colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mediathekview: CVE-2021-45105 (log4j) mitigation

Browse Source 
Remove the affected JndiLookup.class until we can update to the lastest
Mediathekview version.
This commit is contained in:
André-Patrick Bubel 2021-12-26 19:00:06 +01:00
parent 59b2ed7599
commit 2a360652e2
No known key found for this signature in database
GPG Key ID: 28925CBA8869FF29
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/applications/video/mediathekview/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, makeWrapper, jre }:
{ lib, stdenv, fetchurl, makeWrapper, jre, zip }:
stdenv.mkDerivation rec {
version = "13.8.0";
@ -8,13 +8,16 @@ stdenv.mkDerivation rec {
sha256 = "0zfkwz5psv7m0881ykgqrxwjhadg39c55aj2wpy7m1jdara86c5q";
};
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper zip ];
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,lib}
# log4j mitigation, see https://logging.apache.org/log4j/2.x/security.html
zip -d MediathekView.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
install -m644 MediathekView.jar $out/lib
makeWrapper ${jre}/bin/java $out/bin/mediathek \