diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/ipsec-tools')
3 files changed, 80 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch new file mode 100644 index 000000000000..00c23c6cac14 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch @@ -0,0 +1,16 @@ +Index: pkg-ipsec-tools/src/racoon/gssapi.c +=================================================================== +--- pkg-ipsec-tools.orig/src/racoon/gssapi.c ++++ pkg-ipsec-tools/src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); diff --git a/nixpkgs/pkgs/os-specific/linux/ipsec-tools/default.nix b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/default.nix new file mode 100644 index 000000000000..0aa074b4df8f --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, kerberos, pam }: + +# TODO: These tools are supposed to work under NetBSD and FreeBSD as +# well, so I guess it's not appropriate to place this expression in +# "os-specific/linux/ipsec-tools". Since I cannot verify that the +# expression actually builds on those platforms, I'll leave it here for +# the time being. + +stdenv.mkDerivation rec { + name = "ipsec-tools-0.8.2"; + + src = fetchurl { + url = "mirror://sourceforge/ipsec-tools/${name}.tar.bz2"; + sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf"; + }; + + buildInputs = [ readline openssl flex kerberos pam ]; + + patches = [ + ./dont-create-localstatedir-during-install.patch + ./CVE-2015-4047.patch + (fetchpatch { + url = "https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b"; + sha256 = "1kf7j2pf1blni52z7q41n0yisqb7gvk01lvldr319zaxxg7rm84a"; + }) + ]; + + # fix build with newer gcc versions + preConfigure = ''substituteInPlace configure --replace "-Werror" "" ''; + + configureFlags = [ + "--sysconfdir=/etc --localstatedir=/var" + "--with-kernel-headers=${linuxHeaders}/include" + "--disable-security-context" + "--enable-adminport" + "--enable-dpd" + "--enable-frag" + "--enable-gssapi" + "--enable-hybrid" + "--enable-natt" + "--enable-shared" + "--enable-stats" + ]; + + meta = with stdenv.lib; { + homepage = http://ipsec-tools.sourceforge.net/; + description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"; + license = licenses.bsd3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch new file mode 100644 index 000000000000..16b80c36d6a5 --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch @@ -0,0 +1,13 @@ +diff -ubr ipsec-tools-0.8.0-orig/src/racoon/Makefile.in ipsec-tools-0.8.0/src/racoon/Makefile.in +--- ipsec-tools-0.8.0-orig/src/racoon/Makefile.in 2012-10-20 13:01:07.700903316 +0200 ++++ ipsec-tools-0.8.0/src/racoon/Makefile.in 2012-10-20 13:01:13.177832616 +0200 +@@ -1085,9 +1085,6 @@ + uninstall-sbinPROGRAMS + + +-install-exec-local: +- ${mkinstalldirs} $(DESTDIR)${adminsockdir} +- + # special object rules + crypto_openssl_test.o: crypto_openssl.c + $(COMPILE) -DEAYDEBUG -o crypto_openssl_test.o -c $(srcdir)/crypto_openssl.c |