Merge #304232: frr 9.1 → 10.0
Addresses CVE-2024-31948 CVE-2024-31949 CVE-2024-31950 CVE-2024-31951
This commit is contained in:
commit
a39290dfdf
@ -435,6 +435,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
|
||||
- `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used.
|
||||
Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory.
|
||||
|
||||
- `frr` was updated to 10.0, which introduces the default of `enforce-first-as` for BGP. Please disable again if needed.
|
||||
|
||||
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
|
||||
This was done so that secrets aren't stored in the world-readable nix store.
|
||||
To migrate, you will have to create a file with the same exact string, and change
|
||||
|
@ -86,24 +86,15 @@ lib.warnIf (!(stdenv.buildPlatform.canExecute stdenv.hostPlatform))
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "frr";
|
||||
version = "9.1";
|
||||
version = "10.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "FRRouting";
|
||||
repo = pname;
|
||||
rev = "${pname}-${version}";
|
||||
hash = "sha256-oDPr51vI+tlT1IiUPufmZh/UE0TNKWrn4RqpnGoGxNo=";
|
||||
hash = "sha256-vvh9z2hmjvAA7OXgrUmlcrrTE5MRedZzfmhX5FEDKwE=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# fixes crash in OSPF TE parsing
|
||||
(fetchpatch {
|
||||
name = "CVE-2024-27913.patch";
|
||||
url = "https://github.com/FRRouting/frr/commit/541503eecd302d2cc8456167d130014cd2cf1134.patch";
|
||||
hash = "sha256-7NxPlQK/6lbLs/NqNi4OZ2uBWfXw99SiXDR6okNvJlg=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
bison
|
||||
|
Loading…
Reference in New Issue
Block a user