about summary refs log tree commit diff
path: root/third_party/overlays/strongswan-workaround.nix
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/overlays/strongswan-workaround.nix')
-rw-r--r--third_party/overlays/strongswan-workaround.nix25
1 files changed, 25 insertions, 0 deletions
diff --git a/third_party/overlays/strongswan-workaround.nix b/third_party/overlays/strongswan-workaround.nix
new file mode 100644
index 000000000000..a5c3c26ec981
--- /dev/null
+++ b/third_party/overlays/strongswan-workaround.nix
@@ -0,0 +1,25 @@
+# Workaround for an issue where strongswan 5.9.5 can not connect to
+# some servers that do not have a mitigation for CVE-2021-45079
+# applied.
+#
+# Of course ideally the servers would be patched, but the world is not
+# ideal.
+#
+# Only intended for use by //users/tazjin/nixos/...
+{ ... }:
+
+self: super: {
+  # Downgrade strongswan to 5.9.4
+  #
+  # See https://github.com/NixOS/nixpkgs/pull/156567
+  strongswan = super.strongswan.overrideAttrs (_: rec {
+    version = "5.9.4";
+
+    src = self.fetchFromGitHub {
+      owner = "strongswan";
+      repo = "strongswan";
+      rev = version;
+      sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
+    };
+  });
+}