1 files changed, 11 insertions, 0 deletions
diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix
index ad6c58c..6045fd4 100644
--- a/flakes/private/system/flake.nix
+++ b/flakes/private/system/flake.nix
@@ -30,6 +30,17 @@
          secrets.deleteSecretsVars = true;
          secrets.secretsVars = "/run/keys/vars.yml";
+          programs.ssh.package = lib.mkDefault (
+            pkgs.openssh.overrideAttrs(old: rec {
+              patches = old.patches ++ [
+                # Mitigation for CVE https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
+                (pkgs.fetchpatch {
+                  url = "https://raw.githubusercontent.com/NixOS/nixpkgs/342bfe5c431fd7828fee8fa7e07a4d8fbfd18618/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch";
+                  sha256 = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw=";
+                })
+              ];
+            })
+          );
          services.openssh.enable = true;
          nixpkgs.overlays =

diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix index ad6c58c..6045fd4 100644 --- a/flakes/private/system/flake.nix +++ b/flakes/private/system/flake.nix
@@ -30,6 +30,17 @@
30	secrets.deleteSecretsVars = true;	30	secrets.deleteSecretsVars = true;
31	secrets.secretsVars = "/run/keys/vars.yml";	31	secrets.secretsVars = "/run/keys/vars.yml";
32		32
		33	programs.ssh.package = lib.mkDefault (
		34	pkgs.openssh.overrideAttrs(old: rec {
		35	patches = old.patches ++ [
		36	# Mitigation for CVE https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
		37	(pkgs.fetchpatch {
		38	url = "https://raw.githubusercontent.com/NixOS/nixpkgs/342bfe5c431fd7828fee8fa7e07a4d8fbfd18618/pkgs/tools/networking/openssh/openssh-9.6_p1-CVE-2024-6387.patch";
		39	sha256 = "sha256-B3Wz/eWSdOnrOcVzDv+QqzLGdFlb3jivQ8qZMC3d0Qw=";
		40	})
		41	];
		42	})
		43	);
33	services.openssh.enable = true;	44	services.openssh.enable = true;
34		45
35	nixpkgs.overlays =	46	nixpkgs.overlays =