Merge pull request #150479 from Ma27/signald-cve-2021-44228

signald: incorporate log4j update for CVE-2021-44228

pkgs/applications/networking/instant-messengers/signald/default.nix

@@ -1,5 +1,6 @@
 { lib, stdenv, fetchurl, fetchFromGitLab, jdk17_headless, coreutils, gradle_6, git, perl
-, makeWrapper }:
+, makeWrapper, fetchpatch
+}:
 
 let
   pname = "signald";
@@ -12,6 +13,11 @@ let
     sha256 = "ftK+oeqzJ+TxrlvqivFkAi5RCcyJ5Y0oQAJuo0YheBg=";
   };
 
+  log4j-update-cve-2021-44228 = fetchpatch {
+    url = "https://gitlab.com/signald/signald/-/commit/7f668062ab9ffa09a49d171e995f57cf0a0803a7.patch";
+    sha256 = "sha256-504je6hKciUGelVCGZjxGjHi1qZQaovagXD5PBQP+mM=";
+  };
+
   buildConfigJar = fetchurl {
     url = "https://dl.bintray.com/mfuerstenau/maven/gradle/plugin/de/fuerstenau/BuildConfigPlugin/1.1.8/BuildConfigPlugin-1.1.8.jar";
     sha256 = "0y1f42y7ilm3ykgnm6s3ks54d71n8lsy5649xgd9ahv28lj05x9f";
@@ -21,6 +27,7 @@ let
   deps = stdenv.mkDerivation {
     pname = "${pname}-deps";
     inherit src version;
+    patches = [ log4j-update-cve-2021-44228 ];
     nativeBuildInputs = [ gradle_6 perl ];
     buildPhase = ''
       export GRADLE_USER_HOME=$(mktemp -d)
@@ -38,15 +45,18 @@ let
     outputHashMode = "recursive";
     # Downloaded jars differ by platform
     outputHash = {
-      x86_64-linux = "gEaOOsELhfKC1cFV8tqRHbBUI6+M/cDOaqN8FQ1J/TE=";
-      aarch64-linux = "UhnQ+Ge48/NdTqUWIxd0VNadHFvQ9awBTtn65Nz3+UM=";
+      x86_64-linux = "sha256-e2Tehtznc+VsvQzD3lQ50Lg7ipQc7P3ekOnb8XLORO8=";
+      aarch64-linux = "sha256-P48s3vG5vUNxCCga5FhzpODhlvvc+F2ZZGX/G0FVGWc=";
     }.${stdenv.system} or (throw "Unsupported platform");
   };
 
 in stdenv.mkDerivation rec {
   inherit pname src version;
 
-  patches = [ ./gradle-plugin.patch ];
+  patches = [
+    ./gradle-plugin.patch
+    log4j-update-cve-2021-44228
+  ];
 
   postPatch = ''
     sed -i 's|BuildConfig.jar|${buildConfigJar}|' build.gradle