opentsdb: fix CVE-2020-35476

This contribution pulls in the patch fixing CVE-2020-35476.
The fix is also included in the 2.4.1 version but the upgrade requires
more work: a tarball with all the third party tools is no more provided.
The build process attempts to get them during the build which fail.

https://github.com/advisories/GHSA-hv53-q76c-7f8c
This commit is contained in:
Thomas Gerbet 2021-09-14 10:15:08 +02:00
parent 7a36468853
commit b9608ec767

View file

@ -1,4 +1,4 @@
{ lib, stdenv, autoconf, automake, curl, fetchurl, jdk8, makeWrapper, nettools { lib, stdenv, autoconf, automake, curl, fetchurl, fetchpatch, jdk8, makeWrapper, nettools
, python, git , python, git
}: }:
@ -13,6 +13,14 @@ stdenv.mkDerivation rec {
sha256 = "0b0hilqmgz6n1q7irp17h48v8fjpxhjapgw1py8kyav1d51s7mm2"; sha256 = "0b0hilqmgz6n1q7irp17h48v8fjpxhjapgw1py8kyav1d51s7mm2";
}; };
patches = [
(fetchpatch {
name = "CVE-2020-35476.patch";
url = "https://github.com/OpenTSDB/opentsdb/commit/b89fded4ee326dc064b9d7e471e9f29f7d1dede9.patch";
sha256 = "1vb9m0a4fsjqcjagiypvkngzgsw4dil8jrlhn5xbz7rwx8x96wvb";
})
];
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ autoconf automake curl jdk nettools python git ]; buildInputs = [ autoconf automake curl jdk nettools python git ];
@ -33,8 +41,5 @@ stdenv.mkDerivation rec {
license = licenses.lgpl21Plus; license = licenses.lgpl21Plus;
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
maintainers = [ ]; maintainers = [ ];
knownVulnerabilities = [
"CVE-2020-35476" # https://github.com/OpenTSDB/opentsdb/issues/2051
];
}; };
} }