From 946369adbd53c3abbff89ba068d64d6401d5bda5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 30 Sep 2020 16:00:56 +0200 Subject: [PATCH 1/2] spidermonkey: remove spidermonkey_38 -> spidermonkey alias This removes the spidermonkey alias and renames it in the packages still using it Not sure if we need it in aliases.nix since just about nothing depends on it anymore Additionally considering removal should be a good choice, it's at least insecure so it should get tagged as such --- .../networking/browsers/elinks/default.nix | 10 +++++----- pkgs/applications/networking/pyload/default.nix | 4 ++-- pkgs/tools/misc/plowshare/default.nix | 4 ++-- pkgs/tools/text/jsawk/default.nix | 4 ++-- pkgs/top-level/aliases.nix | 1 + 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/networking/browsers/elinks/default.nix b/pkgs/applications/networking/browsers/elinks/default.nix index ccdd591cdb17..7d67ecdb3767 100644 --- a/pkgs/applications/networking/browsers/elinks/default.nix +++ b/pkgs/applications/networking/browsers/elinks/default.nix @@ -4,7 +4,7 @@ enableGuile ? false, guile ? null , enablePython ? false, python ? null , enablePerl ? (stdenv.hostPlatform == stdenv.buildPlatform), perl ? null -, enableSpidermonkey ? (stdenv.hostPlatform == stdenv.buildPlatform), spidermonkey ? null +, enableSpidermonkey ? (stdenv.hostPlatform == stdenv.buildPlatform), spidermonkey_38 ? null }: assert enableGuile -> guile != null; @@ -33,9 +33,9 @@ stdenv.mkDerivation rec { ++ stdenv.lib.optional enableGuile guile ++ stdenv.lib.optional enablePython python ++ stdenv.lib.optional enablePerl perl - ++ stdenv.lib.optional enableSpidermonkey spidermonkey + ++ stdenv.lib.optional enableSpidermonkey spidermonkey_38 ; - + nativeBuildInputs = [ autoconf automake gettext pkgconfig ]; configureFlags = [ @@ -50,9 +50,9 @@ stdenv.mkDerivation rec { ] ++ stdenv.lib.optional enableGuile "--with-guile" ++ stdenv.lib.optional enablePython "--with-python" ++ stdenv.lib.optional enablePerl "--with-perl" - ++ stdenv.lib.optional enableSpidermonkey "--with-spidermonkey=${spidermonkey}" + ++ stdenv.lib.optional enableSpidermonkey "--with-spidermonkey=${spidermonkey_38}" ; - + preConfigure = '' patchShebangs ./autogen.sh ./autogen.sh diff --git a/pkgs/applications/networking/pyload/default.nix b/pkgs/applications/networking/pyload/default.nix index f173e56abb34..e81b8dc37ca5 100644 --- a/pkgs/applications/networking/pyload/default.nix +++ b/pkgs/applications/networking/pyload/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, fetchpatch, pythonPackages, gocr, unrar, rhino, spidermonkey }: +{ stdenv, fetchFromGitHub, fetchpatch, pythonPackages, gocr, unrar, rhino, spidermonkey_38 }: let beautifulsoup = pythonPackages.callPackage ./beautifulsoup.nix { @@ -30,7 +30,7 @@ in pythonPackages.buildPythonApplication rec { in [ configParserPatch setupPyPatch ]; buildInputs = [ - unrar rhino spidermonkey gocr pythonPackages.paver + unrar rhino spidermonkey_38 gocr pythonPackages.paver ]; propagatedBuildInputs = with pythonPackages; [ diff --git a/pkgs/tools/misc/plowshare/default.nix b/pkgs/tools/misc/plowshare/default.nix index 1d3e8c6c33db..662710388d31 100644 --- a/pkgs/tools/misc/plowshare/default.nix +++ b/pkgs/tools/misc/plowshare/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, makeWrapper, curl, recode, spidermonkey }: +{ stdenv, fetchFromGitHub, makeWrapper, curl, recode, spidermonkey_38 }: stdenv.mkDerivation rec { @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { make PREFIX="$out" install for fn in plow{del,down,list,mod,probe,up}; do - wrapProgram "$out/bin/$fn" --prefix PATH : "${stdenv.lib.makeBinPath [ curl recode spidermonkey ]}" + wrapProgram "$out/bin/$fn" --prefix PATH : "${stdenv.lib.makeBinPath [ curl recode spidermonkey_38 ]}" done ''; diff --git a/pkgs/tools/text/jsawk/default.nix b/pkgs/tools/text/jsawk/default.nix index 4f2ad403e365..51075c2ce174 100644 --- a/pkgs/tools/text/jsawk/default.nix +++ b/pkgs/tools/text/jsawk/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, makeWrapper, spidermonkey }: +{ stdenv, fetchFromGitHub, makeWrapper, spidermonkey_38 }: stdenv.mkDerivation { pname = "jsawk"; @@ -15,7 +15,7 @@ stdenv.mkDerivation { mkdir -p $out/bin cp $src/jsawk $out/bin/ wrapProgram $out/bin/jsawk \ - --prefix PATH : "${spidermonkey}/bin" + --prefix PATH : "${spidermonkey_38}/bin" ''; meta = { diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 79af098b702b..211801118d94 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -658,6 +658,7 @@ mapAliases ({ youtubeDL = youtube-dl; # added 2014-10-26 zdfmediathk = mediathekview; # added 2019-01-19 gnome_user_docs = gnome-user-docs; # added 2019-11-20 + spidermonkey = spidermonkey_68; # added 2020-09-30 # TODO(ekleog): add ‘wasm’ alias to ‘ocamlPackages.wasm’ after 19.03 # branch-off From 5ad43894f2af987ac02ea2a6c8bb9e5f4e49068d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 30 Sep 2020 16:11:10 +0200 Subject: [PATCH 2/2] spidermonkey_38: mark as insecure --- pkgs/development/interpreters/spidermonkey/38.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/interpreters/spidermonkey/38.nix b/pkgs/development/interpreters/spidermonkey/38.nix index d2aabfe64d9a..22ce5a0b387c 100644 --- a/pkgs/development/interpreters/spidermonkey/38.nix +++ b/pkgs/development/interpreters/spidermonkey/38.nix @@ -67,5 +67,6 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.abbradar ]; platforms = platforms.unix; + knownVulnerabilities = [ "SpiderMonkey 38 is outdated and contains known security vulnerabilities." ]; # as per https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Releases/38 }; }