ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-19 11:00:19 +03:00
Code Issues Projects Releases Wiki Activity

signald: incorporate log4j update for CVE-2021-44228

Browse Source 
Currently, the log4j update needed to mitigate CVE-2021-44228[1] is not
yet part of a release, so we apply the commit[2] as patch for now.

Relevant for #150288

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228
[2] 7f668062ab
This commit is contained in:
Maximilian Bosch 2021-12-12 22:10:55 +01:00
parent 4cc23f2b1e
commit 79ab6a8382
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkgs/applications/networking/instant-messengers/signald/default.nix
View File

@ -1,5 +1,6 @@
{ lib, stdenv, fetchurl, fetchFromGitLab, jdk17_headless, coreutils, gradle_6, git, perl
, makeWrapper }:
, makeWrapper, fetchpatch
}:
let
pname = "signald";
@ -12,6 +13,11 @@ let
sha256 = "ftK+oeqzJ+TxrlvqivFkAi5RCcyJ5Y0oQAJuo0YheBg=";
};
log4j-update-cve-2021-44228 = fetchpatch {
url = "https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7.patch";
sha256 = "sha256-504je6hKciUGelVCGZjxGjHi1qZQaovagXD5PBQP+mM=";
};
buildConfigJar = fetchurl {
url = "https://dl.bintray.com/mfuerstenau/maven/gradle/plugin/de/fuerstenau/BuildConfigPlugin/1.1.8/BuildConfigPlugin-1.1.8.jar";
sha256 = "0y1f42y7ilm3ykgnm6s3ks54d71n8lsy5649xgd9ahv28lj05x9f";
@ -21,6 +27,7 @@ let
deps = stdenv.mkDerivation {
pname = "${pname}-deps";
inherit src version;
patches = [ log4j-update-cve-2021-44228 ];
nativeBuildInputs = [ gradle_6 perl ];
buildPhase = ''
export GRADLE_USER_HOME=$(mktemp -d)
@ -38,15 +45,18 @@ let
outputHashMode = "recursive";
# Downloaded jars differ by platform
outputHash = {
x86_64-linux = "gEaOOsELhfKC1cFV8tqRHbBUI6+M/cDOaqN8FQ1J/TE=";
aarch64-linux = "UhnQ+Ge48/NdTqUWIxd0VNadHFvQ9awBTtn65Nz3+UM=";
x86_64-linux = "sha256-e2Tehtznc+VsvQzD3lQ50Lg7ipQc7P3ekOnb8XLORO8=";
aarch64-linux = "sha256-P48s3vG5vUNxCCga5FhzpODhlvvc+F2ZZGX/G0FVGWc=";
}.${stdenv.system} or (throw "Unsupported platform");
};
in stdenv.mkDerivation rec {
inherit pname src version;
patches = [ ./gradle-plugin.patch ];
patches = [
./gradle-plugin.patch
log4j-update-cve-2021-44228
];
postPatch = ''
sed -i 's|BuildConfig.jar|${buildConfigJar}|' build.gradle