openssh: 8.8p1 -> 8.9p1
This commit is contained in:
parent
ef47c28c7f
commit
0269c10d74
3 changed files with 10 additions and 2 deletions
|
@ -329,6 +329,12 @@
|
|||
relying on the insecure behaviour before upgrading.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>openssh</literal> has been update to 8.9p1, changing
|
||||
the FIDO security key middleware interface.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The DHCP server (<literal>services.dhcpd4</literal>,
|
||||
|
|
|
@ -113,6 +113,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
|
||||
|
||||
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
|
||||
|
||||
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
|
||||
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
|
||||
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
|
||||
|
|
|
@ -6,11 +6,11 @@ in
|
|||
|
||||
openssh = common rec {
|
||||
pname = "openssh";
|
||||
version = "8.8p1";
|
||||
version = "8.9p1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
|
||||
sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425";
|
||||
sha256 = "sha256:1ry5prcax0134v6srkgznpl9ch5snkgq7yvjqvd8c5mbnxa7cjgx";
|
||||
};
|
||||
|
||||
extraPatches = [ ./ssh-keysign-8.5.patch ];
|
||||
|
|
Loading…
Reference in a new issue