Merge pull request #188803 from risicle/ris-markdown2-2.4.3-xss

2024-10-15 00:52:07 +03:00 · 2022-09-06 00:39:36 +02:00 · 2022-09-06 00:39:36 +02:00 · a8b8f97a25
commit a8b8f97a25
parent 423126560b c64ca0283b
1 changed files with 24 additions and 4 deletions
--- a/pkgs/development/python-modules/markdown2/default.nix
+++ b/pkgs/development/python-modules/markdown2/default.nix
@ -1,21 +1,41 @@
-{ lib, buildPythonPackage, fetchFromGitHub, python, pygments }:
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, fetchpatch
+, python
+, pygments
+}:

 buildPythonPackage rec {
  pname = "markdown2";
-  version = "2.4.1";
+  version = "2.4.3";

  # PyPI does not contain tests, so using GitHub instead.
  src = fetchFromGitHub {
    owner = "trentm";
    repo = "python-markdown2";
    rev = version;
-    sha256 = "0y7kh9jj8ys00qkfmmyqj63y21g7wn7yr715kj0j1nabs6xbp0y7";
+    sha256 = "sha256-zNZ7/dDZbPIwcxSLvf8u5oaAgHLrZ6kk4vXNPUuZs/4=";
  };

+  patches = [
+    (fetchpatch {
+      name = "SNYK-PYTHON-MARKDOWN2-2606985-xss.patch";  # no CVE (yet?)
+      url = "https://github.com/trentm/python-markdown2/commit/5898fcc1090ef7cd7783fa1422cc0e53cbca9d1b.patch";
+      sha256 = "sha256-M6kKxjHVC3O0BvDeEF4swzfpFsDO/LU9IHvfjK4hznA=";
+    })
+  ];
+
  checkInputs = [ pygments ];

  checkPhase = ''
-    ${python.interpreter} ./test/test.py
+    runHook preCheck
+
+    pushd test
+    ${python.interpreter} ./test.py -- -knownfailure
+    popd  # test
+
+    runHook postCheck
  '';

  meta = with lib; {