about summary refs log tree commit diff
diff options
context:
space:
mode:
authorRyan Burns2021-08-28 12:39:46 -0700
committerRyan Burns2021-08-28 12:42:41 -0700
commit5e72b0a076509369f4bca28f3dffd800455299c9 (patch)
tree1653cc259df252749063740f45238b443c6f548e
parent09818c59fa5bd365fbeae2b4d49567d61546f07a (diff)
fossil: 2.15.1 -> 2.16
For CVE-2021-36377

Add enableDeserialize option to sqlite,
which is required to build fossil v2.16+.
Diffstat
-rw-r--r--pkgs/applications/version-management/fossil/default.nix7
-rw-r--r--pkgs/development/libraries/sqlite/default.nix8
-rw-r--r--pkgs/top-level/all-packages.nix4
3 files changed, 12 insertions, 7 deletions
diff --git a/pkgs/applications/version-management/fossil/default.nix b/pkgs/applications/version-management/fossil/default.nix
index 6b445446d5b5..ed2cf00291e2 100644
--- a/pkgs/applications/version-management/fossil/default.nix
+++ b/pkgs/applications/version-management/fossil/default.nix
@@ -15,12 +15,11 @@
 
 stdenv.mkDerivation rec {
   pname = "fossil";
-  version = "2.15.1";
+  version = "2.16";
 
   src = fetchurl {
-    url = "https://www.fossil-scm.org/index.html/uv/fossil-src-${version}.tar.gz";
-    name = "${pname}-${version}.tar.gz";
-    sha256 = "sha256-gNJ5I8ZjsqLHEPiujNVJhi4E+MBChXBidMNK48jKF9E=";
+    url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz";
+    sha256 = "1z5ji25f2rqaxd1nj4fj84afl1v0m3mnbskgfwsjr3fr0h5p9aqy";
   };
 
   nativeBuildInputs = [ installShellFiles tcl tcllib ];
diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix
index e2331d89751a..7e53222d0a33 100644
--- a/pkgs/development/libraries/sqlite/default.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchurl, zlib, interactive ? false, readline ? null, ncurses ? null
 , python3Packages
+, enableDeserialize ? false
 }:
 
 assert interactive -> readline != null && ncurses != null;
@@ -32,7 +33,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--enable-threadsafe" ] ++ optional interactive "--enable-readline";
 
-  NIX_CFLAGS_COMPILE = toString [
+  NIX_CFLAGS_COMPILE = toString ([
     "-DSQLITE_ENABLE_COLUMN_METADATA"
     "-DSQLITE_ENABLE_DBSTAT_VTAB"
     "-DSQLITE_ENABLE_JSON1"
@@ -48,7 +49,10 @@ stdenv.mkDerivation rec {
     "-DSQLITE_SECURE_DELETE"
     "-DSQLITE_MAX_VARIABLE_NUMBER=250000"
     "-DSQLITE_MAX_EXPR_DEPTH=10000"
-  ];
+  ] ++ lib.optionals enableDeserialize [
+    # Can be removed in v3.36+, as this will become the default
+    "-DSQLITE_ENABLE_DESERIALIZE"
+  ]);
 
   # Test for features which may not be available at compile time
   preBuild = ''
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b777ba8f7b14..bb0800320154 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -24309,7 +24309,9 @@ with pkgs;
 
   foo-yc20 = callPackage ../applications/audio/foo-yc20 { };
 
-  fossil = callPackage ../applications/version-management/fossil { };
+  fossil = callPackage ../applications/version-management/fossil {
+    sqlite = sqlite.override { enableDeserialize = true; };
+  };
 
   freebayes = callPackage ../applications/science/biology/freebayes { };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-16 03:37:24 +0000