a19cd4ffb1
This reverts commit 65a333600d5c88a98d674f637d092807cfc12253. This wasn't tested for correctness with something like fodwatch [0], and should not have been (self-)merged so quickly, especially without further review. It also resulted in the breakage of at least one package [1] (and that's the one we know of and was caught). A few packages that were updated in between this commit and this revert were not reverted back to using `rev`, but other than that, this is a 1:1 revert. [0]: https://codeberg.org/raphaelr/fodwatch [1]: https://github.com/NixOS/nixpkgs/pull/396904 / 758551e4587d75882aebc21a04bee960418f8ce9
52 lines
1.1 KiB
Nix
52 lines
1.1 KiB
Nix
{
|
|
lib,
|
|
stdenv,
|
|
cmake,
|
|
fetchFromGitHub,
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "wasm3";
|
|
version = "0.5.0";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "wasm3";
|
|
repo = "wasm3";
|
|
rev = "v${version}";
|
|
sha256 = "07zzmk776j8ydyxhrnnjiscbhhmz182a62r6aix6kfk5kq2cwia2";
|
|
};
|
|
|
|
nativeBuildInputs = [ cmake ];
|
|
|
|
cmakeFlags = [
|
|
"-DBUILD_WASI=simple"
|
|
];
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
install -Dm755 wasm3 -t $out/bin
|
|
runHook postInstall
|
|
'';
|
|
|
|
meta = with lib; {
|
|
homepage = "https://github.com/wasm3/wasm3";
|
|
description = "Fastest WebAssembly interpreter, and the most universal runtime";
|
|
platforms = platforms.all;
|
|
maintainers = with maintainers; [ malbarbo ];
|
|
license = licenses.mit;
|
|
knownVulnerabilities = [
|
|
# wasm3 expects all wasm code to be pre-validated, any users
|
|
# should be aware that running unvalidated wasm will potentially
|
|
# lead to RCE until upstream have added a builtin validator
|
|
"CVE-2022-39974"
|
|
"CVE-2022-34529"
|
|
"CVE-2022-28990"
|
|
"CVE-2022-28966"
|
|
"CVE-2021-45947"
|
|
"CVE-2021-45946"
|
|
"CVE-2021-45929"
|
|
"CVE-2021-38592"
|
|
];
|
|
};
|
|
}
|