Commit Graph

156 Commits

Author SHA1 Message Date
Matthew Mazzanti
b1b48e10de
openssh: Fix cross-compile regression from c99c499 (#117053)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-03-21 01:35:45 +01:00
Janne Heß
a1aa6bd250
openssh: Remove useless .dev 2021-03-11 11:59:16 +01:00
Janne Heß
2b1011d4a3
openssh_hpn/openssh_gssapi: Add CVE-2021-28041 2021-03-11 11:58:00 +01:00
Janne Heß
c99c4998fd
openssh: 8.4p1 -> 8.5p1 and refactor
Also split out the variants of the package because I'm sick of waiting
for random patches to be updated before I can update my unpatched
openssh.

Also make pname correspond to the attribute name.
2021-03-03 21:02:44 +01:00
Ben Siraphob
76f93cc731 pkgs/tools: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Ben Wolsieffer
c0681ac66a openssh: fix cross-compilation after #100906
krb5-config from the host platform needs to be added to PATH so it can be run
during build. This works because krb5-config is a platform independent
shell-script. Before #100906, krb5-config was not used, so we didn't run into
this problem.
2020-12-25 18:36:21 -05:00
Niklas Hambüchen
87413f30a5
Merge pull request #100906 from KAction/openssh
openssh: fix static build
2020-12-09 00:39:56 +01:00
Frederik Rietdijk
b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
yoctocell
4c8c8d2ce5 [staging] openssh: Fix EOF: command not found 2020-11-24 17:06:45 +01:00
SCOTT-HAMILTON
b5794556b4 openssh: fix hpn sha256 2020-11-14 12:49:32 +01:00
Janne Heß
02390ed725 openssh: 8.3p1 -> 8.4p1
Fixes CVE-2020-15778, CVE-2020-14145
2020-10-29 18:58:04 +01:00
Dmitry Bogatov
4879ea9034 openssh: fix static build 2020-10-20 00:00:00 -04:00
Ryan Burns
f8473b1d39 openssh_hpn: fix source 2020-09-20 00:42:40 -07:00
Pavol Rusnak
f034637a5b openssh: 8.2p1 -> 8.3p1
compile openssh_hpn with recent openssl
2020-07-31 09:01:02 +02:00
Matthew Bauer
59616b291d openssh: don’t include fido2 on musl
libselinux pulls in openssh transitively, so can’t use fido here

Fixes #89246
2020-06-08 17:37:38 -05:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Pavol Rusnak
205f42b142 openssh_hpn: 7.8p1 -> 8.1p1
fix build failure
2020-02-27 10:21:52 +01:00
Pavol Rusnak
44864b292f openssh: 8.1p1 -> 8.2p1
https://www.openssh.com/txt/release-8.2

add libfido2 to enable hardware tokens support added in this release
2020-02-27 10:21:52 +01:00
Maximilian Bosch
8f0b3b1305
openssh_gssapi: fix build
Hydra build is failing[1] because of a hash-mismatch of the gss-api
patch from debian.

I updated the patch, and activated the `autoreconfHook` when building
gss support as well, otherwise the build would fail with the following
error:

```
ERROR: configure is out of date; please run autoreconf (and configure)
```

[1] https://hydra.nixos.org/build/109409845
2020-01-04 02:45:39 +01:00
edef
9bfec806df openssh: don't let configure override SSH_KEYSIGN
While 9fe10288f0 ensured that the
ssh-keysign path is searched for in PATH if not absolute,
it doesn't prevent the configure script from defaulting to an
absolute path in $out/libexec, making the whole effort rather
pointless.
2019-10-19 12:13:36 +00:00
edef
e6d641d957 openssh: mark hpnSupport as broken
We're hoping to deprecate HPN support, given that as far as we
can tell, nobody is using it, and the patches seem rather unmaintained.
2019-10-19 12:05:27 +00:00
Will Dietz
9199729df4 openssh: 7.9p1 -> 8.1p1
https://www.openwall.com/lists/oss-security/2019/04/18/1
2019-10-19 12:04:02 +00:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
edef
9fe10288f0 openssh: use ssh-keysign from PATH
ssh-keysign is used for host-based authentication, and is designed to be used
as SUID-root program. OpenSSH defaults to referencing it from libexec, which
cannot be made SUID in Nix.
2019-07-31 12:19:36 +00:00
Andreas Rammhold
6d3a653f10
openssh: apply CVE-2018-20685 patch 2019-01-13 21:26:05 +01:00
Jörg Thalheim
3681fa5456
direnv: make cross-compile on windows 2018-11-24 10:43:47 +00:00
zimbatm
2337c7522a
openssh: 7.7p1 -> 7.9p1 (#48784)
added openssh_gssapi to make it easier to test the patched version

the HPN edition isn't available on top of 7.9p1 yet

fix-host-key-algorithms-plus.patch didn't apply anymore, assuming it's
fixed.

release notes: https://www.openssh.com/txt/release-7.9
2018-10-26 01:17:55 +02:00
Vladimír Čunát
c2e6ca501e
openssh: fix tunnel forwarding (upstream patch)
Close #48031, fixes #48016.  I didn't use the PR commit
because I think it's better to fetch the patch.
2018-10-08 12:00:38 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Aneesh Agrawal
2e2cbda290 openssh: 7.6p1 -> 7.7p1
Release notes at https://www.openssh.com/txt/release-7.7;
primarily bugfixes.

Update ssh-hpn as well.

Switch to salsa.debian.org (from anonscm.debian.org).
2018-05-23 12:18:15 +03:00
Silvan Mosberger
734bae2036
openssh_hpn: 7.5p1 -> 7.6p1 2018-04-07 00:32:51 +02:00
Graham Christensen
e2a54266c4
openssh: Build with Kerberos by default
This reverts commit 09696e32c390c232ec7ac506df6457fb93c1f536.
which reverted f596aa0f4a
to move it to staging
2018-01-28 16:36:01 -05:00
Graham Christensen
15a4977409
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:36:01 -05:00
Aneesh Agrawal
716d1612af
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:36:00 -05:00
Orivej Desh
ac522cbe95
Merge pull request #30137 from aneeshusa/update-openssh-to-7.6p1
openssh: 7.5p1 -> 7.6p1
2017-11-11 01:23:41 +00:00
Aneesh Agrawal
d473ef2ed2 openssh: 7.5p1 -> 7.6p1
Release notes are available at https://www.openssh.com/txt/release-7.6.
Mostly a bugfix release, no major backwards-incompatible changes.
2017-10-06 16:38:18 -04:00
John Ericson
531e4b80c9 misc pkgs: Basic sed to get fix pkgconfig and autoreconfHook buildInputs
Only acts on one-line dependency lists.
2017-09-21 15:49:53 -04:00
Jörg Thalheim
7786aab173 openssh: update gssapi patch 2017-09-12 14:28:33 +01:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Thomas Tuegel
c1c314c36f
openssh: unset LD
Commit 093cc00cdd, sets the LD environment
variable by default, but this confuses the openssh Makefile because `configure'
does not respect it.
2017-07-21 15:44:33 -05:00
Vladimír Čunát
445b107d93
openssh: fixup build on Hydra
http://hydra.nixos.org/build/53993444
2017-06-07 09:33:56 +02:00
Tristan Helmich
c395568b7a
openssh_hpn: use new sources and version (7_5_P1)
Close #23990.
2017-04-14 12:22:15 +02:00
Aneesh Agrawal
769b991be6 openssh: 7.4p1 -> 7.5p1
Release notes are available at https://www.openssh.com/txt/release-7.5.
Mostly a bugfix release, no major backwards-incompatible changes.

Remove deprecated `UsePrivilegeSeparation` option,
which is now mandatory.
2017-04-10 19:39:22 -04:00
Vladimír Čunát
0163f0c427
openssh: update the gssapi patch
Only building was tested.
2016-12-29 17:04:58 -05:00
Graham Christensen
11e8ed5ff4
Revert "Revert "openssh: security 7.3p1 -> 7.4p1""
This reverts commit 661b5a9875.
2016-12-29 17:04:39 -05:00
Vladimír Čunát
661b5a9875
Revert "openssh: security 7.3p1 -> 7.4p1"
This reverts commit 277080fea0.

I had tested the server on my physical machine before pushing,
but the openssh test got broken so something is clearly wrong.
http://hydra.nixos.org/build/45500080
2016-12-25 22:15:56 +01:00
Vladimír Čunát
277080fea0
openssh: security 7.3p1 -> 7.4p1
The two removed patches were for issues that should've been fixed.
Minor vulnerabilities addressed: CVE-2016-{10009,10010,10011,10012}.
https://www.openssh.com/txt/release-7.4
2016-12-25 18:42:55 +01:00
Aneesh Agrawal
7374105a96 openssh: Patch CVE-2016-8858
Also add myself as a maintainer.
2016-10-20 14:55:14 -04:00
Graham Christensen
83a8cb1dc2
openssh: apply patch to fix https://bugzilla.redhat.com/show_bug.cgi?id=1380296 2016-10-06 08:54:10 -04:00