Merge pull request #53896 from andir/openssh

openssh: apply CVE-2018-20685 patch
This commit is contained in:
Andreas Rammhold 2019-01-13 22:45:09 +01:00 committed by GitHub
commit 2013d86a5d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -41,6 +41,15 @@ stdenv.mkDerivation rec {
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
./dont_create_privsep_path.patch
# CVE-2018-20685, can probably be dropped with next version bump
# See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
# for details
(fetchpatch {
name = "CVE-2018-20685.patch";
url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch;
sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds";
})
]
++ optional withGssapiPatches (assert withKerberos; gssapiPatch);