diff options
| author | Baptiste Jonglez <git@bitsofnetworks.org> | 2024-07-14 16:09:33 +0200 |
|---|---|---|
| committer | Baptiste Jonglez <git@bitsofnetworks.org> | 2024-07-14 16:09:33 +0200 |
| commit | b6c083cf934e9632de36de15352349f98f28a2c7 (patch) | |
| tree | a25c1fbde31c2361473d1ba6f0adb1bd1c48805c | |
| parent | 47d94b1ad0a5ef04079e2ecc94cdbae101f0b1a4 (diff) | |
| download | nixcfg-b6c083cf934e9632de36de15352349f98f28a2c7.tar.gz nixcfg-b6c083cf934e9632de36de15352349f98f28a2c7.zip | |
Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"
This reverts commit b89b625f46003e0a018eaede1a6923c93b423755.
| -rw-r--r-- | nix/configuration.nix | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/nix/configuration.nix b/nix/configuration.nix index ab7b11a..68751a2 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -78,23 +78,6 @@ SystemMaxUse=1G services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - # FIXME: Temporary patch for OpenSSH (CVE-2024-6387) - # Patches from backport PR: https://github.com/NixOS/nixpkgs/pull/323765 - programs.ssh.package = pkgs.openssh.overrideAttrs(prev: { - patches = prev.patches ++ [ - (pkgs.fetchpatch { - url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch"; - hash = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw="; - }) - (pkgs.fetchpatch { - url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-chaff-logic.patch"; - hash = "sha256-lepBEFxKTAwg379iCD8KQCZVAzs3qNSSyUTOcartpK4="; - }) - ]; - - doCheck = false; - }); - virtualisation.docker = { enable = true; extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON { |