diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/botan')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/2.0.nix | 19 | ||||
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/default.nix | 17 | ||||
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/botan/generic.nix | 57 |
3 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/botan/2.0.nix b/nixpkgs/pkgs/development/libraries/botan/2.0.nix new file mode 100644 index 000000000000..113c4a27b919 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/botan/2.0.nix @@ -0,0 +1,19 @@ +{ callPackage, fetchpatch, ... } @ args: + +callPackage ./generic.nix (args // { + baseVersion = "2.18"; + revision = "1"; + sha256 = "0adf53drhk1hlpfih0175c9081bqpclw6p2afn51cmx849ib9izq"; + postPatch = '' + sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt + ''; + extraPatches = [ + (fetchpatch { + name = "CVE-2021-40529.patch"; + url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch"; + sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y"; + # our source tarball doesn't include the tests + excludes = [ "src/tests/*" ]; + }) + ]; +}) diff --git a/nixpkgs/pkgs/development/libraries/botan/default.nix b/nixpkgs/pkgs/development/libraries/botan/default.nix new file mode 100644 index 000000000000..d6ee9ff152f4 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/botan/default.nix @@ -0,0 +1,17 @@ +{ callPackage, ... } @ args: + +callPackage ./generic.nix (args // { + baseVersion = "1.10"; + revision = "17"; + sha256 = "04rnha712dd3sdb2q7k2yw45sf405jyigk7yrjfr6bwd9fvgyiv8"; + sourceExtension = "tgz"; + extraConfigureFlags = "--with-gnump"; + postPatch = '' + sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt + ''; + knownVulnerabilities = [ + "CVE-2021-40529" + # https://botan.randombit.net/security.html#id1 + "2020-03-24: Side channel during CBC padding" + ]; +}) diff --git a/nixpkgs/pkgs/development/libraries/botan/generic.nix b/nixpkgs/pkgs/development/libraries/botan/generic.nix new file mode 100644 index 000000000000..1384bdee9add --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/botan/generic.nix @@ -0,0 +1,57 @@ +{ lib, stdenv, fetchurl, python3, bzip2, zlib, gmp, openssl, boost +# Passed by version specific builders +, baseVersion, revision, sha256 +, sourceExtension ? "tar.xz" +, extraConfigureFlags ? "" +, extraPatches ? [ ] +, postPatch ? null +, knownVulnerabilities ? [ ] +, CoreServices +, Security +, ... +}: + +stdenv.mkDerivation rec { + pname = "botan"; + version = "${baseVersion}.${revision}"; + + src = fetchurl { + name = "Botan-${version}.${sourceExtension}"; + urls = [ + "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.${sourceExtension}" + "http://botan.randombit.net/releases/Botan-${version}.${sourceExtension}" + ]; + inherit sha256; + }; + patches = extraPatches; + inherit postPatch; + + buildInputs = [ python3 bzip2 zlib gmp openssl boost ] + ++ lib.optionals stdenv.isDarwin [ CoreServices Security ]; + + configurePhase = '' + python configure.py --prefix=$out --with-bzip2 --with-zlib ${if openssl != null then "--with-openssl" else ""} ${extraConfigureFlags}${if stdenv.cc.isClang then " --cc=clang" else "" } + ''; + + enableParallelBuilding = true; + + preInstall = '' + if [ -d src/scripts ]; then + patchShebangs src/scripts + fi + ''; + + postInstall = '' + cd "$out"/lib/pkgconfig + ln -s botan-*.pc botan.pc || true + ''; + + meta = with lib; { + description = "Cryptographic algorithms library"; + maintainers = with maintainers; [ raskin ]; + platforms = platforms.unix; + license = licenses.bsd2; + inherit knownVulnerabilities; + }; + passthru.updateInfo.downloadPage = "http://files.randombit.net/botan/"; +} |