor_wrap.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
-retrieving revision 1.76
-diff -u -p -u -r1.76 monitor_wrap.c
--- a/monitor_wrap.c	17 May 2013 00:13:13 -0000	1.76
-+++ b/monitor_wrap.c	6 Nov 2013 16:31:26 -0000
-@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b
- 	buffer_init(&b);
- 	buffer_append(&b, blob, blen);
- 
-	newkey = xmalloc(sizeof(*newkey));
-+	newkey = xcalloc(1, sizeof(*newkey));
- 	enc = &newkey->enc;
- 	mac = &newkey->mac;
- 	comp = &newkey->comp;
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1515,6 +1515,9 @@ let
      etcDir = "/etc/ssh";
      pam = if stdenv.isLinux then pam else null;
    };
+
+  openssh_hpn = lowPrio (pkgs.appendToName "hpn" (openssh.override { hpnSupport = true; }));
+
  openssh_with_kerberos = lowPrio (pkgs.appendToName "with-kerberos" (openssh.override { withKerberos = true; }));

  opensp = callPackage ../tools/text/sgml/opensp { };