diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-09-13 11:53:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-09-13 17:18:49 +0000 |
commit | c3e005913d59b8ad64004e60888a71816688af1f (patch) | |
tree | f65b32f0d16acaa40f2ee82ac736d150de4b6cf5 /nixpkgs/pkgs/development/libraries/botan | |
parent | 1c8034da05499ca3d999f57ba1f6b235e7711ee1 (diff) | |
parent | db88608d8c811a93b74c99cfa1224952afc78200 (diff) | |
download | nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar.gz nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar.bz2 nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar.lz nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar.xz nixlib-c3e005913d59b8ad64004e60888a71816688af1f.tar.zst nixlib-c3e005913d59b8ad64004e60888a71816688af1f.zip |
Merge commit 'db88608d8c811a93b74c99cfa1224952afc78200'
Conflicts: nixpkgs/nixos/modules/config/update-users-groups.pl
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/botan')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/2.0.nix | 15 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/default.nix | 1 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/generic.nix | 2 |
3 files changed, 15 insertions, 3 deletions
diff --git a/nixpkgs/pkgs/development/libraries/botan/2.0.nix b/nixpkgs/pkgs/development/libraries/botan/2.0.nix index a486ba498205..113c4a27b919 100644 --- a/nixpkgs/pkgs/development/libraries/botan/2.0.nix +++ b/nixpkgs/pkgs/development/libraries/botan/2.0.nix @@ -1,10 +1,19 @@ -{ callPackage, ... } @ args: +{ callPackage, fetchpatch, ... } @ args: callPackage ./generic.nix (args // { baseVersion = "2.18"; - revision = "0"; - sha256 = "09z3fy31q1pvnvpy4fswrsl2aq8ksl94lbh5rl7b6nqc3qp8ar6c"; + revision = "1"; + sha256 = "0adf53drhk1hlpfih0175c9081bqpclw6p2afn51cmx849ib9izq"; postPatch = '' sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt ''; + extraPatches = [ + (fetchpatch { + name = "CVE-2021-40529.patch"; + url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch"; + sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y"; + # our source tarball doesn't include the tests + excludes = [ "src/tests/*" ]; + }) + ]; }) diff --git a/nixpkgs/pkgs/development/libraries/botan/default.nix b/nixpkgs/pkgs/development/libraries/botan/default.nix index c494fa25f771..d6ee9ff152f4 100644 --- a/nixpkgs/pkgs/development/libraries/botan/default.nix +++ b/nixpkgs/pkgs/development/libraries/botan/default.nix @@ -10,6 +10,7 @@ callPackage ./generic.nix (args // { sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt ''; knownVulnerabilities = [ + "CVE-2021-40529" # https://botan.randombit.net/security.html#id1 "2020-03-24: Side channel during CBC padding" ]; diff --git a/nixpkgs/pkgs/development/libraries/botan/generic.nix b/nixpkgs/pkgs/development/libraries/botan/generic.nix index 3313b8c4fcd1..1384bdee9add 100644 --- a/nixpkgs/pkgs/development/libraries/botan/generic.nix +++ b/nixpkgs/pkgs/development/libraries/botan/generic.nix @@ -3,6 +3,7 @@ , baseVersion, revision, sha256 , sourceExtension ? "tar.xz" , extraConfigureFlags ? "" +, extraPatches ? [ ] , postPatch ? null , knownVulnerabilities ? [ ] , CoreServices @@ -22,6 +23,7 @@ stdenv.mkDerivation rec { ]; inherit sha256; }; + patches = extraPatches; inherit postPatch; buildInputs = [ python3 bzip2 zlib gmp openssl boost ] |