diff options
| author | Aneesh Agrawal <aneeshusa@gmail.com> | 2016-09-25 09:14:52 -0400 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-09-25 15:14:52 +0200 |
| commit | bfbca9dacd12d24c0d6179cc6d9b0775a9819caa (patch) | |
| tree | 6534d399f796ff9fc21f00e8cb002a7b0e426a05 /pkgs/development/tools/jq | |
| parent | 7615d6385ad13f28123e59b82eb9547144056f71 (diff) | |
| download | nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar.gz nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar.bz2 nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar.lz nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar.xz nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.tar.zst nixpkgs-bfbca9dacd12d24c0d6179cc6d9b0775a9819caa.zip | |
jq: Fix CVE-2015-8863 and CVE-2016-4074 (#18908)
jq has not had a release since v1.5 in August 2015, so backport both of these patches (the fix for CVE-2015-8863 is in the current master, while the fix for CVE-2016-4074 is not yet in master).
Diffstat (limited to 'pkgs/development/tools/jq')
| -rw-r--r-- | pkgs/development/tools/jq/default.nix | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/pkgs/development/tools/jq/default.nix b/pkgs/development/tools/jq/default.nix index c509af87124..2951cbe9aa9 100644 --- a/pkgs/development/tools/jq/default.nix +++ b/pkgs/development/tools/jq/default.nix @@ -1,33 +1,39 @@ -{stdenv, fetchurl, oniguruma}: -let - s = # Generated upstream information - rec { - baseName="jq"; - version="1.5"; - name="${baseName}-${version}"; +{ stdenv, lib, fetchurl, fetchpatch, oniguruma }: + +stdenv.mkDerivation rec { + name = "jq-${version}"; + version="1.5"; + + src = fetchurl { url="https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz"; sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"; }; - buildInputs = [ - oniguruma + + buildInputs = [ oniguruma ]; + + patches = [ + (fetchpatch { + name = "CVE-2015-8863.patch"; + url = https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.diff; + sha256 = "18bjanzvklfzlzzd690y88725l7iwl4f6wnr429na5pfmircbpvh"; + }) + (fetchpatch { + name = "CVE-2016-4074.patch"; + url = https://patch-diff.githubusercontent.com/raw/stedolan/jq/pull/1214.diff; + sha256 = "1w8bapnyp56di6p9casbfczfn8258rw0z16grydavdjddfm280l9"; + }) ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - }; + patchFlags = [ "-p2" ]; # `src` subdir was introduced after v1.5 was released # jq is linked to libjq: configureFlags = [ "LDFLAGS=-Wl,-rpath,\\\${libdir}" ]; + meta = { - inherit (s) version; description = ''A lightweight and flexible command-line JSON processor''; - license = stdenv.lib.licenses.mit ; - maintainers = [stdenv.lib.maintainers.raskin]; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ raskin ]; + platforms = with lib.platforms; linux ++ darwin; }; } |