libssh: security+maintenance to fix CVE-2014-8132

Also switched to openssl instead of libgcrypt (wouldn't compile otherwise), and fixed meta.license.
2025-01-29 16:24:10 +00:00 · 2014-12-20 14:35:20 +01:00 · 2014-12-20 14:35:20 +01:00 · 7357f0ae24
commit 7357f0ae24
parent e9e4388959
1 changed files with 9 additions and 10 deletions
--- a/pkgs/development/libraries/libssh/default.nix
+++ b/pkgs/development/libraries/libssh/default.nix
@ -1,23 +1,22 @@
-{ stdenv, fetchurl, pkgconfig, cmake, zlib, libgcrypt }:
+{ stdenv, fetchurl, pkgconfig, cmake, zlib, libgcrypt, openssl }:

 stdenv.mkDerivation rec {
-  name = "libssh-0.6.3";
+  name = "libssh-0.6.4";

  src = fetchurl {
-    url = "https://red.libssh.org/attachments/download/87/${name}.tar.xz";
-    sha256 = "1jyaj9h1iglvn02hrvcchbx8ycjpj8b91h8mi459k7q5jp2xgd9b";
+    url = "https://red.libssh.org/attachments/download/107/${name}.tar.gz";
+    sha256 = "0lkb45sc7w0wd67p46yh8rsprglssnkqar1sp0impwsvx7i0acky";
  };

-  buildInputs = [ zlib libgcrypt ];
+  # option we don't provide (yet): use libgcrypt instead of openssl
+  buildInputs = [ zlib /*libgcrypt*/ openssl ];

  nativeBuildInputs = [ cmake pkgconfig ];

-  cmakeFlags = "-DWITH_GCRYPT=ON";
-
-  meta = {
+  meta = with stdenv.lib; {
    description = "SSH client library";
-    license = "LGPL";
+    license = licenses.lgpl2Plus;
    maintainers = with stdenv.lib.maintainers; [ sander urkud ];
-    platforms = stdenv.lib.platforms.all;
+    platforms = platforms.all;
  };
 }