openssh: security 7.3p1 -> 7.4p1

The two removed patches were for issues that should've been fixed. Minor vulnerabilities addressed: CVE-2016-{10009,10010,10011,10012}. https://www.openssh.com/txt/release-7.4
NixOS · Dec 25, 2016 · 277080f · 277080f
1 parent f2df4ce
commit 277080f
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 52 deletions.
diff --git a/pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch b/pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
@@ -29,11 +29,11 @@ stdenv.mkDerivation rec {
   # Please ensure that openssh_with_kerberos still builds when
   # bumping the version here!
   name = "openssh-${version}";
-  version = "7.3p1";
+  version = "7.4p1";
 
   src = fetchurl {
     url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
-    sha256 = "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz";
+    sha256 = "1l8r3x4fr2kb6xm95s7kjdif1wp6f94d4kljh4qjj9109shw87qv";
   };
 
   prePatch = optionalString hpnSupport
@@ -44,13 +44,11 @@ stdenv.mkDerivation rec {
 
   patches =
     [
-      ./RH-1380296-NEWKEYS-null-pointer-deref.patch
       ./locale_archive.patch
       ./fix-host-key-algorithms-plus.patch
 
       # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
       ./dont_create_privsep_path.patch
-      ./fix-CVE-2016-8858.patch
     ]
     ++ optional withGssapiPatches gssapiSrc;
 

diff --git a/pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch b/pkgs/tools/networking/openssh/fix-CVE-2016-8858.patch