From e50a76a4693a9f64c028e47c336b68cf36a50e7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Sat, 29 Mar 2014 20:24:13 +0100
Subject: [PATCH] openssh: fix CVE-2014-2653 by a Debian patch

---
 pkgs/tools/networking/openssh/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index b0d1dba891b6..6926b9aa82aa 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -31,7 +31,17 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches = [ ./locale_archive.patch ];
+  patches = [
+    ./locale_archive.patch
+    (fetchurl {
+      name = "CVE-2014-2653.patch";
+      url = "http://anonscm.debian.org/gitweb/?p=pkg-ssh/openssh.git;a=blobdiff_plain;"
+        + "f=sshconnect.c;h=324f5e0a396a4da9885d121bbbef87f6ccf2b149;"
+        + "hp=87c3770c0fd5c7ff41227c45b4528985eaea54a6;hb=63d5fa28e16d96db6bac2dbe3fcecb65328f8966;"
+        + "hpb=9cbb60f5e4932634db04c330c88abc49cc5567bd";
+      sha256 = "160c434igl2r8q4cavhdlwvnbqizx444sjrhg98f997pyhz524h9";
+    })
+  ];
 
   buildInputs = [ zlib openssl libedit pkgconfig pam ]
     ++ stdenv.lib.optional withKerberos [ kerberos ];