third_party/overlays/strongswan-workaround.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# Workaround for an issue where strongswan 5.9.5 can not connect to
# some servers that do not have a mitigation for CVE-2021-45079
# applied.
#
# Of course ideally the servers would be patched, but the world is not
# ideal.
#
# Only intended for use by //users/tazjin/nixos/...
{ ... }:

self: super: {
  # Downgrade strongswan to 5.9.4
  #
  # See https://github.com/NixOS/nixpkgs/pull/156567
  strongswan = super.strongswan.overrideAttrs (_: rec {
    version = "5.9.4";

    src = self.fetchFromGitHub {
      owner = "strongswan";
      repo = "strongswan";
      rev = version;
      sha256 = "1y1gs232x7hsbccjga9nbkf4bbi5wxazlkg00qd2v1nz86sfy4cd";
    };
  });
}