From 9455fefe5dd5a9a9ccb5a567135d04ad90c274f0 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 1 Jul 2024 20:14:19 +0200 Subject: [PATCH 1/3] configuration/common: Hotfix OpenSSH CVE-2024-6387 --- configuration/common/ssh.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configuration/common/ssh.nix b/configuration/common/ssh.nix index e62aab5..110c670 100644 --- a/configuration/common/ssh.nix +++ b/configuration/common/ssh.nix @@ -7,6 +7,9 @@ PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = lib.mkDefault "no"; + + # Hotfix CVE-2024-6387 https://github.com/NixOS/nixpkgs/pull/323753 + LoginGraceTime = 0; }; services.openssh.hostKeys = lib.mkForce [ # Only create ed25519 host keys From c9d937eec7d02a18e47e1063453d5d58d3bc7d5b Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 1 Jul 2024 21:35:04 +0200 Subject: [PATCH 2/3] hosts/web-2: Update nogo2024 --- hosts/web-2/nogo2024.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/web-2/nogo2024.nix b/hosts/web-2/nogo2024.nix index 5a39690..26c7433 100644 --- a/hosts/web-2/nogo2024.nix +++ b/hosts/web-2/nogo2024.nix @@ -11,8 +11,8 @@ locations."= /nogo2024.ics" = { root = pkgs.fetchgit { url = "https://git.clerie.de/clerie/nogo2024.git"; - rev = "348bbe99daf1b1f331783a0298a445f24ca58c85"; - sha256 = "sha256-QYOadI1RUUmS6UDG3MAeor6qERaBiaCBUG0+cchm1FQ="; + rev = "fdc07667e6cfa09e91eaaee488528fb842a6115d"; + sha256 = "sha256-qRviw0sQnMmrkwBO0+AWnmeqZK8wXeFxZJgmLMUtzn4="; }; }; }; From 812aeeb0b42c956bfb306e05170c49c262480717 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Tue, 2 Jul 2024 03:03:57 +0200 Subject: [PATCH 3/3] Update nixpkgs 2024-07-02-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 4aaa8c4..7d23272 100644 --- a/flake.lock +++ b/flake.lock @@ -268,11 +268,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": {