From b6c083cf934e9632de36de15352349f98f28a2c7 Mon Sep 17 00:00:00 2001
From: Baptiste Jonglez <git@bitsofnetworks.org>
Date: Sun, 14 Jul 2024 16:09:33 +0200
Subject: Revert "openssh: Temporary patch for CVE-2024-6387 mitigation"

This reverts commit b89b625f46003e0a018eaede1a6923c93b423755.
---
 nix/configuration.nix | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/nix/configuration.nix b/nix/configuration.nix
index ab7b11a..68751a2 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -78,23 +78,6 @@ SystemMaxUse=1G
   services.openssh.enable = true;
   services.openssh.settings.PasswordAuthentication = false;
 
-  # FIXME: Temporary patch for OpenSSH (CVE-2024-6387)
-  # Patches from backport PR: https://github.com/NixOS/nixpkgs/pull/323765
-  programs.ssh.package = pkgs.openssh.overrideAttrs(prev: {
-    patches = prev.patches ++ [
-      (pkgs.fetchpatch {
-        url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch";
-        hash = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw=";
-      })
-      (pkgs.fetchpatch {
-        url = "https://raw.githubusercontent.com/emilazy/nixpkgs/c21c340818954576c6401ad460a9d42bab030bc4/pkgs/tools/networking/openssh/openssh-9.6_p1-chaff-logic.patch";
-        hash = "sha256-lepBEFxKTAwg379iCD8KQCZVAzs3qNSSyUTOcartpK4=";
-      })
-    ];
-
-    doCheck = false;
-  });
-
   virtualisation.docker = {
     enable = true;
     extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON {
-- 
cgit v1.2.3