openssh: Security fix

CVE-2013-4548

pkgs/tools/networking/openssh/default.nix

@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches = [ ./locale_archive.patch ];
+  patches = [ ./locale_archive.patch ./gcmrekey.patch ];
 
   buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
     (if withKerberos then [ kerberos ] else [])

pkgs/tools/networking/openssh/gcmrekey.patch

@@ -0,0 +1,18 @@
+http://www.openssh.com/txt/gcmrekey.adv
+
+Index: monitor_wrap.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
+retrieving revision 1.76
+diff -u -p -u -r1.76 monitor_wrap.c
+--- a/monitor_wrap.c	17 May 2013 00:13:13 -0000	1.76
++++ b/monitor_wrap.c	6 Nov 2013 16:31:26 -0000
+@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b
+ 	buffer_init(&b);
+ 	buffer_append(&b, blob, blen);
+ 
+-	newkey = xmalloc(sizeof(*newkey));
++	newkey = xcalloc(1, sizeof(*newkey));
+ 	enc = &newkey->enc;
+ 	mac = &newkey->mac;
+ 	comp = &newkey->comp;