diff options
author | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-19 10:37:02 +0000 |
commit | 203846b9de3bc67e77c93be9d111408286a17d5d (patch) | |
tree | 3306a68a635fad0de834440c25f7e1b69b1e4b10 /pkgs/tools/networking | |
parent | 6539901c7f5eeb18cf5e9a493c230a912ff27f82 (diff) | |
parent | b54009fdfb7951bb5423c4fabcb28b70581b5ba8 (diff) | |
download | nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.gz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.bz2 nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.lz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.xz nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.tar.zst nixlib-203846b9de3bc67e77c93be9d111408286a17d5d.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/ndjbdns/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 8 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/dont_create_privsep_path.patch | 11 | ||||
-rw-r--r-- | pkgs/tools/networking/proxychains/default.nix | 17 | ||||
-rw-r--r-- | pkgs/tools/networking/shncpd/default.nix | 27 | ||||
-rw-r--r-- | pkgs/tools/networking/vtun/default.nix | 10 |
6 files changed, 63 insertions, 17 deletions
diff --git a/pkgs/tools/networking/ndjbdns/default.nix b/pkgs/tools/networking/ndjbdns/default.nix index 2a7e996f8db2..256f50e5c546 100644 --- a/pkgs/tools/networking/ndjbdns/default.nix +++ b/pkgs/tools/networking/ndjbdns/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, systemd, pkgconfig }: stdenv.mkDerivation rec { - version = "1.05.9"; + version = "1.06"; name = "ndjbdns-${version}"; + src = fetchurl { url = "http://pjp.dgplug.org/ndjbdns/${name}.tar.gz"; - sha256 = "0gf3hlmr6grcn6dzflf83lqqfp6hk3ldhbc7z0a1rrh059m93ap5"; + sha256 = "09qi5a9abqm08iqmxj74fzzq9x1w5lzr1jlbzj2hl8hz0g2sgraw"; }; buildInputs = [ pkgconfig systemd ]; @@ -21,4 +22,4 @@ stdenv.mkDerivation rec { platforms = platforms.linux; }; -} \ No newline at end of file +} diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 064745f88558..a0cb0795a261 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -45,6 +45,9 @@ stdenv.mkDerivation rec { ./locale_archive.patch ./fix-host-key-algorithms-plus.patch ./CVE-2015-8325.patch + + # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 + ./dont_create_privsep_path.patch ] ++ optional withGssapiPatches gssapiSrc; @@ -66,11 +69,6 @@ stdenv.mkDerivation rec { ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; - preConfigure = '' - configureFlagsArray+=("--with-privsep-path=$out/empty") - mkdir -p $out/empty - ''; - enableParallelBuilding = true; hardeningEnable = [ "pie" ]; diff --git a/pkgs/tools/networking/openssh/dont_create_privsep_path.patch b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch new file mode 100644 index 000000000000..b6d432d5c5de --- /dev/null +++ b/pkgs/tools/networking/openssh/dont_create_privsep_path.patch @@ -0,0 +1,11 @@ +diff -ur openssh-7.2p2_orig/Makefile.in openssh-7.2p2/Makefile.in +--- openssh-7.2p2_orig/Makefile.in 2016-03-09 19:04:48.000000000 +0100 ++++ openssh-7.2p2/Makefile.in 2016-07-16 09:56:05.643903293 +0200 +@@ -301,7 +301,6 @@ + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 + $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) +- (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) diff --git a/pkgs/tools/networking/proxychains/default.nix b/pkgs/tools/networking/proxychains/default.nix index 2b85cef70c55..ed19f9d1674f 100644 --- a/pkgs/tools/networking/proxychains/default.nix +++ b/pkgs/tools/networking/proxychains/default.nix @@ -1,10 +1,13 @@ -{ stdenv, fetchgit } : -stdenv.mkDerivation { - name = "proxychains-4.0.1-head"; - src = fetchgit { - url = https://github.com/haad/proxychains.git; - rev = "c9b8ce35b24f9d4e80563242b759dff54867163f"; - sha256 = "163h3d3lpglbzjadf8a9kfaf0i1ds25r7si6ll6d5khn1835zik5"; +{ stdenv, fetchFromGitHub } : +stdenv.mkDerivation rec { + name = "proxychains-${version}"; + version = "4.2.0"; + + src = fetchFromGitHub { + owner = "haad"; + repo = "proxychains"; + rev = name; + sha256 = "015skh3z1jmm8kxbm3nkqv1w56kcvabdmcbmpwzywxr4xnh3x3pc"; }; meta = { diff --git a/pkgs/tools/networking/shncpd/default.nix b/pkgs/tools/networking/shncpd/default.nix new file mode 100644 index 000000000000..be2bc6a75a17 --- /dev/null +++ b/pkgs/tools/networking/shncpd/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "shncpd-${version}"; + version = "2016-06-22"; + + src = fetchFromGitHub { + owner = "jech"; + repo = "shncpd"; + rev = "62ef688db7a6535ce11e66c8c93ab64a1bb09484"; + sha256 = "1sj7a77isc2jmh7gw2naw9l9366kjx6jb909h7spj7daxdwvji8f"; + }; + + hardeningEnable = [ "pie" ]; + + preConfigure = '' + makeFlags=( "PREFIX=$out" ) + ''; + + meta = with stdenv.lib; { + description = "Simple, stupid and slow HNCP daemon"; + homepage = https://www.irif.univ-paris-diderot.fr/~jch/software/homenet/shncpd.html; + license = licenses.mit; + platforms = platforms.linux; + maintainers = [ maintainers.fpletz ]; + }; +} diff --git a/pkgs/tools/networking/vtun/default.nix b/pkgs/tools/networking/vtun/default.nix index b0397149e60d..09f48d9fa1ad 100644 --- a/pkgs/tools/networking/vtun/default.nix +++ b/pkgs/tools/networking/vtun/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, openssl, lzo, zlib, yacc, flex }: +{ stdenv, fetchurl, fetchpatch, openssl, lzo, zlib, yacc, flex }: stdenv.mkDerivation rec { name = "vtun-3.0.3"; @@ -8,7 +8,13 @@ stdenv.mkDerivation rec { sha256 = "1jxrxp3klhc8az54d5qn84cbc0vdafg319jh84dxkrswii7vxp39"; }; - patchPhase = '' + patches = [ + (fetchpatch { url = http://sources.debian.net/data/main/v/vtun/3.0.3-2.2/debian/patches/08-gcc5-inline.patch; + sha256 = "18sys97v2hx6vac5zp3ld7sa6kz4izv3g9dnkm0lflbaxhym2vs1"; + }) + ]; + + postPatch = '' sed -i -e 's/-m 755//' -e 's/-o root -g 0//' Makefile.in sed -i '/strip/d' Makefile.in ''; |