1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-14 00:25:24 +00:00
nixpkgs/pkgs/development/libraries/zziplib/default.nix
Florian Klink 9f6a942fc7 zziplib: 0.13.67 -> 0.13.68
Bump zziplib to 0.13.68 to fix multiple CVE issues:

 - CVE-2018-6381
 (a803559fa9)
 - CVE-2018-6484
 (https://github.com/gdraheim/zziplib/issues/14#issuecomment-363198084)
 - CVE-2018-6540
 (72ec933663)
 - CVE-2018-6541
 (https://github.com/gdraheim/zziplib/issues/16#issuecomment-363197718)
 - CVE-2018-6542
 (931f962ddf)

Unfortunately, getting only those patches is hard, as they're not well
referenced to linked issues. The testsuite checking for vulns
requires network access (so we can't easily test it here).

https://github.com/gdraheim/zziplib/issues/20 might still be an issue,
so keeping this as a TODO here.
2018-02-23 21:39:48 +01:00

45 lines
1.4 KiB
Nix

{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib }:
stdenv.mkDerivation rec {
name = "zziplib-${version}";
version = "0.13.68";
src = fetchurl {
url = "https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz";
sha256 = "0chhl6m02562z6c4hjy568mh11pbq2qngw6g2x924ajr8sdr2q4l";
};
postPatch = ''
sed -i -e s,--export-dynamic,, configure
'';
# TODO: still an issue: https://github.com/gdraheim/zziplib/issues/27
buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ];
# tests are broken (https://github.com/gdraheim/zziplib/issues/20),
# and test/zziptests.py requires network access
# (https://github.com/gdraheim/zziplib/issues/24)
doCheck = false;
meta = with stdenv.lib; {
description = "Library to extract data from files archived in a zip file";
longDescription = ''
The zziplib library is intentionally lightweight, it offers the ability
to easily extract data from files archived in a single zip
file. Applications can bundle files into a single zip archive and
access them. The implementation is based only on the (free) subset of
compression with the zlib algorithm which is actually used by the
zip/unzip tools.
'';
license = with licenses; [ lgpl2Plus mpl11 ];
homepage = http://zziplib.sourceforge.net/;
maintainers = [ ];
platforms = python2.meta.platforms;
};
}