diff options
author | Nikola Knežević <nikola@knezevic.ch> | 2020-07-20 07:08:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-19 22:08:33 -0700 |
commit | 53f42f245af191cb5b1fc9e174c76d2a98b9f96f (patch) | |
tree | 11e506a5797da7f0a8caf42f57404b1b354ddd8d | |
parent | 902987d23d1c7e46e7310e213a5c1ba8b3b4d79a (diff) | |
download | nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.gz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.bz2 nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.lz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.xz nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.tar.zst nixpkgs-53f42f245af191cb5b1fc9e174c76d2a98b9f96f.zip |
oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)
The new release fixes one of the outstanding CVEs against oauth2_proxy: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv. In addition, rename the owner and the project name to reflect the changes upstream (it now belongs to the oauth2-proxy organization, and the name is oauth2-proxy)
-rw-r--r-- | nixos/modules/services/security/oauth2_proxy.nix | 12 | ||||
-rw-r--r-- | pkgs/servers/oauth2_proxy/default.nix | 8 |
2 files changed, 11 insertions, 9 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index d5c5437329e..2f9e94bd77b 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -99,7 +99,7 @@ in ############################################## # PROVIDER configuration - # Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go + # Taken from: https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go provider = mkOption { type = types.enum [ "google" @@ -346,7 +346,9 @@ in type = types.nullOr types.str; default = null; description = '' - An optional cookie domain to force cookies to. + Optional cookie domains to force cookies to (ie: `.yourcompany.com`). + The longest domain matching the request's host will be used (or the shortest + cookie domain if there is no match). ''; example = ".yourcompany.com"; }; @@ -537,7 +539,7 @@ in extraConfig = mkOption { default = {}; description = '' - Extra config to pass to oauth2_proxy. + Extra config to pass to oauth2-proxy. ''; }; @@ -545,7 +547,7 @@ in type = types.nullOr types.path; default = null; description = '' - oauth2_proxy allows passing sensitive configuration via environment variables. + oauth2-proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here. @@ -577,7 +579,7 @@ in serviceConfig = { User = "oauth2_proxy"; Restart = "always"; - ExecStart = "${cfg.package}/bin/oauth2_proxy ${configString}"; + ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}"; EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile; }; }; diff --git a/pkgs/servers/oauth2_proxy/default.nix b/pkgs/servers/oauth2_proxy/default.nix index ee6dafebf74..dc4c800ab49 100644 --- a/pkgs/servers/oauth2_proxy/default.nix +++ b/pkgs/servers/oauth2_proxy/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "oauth2-proxy"; - version = "5.1.1"; + version = "6.0.0"; src = fetchFromGitHub { repo = pname; - owner = "pusher"; - sha256 = "190k1v2c1f6vp9waqs01rlzm0jc3vrmsq1w1n0c2q2nfqx76y2wz"; + owner = "oauth2-proxy"; + sha256 = "0mbjg0d0w173xpq69frjdvgyx5k74pkrfx3phc3lq8snvhnf1c2n"; rev = "v${version}"; }; - vendorSha256 = "01lf7xbhgn5l42ahym12vr1w00zx1qzy6sgwgcbvvxp48k0b271d"; + vendorSha256 = "1hrk3h729kcc77fq44kiywmyzk5a78v7bm5d2yl76lfxxdcdric7"; doCheck = true; |