eca462813d
Fixes CVE-2018-10933: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials. Source: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
39 lines
1.1 KiB
Nix
39 lines
1.1 KiB
Nix
{ stdenv, fetchurl, fetchpatch, pkgconfig, cmake, zlib, openssl, libsodium }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "libssh-0.7.6";
|
|
|
|
src = fetchurl {
|
|
url = "https://www.libssh.org/files/0.7/libssh-0.7.6.tar.xz";
|
|
sha256 = "14hhdpn2hflywsi9d5bz2pfjxqkyi07znjij89cpakr7b4w7sq0x";
|
|
};
|
|
|
|
patches = [
|
|
# Fix mysql-workbench compilation
|
|
# https://bugs.mysql.com/bug.php?id=91923
|
|
(fetchpatch {
|
|
name = "include-fix-segfault-in-getissuebanner-add-missing-wrappers-in-libsshpp.patch";
|
|
url = https://git.libssh.org/projects/libssh.git/patch/?id=5ea81166bf885d0fd5d4bb232fc22633f5aaf3c4;
|
|
sha256 = "12q818l3nasqrfrsghxdvjcyya1bfcg0idvsf8xwm5zj7criln0a";
|
|
})
|
|
];
|
|
|
|
postPatch = ''
|
|
# Fix headers to use libsodium instead of NaCl
|
|
sed -i 's,nacl/,sodium/,g' ./include/libssh/curve25519.h src/curve25519.c
|
|
'';
|
|
|
|
outputs = [ "out" "dev" ];
|
|
|
|
buildInputs = [ zlib openssl libsodium ];
|
|
|
|
nativeBuildInputs = [ cmake pkgconfig ];
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "SSH client library";
|
|
license = licenses.lgpl2Plus;
|
|
maintainers = with maintainers; [ sander ];
|
|
platforms = platforms.all;
|
|
};
|
|
}
|