+2

nixos/doc/manual/release-notes/rl-2305.section.md

reviewed

··· 66 66 67 67 - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep). 68 68 69 69 + - The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` 70 70 + 69 71 - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. 70 72 71 73 - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.

+9 -2

pkgs/tools/networking/openssh/default.nix

reviewed

··· 6 6 7 7 openssh = common rec { 8 8 pname = "openssh"; 9 9 - version = "9.1p1"; 9 9 + version = "9.2p1"; 10 10 11 11 src = fetchurl { 12 12 url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz"; 13 13 - hash = "sha256-GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og="; 13 13 + hash = "sha256-P2bb8WVftF9Q4cVtpiqwEhjCKIB7ITONY068351xz0Y="; 14 14 }; 15 15 16 16 extraPatches = [ ./ssh-keysign-8.5.patch ]; ··· 36 36 url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/ae66cffc19f357cbd51d5841c9b110a9ffd63e32/security/openssh-portable/files/extra-patch-hpn"; 37 37 stripLen = 1; 38 38 sha256 = "sha256-p3CmMqTgrqFZUo4ZuqaPLczAhjmPufkCvptVW5dI+MI="; 39 39 + }) 40 40 + 41 41 + (fetchpatch { 42 42 + name = "CVE-2023-25136.patch"; 43 43 + url = "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig"; 44 44 + stripLen = 1; 45 45 + hash = "sha256-ol/YXXb2gJNBfvg9JKmIEdwGK8RaDfW53aKKT6HU++M="; 39 46 }) 40 47 ]; 41 48