diff options
author | K900 <me@0upti.me> | 2023-04-13 11:46:59 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-13 11:46:59 +0300 |
commit | 6092709f22a403b4ef5685828b03a1262d43268f (patch) | |
tree | e12d3ec94ac59c7ccb40bfd2859fe47ff80d5571 /pkgs/development/libraries/libgcrypt | |
parent | 59695dcb9ef6287c6195e12e2e15d8ad47f18a64 (diff) | |
download | nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar.gz nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar.bz2 nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar.lz nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar.xz nixlib-6092709f22a403b4ef5685828b03a1262d43268f.tar.zst nixlib-6092709f22a403b4ef5685828b03a1262d43268f.zip |
Revert "Add LTS version of GnuPG and update libgcrypt to latest LTS version"
Diffstat (limited to 'pkgs/development/libraries/libgcrypt')
-rw-r--r-- | pkgs/development/libraries/libgcrypt/1.5.nix | 53 | ||||
-rw-r--r-- | pkgs/development/libraries/libgcrypt/1.8.nix | 75 |
2 files changed, 53 insertions, 75 deletions
diff --git a/pkgs/development/libraries/libgcrypt/1.5.nix b/pkgs/development/libraries/libgcrypt/1.5.nix new file mode 100644 index 000000000000..918ed20efaaf --- /dev/null +++ b/pkgs/development/libraries/libgcrypt/1.5.nix @@ -0,0 +1,53 @@ +{ lib, stdenv, fetchpatch, fetchurl, libgpg-error, enableCapabilities ? false, libcap }: + +assert enableCapabilities -> stdenv.isLinux; + +stdenv.mkDerivation rec { + pname = "libgcrypt"; + version = "1.5.6"; + + src = fetchurl { + url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; + sha256 = "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"; + }; + + patches = lib.optionals stdenv.isDarwin [ + (fetchpatch { + name = "fix-x86_64-apple-darwin.patch"; + sha256 = "138sfwl1avpy19320dbd63mskspc1khlc93j1f1zmylxx3w19csi"; + url = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=71939faa7c54e7b4b28d115e748a85f134876a02"; + }) + ]; + + buildInputs = + [ libgpg-error ] + ++ lib.optional enableCapabilities libcap; + + # Make sure libraries are correct for .pc and .la files + # Also make sure includes are fixed for callers who don't use libgpgcrypt-config + postInstall = '' + sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' $out/include/gcrypt.h + '' + lib.optionalString enableCapabilities '' + sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la + ''; + + doCheck = true; + + meta = with lib; { + homepage = "https://www.gnu.org/software/libgcrypt/"; + description = "General-pupose cryptographic library"; + license = licenses.lgpl2Plus; + platforms = platforms.all; + knownVulnerabilities = [ + "CVE-2014-3591" + "CVE-2015-0837" + "CVE-2015-7511" + "CVE-2017-0379" + "CVE-2017-7526" + "CVE-2017-9526" + "CVE-2018-0495" + "CVE-2018-6829" + "CVE-2018-12437" + ]; + }; +} diff --git a/pkgs/development/libraries/libgcrypt/1.8.nix b/pkgs/development/libraries/libgcrypt/1.8.nix deleted file mode 100644 index cce79780f1cb..000000000000 --- a/pkgs/development/libraries/libgcrypt/1.8.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ lib -, stdenv -, fetchurl -, libgpg-error -, enableCapabilities ? false, libcap -, buildPackages -# for passthru.tests -, gnupg -, libotr -, rsyslog -}: - -assert enableCapabilities -> stdenv.isLinux; - -stdenv.mkDerivation rec { - pname = "libgcrypt"; - version = "1.8.10"; - - src = fetchurl { - url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; - sha256 = "sha256-aJaRVQH5UeI9AtywRTRpwswiqk13oAH/c6JkfC0p590="; - }; - - outputs = [ "out" "dev" "info" ]; - outputBin = "dev"; - - # The CPU Jitter random number generator must not be compiled with - # optimizations and the optimize -O0 pragma only works for gcc. - # The build enables -O2 by default for everything else. - hardeningDisable = lib.optional stdenv.cc.isClang "fortify"; - - depsBuildBuild = [ buildPackages.stdenv.cc ]; - - buildInputs = [ libgpg-error ] - ++ lib.optional enableCapabilities libcap; - - strictDeps = true; - - configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" ] - ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157 - - # Necessary to generate correct assembly when compiling for aarch32 on - # aarch64 - configurePlatforms = [ "host" "build" ]; - - postConfigure = '' - sed -i configure \ - -e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/' - ''; - - # Make sure libraries are correct for .pc and .la files - # Also make sure includes are fixed for callers who don't use libgpgcrypt-config - postFixup = '' - sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h" - '' + lib.optionalString enableCapabilities '' - sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la - ''; - - doCheck = true; - - passthru.tests = { - inherit gnupg libotr rsyslog; - }; - - meta = with lib; { - homepage = "https://www.gnu.org/software/libgcrypt/"; - changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}"; - description = "General-purpose cryptographic library"; - license = licenses.lgpl2Plus; - platforms = platforms.all; - knownVulnerabilities = [ - "CVE-2018-12437" # CVE is about LibTomCrypt - ]; - }; -} |