about summary refs log tree commit diff
path: root/pkgs/tools/networking
diff options
context:
space:
mode:
authorgithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>2022-01-05 12:01:03 +0000
committerGitHub <noreply@github.com>2022-01-05 12:01:03 +0000
commit204521c63ba1b0046857d9e695ff8dcf4c7edcd9 (patch)
treeaf2d02f5378100096b0694a75a3e689d4574adf3 /pkgs/tools/networking
parentfba4cce694d76ec190c28bfd8365cb4da8503ffa (diff)
parentc253b04a2f3435f9535a9c024e5ace6912ffb990 (diff)
Merge master into staging-next
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r--pkgs/tools/networking/openssh/common.nix4


-rw-r--r--pkgs/tools/networking/openssh/default.nix27


2 files changed, 17 insertions, 14 deletions
diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix
index ee8d2a92697ff..229edd37eeef9 100644
--- a/pkgs/tools/networking/openssh/common.nix
+++ b/pkgs/tools/networking/openssh/common.nix
@@ -4,6 +4,7 @@
 , src
 , extraPatches ? []
 , extraNativeBuildInputs ? []
+, extraConfigureFlags ? []
 , extraMeta ? {}
 }:
 
@@ -94,7 +95,8 @@ stdenv.mkDerivation rec {
     ++ optional withFIDO "--with-security-key-builtin=yes"
     ++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
     ++ optional stdenv.isDarwin "--disable-libutil"
-    ++ optional (!linkOpenssl) "--without-openssl";
+    ++ optional (!linkOpenssl) "--without-openssl"
+    ++ extraConfigureFlags;
 
   buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
 
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 4bc181717168b..e8cad75698f4c 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -19,29 +19,30 @@ in
 
   openssh_hpn = common rec {
     pname = "openssh-with-hpn";
-    version = "8.4p1";
+    version = "8.8p1";
     extraDesc = " with high performance networking patches";
 
-    src = fetchFromGitHub {
-      owner = "rapier1";
-      repo = "openssh-portable";
-      rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}";
-      hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY=";
+    src = fetchurl {
+      url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
+      sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425";
     };
 
     extraPatches = [
-      ./ssh-keysign-8.4.patch
+      ./ssh-keysign-8.5.patch
 
-      # See https://github.com/openssh/openssh-portable/pull/206
-      ./ssh-copy-id-fix-eof.patch
+      # HPN Patch from FreeBSD ports
+      (fetchpatch {
+        name = "ssh-hpn.patch";
+        url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn";
+        stripLen = 1;
+        sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64=";
+      })
     ];
 
     extraNativeBuildInputs = [ autoreconfHook ];
 
-    extraMeta.knownVulnerabilities = [
-      "CVE-2021-28041"
-      "CVE-2021-41617"
-    ];
+    extraConfigureFlags = [ "--with-hpn" ];
+    extraMeta.maintainers = with lib.maintainers; [ abbe ];
   };
 
   openssh_gssapi = common rec {

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-23 09:44:23 +0000