diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2019-01-13 21:26:05 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2019-01-13 21:26:05 +0100 |
commit | 6d3a653f10489158e9b3c223f16c8db9b0e7bc50 (patch) | |
tree | eafb071563c85af834cde8df3b04803c7a91860c /pkgs/tools/networking/openssh | |
parent | f9bd1533773e5fd3576b07cd7a39215b0cb3dad9 (diff) |
openssh: apply CVE-2018-20685 patch
Diffstat (limited to 'pkgs/tools/networking/openssh')
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 7b3c00894667c..6ce574b9cdc40 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -41,6 +41,15 @@ stdenv.mkDerivation rec { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch + + # CVE-2018-20685, can probably be dropped with next version bump + # See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + # for details + (fetchpatch { + name = "CVE-2018-20685.patch"; + url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch; + sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds"; + }) ] ++ optional withGssapiPatches (assert withKerberos; gssapiPatch); |