Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 300fa462b31a
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2bbe0b0f0b2b
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Jun 7, 2017

  1. nixos/firewall: clean up rpfilter rules properly 

    The rpfilter rules wouldn't be removed if it was previously enabled
but disabled in a new generation.

(cherry picked from commit a49c236)
    @fpletz
    fpletz committed Jun 7, 2017

    Verified

    This commit was signed with the committer’s verified signature.
    NeQuissimus Tim Steinbach
    GPG key ID: 472BFCCA96BD0EDA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f82ae7c View commit details

  2. irssi: 1.0.2 -> 1.0.3 (security) 

    See https://irssi.org/security/irssi_sa_2017_06.txt.

(cherry picked from commit e864345)
    @fpletz
    fpletz committed Jun 7, 2017

    Verified

    This commit was signed with the committer’s verified signature.
    fpletz Franz Pletz
    GPG key ID: 846FDED7792617B4
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2bbe0b0 View commit details
Showing with 9 additions and 8 deletions.
  1. +7 −6 nixos/modules/services/networking/firewall.nix
  2. +2 −2 pkgs/applications/networking/irc/irssi/default.nix
13 changes: 7 additions & 6 deletions nixos/modules/services/networking/firewall.nix
View file
Original file line number Diff line number Diff line change
@@ -114,14 +114,15 @@ let
# The "nixos-fw" chain does the actual work.
ip46tables -N nixos-fw
# Perform a reverse-path test to refuse spoofers
# For now, we just drop, as the raw table doesn't have a log-refuse yet
# Clean up rpfilter rules
ip46tables -t raw -D PREROUTING -j nixos-fw-rpfilter 2> /dev/null || true
ip46tables -t raw -F nixos-fw-rpfilter 2> /dev/null || true
ip46tables -t raw -X nixos-fw-rpfilter 2> /dev/null || true
${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) ''
# Clean up rpfilter rules
ip46tables -t raw -D PREROUTING -j nixos-fw-rpfilter 2> /dev/null || true
ip46tables -t raw -F nixos-fw-rpfilter 2> /dev/null || true
# Perform a reverse-path test to refuse spoofers
# For now, we just drop, as the raw table doesn't have a log-refuse yet
ip46tables -t raw -N nixos-fw-rpfilter 2> /dev/null || true
ip46tables -t raw -A nixos-fw-rpfilter -m rpfilter ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN
# Allows this host to act as a DHCPv4 server
4 changes: 2 additions & 2 deletions pkgs/applications/networking/irc/irssi/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{ stdenv, fetchurl, pkgconfig, ncurses, glib, openssl, perl, libintlOrEmpty }:

stdenv.mkDerivation rec {
version = "1.0.2";
version = "1.0.3";
name = "irssi-${version}";

src = fetchurl {
url = "https://github.com/irssi/irssi/releases/download/${version}/${name}.tar.gz";
sha256 = "1fas6dqz6g8m2400spvkhfxihj3w06qb917h4vhcb716g9wpjkwf";
sha256 = "08nfm1pcf2b9npnp83175yi2vcwnhjdiwsq8whz7iky33hlhvijk";
};

nativeBuildInputs = [ pkgconfig ];