diff options
author | Stefano Mazzucco <stefano@curso.re> | 2019-08-10 08:17:20 +0100 |
---|---|---|
committer | Stefano Mazzucco <stefano@curso.re> | 2019-08-10 08:28:21 +0100 |
commit | e26a52a655f706b0d0b9bad32db10141870ee2ba (patch) | |
tree | 0d87a35baa6e45f9c990958fa65c3ce9670759bd /pkgs/development/compilers | |
parent | 186d8bd7cc6d7f8f2b0363434f36c6f69277cddb (diff) | |
download | nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.gz nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.bz2 nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.lz nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.xz nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.tar.zst nixlib-e26a52a655f706b0d0b9bad32db10141870ee2ba.zip |
icedtea_web: 1.7.1 -> 1.8.3
Use the new official repository on GitHub and build the new launcher written in Rust. Also fixes the following security vulnerabilities: - CVE-2019-10185: zip-slip attack during auto-extraction of a JAR file. - CVE-2019-10181: executable code could be injected in a JAR file without compromising the signature verification. - CVE-2019-10182: improper path sanitization from <jar/> elements in JNLP files. References: https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327
Diffstat (limited to 'pkgs/development/compilers')
-rw-r--r-- | pkgs/development/compilers/icedtea-web/default.nix | 35 | ||||
-rw-r--r-- | pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch | 46 |
2 files changed, 74 insertions, 7 deletions
diff --git a/pkgs/development/compilers/icedtea-web/default.nix b/pkgs/development/compilers/icedtea-web/default.nix index 9390cbde6377..0876da6a16be 100644 --- a/pkgs/development/compilers/icedtea-web/default.nix +++ b/pkgs/development/compilers/icedtea-web/default.nix @@ -1,24 +1,45 @@ -{ stdenv, fetchurl, jdk, gtk2, xulrunner, zip, pkgconfig, perl, npapi_sdk, bash, bc }: +{ stdenv, fetchFromGitHub, cargo, rustc, autoreconfHook, jdk, gtk2, xulrunner, zip, pkgconfig, npapi_sdk, bash, bc }: stdenv.mkDerivation rec { name = "icedtea-web-${version}"; - version = "1.7.1"; + version = "1.8.3"; - src = fetchurl { - url = "http://icedtea.wildebeest.org/download/source/${name}.tar.gz"; - sha256 = "1b9z0i9b1dsc2qpfdzbn2fi4vi3idrhm7ig45g1ny40ymvxcwwn9"; + src = fetchFromGitHub { + owner = "AdoptOpenJDK"; + repo = "IcedTea-Web"; + rev = name; + sha256 = "0bm5k11i2vgb54ch1bawsmjbwnqnp04saadwm2f2mggmmdc6b1qq"; }; - nativeBuildInputs = [ pkgconfig bc perl ]; - buildInputs = [ gtk2 xulrunner zip npapi_sdk ]; + nativeBuildInputs = [ autoreconfHook pkgconfig bc ]; + buildInputs = [ cargo rustc gtk2 xulrunner zip npapi_sdk ]; preConfigure = '' #patchShebangs javac.in configureFlagsArray+=("BIN_BASH=${bash}/bin/bash") ''; + patches = [ ./patches/0001-make-cargo-work-with-nix-build-on-linux.patch ]; + + doCheck = true; + preCheck = '' + # Needed for the below rust-launcher tests to pass + # dirs_paths_helper::tests::check_config_files_paths + # dirs_paths_helper::tests::check_legacy_config_files_paths + + mkdir -p $HOME/.icedtea + touch $HOME/.icedtea/deployment.properties + + mkdir -p $XDG_CONFIG_HOME/icedtea-web + touch $XDG_CONFIG_HOME/icedtea-web/deployment.properties + ''; + + HOME = "/build"; + XDG_CONFIG_HOME = "/build"; + configureFlags = [ + "--with-itw-libs=DISTRIBUTION" "--with-jdk-home=${jdk.home}" "--disable-docs" ]; diff --git a/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch b/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch new file mode 100644 index 000000000000..85cad6cf4678 --- /dev/null +++ b/pkgs/development/compilers/icedtea-web/patches/0001-make-cargo-work-with-nix-build-on-linux.patch @@ -0,0 +1,46 @@ +Subject: [PATCH] make cargo work with nix-build on linux + +--- + .cargo/config | 2 ++ + rust-launcher/Cargo.lock | 4 ++++ + rust-launcher/Cargo.toml | 7 ++++--- + 3 files changed, 10 insertions(+), 3 deletions(-) + create mode 100644 .cargo/config + create mode 100644 rust-launcher/Cargo.lock + +diff --git a/.cargo/config b/.cargo/config +new file mode 100644 +index 0000000..03ec4a2 +--- /dev/null ++++ b/.cargo/config +@@ -0,0 +1,2 @@ ++[net] ++offline=true +diff --git a/rust-launcher/Cargo.lock b/rust-launcher/Cargo.lock +new file mode 100644 +index 0000000..6055cc0 +--- /dev/null ++++ b/rust-launcher/Cargo.lock +@@ -0,0 +1,4 @@ ++[[package]] ++name = "launcher" ++version = "1.8.0" ++ +diff --git a/rust-launcher/Cargo.toml b/rust-launcher/Cargo.toml +index 61ee308..5e6e91b 100644 +--- a/rust-launcher/Cargo.toml ++++ b/rust-launcher/Cargo.toml +@@ -3,6 +3,7 @@ name = "launcher" + version = "1.8.0" + authors = ["https://icedtea.classpath.org/wiki/IcedTea-Web"] + +-[dependencies] +-[target.'cfg(windows)'.dependencies] +-dunce = "0.1.1" ++[workspace] ++# We need this too or cargo will fail. Some files seem to be copied around and ++# cargo thinks we are in a workspace, so let's exclude everything. ++exclude = ["*"] +-- +2.19.2 + |