diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2021-12-12 22:10:55 +0100 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2021-12-12 22:10:55 +0100 |
commit | 79ab6a83828ecee660e362e6c97384ff0489f9b2 (patch) | |
tree | 66bb16a613bfefa3863d17e5c2ee7b92b3b84a24 /pkgs/applications/networking/instant-messengers/signald | |
parent | 4cc23f2b1e1b9ae443d257129001caebca464d2f (diff) |
signald: incorporate log4j update for CVE-2021-44228
Currently, the log4j update needed to mitigate CVE-2021-44228[1] is not yet part of a release, so we apply the commit[2] as patch for now. Relevant for #150288 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228 [2] https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7
Diffstat (limited to 'pkgs/applications/networking/instant-messengers/signald')
-rw-r--r-- | pkgs/applications/networking/instant-messengers/signald/default.nix | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/pkgs/applications/networking/instant-messengers/signald/default.nix b/pkgs/applications/networking/instant-messengers/signald/default.nix index 159dfdc0310ea..e75c2357b28b9 100644 --- a/pkgs/applications/networking/instant-messengers/signald/default.nix +++ b/pkgs/applications/networking/instant-messengers/signald/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchurl, fetchFromGitLab, jdk17_headless, coreutils, gradle_6, git, perl -, makeWrapper }: +, makeWrapper, fetchpatch +}: let pname = "signald"; @@ -12,6 +13,11 @@ let sha256 = "ftK+oeqzJ+TxrlvqivFkAi5RCcyJ5Y0oQAJuo0YheBg="; }; + log4j-update-cve-2021-44228 = fetchpatch { + url = "https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7.patch"; + sha256 = "sha256-504je6hKciUGelVCGZjxGjHi1qZQaovagXD5PBQP+mM="; + }; + buildConfigJar = fetchurl { url = "https://dl.bintray.com/mfuerstenau/maven/gradle/plugin/de/fuerstenau/BuildConfigPlugin/1.1.8/BuildConfigPlugin-1.1.8.jar"; sha256 = "0y1f42y7ilm3ykgnm6s3ks54d71n8lsy5649xgd9ahv28lj05x9f"; @@ -21,6 +27,7 @@ let deps = stdenv.mkDerivation { pname = "${pname}-deps"; inherit src version; + patches = [ log4j-update-cve-2021-44228 ]; nativeBuildInputs = [ gradle_6 perl ]; buildPhase = '' export GRADLE_USER_HOME=$(mktemp -d) @@ -38,15 +45,18 @@ let outputHashMode = "recursive"; # Downloaded jars differ by platform outputHash = { - x86_64-linux = "gEaOOsELhfKC1cFV8tqRHbBUI6+M/cDOaqN8FQ1J/TE="; - aarch64-linux = "UhnQ+Ge48/NdTqUWIxd0VNadHFvQ9awBTtn65Nz3+UM="; + x86_64-linux = "sha256-e2Tehtznc+VsvQzD3lQ50Lg7ipQc7P3ekOnb8XLORO8="; + aarch64-linux = "sha256-P48s3vG5vUNxCCga5FhzpODhlvvc+F2ZZGX/G0FVGWc="; }.${stdenv.system} or (throw "Unsupported platform"); }; in stdenv.mkDerivation rec { inherit pname src version; - patches = [ ./gradle-plugin.patch ]; + patches = [ + ./gradle-plugin.patch + log4j-update-cve-2021-44228 + ]; postPatch = '' sed -i 's|BuildConfig.jar|${buildConfigJar}|' build.gradle |