From 3b3a6367c86aa8c8d472c5d83acead14419d2330 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Wed, 1 May 2019 16:28:07 +0200
Subject: [PATCH] signing-party: 2.9 -> 2.10 (security, CVE-2019-11627)

I switched to fetchFromGitLab for more transparency and because 2.10 is
not yet available on any Debian mirrors.
A drawback is that any dates in the man pages will now always be
set to 1970-01-01, because fetchFromGitLab removes the timestamps from
$src (not manually but by unpacking the archive).
---
 pkgs/tools/security/signing-party/default.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix
index b3ec973368c..29af5a5cc0a 100644
--- a/pkgs/tools/security/signing-party/default.nix
+++ b/pkgs/tools/security/signing-party/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoconf, automake, makeWrapper
+{ stdenv, fetchFromGitLab, autoconf, automake, makeWrapper
 , python3, perl, perlPackages
 , libmd, gnupg1, which, getopt, libpaper, nettools, qprint
 , sendmailPath ? "/run/wrappers/bin/sendmail" }:
@@ -13,12 +13,15 @@ let
   ];
 in stdenv.mkDerivation rec {
   pname = "signing-party";
-  version = "2.9";
+  version = "2.10";
   name = "${pname}-${version}";
 
-  src = fetchurl {
-    url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz";
-    sha256 = "14pgi45zqa0zd1ldfj9mnf9jgv5kfrhl78lr8iy7k88p9h6b9n7n";
+  src = fetchFromGitLab {
+    domain = "salsa.debian.org";
+    owner = "signing-party-team";
+    repo = "signing-party";
+    rev = "v${version}";
+    sha256 = "0lq8nmwjmysry0n4jg6vb7bh0lagbyb9pa11ii3s41p1mhzchf2r";
   };
 
   # TODO: Get this patch upstream...