tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{ lib, stdenv, cmake, fetchFromGitHub }:
2
3stdenv.mkDerivation rec {
4 pname = "wasm3";
5 version = "0.5.0";
6
7 src = fetchFromGitHub {
8 owner = "wasm3";
9 repo = "wasm3";
10 rev = "v${version}";
11 sha256 = "07zzmk776j8ydyxhrnnjiscbhhmz182a62r6aix6kfk5kq2cwia2";
12 };
13
14 nativeBuildInputs = [ cmake ];
15
16 cmakeFlags = [
17 "-DBUILD_WASI=simple"
18 ];
19
20 installPhase = ''
21 runHook preInstall
22 install -Dm755 wasm3 -t $out/bin
23 runHook postInstall
24 '';
25
26 meta = with lib; {
27 homepage = "https://github.com/wasm3/wasm3";
28 description = "The fastest WebAssembly interpreter, and the most universal runtime.";
29 platforms = platforms.all;
30 maintainers = with maintainers; [ malbarbo ];
31 license = licenses.mit;
32 knownVulnerabilities = [
33 # wasm3 expects all wasm code to be pre-validated, any users
34 # should be aware that running unvalidated wasm will potentially
35 # lead to RCE until upstream have added a builtin validator
36 "CVE-2022-39974"
37 "CVE-2022-34529"
38 "CVE-2022-28990"
39 "CVE-2022-28966"
40 "CVE-2021-45947"
41 "CVE-2021-45946"
42 "CVE-2021-45929"
43 "CVE-2021-38592"
44 ];
45 };
46}