libgcrypt: 1.5.6 -> 1.8.10

author: Alexis Hildebrandt <afh@surryhill.net> 2023-02-07 12:17:48 +0100
committer: Alexis Hildebrandt <afh@surryhill.net> 2023-04-13 20:25:41 +0200
commit: 6be78e28b446703b80e83724b3cf14c44b9bbca7 (patch)
tree: 530eb49017ce5ef2b68cdfbca66e8678ed35a9f8 /pkgs/development/libraries/libgcrypt
parent: 5557fcff78472f808ee254ee3470a85faf594612 (diff)
download: nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.gz
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.bz2
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.lz
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.xz
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.zst
nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.zip
2 files changed, 75 insertions, 53 deletions
diff --git a/pkgs/development/libraries/libgcrypt/1.5.nix b/pkgs/development/libraries/libgcrypt/1.5.nix
deleted file mode 100644
index 918ed20efaaf..000000000000
--- a/pkgs/development/libraries/libgcrypt/1.5.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ lib, stdenv, fetchpatch, fetchurl, libgpg-error, enableCapabilities ? false, libcap }:
-
-assert enableCapabilities -> stdenv.isLinux;
-
-stdenv.mkDerivation rec {
-  pname = "libgcrypt";
-  version = "1.5.6";
-
-  src = fetchurl {
-    url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2";
-    sha256 = "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h";
-  };
-
-  patches = lib.optionals stdenv.isDarwin [
-    (fetchpatch {
-      name = "fix-x86_64-apple-darwin.patch";
-      sha256 = "138sfwl1avpy19320dbd63mskspc1khlc93j1f1zmylxx3w19csi";
-      url = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=71939faa7c54e7b4b28d115e748a85f134876a02";
-    })
-  ];
-
-  buildInputs =
-    [ libgpg-error ]
-    ++ lib.optional enableCapabilities libcap;
-
-  # Make sure libraries are correct for .pc and .la files
-  # Also make sure includes are fixed for callers who don't use libgpgcrypt-config
-  postInstall = ''
-    sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' $out/include/gcrypt.h
-  '' + lib.optionalString enableCapabilities ''
-    sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la
-  '';
-
-  doCheck = true;
-
-  meta = with lib; {
-    homepage = "https://www.gnu.org/software/libgcrypt/";
-    description = "General-pupose cryptographic library";
-    license = licenses.lgpl2Plus;
-    platforms = platforms.all;
-    knownVulnerabilities = [
-      "CVE-2014-3591"
-      "CVE-2015-0837"
-      "CVE-2015-7511"
-      "CVE-2017-0379"
-      "CVE-2017-7526"
-      "CVE-2017-9526"
-      "CVE-2018-0495"
-      "CVE-2018-6829"
-      "CVE-2018-12437"
-    ];
-  };
-}
diff --git a/pkgs/development/libraries/libgcrypt/1.8.nix b/pkgs/development/libraries/libgcrypt/1.8.nix
new file mode 100644
index 000000000000..cce79780f1cb
--- /dev/null
+++ b/pkgs/development/libraries/libgcrypt/1.8.nix
@@ -0,0 +1,75 @@
+{ lib
+, stdenv
+, fetchurl
+, libgpg-error
+, enableCapabilities ? false, libcap
+, buildPackages
+# for passthru.tests
+, gnupg
+, libotr
+, rsyslog
+}:
+
+assert enableCapabilities -> stdenv.isLinux;
+
+stdenv.mkDerivation rec {
+  pname = "libgcrypt";
+  version = "1.8.10";
+
+  src = fetchurl {
+    url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2";
+    sha256 = "sha256-aJaRVQH5UeI9AtywRTRpwswiqk13oAH/c6JkfC0p590=";
+  };
+
+  outputs = [ "out" "dev" "info" ];
+  outputBin = "dev";
+
+  # The CPU Jitter random number generator must not be compiled with
+  # optimizations and the optimize -O0 pragma only works for gcc.
+  # The build enables -O2 by default for everything else.
+  hardeningDisable = lib.optional stdenv.cc.isClang "fortify";
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+
+  buildInputs = [ libgpg-error ]
+    ++ lib.optional enableCapabilities libcap;
+
+  strictDeps = true;
+
+  configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" ]
+      ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157
+
+  # Necessary to generate correct assembly when compiling for aarch32 on
+  # aarch64
+  configurePlatforms = [ "host" "build" ];
+
+  postConfigure = ''
+    sed -i configure \
+        -e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/'
+  '';
+
+  # Make sure libraries are correct for .pc and .la files
+  # Also make sure includes are fixed for callers who don't use libgpgcrypt-config
+  postFixup = ''
+    sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h"
+  '' + lib.optionalString enableCapabilities ''
+    sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la
+  '';
+
+  doCheck = true;
+
+  passthru.tests = {
+    inherit gnupg libotr rsyslog;
+  };
+
+  meta = with lib; {
+    homepage = "https://www.gnu.org/software/libgcrypt/";
+    changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}";
+    description = "General-purpose cryptographic library";
+    license = licenses.lgpl2Plus;
+    platforms = platforms.all;
+    knownVulnerabilities = [
+      "CVE-2018-12437" # CVE is about LibTomCrypt
+    ];
+  };
+}
author	Alexis Hildebrandt <afh@surryhill.net>	2023-02-07 12:17:48 +0100
committer	Alexis Hildebrandt <afh@surryhill.net>	2023-04-13 20:25:41 +0200
commit	6be78e28b446703b80e83724b3cf14c44b9bbca7 (patch)
tree	530eb49017ce5ef2b68cdfbca66e8678ed35a9f8 /pkgs/development/libraries/libgcrypt
parent	5557fcff78472f808ee254ee3470a85faf594612 (diff)
download	nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.gz nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.bz2 nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.lz nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.xz nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.tar.zst nixlib-6be78e28b446703b80e83724b3cf14c44b9bbca7.zip