about summary refs log tree commit diff
path: root/pkgs/tools/security/opencryptoki
diff options
context:
space:
mode:
authorRobert Schütz <nix@dotlambda.de>2023-02-09 09:25:05 -0800
committerRobert Schütz <nix@dotlambda.de>2023-02-12 18:03:44 -0800
commit08834266e1f49e824a2057f1c7b6eb06d8409a68 (patch)
treeba2441bb9a368535975b59221b2f0ab815ba05bb /pkgs/tools/security/opencryptoki
parent7b2a482ea0240ef989001c6a6c28b47db7790483 (diff)
downloadnixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar.gz
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar.bz2
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar.lz
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar.xz
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.tar.zst
nixlib-08834266e1f49e824a2057f1c7b6eb06d8409a68.zip
opencryptoki: 3.8.2 -> 3.19.0
fixes CVE-2021-3798

Diff: https://github.com/opencryptoki/opencryptoki/compare/v3.8.2...v3.19.0

Changelog: https://github.com/opencryptoki/opencryptoki/blob/v3.19.0/ChangeLog
Diffstat (limited to 'pkgs/tools/security/opencryptoki')
-rw-r--r--pkgs/tools/security/opencryptoki/default.nix36
1 files changed, 29 insertions, 7 deletions
diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix
index 140f032a5fde..dcb1c0bb0cbe 100644
--- a/pkgs/tools/security/opencryptoki/default.nix
+++ b/pkgs/tools/security/opencryptoki/default.nix
@@ -1,18 +1,36 @@
-{ lib, stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, bison
+, flex
+, openldap
+, openssl
+, trousers
+}:
 
 stdenv.mkDerivation rec {
   pname = "opencryptoki";
-  version = "3.8.2";
+  version = "3.19.0";
 
   src = fetchFromGitHub {
     owner = "opencryptoki";
     repo = "opencryptoki";
     rev = "v${version}";
-    sha256 = "1rf7cmibmx636vzv7p54g212478a8wim2lfjf2861hfd0m96nv4l";
+    hash = "sha256-ym13I34H3d1JuVBnItkceUbqpjYFhD+mPgWYHPetF7Y=";
   };
 
-  nativeBuildInputs = [ autoreconfHook libtool bison flex ];
-  buildInputs = [ openssl trousers ];
+  nativeBuildInputs = [
+    autoreconfHook
+    bison
+    flex
+  ];
+
+  buildInputs = [
+    openldap
+    openssl
+    trousers
+  ];
 
   postPatch = ''
     substituteInPlace configure.ac \
@@ -20,18 +38,22 @@ stdenv.mkDerivation rec {
       --replace "groupadd" "true" \
       --replace "chmod" "true" \
       --replace "chgrp" "true"
-    substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out"
   '';
 
   configureFlags = [
-    "--prefix=$(out)"
+    "--prefix="
     "--disable-ccatok"
     "--disable-icatok"
   ];
 
   enableParallelBuilding = true;
 
+  installFlags = [
+    "DESTDIR=${placeholder "out"}"
+  ];
+
   meta = with lib; {
+    changelog   = "https://github.com/opencryptoki/opencryptoki/blob/${src.rev}/ChangeLog";
     description = "PKCS#11 implementation for Linux";
     homepage    = "https://github.com/opencryptoki/opencryptoki";
     license     = licenses.cpl10;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 11:52:14 +0000