From cdf19abfa598800bb2c6354b6c780d950e4e5673 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 23 Feb 2018 20:36:21 +0100 Subject: [PATCH 1/3] zziplib: use postPatch instead of patchPhase --- pkgs/development/libraries/zziplib/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix index 07a6f7ef088..a68973b06c6 100644 --- a/pkgs/development/libraries/zziplib/default.nix +++ b/pkgs/development/libraries/zziplib/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0802kdxwxx9zanpwb4w4wfi3blwhv0ri05mzdgd35j5sva5ify0j"; }; - patchPhase = '' + postPatch = '' sed -i -e s,--export-dynamic,, configure ''; From ee16feed37d3dfa5d0a01b62a0a2e0b3c3b3ee9d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 23 Feb 2018 21:10:27 +0100 Subject: [PATCH 2/3] zziplib: add docbook_xml_dtd_412 --- pkgs/development/libraries/zziplib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix index a68973b06c6..3ddc40705c4 100644 --- a/pkgs/development/libraries/zziplib/default.nix +++ b/pkgs/development/libraries/zziplib/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, stdenv, perl, python2, zip, xmlto, zlib }: +{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib }: stdenv.mkDerivation rec { name = "zziplib-${version}"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { sed -i -e s,--export-dynamic,, configure ''; - buildInputs = [ perl python2 zip xmlto zlib ]; + buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ]; doCheck = true; From 9f6a942fc7725e63f36c7eb8eefe840628cf9f14 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Fri, 23 Feb 2018 21:11:05 +0100 Subject: [PATCH 3/3] zziplib: 0.13.67 -> 0.13.68 Bump zziplib to 0.13.68 to fix multiple CVE issues: - CVE-2018-6381 (https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598) - CVE-2018-6484 (https://github.com/gdraheim/zziplib/issues/14#issuecomment-363198084) - CVE-2018-6540 (https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07) - CVE-2018-6541 (https://github.com/gdraheim/zziplib/issues/16#issuecomment-363197718) - CVE-2018-6542 (https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e) Unfortunately, getting only those patches is hard, as they're not well referenced to linked issues. The testsuite checking for vulns requires network access (so we can't easily test it here). https://github.com/gdraheim/zziplib/issues/20 might still be an issue, so keeping this as a TODO here. --- pkgs/development/libraries/zziplib/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix index 3ddc40705c4..d43c481c859 100644 --- a/pkgs/development/libraries/zziplib/default.nix +++ b/pkgs/development/libraries/zziplib/default.nix @@ -2,20 +2,25 @@ stdenv.mkDerivation rec { name = "zziplib-${version}"; - version = "0.13.67"; + version = "0.13.68"; src = fetchurl { url = "https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz"; - sha256 = "0802kdxwxx9zanpwb4w4wfi3blwhv0ri05mzdgd35j5sva5ify0j"; + sha256 = "0chhl6m02562z6c4hjy568mh11pbq2qngw6g2x924ajr8sdr2q4l"; }; postPatch = '' sed -i -e s,--export-dynamic,, configure ''; + # TODO: still an issue: https://github.com/gdraheim/zziplib/issues/27 + buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ]; - doCheck = true; + # tests are broken (https://github.com/gdraheim/zziplib/issues/20), + # and test/zziptests.py requires network access + # (https://github.com/gdraheim/zziplib/issues/24) + doCheck = false; meta = with stdenv.lib; { description = "Library to extract data from files archived in a zip file";