yara: 3.7.1 -> 3.8.1
This fixes issues CVE-2018-12034 & CVE-2018-12035. They are OOB read & write issues of the internal VM. Details can be retrieved at [1] & [2]. [1] https://github.com/VirusTotal/yara/issues/891 [2] https://bnbdr.github.io/posts/swisscheese/
This commit is contained in:
parent
c994f40de8
commit
5f75f72497
@ -5,34 +5,16 @@
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "3.7.1";
|
||||
version = "3.8.1";
|
||||
name = "yara-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "VirusTotal";
|
||||
repo = "yara";
|
||||
rev = "v${version}";
|
||||
sha256 = "05smkn4ii8irx6ccnzrhwa39pkmrjyxjmfrwh6mhdd8iz51v5cgz";
|
||||
sha256 = "1ys2y5f2cif3g42daq646jcrn2na19zkx7fds2gnavj5c1rk7463";
|
||||
};
|
||||
|
||||
# FIXME: this is probably not the right way to make it work
|
||||
# make[2]: *** No rule to make target 'libyara/.libs/libyara.a', needed by 'yara'. Stop.
|
||||
prePatch = ''
|
||||
cat >staticlibrary.patch <<EOF
|
||||
--- a/Makefile.am 2015-11-01 11:39:12.000000000 +0100
|
||||
+++ b/Makefile.am 2015-11-01 11:45:32.000000000 +0100
|
||||
@@ -12 +12 @@
|
||||
-yara_LDADD = libyara/.libs/libyara.a
|
||||
+yara_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary}
|
||||
@@ -15 +15 @@
|
||||
-yarac_LDADD = libyara/.libs/libyara.a
|
||||
+yarac_LDADD = libyara/.libs/libyara${stdenv.hostPlatform.extensions.sharedLibrary}
|
||||
EOF
|
||||
'';
|
||||
patches = [
|
||||
"staticlibrary.patch"
|
||||
];
|
||||
|
||||
buildInputs = [ autoconf automake libtool pcre]
|
||||
++ stdenv.lib.optionals withCrypto [ openssl ]
|
||||
++ stdenv.lib.optionals enableMagic [ file ]
|
||||
|
Loading…
Reference in New Issue
Block a user