This potentially addresses CVE-2017-1000494.
Changes since last version bump:
2017/12/11:
Fix buffer over run in minixml.c
Fix uninitialized variable access in upnpreplyparse.c
changelog since the last version bump:
2017/12/12:
Fix a few buffer overrun in SSDP and SOAP parsing
2017/11/02:
PCP : reset epoch after address change
2017/05/26:
merge https://github.com/miniupnp/miniupnp/tree/randomize_url branch
2017/05/24:
get SSDP packet receiving interface index and use it to check if the
packet is from a LAN
2017/03/13:
default to client address for AddPortMapping when <NewInternalClient>
is empty
pass ext_if_name to add_pinhole()
2016/12/23:
Fix UDA-1.2.10 Man header empty or invalid
2016/12/16:
Do not try to open IPv6 sockets once it is disabled
2016/12/01:
Fix "AddPinhole Twice" test
2016/11/11:
fixes build for Solaris/SunOS
2016/07/23:
fixes build error on DragonFly BSD
systemd is a fairly large dependency, and it doesn't appear to
be necessary in all circumstances - e.g. when openvpn is
not run as a systemd service (as is usually the case when it is
run in a Docker container).
This change makes the dependency on systemd optional, controlled
by a new argument `useSystemd`. The default behaviour remains
the same as it was before this change: enabled only on Linux systems.
For me, this change reduces the size of my container image (dominated
by the closure of openvpn) from about 110 MB to 45 MB.
Version 2: rename argument to `useSystemd` (was `systemdSupport`), and
rebase onto master
Keep the `source` attrset distinct to prevent its entries from merging
with the top level attrs.
Since each type of source has a different set of entries for `source`,
this is the easiest way to keep them together.
This will pave the way for a new `url` type of source.
This is a mass-rebuild of many ruby packages,
notably those using `git` type sources.
The http-prompt tests do something with files, which leads to
permission errors during test execution.
For now replace the check with a executable sanity check
They aren't meant to be critical (uncatchable) errors.
Tested with nix-env + checkMeta:
[ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ]
uwimap was shipping an `include/unix.h` file that would be falsely
detected by many applications (e.g. php and its modules). Due to that
file we got hacks like 8c125c0c74.
This also adds some previously missing files that would normally be
installed by uwimap (linkage.c, osdep/unix/*.h, …)
Added the boolean option:
networking.networkmanager.enableStrongSwan
which enables the networkmanager_strongswan plugin and adds
strongswanNM to the dbus packages.
This was contributed by @wucke13, @eqyiel and @globin.
Fixes: #29873
Certain tools, e.g. compilers, are customarily prefixed with the name of
their target platform so that multiple builds can be used at once
without clobbering each other on the PATH. I was using identifiers named
`prefix` for this purpose, but that conflicts with the standard use of
`prefix` to mean the directory where something is installed. To avoid
conflict and confusion, I renamed those to `targetPrefix`.
It is not trivial to update libreswan to 3.22 because it has added a dependency
on ldns which currently depends on openssl 1.1.0, while the rest of libreswan
depends on openssl 1.0.2. It compiles, but may behave unpredictably at run time.
Tracking issue: #31696
Airfield suffered from loose version constraints which
caused severe version (and API) conflicts between its dependencies
and transitive ones.
Furthermore the `npm2nix` packaging is deprecated and needed to be
replaced by `node2nix`.
see #31032
The build fails first of all because it cannot find the function body
for __builtin_memset. In glibc 2.26 this is available via inclusion of
string.h.
Another failure was that UINT64_MAX wasn't available in staging/tools.c,
which is fixed again by inclusion of stdint.h.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @nckx
