This reverts commit a8eb2a6a81. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.
For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
This patch also bumps up the HPN version of openssh so that it compiles
on top of 6.4. Along with the bump, a package was added for the high
performance networking version.
The gcmrekey patch was removed as this vulnerability is fixed in
version 6.4 onward. http://www.openssh.org/txt/gcmrekey.adv
Merge conflicts:
* unzip (almost trivial)
* dvswitch (trivial)
* gmp (copied result of `git merge`)
The last item introduced gmp-5.0.3, thus full rebuild.
+ensureDir->mkdir -p in TeX packages was catched by git but not svn.
svn path=/nixpkgs/branches/stdenv-updates/; revision=32091
Changed 'openssh' expression to allow for argument overriding instead of
relying on getPkgConfig. While I was at it, I also simplified the build
expression a bit.
svn path=/nixpkgs/trunk/; revision=21868
http://www.psc.edu/networking/projects/hpn-ssh/
I tried to keep the openssh hash not changing, unless the user sets hpn in getConfig
style. I think that does not look as good as a patch changing the hash, but it may
annoy less. Let me know if it is not ok.
I don't think hpn should be the default, because it may have some insecurity implications
I don't know of. But I used to enable it in all my machines, and I hope to do so unless
advised otherwise.
svn path=/nixpkgs/trunk/; revision=18073
The OpenSSH binaries built by the expression by default expect system-wide
configuration files in "/etc/ssh", which is a bit of an impurity (and certainly
inconsistent with the way other package handle --sysconfdir in Nix). Those who
prefer a clean installation, can now configure that directory path.
Adding the line "openssh = { etcDir = null; };" to $NIXPKGS_CONFIG configures
OpenSSH to use the default location, i.e. $out/etc. Setting that attribute to a
string will configure OpenSSH to use that concrete path instead.
svn path=/nixpkgs/trunk/; revision=17570