From 6fd9541ed6c13b14ee5d3c8e4b40079d828f3f63 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Mon, 1 Jul 2024 18:08:07 +0200
Subject: fix(system/services/openssh): Update to fix CVE-2024-6387
 “regreSSHion”
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This should already be in 24.04, but it does not work currently :<.
---
 system/services/openssh/default.nix    | 9 ++++++++-
 system/services/openssh/new_module.nix | 7 +++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 system/services/openssh/new_module.nix

(limited to 'system/services/openssh')

diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix
index 46b7ffd..46a9782 100644
--- a/system/services/openssh/default.nix
+++ b/system/services/openssh/default.nix
@@ -1,7 +1,14 @@
-{...}: {
+{pkgsUnstable, ...}: {
+  imports = [
+    ./new_module.nix
+  ];
+
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
+
+    package = pkgsUnstable.openssh;
+
     hostKeys = [
       {
         # See the explanation for this in /system/impermanence/mods/openssh.nix
diff --git a/system/services/openssh/new_module.nix b/system/services/openssh/new_module.nix
new file mode 100644
index 0000000..878f9de
--- /dev/null
+++ b/system/services/openssh/new_module.nix
@@ -0,0 +1,7 @@
+{...} @ args: {
+  disabledModules = ["services/networking/ssh/sshd.nix"];
+
+  imports = [
+    "${args.nixpkgs-unstable}/nixos/modules/services/networking/ssh/sshd.nix"
+  ];
+}
-- 
cgit 1.4.1