| blob | 3ea35daaeb3dc2f59cdda39f689141bb0e273b0f |
1 { callPackage, fetchurl, fetchpatch, autoreconfHook }:
2 let
3 common = opts: callPackage (import ./common.nix opts) {};
4 in {
6 openssh = common rec {
7 pname = "openssh";
8 version = "8.5p1";
10 src = fetchurl {
11 url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
12 sha256 = "09gc8rv7728chxraab85dzkdikaw4aph1wlcwcc9kai9si0kybzm";
13 };
15 extraPatches = [ ./ssh-keysign-8.5.patch ];
16 };
18 openssh_hpn = common rec {
19 pname = "openssh-with-hpn";
20 version = "8.4p1";
21 extraDesc = " with high performance networking patches";
23 src = fetchurl {
24 url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}.tar.gz";
25 sha256 = "1x2afjy1isslbg7qlvhhs4zhj2c8q2h1ljz0fc5b4h9pqcm9j540";
26 };
28 extraPatches = [
29 ./ssh-keysign-8.4.patch
31 # See https://github.com/openssh/openssh-portable/pull/206
32 ./ssh-copy-id-fix-eof.patch
33 ];
35 extraNativeBuildInputs = [ autoreconfHook ];
37 extraMeta.knownVulnerabilities = [
38 "CVE-2021-28041"
39 ];
40 };
42 openssh_gssapi = common rec {
43 pname = "openssh-with-gssapi";
44 version = "8.4p1";
45 extraDesc = " with GSSAPI support";
47 src = fetchurl {
48 url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
49 sha256 = "091b3pxdlj47scxx6kkf4agkx8c8sdacdxx8m1dw1cby80pd40as";
50 };
52 extraPatches = [
53 ./ssh-keysign-8.4.patch
55 # See https://github.com/openssh/openssh-portable/pull/206
56 ./ssh-copy-id-fix-eof.patch
58 (fetchpatch {
59 name = "openssh-gssapi.patch";
60 url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%25${version}-2/debian/patches/gssapi.patch";
61 sha256 = "1z1ckzimlkm1dmr9f5fqjnjg28gsqcwx6xka0klak857548d2lp2";
62 })
63 ];
65 extraNativeBuildInputs = [ autoreconfHook ];
67 extraMeta.knownVulnerabilities = [
68 "CVE-2021-28041"
69 ];
70 };
71 }