oniguruma: 5.9.5 -> 6.6.1 for multiple CVEs

Fixes CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229.
2024-11-02 07:31:26 +00:00 · 2017-09-28 13:53:18 +02:00 · 2017-09-28 13:53:18 +02:00 · 41b43b201e
commit 41b43b201e
parent c02c47d1eb
1 changed files with 11 additions and 6 deletions
--- a/pkgs/development/libraries/oniguruma/default.nix
+++ b/pkgs/development/libraries/oniguruma/default.nix
@ -1,15 +1,20 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchFromGitHub, cmake }:

 stdenv.mkDerivation rec {
-  name = "onig-5.9.5";
+  name = "onig-${version}";
+  version = "6.6.1";

-  src = fetchurl {
-    url = http://www.geocities.jp/kosako3/oniguruma/archive/onig-5.9.5.tar.gz;
-    sha256 = "12j3fsdb8hbhnj29hysal9l7i7s71l0ln3lx8hjpxx5535wawjcz";
+  src = fetchFromGitHub {
+    owner = "kkos";
+    repo = "oniguruma";
+    rev = "v${version}";
+    sha256 = "062g5443dyxsraq346panfqvbd6wal6nmb336n4dw1rszx576sxz";
  };

+  nativeBuildInputs = [ cmake ];
+
  meta = {
-    homepage = http://www.geocities.jp/kosako3/oniguruma/;
+    homepage = https://github.com/kkos/oniguruma;
    description = "Regular expressions library";
    license = stdenv.lib.licenses.bsd2;
    maintainers = with stdenv.lib.maintainers; [ fuuzetsu ];