openssh: fix CVE-2014-2653 by a Debian patch

2014-03-29 20:24:13 +01:00 · 2014-03-29 20:24:13 +01:00 · e50a76a469
parent 22c04a2fe1
commit e50a76a469
1 changed files with 11 additions and 1 deletions
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@ -31,7 +31,17 @@ stdenv.mkDerivation rec {
      export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
    '';

-  patches = [ ./locale_archive.patch ];
+  patches = [
+    ./locale_archive.patch
+    (fetchurl {
+      name = "CVE-2014-2653.patch";
+      url = "http://anonscm.debian.org/gitweb/?p=pkg-ssh/openssh.git;a=blobdiff_plain;"
+        + "f=sshconnect.c;h=324f5e0a396a4da9885d121bbbef87f6ccf2b149;"
+        + "hp=87c3770c0fd5c7ff41227c45b4528985eaea54a6;hb=63d5fa28e16d96db6bac2dbe3fcecb65328f8966;"
+        + "hpb=9cbb60f5e4932634db04c330c88abc49cc5567bd";
+      sha256 = "160c434igl2r8q4cavhdlwvnbqizx444sjrhg98f997pyhz524h9";
+    })
+  ];

  buildInputs = [ zlib openssl libedit pkgconfig pam ]
    ++ stdenv.lib.optional withKerberos [ kerberos ];