diff options
author | Vincent Ambo <mail@tazj.in> | 2022-02-03T22·53+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-02-03T23·08+0000 |
commit | 8099c11a121f47bd3a54fab7b6c53fa162c830bc (patch) | |
tree | 6fbf287d819a2722b25afd7cd3fd92f2172c6511 /third_party/overlays/strongswan-workaround.nix | |
parent | 7fcede0c5bd50f6790a99081c006134848ae0f75 (diff) |
fix(tazjin/tverskoy): Downgrade strongswan to 5.9.4 r/3757
Comments contain all the relevant info. Change-Id: I6d4a715889b562dc79148314092f698ceefcac88 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5221 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
Diffstat (limited to 'third_party/overlays/strongswan-workaround.nix')
-rw-r--r-- | third_party/overlays/strongswan-workaround.nix | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/third_party/overlays/strongswan-workaround.nix b/third_party/overlays/strongswan-workaround.nix new file mode 100644 index 000000000000..a5c3c26ec981 --- /dev/null +++ b/third_party/overlays/strongswan-workaround.nix @@ -0,0 +1,25 @@ +# Workaround for an issue where strongswan 5.9.5 can not connect to +# some servers that do not have a mitigation for CVE-2021-45079 +# applied. +# +# Of course ideally the servers would be patched, but the world is not +# ideal. +# +# Only intended for use by //users/tazjin/nixos/... +{ ... }: + +self: super: { + # Downgrade strongswan to 5.9.4 + # + # See https://github.com/NixOS/nixpkgs/pull/156567 + strongswan = super.strongswan.overrideAttrs (_: rec { + version = "5.9.4"; + + src = self.fetchFromGitHub { + owner = "strongswan"; + repo = "strongswan"; + rev = version; + sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd"; + }; + }); +} |