about summary refs log tree commit diff
path: root/pkgs/applications/networking/instant-messengers/signald
diff options
context:
space:
mode:
authorMaximilian Bosch <maximilian@mbosch.me>2021-12-12 22:10:55 +0100
committerMaximilian Bosch <maximilian@mbosch.me>2021-12-12 22:10:55 +0100
commit79ab6a83828ecee660e362e6c97384ff0489f9b2 (patch)
tree66bb16a613bfefa3863d17e5c2ee7b92b3b84a24 /pkgs/applications/networking/instant-messengers/signald
parent4cc23f2b1e1b9ae443d257129001caebca464d2f (diff)
signald: incorporate log4j update for CVE-2021-44228
Currently, the log4j update needed to mitigate CVE-2021-44228[1] is not
yet part of a release, so we apply the commit[2] as patch for now.

Relevant for #150288

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228
[2] https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7
Diffstat (limited to 'pkgs/applications/networking/instant-messengers/signald')
-rw-r--r--pkgs/applications/networking/instant-messengers/signald/default.nix18
1 files changed, 14 insertions, 4 deletions
diff --git a/pkgs/applications/networking/instant-messengers/signald/default.nix b/pkgs/applications/networking/instant-messengers/signald/default.nix
index 159dfdc0310ea..e75c2357b28b9 100644
--- a/pkgs/applications/networking/instant-messengers/signald/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signald/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchurl, fetchFromGitLab, jdk17_headless, coreutils, gradle_6, git, perl
-, makeWrapper }:
+, makeWrapper, fetchpatch
+}:
 
 let
   pname = "signald";
@@ -12,6 +13,11 @@ let
     sha256 = "ftK+oeqzJ+TxrlvqivFkAi5RCcyJ5Y0oQAJuo0YheBg=";
   };
 
+  log4j-update-cve-2021-44228 = fetchpatch {
+    url = "https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7.patch";
+    sha256 = "sha256-504je6hKciUGelVCGZjxGjHi1qZQaovagXD5PBQP+mM=";
+  };
+
   buildConfigJar = fetchurl {
     url = "https://dl.bintray.com/mfuerstenau/maven/gradle/plugin/de/fuerstenau/BuildConfigPlugin/1.1.8/BuildConfigPlugin-1.1.8.jar";
     sha256 = "0y1f42y7ilm3ykgnm6s3ks54d71n8lsy5649xgd9ahv28lj05x9f";
@@ -21,6 +27,7 @@ let
   deps = stdenv.mkDerivation {
     pname = "${pname}-deps";
     inherit src version;
+    patches = [ log4j-update-cve-2021-44228 ];
     nativeBuildInputs = [ gradle_6 perl ];
     buildPhase = ''
       export GRADLE_USER_HOME=$(mktemp -d)
@@ -38,15 +45,18 @@ let
     outputHashMode = "recursive";
     # Downloaded jars differ by platform
     outputHash = {
-      x86_64-linux = "gEaOOsELhfKC1cFV8tqRHbBUI6+M/cDOaqN8FQ1J/TE=";
-      aarch64-linux = "UhnQ+Ge48/NdTqUWIxd0VNadHFvQ9awBTtn65Nz3+UM=";
+      x86_64-linux = "sha256-e2Tehtznc+VsvQzD3lQ50Lg7ipQc7P3ekOnb8XLORO8=";
+      aarch64-linux = "sha256-P48s3vG5vUNxCCga5FhzpODhlvvc+F2ZZGX/G0FVGWc=";
     }.${stdenv.system} or (throw "Unsupported platform");
   };
 
 in stdenv.mkDerivation rec {
   inherit pname src version;
 
-  patches = [ ./gradle-plugin.patch ];
+  patches = [
+    ./gradle-plugin.patch
+    log4j-update-cve-2021-44228
+  ];
 
   postPatch = ''
     sed -i 's|BuildConfig.jar|${buildConfigJar}|' build.gradle
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 09:20:02 +0000