qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gradle_6: drop

Browse Source 
Unmaintained since 10 Feb 2023:
https://endoflife.date/gradle

Numerous security vulnerabilities: #352236
This commit is contained in:
Tomo 2024-10-30 23:02:41 +00:00
parent b9106c977b
commit e45e0e2b95
4 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -334,6 +334,11 @@
This change requires granting access to the repositories to this user or
setting the appropriate one through `services.cgit.some-instance.user`.
- `gradle_6` was removed due to being [unsupported upstream as of 10 Feb 2023](https://endoflife.date/gradle).
Additionally, it had numerous security vulnerabilities that were only patched
in later versions, such as [CVE-2021-29429](https://nvd.nist.gov/vuln/detail/CVE-2021-32751),
[CVE-2021-29427](https://nvd.nist.gov/vuln/detail/CVE-2021-29427), [CVE-2021-29428](https://nvd.nist.gov/vuln/detail/CVE-2021-29428), and [CVE-2021-32751](https://nvd.nist.gov/vuln/detail/CVE-2021-32751).
- `nvimpager` was updated to version 0.13.0, which changes the order of user and
nvimpager settings: user commands in `-c` and `--cmd` now override the
respective default settings because they are executed later.

12
pkgs/development/tools/build-managers/gradle/default.nix
View File

@ -195,18 +195,6 @@ rec {
defaultJava = jdk17;
};
gradle_6 = gen {
version = "6.9.4";
hash = "sha256-PiQCKFON6fGHcqV06ZoLqVnoPW7zUQFDgazZYxeBOJo=";
defaultJava = jdk11;
meta.knownVulnerabilities = [
"CVE-2021-29429: '[...]files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle[...]'"
"CVE-2021-29427: '[...]there is a vulnerability which can lead to information disclosure and/or dependency poisoning[...] In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file.'"
"CVE-2021-29428: '[...]the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.'"
"CVE-2021-32751: '[...]start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script[...]'"
];
};
wrapGradle = {
lib, callPackage, mitm-cache, substituteAll, symlinkJoin, concatTextFile, makeSetupHook, nix-update-script
}:

2
pkgs/top-level/aliases.nix
View File

@ -466,6 +466,8 @@ mapAliases {
gnuradio3_9Minimal = throw "gnuradio3_9Minimal has been removed because it is not compatible with the latest volk and it had no dependent packages which justified it's distribution"; # Added 2024-07-28
gnuradio3_9Packages = throw "gnuradio3_9Minimal has been removed because it is not compatible with the latest volk and it had no dependent packages which justified it's distribution"; # Added 2024-07-28
gobby5 = throw "'gobby5' has been renamed to/replaced by 'gobby'"; # Converted to throw 2024-10-17
gradle_6 = throw "Gradle 6 has been removed, as it is end-of-life (https://endoflife.date/gradle) and has many vulnerabilities that are not resolved until Gradle 7."; # Added 2024-10-30
gradle_6-unwrapped = throw "Gradle 6 has been removed, as it is end-of-life (https://endoflife.date/gradle) and has many vulnerabilities that are not resolved until Gradle 7."; # Added 2024-10-30
#godot

2
pkgs/top-level/all-packages.nix
View File

@ -17609,12 +17609,10 @@ with pkgs;
gradleGen = gradle-packages.gen;
wrapGradle = callPackage gradle-packages.wrapGradle { };
gradle_6-unwrapped = callPackage gradle-packages.gradle_6 { };
gradle_7-unwrapped = callPackage gradle-packages.gradle_7 { };
gradle_8-unwrapped = callPackage gradle-packages.gradle_8 { };
gradle-unwrapped = gradle_8-unwrapped;
gradle_6 = wrapGradle gradle_6-unwrapped null;
gradle_7 = wrapGradle gradle_7-unwrapped null;
gradle_8 = wrapGradle gradle_8-unwrapped null;
gradle = wrapGradle gradle-unwrapped "gradle-unwrapped";