zziplib: 0.13.67 -> 0.13.68

Bump zziplib to 0.13.68 to fix multiple CVE issues:

 - CVE-2018-6381
 (a803559fa9)
 - CVE-2018-6484
 (https://github.com/gdraheim/zziplib/issues/14#issuecomment-363198084)
 - CVE-2018-6540
 (72ec933663)
 - CVE-2018-6541
 (https://github.com/gdraheim/zziplib/issues/16#issuecomment-363197718)
 - CVE-2018-6542
 (931f962ddf)

Unfortunately, getting only those patches is hard, as they're not well
referenced to linked issues. The testsuite checking for vulns
requires network access (so we can't easily test it here).

https://github.com/gdraheim/zziplib/issues/20 might still be an issue,
so keeping this as a TODO here.
This commit is contained in:
Florian Klink 2018-02-23 21:11:05 +01:00
parent ee16feed37
commit 9f6a942fc7

View File

@ -2,20 +2,25 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "zziplib-${version}"; name = "zziplib-${version}";
version = "0.13.67"; version = "0.13.68";
src = fetchurl { src = fetchurl {
url = "https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz"; url = "https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz";
sha256 = "0802kdxwxx9zanpwb4w4wfi3blwhv0ri05mzdgd35j5sva5ify0j"; sha256 = "0chhl6m02562z6c4hjy568mh11pbq2qngw6g2x924ajr8sdr2q4l";
}; };
postPatch = '' postPatch = ''
sed -i -e s,--export-dynamic,, configure sed -i -e s,--export-dynamic,, configure
''; '';
# TODO: still an issue: https://github.com/gdraheim/zziplib/issues/27
buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ]; buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ];
doCheck = true; # tests are broken (https://github.com/gdraheim/zziplib/issues/20),
# and test/zziptests.py requires network access
# (https://github.com/gdraheim/zziplib/issues/24)
doCheck = false;
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Library to extract data from files archived in a zip file"; description = "Library to extract data from files archived in a zip file";