William A. Kennington III
88b8145750
openssh: 6.9p1 -> 7.1p1
...
This intentionally leaves out support for using existing dsa keys as
they are insecure and should not be enabled by default. If you need this
support, please make the changes in your ssh_config and sshd_config.
2015-09-15 12:14:12 -07:00
Eelco Dolstra
2d4b6405b3
openssh: Apply some Fedora security backports
2015-08-20 14:08:21 +02:00
Eelco Dolstra
401782cb67
Revert "openssh: 6.9p1 -> 7.0p1"
...
This reverts commit a8eb2a6a81
. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.
For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
2015-08-20 14:08:18 +02:00
William A. Kennington III
a8eb2a6a81
openssh: 6.9p1 -> 7.0p1
2015-08-11 10:59:12 -07:00
William A. Kennington III
243b2f79ce
openssh: 6.8p1 -> 6.9p1
2015-07-06 19:30:02 -07:00
William A. Kennington III
81ace52e89
openssh: Refactor and install sample config files
2015-07-06 19:29:45 -07:00
William A. Kennington III
bea1c88205
openssh: 6.7p1 -> 6.8p1
2015-03-20 21:20:33 -07:00
Dan Peebles
3caa6f4d7d
This doesn't hurt the current darwin stdenv and doesn't affect anything else, but is needed for the upcoming pure darwin stdenv
2015-02-18 01:19:59 -05:00
Franz Pletz
07e1566b7d
fetchurl: add mirrors for OpenBSD ( close #5551 )
...
This changes source URLs for openssh and libressl accordingly.
2015-01-20 16:24:00 +01:00
Vladimír Čunát
abcb355453
restund, openssh_hpn: mark as broken
2014-11-27 01:19:24 +01:00
Eelco Dolstra
87419c016f
openssh: Update to 6.7p1
2014-11-20 12:12:33 +01:00
Mateusz Kowalczyk
007f80c1d0
Turn more licenses into lib.licenses style
...
Should eval cleanly, as far as -A tarball tells me.
Relevant: issue #2999 , issue #739
2014-11-06 00:48:16 +00:00
JB Giraudeau
04163fcc81
update hpn patch version to match openssh version
...
so that hpn_openssh is not boken anymore
2014-09-11 22:29:00 +02:00
Mateusz Kowalczyk
7a45996233
Turn some license strings into lib.licenses values
2014-07-28 11:31:14 +02:00
Eelco Dolstra
9b6eeecbde
openssh: Fix broken URL
2014-05-22 12:11:52 +02:00
Vladimír Čunát
e50a76a469
openssh: fix CVE-2014-2653 by a Debian patch
2014-03-29 20:24:13 +01:00
Eelco Dolstra
d9f9bb1ab2
openssh: Update to 6.6p1
...
CVE-2014-2532
Note that this CVE only affects people who use AcceptEnv with
wildcards.
2014-03-20 12:39:00 +01:00
Vladimír Čunát
f33d50c04e
openssh_hpn: mark as broken ATM, cf. #1640
2014-02-01 09:08:13 +01:00
William A. Kennington III
62e78f6b23
openssh: Upgrade from 6.4p1 -> 6.5p1
2014-01-31 14:51:25 +01:00
William A. Kennington III
c4e03f0739
openssh: Update from 6.2p2 -> 6.4p1
...
This patch also bumps up the HPN version of openssh so that it compiles
on top of 6.4. Along with the bump, a package was added for the high
performance networking version.
The gcmrekey patch was removed as this vulnerability is fixed in
version 6.4 onward. http://www.openssh.org/txt/gcmrekey.adv
2013-12-30 02:42:12 -06:00
Eelco Dolstra
52ad0eaca5
openssh: Security fix
...
CVE-2013-4548
2013-11-08 16:42:59 +01:00
Domen Kožar
9726dded27
openssh: build on unix platforms
2013-10-29 17:47:38 +01:00
Christophe Raffalli
2c089337e7
OpenSSH: add Kerberos support
2013-08-22 12:53:06 +03:00
Eelco Dolstra
7fc87a865e
openssh: Update to 6.2p2
2013-08-12 14:50:55 +02:00
Eelco Dolstra
acba9240cd
nixos.org/tarballs -> tarballs.nixos.org
...
It's currently the same machine, but tarballs.nixos.org should become
an S3/CloudFront site eventually.
2013-06-25 14:12:16 +02:00
Eelco Dolstra
4d5ba15ea9
openssh: Update to 6.2p1
2013-04-12 15:27:13 +02:00
Shea Levy
aacca1902c
Merge branch 'upstream-master' into stdenv-updates
2013-02-19 10:09:39 -05:00
Eelco Dolstra
3a1d3990e5
openssh: Just use a mirror of the HPN patch
2013-02-19 11:03:10 +01:00
Lluís Batlle i Rossell
cde20d6951
Fixing openssh hpn support for 6.1p1
...
I had to write a weird download derivation to overcome their download procedure.
2013-02-19 10:50:50 +01:00
Eelco Dolstra
3fa03df78c
openssh: Remvoe unused Perl dependency
...
Since "buildNativeInputs" was misspelled, Perl is not actually used.
2012-12-28 19:26:28 +01:00
Eelco Dolstra
2322899a1f
openssh: Update to 6.1p1
2012-09-18 17:01:08 -04:00
Eelco Dolstra
69c66055b7
* OpenSSH 6.0.
...
svn path=/nixpkgs/trunk/; revision=33988
2012-05-05 14:42:17 +00:00
Yury G. Kudryashov
215a07c1a9
svn merge ^/nixpkgs/trunk
...
Merge conflicts:
* unzip (almost trivial)
* dvswitch (trivial)
* gmp (copied result of `git merge`)
The last item introduced gmp-5.0.3, thus full rebuild.
+ensureDir->mkdir -p in TeX packages was catched by git but not svn.
svn path=/nixpkgs/branches/stdenv-updates/; revision=32091
2012-02-06 23:03:12 +00:00
Eelco Dolstra
4fe11e8438
* OpenSSH updated to 5.9p1.
...
svn path=/nixpkgs/trunk/; revision=31939
2012-01-31 11:01:12 +00:00
Eelco Dolstra
c556a6ea46
* "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
...
function, so obsolete it.
svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Eelco Dolstra
80d963dee0
* OpenSSH 5.8p2.
...
svn path=/nixpkgs/trunk/; revision=27223
2011-05-11 13:44:18 +00:00
Lluís Batlle i Rossell
68cb3535e1
Making openssh cross-build. And making linux-pam almost cross-build, I think.
...
This allows me to put sftp-server in the nanonote and use it through dropbear.
svn path=/nixpkgs/trunk/; revision=26971
2011-04-25 15:41:32 +00:00
Lluís Batlle i Rossell
f4b6ea9ebc
the hpn-ssh needs -lgcc_s, because of its pthread_cancel at the end.
...
svn path=/nixpkgs/trunk/; revision=26833
2011-04-13 20:44:17 +00:00
Lluís Batlle i Rossell
49a08c4f97
Updating the hpn-ssh patch.
...
svn path=/nixpkgs/trunk/; revision=26831
2011-04-13 20:24:06 +00:00
Eelco Dolstra
209939f6f2
* OpenSSH 5.8.
...
svn path=/nixpkgs/trunk/; revision=25808
2011-02-08 13:13:34 +00:00
Eelco Dolstra
412bd09ec1
* OpenSSH 5.6.
...
svn path=/nixpkgs/trunk/; revision=23432
2010-08-25 21:12:36 +00:00
Peter Simons
3353ed9c88
pkgs/top-level/all-packages.nix, pkgs/tools/networking/openssh: prefer makeOverridable over getPkgConfig to customize openssh
...
Changed 'openssh' expression to allow for argument overriding instead of
relying on getPkgConfig. While I was at it, I also simplified the build
expression a bit.
svn path=/nixpkgs/trunk/; revision=21868
2010-05-19 12:26:06 +00:00
Lluís Batlle i Rossell
8b311ba757
Adding the openssh patch I forgot in a recent commit
...
svn path=/nixpkgs/trunk/; revision=21681
2010-05-09 12:53:46 +00:00
Lluís Batlle i Rossell
b7af00b889
Making openssh pass the LOCALE_ARCHIVE variable to the forked session processes,
...
so the session 'bash' will receive the proper locale archive, and thus process
UTF-8 properly.
svn path=/nixpkgs/trunk/; revision=21678
2010-05-09 12:44:09 +00:00
Lluís Batlle i Rossell
c12db8f8dc
I wrote wrong the openssh url. Btw, I changed the source server, because the old
...
mirror at Ultrech did not have the latest openssh even 6 days after the
5.5 release.
svn path=/nixpkgs/trunk/; revision=21247
2010-04-22 20:12:09 +00:00
Lluís Batlle i Rossell
5d04ec0364
Updating openssh, fixing libedit for openssh to link well with it, and... here we
...
finally have sftp with some kind of 'readline'!
svn path=/nixpkgs/trunk/; revision=21246
2010-04-22 18:16:18 +00:00
Eelco Dolstra
b377b0233b
* OpenSSH updated to 5.4.
...
svn path=/nixpkgs/trunk/; revision=20567
2010-03-11 16:08:55 +00:00
Eelco Dolstra
0e212964fb
* openssh: Install the moduli file.
...
svn path=/nixpkgs/trunk/; revision=19753
2010-02-01 17:04:07 +00:00
Eelco Dolstra
947e2c71ad
* openssh updated to 5.3p1. Also enabled the HPN patch by default.
...
svn path=/nixpkgs/trunk/; revision=19752
2010-02-01 16:56:10 +00:00
Lluís Batlle i Rossell
3cc62cefa8
Finally I decided to add High Performance SSH.
...
http://www.psc.edu/networking/projects/hpn-ssh/
I tried to keep the openssh hash not changing, unless the user sets hpn in getConfig
style. I think that does not look as good as a patch changing the hash, but it may
annoy less. Let me know if it is not ok.
I don't think hpn should be the default, because it may have some insecurity implications
I don't know of. But I used to enable it in all my machines, and I hope to do so unless
advised otherwise.
svn path=/nixpkgs/trunk/; revision=18073
2009-11-02 21:49:06 +00:00