Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b4f2f298e18f
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7d0b089bf37d
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 27, 2020

  1. oauth2_proxy: Backport security fix (CVE-2017-1000070) 

    Since 20.03 still uses old oauth2_proxy (3.2.0), which is not compatible
with the newest one (5.1.0), this change backports an important security
fix to 3.2.0:

oauth2-proxy/oauth2-proxy@a316f8a

The vulnerability is an open redirect, where a bad actor can redirect a
session to another domain using `/\` in redirect URIs.
    @knl
    knl committed Apr 27, 2020
    Copy the full SHA
    92ab877 View commit details

  2. Merge pull request #86108 from knl/security-fix-oauth2_proxy

    @Mic92
    Mic92 authored Apr 27, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7d0b089 View commit details
Showing with 9 additions and 1 deletion.
  1. +9 −1 pkgs/servers/oauth2_proxy/default.nix
10 changes: 9 additions & 1 deletion pkgs/servers/oauth2_proxy/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ lib, buildGoPackage, fetchFromGitHub }:
{ lib, buildGoPackage, fetchFromGitHub, fetchpatch }:

buildGoPackage rec {
pname = "oauth2_proxy";
@@ -15,6 +15,14 @@ buildGoPackage rec {

goDeps = ./deps.nix;

patches = [
(fetchpatch {
url = https://github.com/oauth2-proxy/oauth2-proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2.patch;
excludes = [ "CHANGELOG.md" ];
sha256 = "1bnij902418hy1rh9d1g16wpxw5w6zvg52iylbs2y1zi88y7a01c";
})
];

meta = with lib; {
description = "A reverse proxy that provides authentication with Google, Github or other provider";
homepage = https://github.com/pusher/oauth2_proxy/;