fossil: 2.15.1 -> 2.16

For CVE-2021-36377

Add enableDeserialize option to sqlite,
which is required to build fossil v2.16+.
This commit is contained in:
Ryan Burns 2021-08-28 12:39:46 -07:00
parent 09818c59fa
commit 5e72b0a076
3 changed files with 12 additions and 7 deletions

View file

@ -15,12 +15,11 @@
stdenv.mkDerivation rec {
pname = "fossil";
version = "2.15.1";
version = "2.16";
src = fetchurl {
url = "https://www.fossil-scm.org/index.html/uv/fossil-src-${version}.tar.gz";
name = "${pname}-${version}.tar.gz";
sha256 = "sha256-gNJ5I8ZjsqLHEPiujNVJhi4E+MBChXBidMNK48jKF9E=";
url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz";
sha256 = "1z5ji25f2rqaxd1nj4fj84afl1v0m3mnbskgfwsjr3fr0h5p9aqy";
};
nativeBuildInputs = [ installShellFiles tcl tcllib ];

View file

@ -1,5 +1,6 @@
{ lib, stdenv, fetchurl, zlib, interactive ? false, readline ? null, ncurses ? null
, python3Packages
, enableDeserialize ? false
}:
assert interactive -> readline != null && ncurses != null;
@ -32,7 +33,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--enable-threadsafe" ] ++ optional interactive "--enable-readline";
NIX_CFLAGS_COMPILE = toString [
NIX_CFLAGS_COMPILE = toString ([
"-DSQLITE_ENABLE_COLUMN_METADATA"
"-DSQLITE_ENABLE_DBSTAT_VTAB"
"-DSQLITE_ENABLE_JSON1"
@ -48,7 +49,10 @@ stdenv.mkDerivation rec {
"-DSQLITE_SECURE_DELETE"
"-DSQLITE_MAX_VARIABLE_NUMBER=250000"
"-DSQLITE_MAX_EXPR_DEPTH=10000"
];
] ++ lib.optionals enableDeserialize [
# Can be removed in v3.36+, as this will become the default
"-DSQLITE_ENABLE_DESERIALIZE"
]);
# Test for features which may not be available at compile time
preBuild = ''

View file

@ -24309,7 +24309,9 @@ with pkgs;
foo-yc20 = callPackage ../applications/audio/foo-yc20 { };
fossil = callPackage ../applications/version-management/fossil { };
fossil = callPackage ../applications/version-management/fossil {
sqlite = sqlite.override { enableDeserialize = true; };
};
freebayes = callPackage ../applications/science/biology/freebayes { };