commit 220bfa962210a89ca43024be7dea34d37118edba · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

gradle_6: mark very insecure (#352236)

authored by Emily and committed by GitHub 1 year ago 220bfa96 52a9f203

+12 -2

1 changed file

expand all

unified split

pkgs

development

tools

build-managers

gradle

default.nix

+12 -2

pkgs/development/tools/build-managers/gradle/default.nix

··· 23 "x86_64-darwin" 24 "x86_64-linux" 25 "x86_64-windows" 26 - ] 27 }: 28 29 { lib ··· 172 license = licenses.asl20; 173 maintainers = with maintainers; [ lorenzleutgeb liff ]; 174 mainProgram = "gradle"; 175 - }; 176 }); 177 178 # NOTE: Default JDKs that are hardcoded below must be LTS versions ··· 195 version = "6.9.4"; 196 hash = "sha256-PiQCKFON6fGHcqV06ZoLqVnoPW7zUQFDgazZYxeBOJo="; 197 defaultJava = jdk11; 198 }; 199 200 wrapGradle = {

··· 23 "x86_64-darwin" 24 "x86_64-linux" 25 "x86_64-windows" 26 + ], 27 + 28 + # Extra attributes to be merged into the resulting derivation's 29 + # meta attribute. 30 + meta ? {} 31 }: 32 33 { lib ··· 176 license = licenses.asl20; 177 maintainers = with maintainers; [ lorenzleutgeb liff ]; 178 mainProgram = "gradle"; 179 + } // meta; 180 }); 181 182 # NOTE: Default JDKs that are hardcoded below must be LTS versions ··· 199 version = "6.9.4"; 200 hash = "sha256-PiQCKFON6fGHcqV06ZoLqVnoPW7zUQFDgazZYxeBOJo="; 201 defaultJava = jdk11; 202 + meta.knownVulnerabilities = [ 203 + "CVE-2021-29429: '[...]files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle[...]'" 204 + "CVE-2021-29427: '[...]there is a vulnerability which can lead to information disclosure and/or dependency poisoning[...] In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file.'" 205 + "CVE-2021-29428: '[...]the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.'" 206 + "CVE-2021-32751: '[...]start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script[...]'" 207 + ]; 208 }; 209 210 wrapGradle = {