Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
This reverts commit b89b625f46
.
This commit is contained in:
parent
47d94b1ad0
commit
b6c083cf93
1 changed files with 0 additions and 17 deletions
|
@ -78,23 +78,6 @@ SystemMaxUse=1G
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.settings.PasswordAuthentication = false;
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
|
|
||||||
# FIXME: Temporary patch for OpenSSH (CVE-2024-6387)
|
|
||||||
# Patches from backport PR: https://github.com/NixOS/nixpkgs/pull/323765
|
|
||||||
programs.ssh.package = pkgs.openssh.overrideAttrs(prev: {
|
|
||||||
patches = prev.patches ++ [
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch";
|
|
||||||
hash = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw=";
|
|
||||||
})
|
|
||||||
(pkgs.fetchpatch {
|
|
||||||
url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-chaff-logic.patch";
|
|
||||||
hash = "sha256-lepBEFxKTAwg379iCD8KQCZVAzs3qNSSyUTOcartpK4=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
doCheck = false;
|
|
||||||
});
|
|
||||||
|
|
||||||
virtualisation.docker = {
|
virtualisation.docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON {
|
extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON {
|
||||||
|
|
Loading…
Reference in a new issue