Fixes:
* CVE-2019-6472 affects the Kea DHCPv6 server, which can exit
with an assertion failure if the DHCPv6 server process receives
a request containing DUID value which is too large.
(https://kb.isc.org/docs/cve-2019-6474)
* CVE-2019-6473 affects the Kea DHCPv4 server, which can exit with
an assertion failure if it receives a packed containing a malformed
option. (https://kb.isc.org/docs/cve-2019-6473)
* CVE-2019-6474 can cause a condition where the server cannot be
restarted without manual operator intervention to correct a problem
that can be deliberately introduced into the stored leases.
CVE-2019-6474 can only affect servers which are using memfile
for lease storage. (https://kb.isc.org/docs/cve-2019-6474)
Annoucement: https://www.openwall.com/lists/oss-security/2019/08/29/1
This upgrades Vault to version 1.2.2. To accomplish this, we migrate to
using the `buildGoModule` helper, as since 1.0.2 the Vault build process
migrated to modules, and does not vendor its dependencies.
We also stop using the vault build script, and gox, as it only really
provides value for local development, where it configures GOOS/GOARCH
and installs into some convenient dev locations.
This package explicitly depends on `python2` which will be EOLed at the
end of the year[1]. This package provides python bindings for `python2`,
however the latest release (also used by other distros) is from 2011[2]
and doesn't support v3. For instance, debian ships `vde2` without
`python2` support since Debian Jessie[3].
KVM and QEMU appear to build fine, also NixOS tests and ISO builds are
still functional.
By running `nix-review` against this change, only `xen` packages failed,
but those were already broken on master[4].
Finally it's also worth mentioning that the closure size of `vde2` drops
from 99.5M to 33.5M without `python2` according to `nix path-info -S -h`.
[1] https://pythonclock.org/
[2] https://github.com/virtualsquare/vde-2/releases/tag/vde-2
(vde.sourceforge.net redirects to this github page)
[3] https://packages.debian.org/en/jessie/vde2
[4] https://hydra.nixos.org/build/99185451, https://hydra.nixos.org/build/99187262
XDG_CONFIG_DIRS should contain directories ordered by priority
so if we want users to be able to customize the defaults, we
need to move the shipped values to the end.
The upstream PR had two parts: adding a missing include and resolving
an ambiguous reference. The upstream project fixed the first but not
the second. We still need the second part, so extract it by filtering
the patch.