[arch-commits] Commit in zaproxy/trunk (PKGBUILD)
Leonidas Spyropoulos
artafinde at gemini.archlinux.org
Wed May 18 23:50:08 UTC 2022
Date: Wednesday, May 18, 2022 @ 23:50:08
Author: artafinde
Revision: 1209197
zaproxy: patch for CVE-2021-44228, CVE-2021-45046
Patching log4j to 2.17.1 to address vulerabilities and building from source
tarball instead of downloading the provided tarball which has already the
compiled jars.
https://security.archlinux.org/AVG-2626
Modified:
zaproxy/trunk/PKGBUILD
----------+
PKGBUILD | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-05-18 23:14:44 UTC (rev 1209196)
+++ PKGBUILD 2022-05-18 23:50:08 UTC (rev 1209197)
@@ -4,18 +4,20 @@
pkgname=zaproxy
pkgver=2.11.1
-pkgrel=1
+pkgrel=2
pkgdesc='Integrated penetration testing tool for finding vulnerabilities in web applications'
url='https://www.owasp.org/index.php/ZAP'
arch=('any')
license=('Apache')
depends=('bash' 'java-runtime' 'ttf-font')
-source=(https://github.com/zaproxy/zaproxy/releases/download/v${pkgver}/ZAP_${pkgver}_Linux.tar.gz)
-sha512sums=('e31c0e48b05f6e6baef751ac760f7dbde17431f69f9a14c7280ed68a473b4c1eb5558889b5e45b3e7b09cb9b76208fb86871e67e7a5eee904b21dfa0ba582f11')
-b2sums=('e9aa24a4db5c2950eeb1234629a047c677fca8a3b17e657826cc065744aa9d630db4d6394f98e9b6b3cb3a6e7bf09a519c7b1fb24189e2433ee2ae6bbb086e62')
+_java=8
+makedepends=('gradle' "java-environment=${_java}")
+source=(${pkgname}-${pkgver}.tar.gz::"https://github.com/zaproxy/zaproxy/archive/v${pkgver}.tar.gz")
+sha512sums=('7018e6a71a4e75c5061f01a36dbdc89b3b8109aa86e81783351e2a2abdbbde2646c6c7cbdc3dd97f628e58506d0feb4467d5f040843c6d09fbd2a341cb9052fa')
+b2sums=('402417e705715c0648d03928078965a1d8958019fe3961c6015bff24da1c6a60f384cb16595c0e339f0c175a1f7a54ec9abd3676b5754d7834314e4183337e59')
prepare() {
- cd ZAP_${pkgver}
+ cd ${pkgname}-${pkgver}
cat > ${pkgname} <<EOF
#!/bin/sh
cd /usr/share/zaproxy
@@ -22,12 +24,23 @@
./zap.sh
cd -
EOF
+
+ # https://security.archlinux.org/AVG-2626
+ sed -i 's/log4jVersion = "2.15.0"/log4jVersion = "2.17.1"/' zap/zap.gradle.kts
}
+build() {
+ cd ${pkgname}-${pkgver}
+ export PATH="/usr/lib/jvm/java-${_java}-openjdk/bin:$PATH"
+ export JAVA_HOME="/usr/lib/jvm/java-${_java}-openjdk"
+ gradle :zap:distLinux
+}
+
package() {
- cd ZAP_${pkgver}
+ cd ${pkgname}-${pkgver}
install -d "${pkgdir}/usr/share/${pkgname}"
- cp -pR . "${pkgdir}/usr/share/${pkgname}"
+ tar zxf zap/build/distributions/ZAP_${pkgver}_Linux.tar.gz
+ cp -pR ZAP_${pkgver}/. "${pkgdir}/usr/share/${pkgname}"
install -Dm 755 ${pkgname} "${pkgdir}/usr/bin/${pkgname}"
}
More information about the arch-commits
mailing list