jq: Fix CVE-2015-8863 and CVE-2016-4074 (#18908)
jq has not had a release since v1.5 in August 2015, so backport both of these patches (the fix for CVE-2015-8863 is in the current master, while the fix for CVE-2016-4074 is not yet in master).
This commit is contained in:
parent
7615d6385a
commit
bfbca9dacd
1 changed files with 26 additions and 20 deletions
|
@ -1,33 +1,39 @@
|
|||
{stdenv, fetchurl, oniguruma}:
|
||||
let
|
||||
s = # Generated upstream information
|
||||
rec {
|
||||
baseName="jq";
|
||||
version="1.5";
|
||||
name="${baseName}-${version}";
|
||||
{ stdenv, lib, fetchurl, fetchpatch, oniguruma }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "jq-${version}";
|
||||
version="1.5";
|
||||
|
||||
src = fetchurl {
|
||||
url="https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz";
|
||||
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
|
||||
};
|
||||
buildInputs = [
|
||||
oniguruma
|
||||
|
||||
buildInputs = [ oniguruma ];
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2015-8863.patch";
|
||||
url = https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.diff;
|
||||
sha256 = "18bjanzvklfzlzzd690y88725l7iwl4f6wnr429na5pfmircbpvh";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2016-4074.patch";
|
||||
url = https://patch-diff.githubusercontent.com/raw/stedolan/jq/pull/1214.diff;
|
||||
sha256 = "1w8bapnyp56di6p9casbfczfn8258rw0z16grydavdjddfm280l9";
|
||||
})
|
||||
];
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit (s) name version;
|
||||
inherit buildInputs;
|
||||
src = fetchurl {
|
||||
inherit (s) url sha256;
|
||||
};
|
||||
patchFlags = [ "-p2" ]; # `src` subdir was introduced after v1.5 was released
|
||||
|
||||
# jq is linked to libjq:
|
||||
configureFlags = [
|
||||
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
|
||||
];
|
||||
|
||||
meta = {
|
||||
inherit (s) version;
|
||||
description = ''A lightweight and flexible command-line JSON processor'';
|
||||
license = stdenv.lib.licenses.mit ;
|
||||
maintainers = [stdenv.lib.maintainers.raskin];
|
||||
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
||||
license = lib.licenses.mit;
|
||||
maintainers = with lib.maintainers; [ raskin ];
|
||||
platforms = with lib.platforms; linux ++ darwin;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue