From 31ff2ac05792a5132ae87c968c35bd51419750d1 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 16 Feb 2017 23:56:27 +0100 Subject: systemd: add patch to fix docker https://github.com/systemd/systemd/commit/843d5baf6aad6c53fc00ea8d95d83209a4f92de1 "don't use the unified hierarchy for the systemd cgroup yet" fixes #22472 --- pkgs/os-specific/linux/systemd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 3248b93a5229..db474f688e59 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -15,8 +15,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "nixos"; repo = "systemd"; - rev = "9a35924a4f15dab2a84b3104b1cd125a3c36f77d"; - sha256 = "1z3rishvjlr5d4qgd262r13z04vzvlrlgwm7kpsf4hk7w0gmz4i5"; + rev = "c110fc3504d7a2fa944575b347814f7e97d3c5a0"; + sha256 = "19carch1adad70nifbqdx649kj5m8pgpiq27hh05ig38yrbmb2vz"; }; outputs = [ "out" "lib" "man" "dev" ]; -- cgit 1.4.1 From df58ed2f131d19dfbf8b6bb1bab7490cf09cdebb Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 2 Feb 2017 03:43:45 +0100 Subject: hostapd: 2.5 -> 2.6 --- pkgs/os-specific/linux/hostapd/default.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 63fd17117211..0fef297ea5f6 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -1,23 +1,15 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, libnl, openssl, sqlite ? null }: +{ stdenv, fetchurl, pkgconfig, libnl, openssl, sqlite ? null }: with stdenv.lib; stdenv.mkDerivation rec { name = "hostapd-${version}"; - version = "2.5"; + version = "2.6"; src = fetchurl { url = "http://hostap.epitest.fi/releases/${name}.tar.gz"; - sha256 = "0jn77r39ysshkzihv5rjbdajqazci59v2yab4rn05my09najs9wf"; + sha256 = "0z8ilypad82q3l6q6kbv6hczvhjn8k63j8051x5yqfyjq686nlh1"; }; - patches = [ - (fetchpatch { - url = "https://raw.githubusercontent.com/voidlinux/void-packages/a7bcbc258ba9884bccde831c0ae2069cade99e41/srcpkgs/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c"; - sha256 = "1ifa2i54a7ijsha197dyldal3m4q5i05ih2sk15f5a5ybb6x7vmp"; - addPrefixes = true; - }) - ]; - nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libnl openssl sqlite ]; -- cgit 1.4.1 From 96b4d69136dabcdd718dc40d3e554ba24943feb6 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 2 Feb 2017 04:08:14 +0100 Subject: openisns: 0.95 -> 0.97 --- pkgs/os-specific/linux/open-isns/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/open-isns/default.nix b/pkgs/os-specific/linux/open-isns/default.nix index 49100fc5a44b..bb4ee5e98777 100644 --- a/pkgs/os-specific/linux/open-isns/default.nix +++ b/pkgs/os-specific/linux/open-isns/default.nix @@ -1,17 +1,18 @@ { stdenv, openssl, fetchFromGitHub }: + stdenv.mkDerivation rec { name = "open-isns-${version}"; - version = "0.95"; + version = "0.97"; src = fetchFromGitHub { owner = "gonzoleeman"; repo = "open-isns"; rev = "v${version}"; - sha256 = "1c2x3yf9806gbjsw4xi805rfhyxk353a3whqvpccz8dwas6jajwh"; + sha256 = "17aichjgkwjfp9dx1piw7dw8ddz1bgm5mk3laid2zvjks1h739k3"; }; propagatedBuildInputs = [ openssl ]; - outputs = ["out" "lib" ]; + outputs = [ "out" "lib" ]; outputInclude = "lib"; installFlags = "etcdir=$(out)/etc vardir=$(out)/var/lib/isns"; -- cgit 1.4.1 From 643703366dd44bd0848dc302a959c5cce9a4d2bf Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 2 Feb 2017 04:14:04 +0100 Subject: pam_ssh_agent_auth: 0.9.5 -> 0.10.3 --- .../linux/pam_ssh_agent_auth/default.nix | 10 +- .../pam_ssh_agent_auth/multiple-key-files.patch | 338 --------------------- 2 files changed, 2 insertions(+), 346 deletions(-) delete mode 100644 pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index db6f04674a08..9ce1ef6ae53d 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -1,19 +1,13 @@ { stdenv, fetchurl, pam, openssl, perl }: stdenv.mkDerivation rec { - name = "pam_ssh_agent_auth-0.9.5"; + name = "pam_ssh_agent_auth-0.10.3"; src = fetchurl { url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2"; - sha256 = "1aihfyj17nvqhf0d5i0dg2lsly3r24xjyx0sfqpf60s0libkp4y0"; + sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw"; }; - patches = - [ # Allow multiple colon-separated authorized keys files to be - # specified in the file= option. - ./multiple-key-files.patch - ]; - buildInputs = [ pam openssl perl ]; enableParallelBuilding = true; diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch deleted file mode 100644 index dc97b7d54f7c..000000000000 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch +++ /dev/null @@ -1,338 +0,0 @@ -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/iterate_ssh_agent_keys.c pam_ssh_agent_auth-0.9.4/iterate_ssh_agent_keys.c ---- pam_ssh_agent_auth-0.9.4-orig/iterate_ssh_agent_keys.c 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/iterate_ssh_agent_keys.c 2012-12-17 19:29:16.014226336 +0000 -@@ -69,14 +69,14 @@ - return cookie; - } - --int -+const char * - pamsshagentauth_find_authorized_keys(uid_t uid) - { - Identity *id; - Key *key; - AuthenticationConnection *ac; - char *comment; -- uint8_t retval = 0; -+ const char *key_file = 0; - - OpenSSL_add_all_digests(); - session_id2 = pamsshagentauth_session_id2_gen(); -@@ -90,13 +90,11 @@ - id->key = key; - id->filename = comment; - id->ac = ac; -- if(userauth_pubkey_from_id(id)) { -- retval = 1; -- } -+ key_file = userauth_pubkey_from_id(id); - pamsshagentauth_xfree(id->filename); - pamsshagentauth_key_free(id->key); - pamsshagentauth_xfree(id); -- if(retval == 1) -+ if(key_file) - break; - } - } -@@ -107,5 +105,5 @@ - } - pamsshagentauth_xfree(session_id2); - EVP_cleanup(); -- return retval; -+ return key_file; - } -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/iterate_ssh_agent_keys.h pam_ssh_agent_auth-0.9.4/iterate_ssh_agent_keys.h ---- pam_ssh_agent_auth-0.9.4-orig/iterate_ssh_agent_keys.h 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/iterate_ssh_agent_keys.h 2012-12-17 19:28:57.454334806 +0000 -@@ -31,6 +31,6 @@ - #ifndef _ITERATE_SSH_AGENT_KEYS_H - #define _ITERATE_SSH_AGENT_KEYS_H - --int pamsshagentauth_find_authorized_keys(uid_t); -+const char * pamsshagentauth_find_authorized_keys(uid_t); - - #endif -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0.9.4/pam_ssh_agent_auth.c ---- pam_ssh_agent_auth-0.9.4-orig/pam_ssh_agent_auth.c 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/pam_ssh_agent_auth.c 2012-12-17 19:30:24.013830673 +0000 -@@ -60,7 +60,6 @@ - - #define strncasecmp_literal(A,B) strncasecmp( A, B, sizeof(B) - 1) - --char *authorized_keys_file = NULL; - uint8_t allow_user_owned_authorized_keys_file = 0; - - #if ! HAVE___PROGNAME || HAVE_BUNDLE -@@ -161,15 +160,13 @@ - goto cleanexit; - } - -- if(authorized_keys_file_input && user) { -- /* -- * user is the name of the target-user, and so must be used for validating the authorized_keys file -- */ -- parse_authorized_key_file(user, authorized_keys_file_input); -- } else { -- pamsshagentauth_verbose("Using default file=/etc/security/authorized_keys"); -- authorized_keys_file = pamsshagentauth_xstrdup("/etc/security/authorized_keys"); -- } -+ if (!authorized_keys_file_input || !user) -+ authorized_keys_file_input = "/etc/security/authorized_keys"; -+ -+ /* -+ * user is the name of the target-user, and so must be used for validating the authorized_keys file -+ */ -+ parse_authorized_key_files(user, authorized_keys_file_input); - - /* - * PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter. -@@ -177,16 +174,17 @@ - */ - - if(user && strlen(ruser) > 0) { -- pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); -+ pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); - - /* - * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user - */ -- if(pamsshagentauth_find_authorized_keys(getpwnam(ruser)->pw_uid)) { -- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file); -+ const char *key_file; -+ if((key_file = pamsshagentauth_find_authorized_keys(getpwnam(ruser)->pw_uid))) { -+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file); - retval = PAM_SUCCESS; - } else { -- pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); -+ pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); - } - } else { - pamsshagentauth_logit("No %s specified, cannot continue with this form of authentication", (user) ? "ruser" : "user" ); -@@ -198,7 +196,7 @@ - free(__progname); - #endif - -- free(authorized_keys_file); -+ free_authorized_key_files(); - - return retval; - } -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/pam_ssh_agent_auth.pod pam_ssh_agent_auth-0.9.4/pam_ssh_agent_auth.pod ---- pam_ssh_agent_auth-0.9.4-orig/pam_ssh_agent_auth.pod 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/pam_ssh_agent_auth.pod 2012-12-17 19:52:35.968965448 +0000 -@@ -26,7 +26,7 @@ - - =item file= - --Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) -+Specify the path(s) to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below). Paths are separated using colons. - - =item allow_user_owned_authorized_keys_file - -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/pam_user_authorized_keys.c pam_ssh_agent_auth-0.9.4/pam_user_authorized_keys.c ---- pam_ssh_agent_auth-0.9.4-orig/pam_user_authorized_keys.c 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/pam_user_authorized_keys.c 2012-12-17 19:32:20.830157313 +0000 -@@ -79,66 +79,96 @@ - - #include "identity.h" - #include "pam_user_key_allowed2.h" -+#include "pam_user_authorized_keys.h" - --extern char *authorized_keys_file; -+#define MAX_AUTHORIZED_KEY_FILES 16 -+ -+char *authorized_keys_files[MAX_AUTHORIZED_KEY_FILES]; -+unsigned int nr_authorized_keys_files = 0; - extern uint8_t allow_user_owned_authorized_keys_file; - uid_t authorized_keys_file_allowed_owner_uid; - - void --parse_authorized_key_file(const char *user, const char *authorized_keys_file_input) -+parse_authorized_key_files(const char *user, const char *authorized_keys_file_input) - { -- char fqdn[HOST_NAME_MAX] = ""; -+ const char *pos = authorized_keys_file_input; - char hostname[HOST_NAME_MAX] = ""; -- char auth_keys_file_buf[4096] = ""; -- char *slash_ptr = NULL; -- char owner_uname[128] = ""; -- size_t owner_uname_len = 0; -- -- /* -- * temporary copy, so that both tilde expansion and percent expansion both get to apply to the path -- */ -- strncat(auth_keys_file_buf, authorized_keys_file_input, sizeof(auth_keys_file_buf) - 1); -+ char fqdn[HOST_NAME_MAX] = ""; -+ -+#if HAVE_GETHOSTNAME -+ *hostname = '\0'; -+ gethostname(fqdn, HOST_NAME_MAX); -+ strncat(hostname, fqdn, strcspn(fqdn,".")); -+#endif - -- if(allow_user_owned_authorized_keys_file) -- authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid; -+ while (pos) { -+ const char *colon = strchr(pos, ':'); -+ char auth_keys_file_buf[4096] = ""; -+ char *slash_ptr = NULL; -+ char owner_uname[128] = ""; -+ size_t owner_uname_len = 0; -+ -+ strncat(auth_keys_file_buf, pos, sizeof(auth_keys_file_buf) - 1); -+ if (colon) { -+ auth_keys_file_buf[colon - pos] = 0; -+ pos = colon + 1; -+ } else { -+ pos = 0; -+ } - -- if(*auth_keys_file_buf == '~') { -- if(*(auth_keys_file_buf+1) == '/') { -+ if(allow_user_owned_authorized_keys_file) - authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid; -+ -+ if(*auth_keys_file_buf == '~') { -+ if(*(auth_keys_file_buf+1) == '/') { -+ authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid; -+ } -+ else { -+ slash_ptr = strchr(auth_keys_file_buf,'/'); -+ if(!slash_ptr) -+ pamsshagentauth_fatal("cannot expand tilde in path without a `/'"); -+ -+ owner_uname_len = slash_ptr - auth_keys_file_buf - 1; -+ if(owner_uname_len > (sizeof(owner_uname) - 1) ) -+ pamsshagentauth_fatal("Username too long"); -+ -+ strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len); -+ if(!authorized_keys_file_allowed_owner_uid) -+ authorized_keys_file_allowed_owner_uid = getpwnam(owner_uname)->pw_uid; -+ } -+ char *tmp = pamsshagentauth_tilde_expand_filename(auth_keys_file_buf, authorized_keys_file_allowed_owner_uid); -+ strncpy(auth_keys_file_buf, tmp, sizeof(auth_keys_file_buf) - 1 ); -+ pamsshagentauth_xfree(tmp); - } -- else { -- slash_ptr = strchr(auth_keys_file_buf,'/'); -- if(!slash_ptr) -- pamsshagentauth_fatal("cannot expand tilde in path without a `/'"); -- -- owner_uname_len = slash_ptr - auth_keys_file_buf - 1; -- if(owner_uname_len > (sizeof(owner_uname) - 1) ) -- pamsshagentauth_fatal("Username too long"); -- -- strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len); -- if(!authorized_keys_file_allowed_owner_uid) -- authorized_keys_file_allowed_owner_uid = getpwnam(owner_uname)->pw_uid; -+ -+ if(strstr(auth_keys_file_buf, "%h")) { -+ authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid; - } -- authorized_keys_file = pamsshagentauth_tilde_expand_filename(auth_keys_file_buf, authorized_keys_file_allowed_owner_uid); -- strncpy(auth_keys_file_buf, authorized_keys_file, sizeof(auth_keys_file_buf) - 1 ); -- pamsshagentauth_xfree(authorized_keys_file) /* when we percent_expand later, we'd step on this, so free it immediately */; -- } - -- if(strstr(auth_keys_file_buf, "%h")) { -- authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid; -+ if (nr_authorized_keys_files >= MAX_AUTHORIZED_KEY_FILES) -+ pamsshagentauth_fatal("Too many authorized key files"); -+ authorized_keys_files[nr_authorized_keys_files++] = -+ pamsshagentauth_percent_expand(auth_keys_file_buf, "h", getpwnam(user)->pw_dir, "H", hostname, "f", fqdn, "u", user, NULL); - } -+} - --#if HAVE_GETHOSTNAME -- *hostname = '\0'; -- gethostname(fqdn, HOST_NAME_MAX); -- strncat(hostname, fqdn, strcspn(fqdn,".")); --#endif -- authorized_keys_file = pamsshagentauth_percent_expand(auth_keys_file_buf, "h", getpwnam(user)->pw_dir, "H", hostname, "f", fqdn, "u", user, NULL); -+void -+free_authorized_key_files() -+{ -+ unsigned int n; -+ for (n = 0; n < nr_authorized_keys_files; n++) -+ free(authorized_keys_files[n]); -+ nr_authorized_keys_files = 0; - } - --int -+const char * - pam_user_key_allowed(Key * key) - { -- return pam_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid), key, authorized_keys_file) -- || pam_user_key_allowed2(getpwuid(0), key, authorized_keys_file); -+ unsigned int n; -+ for (n = 0; n < nr_authorized_keys_files; n++) { -+ if (pam_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid), key, authorized_keys_files[n]) -+ || pam_user_key_allowed2(getpwuid(0), key, authorized_keys_files[n])) -+ return authorized_keys_files[n]; -+ } -+ return 0; - } -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/pam_user_authorized_keys.h pam_ssh_agent_auth-0.9.4/pam_user_authorized_keys.h ---- pam_ssh_agent_auth-0.9.4-orig/pam_user_authorized_keys.h 2010-01-13 02:17:01.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/pam_user_authorized_keys.h 2012-12-17 19:24:34.477894517 +0000 -@@ -28,11 +28,12 @@ - */ - - --#ifndef _PAM_USER_KEY_ALLOWED_H --#define _PAM_USER_KEY_ALLOWED_H -+#ifndef _PAM_USER_AUTHORIZED_KEYS_H -+#define _PAM_USER_AUTHORIZED_KEYS_H - - #include "identity.h" --int pam_user_key_allowed(Key *); --void parse_authorized_key_file(const char *, const char *); -+const char * pam_user_key_allowed(Key *); -+void parse_authorized_key_files(const char *, const char *); -+void free_authorized_key_files(); - - #endif -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/userauth_pubkey_from_id.c pam_ssh_agent_auth-0.9.4/userauth_pubkey_from_id.c ---- pam_ssh_agent_auth-0.9.4-orig/userauth_pubkey_from_id.c 2012-06-28 01:47:49.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/userauth_pubkey_from_id.c 2012-12-17 19:27:30.813843933 +0000 -@@ -51,7 +51,7 @@ - extern u_char *session_id2; - extern uint8_t session_id_len; - --int -+const char * - userauth_pubkey_from_id(Identity * id) - { - Buffer b = { 0 }; -@@ -59,11 +59,12 @@ - u_char *pkblob = NULL, *sig = NULL; - u_int blen = 0, slen = 0; - int authenticated = 0; -+ const char *key_file; - - pkalg = (char *) key_ssh_name(id->key); - - /* first test if this key is even allowed */ -- if(! pam_user_key_allowed(id->key)) -+ if(!(key_file = pam_user_key_allowed(id->key))) - goto user_auth_clean_exit; - - if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0) -@@ -96,5 +97,5 @@ - if(pkblob != NULL) - pamsshagentauth_xfree(pkblob); - CRYPTO_cleanup_all_ex_data(); -- return authenticated; -+ return authenticated ? key_file : 0; - } -diff -ru -x '*~' pam_ssh_agent_auth-0.9.4-orig/userauth_pubkey_from_id.h pam_ssh_agent_auth-0.9.4/userauth_pubkey_from_id.h ---- pam_ssh_agent_auth-0.9.4-orig/userauth_pubkey_from_id.h 2010-01-13 02:17:01.000000000 +0000 -+++ pam_ssh_agent_auth-0.9.4/userauth_pubkey_from_id.h 2012-12-17 19:25:54.893412987 +0000 -@@ -32,6 +32,6 @@ - #define _USERAUTH_PUBKEY_FROM_ID_H - - #include --int userauth_pubkey_from_id(Identity *); -+const char * userauth_pubkey_from_id(Identity *); - - #endif -- cgit 1.4.1