search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crun: 1.8.3 -> 1.8.4
[NixPkgs.git] / pkgs / tools / networking / openssh / default.nix
blob9b604cd1405c4c438415cee6d638e6d0693678f2
1 { callPackage, lib, fetchurl, fetchpatch, fetchFromGitHub, autoreconfHook }:
2 let
3   common = opts: callPackage (import ./common.nix opts) { };
4 in
5 {
6
7   openssh = common rec {
8     pname = "openssh";
9     version = "9.3p1";
10
11     src = fetchurl {
12       url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
13       hash = "sha256-6bq6dwGnalHz2Fpiw4OjydzZf6kAuFm8fbEUwYaK+Kg=";
14     };
15
16     extraPatches = [ ./ssh-keysign-8.5.patch ];
17     extraMeta.maintainers = with lib.maintainers; [ das_j ];
18   };
19
20   openssh_hpn = common rec {
21     pname = "openssh-with-hpn";
22     version = "9.2p1";
23     extraDesc = " with high performance networking patches";
24
25     src = fetchurl {
26       url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
27       hash = "sha256-P2bb8WVftF9Q4cVtpiqwEhjCKIB7ITONY068351xz0Y=";
28     };
29
30     extraPatches = [
31       ./ssh-keysign-8.5.patch
32
33       # HPN Patch from FreeBSD ports
34       (fetchpatch {
35         name = "ssh-hpn-wo-channels.patch";
36         url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/10491773d88012fe81d9c039cbbba647bde9ebc9/security/openssh-portable/files/extra-patch-hpn";
37         stripLen = 1;
38         excludes = [ "channels.c" ];
39         sha256 = "sha256-kSj0oE7gNHfIciy0/ErhdfrbmfjQmd8hduyiRXFnVZA=";
40       })
41
42       (fetchpatch {
43         name = "ssh-hpn-channels.patch";
44         url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/10491773d88012fe81d9c039cbbba647bde9ebc9/security/openssh-portable/files/extra-patch-hpn";
45         extraPrefix = "";
46         includes = [ "channels.c" ];
47         sha256 = "sha256-pDLUbjv5XIyByEbiRAXC3WMUPKmn15af1stVmcvr7fE=";
48       })
49     ];
50
51     extraNativeBuildInputs = [ autoreconfHook ];
52
53     extraConfigureFlags = [ "--with-hpn" ];
54     extraMeta = {
55       maintainers = with lib.maintainers; [ abbe ];
56       knownVulnerabilities = [ "CVE-2023-28531" ];
57     };
58   };
59
60   openssh_gssapi = common rec {
61     pname = "openssh-with-gssapi";
62     version = "9.0p1";
63     extraDesc = " with GSSAPI support";
64
65     src = fetchurl {
66       url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
67       sha256 = "12m2f9czvgmi7akp7xah6y7mrrpi280a3ksk47iwr7hy2q1475q3";
68     };
69
70     extraPatches = [
71       ./ssh-keysign-8.5.patch
72
73       (fetchpatch {
74         name = "openssh-gssapi.patch";
75         url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%25${version}-1/debian/patches/gssapi.patch";
76         sha256 = "sha256-VG7+2dfu09nvHWuSAB6sLGMmjRCDCysl/9FR1WSF21k=";
77       })
78     ];
79
80     extraNativeBuildInputs = [ autoreconfHook ];
81     extraMeta.knownVulnerabilities = [ "CVE-2023-28531" ];
82   };
83 }
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs