about summary refs log tree commit diff
path: root/pkgs/development/compilers
diff options
context:
space:
mode:
authorStefano Mazzucco <stefano@curso.re>2019-08-10 08:17:20 +0100
committerStefano Mazzucco <stefano@curso.re>2019-08-10 08:28:21 +0100
commite26a52a655f706b0d0b9bad32db10141870ee2ba (patch)
tree0d87a35baa6e45f9c990958fa65c3ce9670759bd /pkgs/development/compilers
parent186d8bd7cc6d7f8f2b0363434f36c6f69277cddb (diff)
downloadnixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.gz
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.bz2
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.lz
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.xz
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.zst
nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.zip
icedtea_web: 1.7.1 -> 1.8.3
Use the new official repository on GitHub and build the new launcher written in
Rust.

Also fixes the following security vulnerabilities:

- CVE-2019-10185: zip-slip attack during auto-extraction of a JAR file.

- CVE-2019-10181: executable code could be injected in a JAR file without
  compromising the signature verification.

- CVE-2019-10182: improper path sanitization from <jar/> elements in JNLP
  files.

References:
https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327
Diffstat (limited to 'pkgs/development/compilers')
-rw-r--r--pkgs/development/compilers/icedtea-web/default.nix35
-rw-r--r--pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch46
2 files changed, 74 insertions, 7 deletions
diff --git a/pkgs/development/compilers/icedtea-web/default.nix b/pkgs/development/compilers/icedtea-web/default.nix
index 9390cbde6377..0876da6a16be 100644
--- a/pkgs/development/compilers/icedtea-web/default.nix
+++ b/pkgs/development/compilers/icedtea-web/default.nix
@@ -1,24 +1,45 @@
-{ stdenv, fetchurl, jdk, gtk2, xulrunner, zip, pkgconfig, perl, npapi_sdk, bash, bc }:
+{ stdenv, fetchFromGitHub, cargo, rustc, autoreconfHook, jdk, gtk2, xulrunner, zip, pkgconfig, npapi_sdk, bash, bc }:
 
 stdenv.mkDerivation rec {
   name = "icedtea-web-${version}";
 
-  version = "1.7.1";
+  version = "1.8.3";
 
-  src = fetchurl {
-    url = "http://icedtea.wildebeest.org/download/source/${name}.tar.gz";
-    sha256 = "1b9z0i9b1dsc2qpfdzbn2fi4vi3idrhm7ig45g1ny40ymvxcwwn9";
+  src = fetchFromGitHub {
+    owner = "AdoptOpenJDK";
+    repo = "IcedTea-Web";
+    rev = name;
+    sha256 = "0bm5k11i2vgb54ch1bawsmjbwnqnp04saadwm2f2mggmmdc6b1qq";
   };
 
-  nativeBuildInputs = [ pkgconfig bc perl ];
-  buildInputs = [ gtk2 xulrunner zip npapi_sdk ];
+  nativeBuildInputs = [ autoreconfHook pkgconfig bc ];
+  buildInputs = [ cargo rustc gtk2 xulrunner zip npapi_sdk ];
 
   preConfigure = ''
     #patchShebangs javac.in
     configureFlagsArray+=("BIN_BASH=${bash}/bin/bash")
   '';
 
+  patches = [ ./patches/0001-make-cargo-work-with-nix-build-on-linux.patch ];
+
+  doCheck = true;
+  preCheck = ''
+    # Needed for the below rust-launcher tests to pass
+    # dirs_paths_helper::tests::check_config_files_paths
+    # dirs_paths_helper::tests::check_legacy_config_files_paths
+
+    mkdir -p $HOME/.icedtea
+    touch $HOME/.icedtea/deployment.properties
+
+    mkdir -p $XDG_CONFIG_HOME/icedtea-web
+    touch $XDG_CONFIG_HOME/icedtea-web/deployment.properties
+  '';
+
+  HOME = "/build";
+  XDG_CONFIG_HOME = "/build";
+
   configureFlags = [
+    "--with-itw-libs=DISTRIBUTION"
     "--with-jdk-home=${jdk.home}"
     "--disable-docs"
   ];
diff --git a/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch b/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch
new file mode 100644
index 000000000000..85cad6cf4678
--- /dev/null
+++ b/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch
@@ -0,0 +1,46 @@
+Subject: [PATCH] make cargo work with nix-build on linux
+
+---
+ .cargo/config            | 2 ++
+ rust-launcher/Cargo.lock | 4 ++++
+ rust-launcher/Cargo.toml | 7 ++++---
+ 3 files changed, 10 insertions(+), 3 deletions(-)
+ create mode 100644 .cargo/config
+ create mode 100644 rust-launcher/Cargo.lock
+
+diff --git a/.cargo/config b/.cargo/config
+new file mode 100644
+index 0000000..03ec4a2
+--- /dev/null
++++ b/.cargo/config
+@@ -0,0 +1,2 @@
++[net]
++offline=true
+diff --git a/rust-launcher/Cargo.lock b/rust-launcher/Cargo.lock
+new file mode 100644
+index 0000000..6055cc0
+--- /dev/null
++++ b/rust-launcher/Cargo.lock
+@@ -0,0 +1,4 @@
++[[package]]
++name = "launcher"
++version = "1.8.0"
++
+diff --git a/rust-launcher/Cargo.toml b/rust-launcher/Cargo.toml
+index 61ee308..5e6e91b 100644
+--- a/rust-launcher/Cargo.toml
++++ b/rust-launcher/Cargo.toml
+@@ -3,6 +3,7 @@ name = "launcher"
+ version = "1.8.0"
+ authors = ["https://icedtea.classpath.org/wiki/IcedTea-Web"]
+ 
+-[dependencies]
+-[target.'cfg(windows)'.dependencies]
+-dunce = "0.1.1"
++[workspace]
++# We need this too or cargo will fail.  Some files seem to be copied around and
++# cargo thinks we are in a workspace, so let's exclude everything.
++exclude = ["*"]
+-- 
+2.19.2
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-20 23:06:26 +0000