mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-17 07:13:23 +01:00
opentsdb: fix CVE-2020-35476
This contribution pulls in the patch fixing CVE-2020-35476. The fix is also included in the 2.4.1 version but the upgrade requires more work: a tarball with all the third party tools is no more provided. The build process attempts to get them during the build which fail. https://github.com/advisories/GHSA-hv53-q76c-7f8c
This commit is contained in:
parent
7a36468853
commit
b9608ec767
1 changed files with 9 additions and 4 deletions
|
@ -1,4 +1,4 @@
|
||||||
{ lib, stdenv, autoconf, automake, curl, fetchurl, jdk8, makeWrapper, nettools
|
{ lib, stdenv, autoconf, automake, curl, fetchurl, fetchpatch, jdk8, makeWrapper, nettools
|
||||||
, python, git
|
, python, git
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -13,6 +13,14 @@ stdenv.mkDerivation rec {
|
||||||
sha256 = "0b0hilqmgz6n1q7irp17h48v8fjpxhjapgw1py8kyav1d51s7mm2";
|
sha256 = "0b0hilqmgz6n1q7irp17h48v8fjpxhjapgw1py8kyav1d51s7mm2";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
name = "CVE-2020-35476.patch";
|
||||||
|
url = "https://github.com/OpenTSDB/opentsdb/commit/b89fded4ee326dc064b9d7e471e9f29f7d1dede9.patch";
|
||||||
|
sha256 = "1vb9m0a4fsjqcjagiypvkngzgsw4dil8jrlhn5xbz7rwx8x96wvb";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
buildInputs = [ autoconf automake curl jdk nettools python git ];
|
buildInputs = [ autoconf automake curl jdk nettools python git ];
|
||||||
|
|
||||||
|
@ -33,8 +41,5 @@ stdenv.mkDerivation rec {
|
||||||
license = licenses.lgpl21Plus;
|
license = licenses.lgpl21Plus;
|
||||||
platforms = lib.platforms.linux;
|
platforms = lib.platforms.linux;
|
||||||
maintainers = [ ];
|
maintainers = [ ];
|
||||||
knownVulnerabilities = [
|
|
||||||
"CVE-2020-35476" # https://github.com/OpenTSDB/opentsdb/issues/2051
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue