diff options
| author | Zhaofeng Li <hello@zhaofeng.li> | 2021-12-17 15:55:13 -0800 |
|---|---|---|
| committer | Zhaofeng Li <hello@zhaofeng.li> | 2021-12-17 15:55:13 -0800 |
| commit | a4bcad541efd2b1df441c70cf81f05c578c9f018 (patch) | |
| tree | db27abda9ba77c53dcd9e4458caa21709d4e8f00 /pkgs/servers/unifi | |
| parent | 7cb82ec6149236f3655bd0fb269c41b55e4892fc (diff) | |
unifi5: Follow new mitigation guidelines
Simply disabling lookups isn't enough, and the JndiLookup class must be removed: https://web.archive.org/web/20211217085954/https://logging.apache.org/log4j/2.x/security.html
Diffstat (limited to 'pkgs/servers/unifi')
| -rw-r--r-- | pkgs/servers/unifi/default.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/pkgs/servers/unifi/default.nix b/pkgs/servers/unifi/default.nix index b4c1d9739efd5..c197ca259080b 100644 --- a/pkgs/servers/unifi/default.nix +++ b/pkgs/servers/unifi/default.nix @@ -1,10 +1,9 @@ -{ lib, stdenv, dpkg, fetchurl }: +{ lib, stdenv, dpkg, fetchurl, zip }: let - generic = { version, sha256, suffix ? "" }: - stdenv.mkDerivation { + generic = { version, sha256, suffix ? "", ... } @ args: + stdenv.mkDerivation (args // { pname = "unifi-controller"; - inherit version; src = fetchurl { url = "https://dl.ubnt.com/unifi/${version}${suffix}/unifi_sysvinit_all.deb"; @@ -36,7 +35,7 @@ let platforms = platforms.unix; maintainers = with maintainers; [ erictapen globin patryk27 pennae ]; }; - }; + }); in rec { # see https://community.ui.com/releases / https://www.ui.com/download/unifi @@ -49,6 +48,11 @@ in rec { unifi5 = generic { version = "5.14.23"; sha256 = "1aar05yjm3z5a30x505w4kakbyz35i7mk7xyg0wm4ml6h94d84pv"; + + postInstall = '' + # Remove when log4j is updated to 2.12.2 or 2.16.0. + ${zip}/bin/zip -q -d $out/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + ''; }; unifi6 = generic { |