openssh: 9.7p1 -> 9.8p1

Fixes a critical security bug allowing remote code execution as root: <https://www.openssh.com/txt/release-9.8> This may be CVE-2024-6387 (currently embargoed): <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
2024-07-01 09:40:02 +01:00 · 2024-07-01 09:40:02 +01:00 · 7f993cdf26
commit 7f993cdf26
parent 711630874b
1 changed files with 2 additions and 2 deletions
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@ -5,11 +5,11 @@ in
 {
  openssh = common rec {
    pname = "openssh";
-    version = "9.7p1";
+    version = "9.8p1";

    src = fetchurl {
      url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
-      hash = "sha256-SQQm92bYKidj/KzY2D6j1weYdQx70q/y5X3FZg93P/0=";
+      hash = "sha256-3YvQAqN5tdSZ37BQ3R+pr4Ap6ARh9LtsUjxJlz9aOfM=";
    };

    extraPatches = [ ./ssh-keysign-8.5.patch ];