diff options
Diffstat (limited to 'krebs/2configs/security-workarounds.nix')
-rw-r--r-- | krebs/2configs/security-workarounds.nix | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index b1a492f51..cb5d236ac 100644 --- a/krebs/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -1,4 +1,27 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { + # OpenSSL pre-3.0.7 vulnerabilities + nixpkgs.overlays = [ + (self: super: { + exim = + super.exim.overrideAttrs (old: let + key = if builtins.hasAttr "preBuild" old then + "preBuild" + else + "configurePhase"; + in { + buildInputs = old.buildInputs ++ [ self.gnutls ]; + ${key} = /* sh */ '' + ${old.${key}} + sed -Ei ' + s:^USE_OPENSSL=.*:# &: + s:^# (USE_GNUTLS)=.*:\1=yes: + s:^# (USE_GNUTLS_PC=.*):\1: + ' Local/Makefile + ''; + }); + }) + ]; + # OpenSSL pre-3.0.7 vulnerabilities + services.nginx.package = lib.mkDefault (pkgs.nginxStable.override { openssl = pkgs.libressl; }); } |