|
|
|
@ -1,4 +1,4 @@ |
|
|
|
|
{ lib, stdenv, fetchurl, writeText, unzip, nixosTests }: |
|
|
|
|
{ lib, stdenv, fetchurl, writeText, unzip, nixosTests, fetchpatch }: |
|
|
|
|
|
|
|
|
|
stdenv.mkDerivation rec { |
|
|
|
|
pname = "invoiceplane"; |
|
|
|
@ -9,6 +9,37 @@ stdenv.mkDerivation rec { |
|
|
|
|
sha256 = "137g0xps4kb3j7f5gz84ql18iggbya6d9dnrfp05g2qcbbp8kqad"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
patches = [ |
|
|
|
|
|
|
|
|
|
# Fix CVE-2021-29024, unauthenticated directory listing |
|
|
|
|
# Should be included in a later release > 1.5.11 |
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/166655 |
|
|
|
|
# https://github.com/InvoicePlane/InvoicePlane/pull/754 |
|
|
|
|
(fetchpatch { |
|
|
|
|
url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/754.patch"; |
|
|
|
|
sha256 = "sha256-EHXw7Zqli/nA3tPIrhxpt8ueXvDtshz0XRzZT78sdQk="; |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
# Fix CVE-2021-29023, password reset rate-limiting |
|
|
|
|
# Should be included in a later release > 1.5.11 |
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/166655 |
|
|
|
|
# https://github.com/InvoicePlane/InvoicePlane/pull/739 |
|
|
|
|
(fetchpatch { |
|
|
|
|
url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/739.patch"; |
|
|
|
|
sha256 = "sha256-6ksJjW6awr3lZsDRxa22pCcRGBVBYyV8+TbhOp6HBq0="; |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
# Fix CVE-2021-29022, full path disclosure |
|
|
|
|
# Should be included in a later release > 1.5.11 |
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/166655 |
|
|
|
|
# https://github.com/InvoicePlane/InvoicePlane/pull/767 |
|
|
|
|
#(fetchpatch { |
|
|
|
|
# url = "https://patch-diff.githubusercontent.com/raw/InvoicePlane/InvoicePlane/pull/767.patch"; |
|
|
|
|
# sha256 = "sha256-rSWDH8KeHSRWLyQEa7RSwv+8+ja9etTz+6Q9XThuwUo="; |
|
|
|
|
#}) |
|
|
|
|
|
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
nativeBuildInputs = [ unzip ]; |
|
|
|
|
|
|
|
|
|
sourceRoot = "."; |
|
|
|
|