diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2021-09-14 10:15:08 +0200 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2021-09-14 10:15:08 +0200 |
commit | b9608ec767fd61a18c3bc4020ddbf6308a7f819d (patch) | |
tree | d95a764a09cbaf54112a614a3b9299a7af33d91d | |
parent | 7a3646885315f79ea1efaa0d396414d92d4acac1 (diff) |
opentsdb: fix CVE-2020-35476
This contribution pulls in the patch fixing CVE-2020-35476.
The fix is also included in the 2.4.1 version but the upgrade requires
more work: a tarball with all the third party tools is no more provided.
The build process attempts to get them during the build which fail.
https://github.com/advisories/GHSA-hv53-q76c-7f8c
-rw-r--r-- | pkgs/tools/misc/opentsdb/default.nix | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/pkgs/tools/misc/opentsdb/default.nix b/pkgs/tools/misc/opentsdb/default.nix index 678c2607b614..bc7baa55fecd 100644 --- a/pkgs/tools/misc/opentsdb/default.nix +++ b/pkgs/tools/misc/opentsdb/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, autoconf, automake, curl, fetchurl, jdk8, makeWrapper, nettools +{ lib, stdenv, autoconf, automake, curl, fetchurl, fetchpatch, jdk8, makeWrapper, nettools , python, git }: @@ -13,6 +13,14 @@ stdenv.mkDerivation rec { sha256 = "0b0hilqmgz6n1q7irp17h48v8fjpxhjapgw1py8kyav1d51s7mm2"; }; + patches = [ + (fetchpatch { + name = "CVE-2020-35476.patch"; + url = "https://github.com/OpenTSDB/opentsdb/commit/b89fded4ee326dc064b9d7e471e9f29f7d1dede9.patch"; + sha256 = "1vb9m0a4fsjqcjagiypvkngzgsw4dil8jrlhn5xbz7rwx8x96wvb"; + }) + ]; + nativeBuildInputs = [ makeWrapper ]; buildInputs = [ autoconf automake curl jdk nettools python git ]; @@ -33,8 +41,5 @@ stdenv.mkDerivation rec { license = licenses.lgpl21Plus; platforms = lib.platforms.linux; maintainers = [ ]; - knownVulnerabilities = [ - "CVE-2020-35476" # https://github.com/OpenTSDB/opentsdb/issues/2051 - ]; }; } |