diff options
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/curl-impersonate/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/curl-impersonate/deps.nix | 22 | ||||
-rw-r--r-- | pkgs/tools/networking/mpack/CVE-2011-4919.patch | 23 | ||||
-rw-r--r-- | pkgs/tools/networking/mpack/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/netbird/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/networking/tinyproxy/default.nix | 13 |
6 files changed, 43 insertions, 29 deletions
diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index 070aab8d53f28..58c0f41fc446b 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -25,13 +25,13 @@ let makeCurlImpersonate = { name, target }: stdenv.mkDerivation rec { pname = "curl-impersonate-${name}"; - version = "0.5.4"; + version = "0.6.1"; src = fetchFromGitHub { owner = "lwthiker"; repo = "curl-impersonate"; rev = "v${version}"; - hash = "sha256-LBGWFal2szqgURIBCLB84kHWpdpt5quvBBZu6buGj2A="; + hash = "sha256-ExmEhjJC8FPzx08RuKOhRxKgJ4Dh+ElEl+OUHzRCzZc="; }; patches = [ @@ -138,7 +138,7 @@ let inherit (passthru.deps."boringssl.zip") name; src = passthru.deps."boringssl.zip"; - vendorHash = "sha256-ISmRdumckvSu7hBXrjvs5ZApShDiGLdD3T5B0fJ1x2Q="; + vendorHash = "sha256-SNUsBiKOGWmkRdTVABVrlbLAVMfu0Q9IgDe+kFC5vXs="; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/tools/networking/curl-impersonate/deps.nix b/pkgs/tools/networking/curl-impersonate/deps.nix index 498616247dce9..1b04659f07413 100644 --- a/pkgs/tools/networking/curl-impersonate/deps.nix +++ b/pkgs/tools/networking/curl-impersonate/deps.nix @@ -2,9 +2,9 @@ { fetchurl }: { - "curl-7.84.0.tar.xz" = fetchurl { - url = "https://curl.se/download/curl-7.84.0.tar.xz"; - hash = "sha256-LRGLQ/VHv+W66AbY1HtOWW6lslpsHwgK70n7zYF8Xbg="; + "curl-8.1.1.tar.xz" = fetchurl { + url = "https://curl.se/download/curl-8.1.1.tar.xz"; + hash = "sha256-CKlI4GGSlkVZfB73GU4HswiyIIT/A/p0ALRl5sBRSeU="; }; "brotli-1.0.9.tar.gz" = fetchurl { @@ -12,18 +12,18 @@ hash = "sha256-+ejYHQQFumbRgVKa9CozVPg4yTkJX/mZMNpqqc32/kY="; }; - "nss-3.87.tar.gz" = fetchurl { - url = "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_87_RTM/src/nss-3.87-with-nspr-4.35.tar.gz"; - hash = "sha256-63DqC1jc5pqkkOnp/s0TKn1kTh2j1jHhYzdqDcwRoCI="; + "nss-3.92.tar.gz" = fetchurl { + url = "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_92_RTM/src/nss-3.92-with-nspr-4.35.tar.gz"; + hash = "sha256-IcF2v/+27IQLX5hcf48BRoL0ovtVsGkkc0Fy1cBIbcU="; }; "boringssl.zip" = fetchurl { - url = "https://github.com/google/boringssl/archive/3a667d10e94186fd503966f5638e134fe9fb4080.zip"; - hash = "sha256-HsDIkd1x5IH49fUF07dJaabMIMsQygW+NI7GneULpA8="; + url = "https://github.com/google/boringssl/archive/1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc.zip"; + hash = "sha256-daVVQvpxkuEL/8/+QtLOJkdO+ECYZE3P4qJmDjV1GM0="; }; - "nghttp2-1.46.0.tar.bz2" = fetchurl { - url = "https://github.com/nghttp2/nghttp2/releases/download/v1.46.0/nghttp2-1.46.0.tar.bz2"; - hash = "sha256-moKXjIcAcbdp8n0riBkct3/clFpRwdaFx/YafhP8Ryk="; + "nghttp2-1.56.0.tar.bz2" = fetchurl { + url = "https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.bz2"; + hash = "sha256-L13Nv1d6LfUTokZGRUhMw10uTQczZT1jGTrlHbQd70E="; }; } diff --git a/pkgs/tools/networking/mpack/CVE-2011-4919.patch b/pkgs/tools/networking/mpack/CVE-2011-4919.patch new file mode 100644 index 0000000000000..10b9a1116ef39 --- /dev/null +++ b/pkgs/tools/networking/mpack/CVE-2011-4919.patch @@ -0,0 +1,23 @@ +commit 0c87201f64491575350b18d04c62ec142e119d1f +Author: Sebastian Pipping <sebastian@pipping.org> +Date: Sat, 31 Dec 2011 19:17:20 +0000 (20:17 +0100) +Source: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f + + Fix permissions + +diff --git a/unixos.c b/unixos.c +index fa6d0a7..0e2f469 100644 (file) +--- a/unixos.c ++++ b/unixos.c +@@ -134,9 +134,9 @@ FILE *os_createnewfile(char *fname) + FILE *ret; + + #ifdef O_EXCL +- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600); + #else +- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600); + #endif + + if (fd == -1) diff --git a/pkgs/tools/networking/mpack/default.nix b/pkgs/tools/networking/mpack/default.nix index 2c9bf4ff2d308..669ef500c4556 100644 --- a/pkgs/tools/networking/mpack/default.nix +++ b/pkgs/tools/networking/mpack/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0k590z96509k96zxmhv72gkwhrlf55jkmyqlzi72m61r7axhhh97"; }; - patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ]; + patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ./CVE-2011-4919.patch ]; postPatch = '' for f in *.{c,man,pl,unix} ; do diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix index 3526037395142..24d7b5938be91 100644 --- a/pkgs/tools/networking/netbird/default.nix +++ b/pkgs/tools/networking/netbird/default.nix @@ -31,16 +31,16 @@ let in buildGoModule rec { pname = "netbird"; - version = "0.27.4"; + version = "0.27.10"; src = fetchFromGitHub { owner = "netbirdio"; repo = pname; rev = "v${version}"; - hash = "sha256-+IcgzwLUA8OIa9od5LkGnI05FTbxC8PmOf8s5+akTrk="; + hash = "sha256-eliLEyw++NE+OTu4TNJWLptPDVCYUySRciBRoebmXYc="; }; - vendorHash = "sha256-LPq6ovulE+xdoRaQpwA0mNqw3kFxMs/am1ucO8UmDtU="; + vendorHash = "sha256-gV/Jx5QEVw2PjMP3BRkZCZ0lo5i8DUddSs+yntfBcTM="; nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config; diff --git a/pkgs/tools/networking/tinyproxy/default.nix b/pkgs/tools/networking/tinyproxy/default.nix index 8778b90b2b026..03def9023b15a 100644 --- a/pkgs/tools/networking/tinyproxy/default.nix +++ b/pkgs/tools/networking/tinyproxy/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitHub -, fetchpatch , autoreconfHook , perl , nixosTests @@ -10,23 +9,15 @@ stdenv.mkDerivation rec { pname = "tinyproxy"; - version = "1.11.1"; + version = "1.11.2"; src = fetchFromGitHub { - sha256 = "sha256-tipFXh9VG5auWTI2/IC5rwMQFls7aZr6dkzhYTZZkXM="; + hash = "sha256-bpr/O723FmW2gb+85aJrwW5/U7R2HwbePTx15i3rpsE="; rev = version; repo = "tinyproxy"; owner = "tinyproxy"; }; - patches = [ - (fetchpatch { - name = "CVE-2022-40468.patch"; - url = "https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7.patch"; - sha256 = "sha256-P0c4mUK227ld3703ss5MQhi8Vo2QVTCVXhKmc9fcufk="; - }) - ]; - # perl is needed for man page generation. nativeBuildInputs = [ autoreconfHook perl ]; |