diff options
author | Robin Gloster <mail@glob.in> | 2016-08-12 09:46:53 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-08-12 09:46:53 +0000 |
commit | b7787d932ec9cbd82ea6bc7c69d8df159b606fdc (patch) | |
tree | c4b6af2e6b49732ce5c6982cb8512ce9b7f1f34d /pkgs/tools/networking | |
parent | bc025e83bd6c44df38851ef23da53359a0e62841 (diff) | |
parent | 532b2222965377e77ed884c463ee2751fb51dba3 (diff) | |
download | nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.gz nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.bz2 nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.lz nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.xz nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.zst nixlib-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/curl/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/dibbler/default.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/networking/email/default.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/networking/gandi-cli/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/getmail/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/libreswan/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/mosh/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/network-manager/l2tp.nix | 8 | ||||
-rw-r--r-- | pkgs/tools/networking/offlineimap/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/CVE-2015-8325.patch | 28 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/tlsdate/default.nix | 30 |
12 files changed, 65 insertions, 61 deletions
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index eaf427d61a36..5e7010def541 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -18,11 +18,11 @@ assert scpSupport -> libssh2 != null; assert c-aresSupport -> c-ares != null; stdenv.mkDerivation rec { - name = "curl-7.50.0"; + name = "curl-7.50.1"; src = fetchurl { url = "http://curl.haxx.se/download/${name}.tar.bz2"; - sha256 = "16psxjcl25i7v5x71193nkq2anm5mj8pfziq5iwxnj3znwnzx3b0"; + sha256 = "0mjidq4q0hikhis2d35kzkhx6xfcgl875mk5ph5d98fa9kswa4iw"; }; outputs = [ "dev" "out" "bin" "man" "docdev" ]; diff --git a/pkgs/tools/networking/dibbler/default.nix b/pkgs/tools/networking/dibbler/default.nix new file mode 100644 index 000000000000..82ef3b218d08 --- /dev/null +++ b/pkgs/tools/networking/dibbler/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "dibbler-${version}"; + version = "1.0.1"; + + src = fetchurl { + url = "http://www.klub.com.pl/dhcpv6/dibbler/${name}.tar.gz"; + sha256 = "18bnwkvax02scjdg5z8gvrkvy1lhssfnlpsaqb5kkh30w1vri1i7"; + }; + + configureFlags = [ + "--enable-resolvconf" + ]; + + meta = with stdenv.lib; { + description = "Portable DHCPv6 implementation"; + homepage = http://www.klub.com.pl/dhcpv6/; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ fpletz ]; + }; +} diff --git a/pkgs/tools/networking/email/default.nix b/pkgs/tools/networking/email/default.nix index 23501c29e23f..017da63a1e92 100644 --- a/pkgs/tools/networking/email/default.nix +++ b/pkgs/tools/networking/email/default.nix @@ -2,11 +2,10 @@ let eMailSrc = fetchFromGitHub { - #awaiting acceptance of https://github.com/deanproxy/eMail/pull/29 - owner = "jerith666"; + owner = "deanproxy"; repo = "eMail"; - rev = "d9fd259f952b573d320916ee34e807dd3dd24b1f"; - sha256 = "0q4ly4bhlv6lrlj5kmjs491aah1afmkjyw63i9yqnz4d2k6npvl9"; + rev = "7d23c8f508a52bd8809e2af4290417829b6bb5ae"; + sha256 = "1cxxzhm36civ6vjdgrk7mfmlzkih44kdii6l2xgy4r434s8rzcpn"; }; srcRoot = "eMail-${eMailSrc.rev}-src"; diff --git a/pkgs/tools/networking/gandi-cli/default.nix b/pkgs/tools/networking/gandi-cli/default.nix index 2f95123ba212..c2bf6702c5f6 100644 --- a/pkgs/tools/networking/gandi-cli/default.nix +++ b/pkgs/tools/networking/gandi-cli/default.nix @@ -5,10 +5,10 @@ with pythonPackages; buildPythonPackage rec { namePrefix = ""; name = "gandi-cli-${version}"; - version = "0.18"; + version = "0.19"; src = fetchFromGitHub { - sha256 = "045gnz345nfbi1g7j3gcyzrxrx3hcidaxzr05cb49rcr8nmqh1s3"; + sha256 = "0xbf97p75zl6sjxqcgmaa4p5rax2h6ixn8srwdr4rsx2zz9dpwgp"; rev = version; repo = "gandi.cli"; owner = "Gandi"; diff --git a/pkgs/tools/networking/getmail/default.nix b/pkgs/tools/networking/getmail/default.nix index 3eb0e9d2a90a..6f280257692c 100644 --- a/pkgs/tools/networking/getmail/default.nix +++ b/pkgs/tools/networking/getmail/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, buildPythonApplication }: buildPythonApplication rec { - version = "4.49.0"; + version = "4.50.0"; name = "getmail-${version}"; namePrefix = ""; src = fetchurl { url = "http://pyropus.ca/software/getmail/old-versions/${name}.tar.gz"; - sha256 = "1m0yzxd05fklwbmjj1n2q4sx397c1j5qi9a0r5fv3h8pplz4lv0w"; + sha256 = "1hcb5079mkcx3gglfycrhglrgg4jsa499br50yjrh9sal6wpgg7w"; }; doCheck = false; diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix index a2204f9664a1..213051bdf8db 100644 --- a/pkgs/tools/networking/libreswan/default.nix +++ b/pkgs/tools/networking/libreswan/default.nix @@ -6,7 +6,7 @@ let optional = stdenv.lib.optional; - version = "3.17"; + version = "3.18"; name = "libreswan-${version}"; binPath = stdenv.lib.makeBinPath [ bash iproute iptables procps coreutils gnused gawk nss.tools which python @@ -21,7 +21,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://download.libreswan.org/${name}.tar.gz"; - sha256 = "00qd1n6f5w4xr06yanfpnbnn7y7rq2m878ifa3hh13bdgzsqdhi8"; + sha256 = "0zginnakxw7m79zrdvfdvliaiyg78zgqfqkks9z5d1rjj5w13xig"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix index 80feeafdbca4..9a7737e0195a 100644 --- a/pkgs/tools/networking/mosh/default.nix +++ b/pkgs/tools/networking/mosh/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, zlib, boost, protobuf, ncurses, pkgconfig, IOTty +{ stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig, IOTty , makeWrapper, perl, openssl, autoreconfHook, fetchpatch }: stdenv.mkDerivation rec { @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1qsb0y882yfgwnpy6f98pi5xqm6kykdsrxzvaal37hs7szjhky0s"; }; - buildInputs = [ autoreconfHook boost protobuf ncurses zlib pkgconfig IOTty makeWrapper perl openssl ]; + buildInputs = [ autoreconfHook protobuf ncurses zlib pkgconfig IOTty makeWrapper perl openssl ]; patches = [ # remove automake detection macro patch on next release as it is already on mosh master diff --git a/pkgs/tools/networking/network-manager/l2tp.nix b/pkgs/tools/networking/network-manager/l2tp.nix index af3b193798f6..5e09bb7229f8 100644 --- a/pkgs/tools/networking/network-manager/l2tp.nix +++ b/pkgs/tools/networking/network-manager/l2tp.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, automake, autoconf, libtool, intltool, pkgconfig -, networkmanager, networkmanagerapplet, ppp, xl2tpd, strongswan, libsecret -, withGnome ? true, gnome3 }: +, networkmanager, ppp, xl2tpd, strongswan, libsecret +, withGnome ? true, gnome3, networkmanagerapplet }: stdenv.mkDerivation rec { name = "${pname}${if withGnome then "-gnome" else ""}-${version}"; @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { sha256 = "01f39ghc37vw4n4i7whyikgqz8vzxf41q9fsv2gfw1g501cny1j2"; }; - buildInputs = [ networkmanager ppp networkmanagerapplet libsecret ] - ++ stdenv.lib.optionals withGnome [ gnome3.gtk gnome3.libgnome_keyring ]; + buildInputs = [ networkmanager ppp libsecret ] + ++ stdenv.lib.optionals withGnome [ gnome3.gtk gnome3.libgnome_keyring networkmanagerapplet ]; nativeBuildInputs = [ automake autoconf libtool intltool pkgconfig ]; diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix index 42f72ef7e368..6f74df38ad0b 100644 --- a/pkgs/tools/networking/offlineimap/default.nix +++ b/pkgs/tools/networking/offlineimap/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchFromGitHub, pythonPackages, sqlite3 }: pythonPackages.buildPythonApplication rec { - version = "7.0.2"; + version = "7.0.4"; name = "offlineimap-${version}"; namePrefix = ""; @@ -9,7 +9,7 @@ pythonPackages.buildPythonApplication rec { owner = "OfflineIMAP"; repo = "offlineimap"; rev = "v${version}"; - sha256 = "1xwblb1nvqq6gkxjynzsw31xja07qday58x5jqak8sp3d4lqw2h2"; + sha256 = "1ixm4qp3gljbnbi40h8n6j7c0pzk1ry8hpm4bcf7n68gc07r557n"; }; doCheck = false; diff --git a/pkgs/tools/networking/openssh/CVE-2015-8325.patch b/pkgs/tools/networking/openssh/CVE-2015-8325.patch deleted file mode 100644 index c752726aeae7..000000000000 --- a/pkgs/tools/networking/openssh/CVE-2015-8325.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001 -From: Damien Miller <djm@mindrot.org> -Date: Wed, 13 Apr 2016 10:39:57 +1000 -Subject: [PATCH] ignore PAM environment vars when UseLogin=yes - -If PAM is configured to read user-specified environment variables -and UseLogin=yes in sshd_config, then a hostile local user may -attack /bin/login via LD_PRELOAD or similar environment variables -set via PAM. - -CVE-2015-8325, found by Shayan Sadigh, via Colin Watson ---- - session.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/session.c b/session.c -index 4859245..4653b09 100644 ---- a/session.c -+++ b/session.c -@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) - * Pull in any environment variables that may have - * been set by PAM. - */ -- if (options.use_pam) { -+ if (options.use_pam && !options.use_login) { - char **p; - - p = fetch_pam_child_environment(); diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index a0cb0795a261..8f4c0aa54dfa 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -27,11 +27,12 @@ with stdenv.lib; stdenv.mkDerivation rec { # Please ensure that openssh_with_kerberos still builds when # bumping the version here! - name = "openssh-7.2p2"; + name = "openssh-${version}"; + version = "7.3p1"; src = fetchurl { url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz"; - sha256 = "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7"; + sha256 = "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz"; }; prePatch = optionalString hpnSupport @@ -44,7 +45,6 @@ stdenv.mkDerivation rec { [ ./locale_archive.patch ./fix-host-key-algorithms-plus.patch - ./CVE-2015-8325.patch # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch diff --git a/pkgs/tools/networking/tlsdate/default.nix b/pkgs/tools/networking/tlsdate/default.nix index a7721b563b3f..66ead809d0bb 100644 --- a/pkgs/tools/networking/tlsdate/default.nix +++ b/pkgs/tools/networking/tlsdate/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit +{ stdenv, fetchFromGitHub, fetchpatch , autoconf , automake , libevent @@ -7,15 +7,25 @@ , openssl }: -stdenv.mkDerivation { - name = "tlsdate-0.0.12"; +stdenv.mkDerivation rec { + version = "0.0.13"; + name = "tlsdate-${version}"; - src = fetchgit { - url = https://github.com/ioerror/tlsdate; - rev = "fd04f48ed60eb773c8e34d27ef2ee12ee7559a41"; - sha256 = "0naxlsanpgixj509z4mbzl41r2nn5wi6q2lp10a7xgcmcb4cgnbf"; + src = fetchFromGitHub { + owner = "ioerror"; + repo = "tlsdate"; + rev = name; + sha256 = "0w3v63qmbhpqlxjsvf4k3zp90k6mdzi8cdpgshan9iphy1f44xgl"; }; + patches = [ + (fetchpatch { + name = "tlsdate-no_sslv3.patch"; + url = "https://github.com/ioerror/tlsdate/commit/f9d3cba7536d1679e98172ccbddad32bc9ae490c.patch"; + sha256 = "0prv46vxvb4paxaswmc6ix0kd5sp0552i5msdldnhg9fysbac8s0"; + }) + ]; + buildInputs = [ autoconf automake @@ -32,10 +42,10 @@ stdenv.mkDerivation { doCheck = true; - meta = { + meta = with stdenv.lib; { description = "Secure parasitic rdate replacement"; homepage = https://github.com/ioerror/tlsdate; - maintainers = [ stdenv.lib.maintainers.tv ]; - platforms = stdenv.lib.platforms.allBut [ "darwin" ]; + maintainers = with maintainers; [ tv fpletz ]; + platforms = platforms.allBut [ "darwin" ]; }; } |