botan2: 2.9.0 -> 2.17.2

In botan 2.11.0 the upstream switched to tar.xz archives. To continue supporting botan1 the source package extension can now be overriden from within the specialized package. Addresses two advisories, neither of which received a CVE: - 2020-07-05: Failure to enforce name constraints on alternative names - 2020-03-24: Side channel during CBC padding
2020-11-30 17:00:57 +01:00
parent afd9e06a8d
commit 4630fcf686
3 changed files with 8 additions and 6 deletions
--- a/pkgs/development/libraries/botan/2.0.nix
+++ b/pkgs/development/libraries/botan/2.0.nix
@@ -1,9 +1,9 @@
 { callPackage, ... } @ args:

 callPackage ./generic.nix (args // {
-  baseVersion = "2.9";
-  revision = "0";
-  sha256 = "06fiyalvc68p11qqh953azx2vrbav5vr00yvcfp67p9l4csn8m9h";
+  baseVersion = "2.17";
+  revision = "2";
+  sha256 = "0v0yiq0qxcrsn5b34j6bz8i6pds8dih2ds90ylmy1msm5gz7vqpb";
  postPatch = ''
    sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
  '';
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@@ -4,6 +4,7 @@ callPackage ./generic.nix (args // {
  baseVersion = "1.10";
  revision = "17";
  sha256 = "04rnha712dd3sdb2q7k2yw45sf405jyigk7yrjfr6bwd9fvgyiv8";
+  sourceExtension = "tgz";
  extraConfigureFlags = "--with-gnump";
  postPatch = ''
    sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@@ -1,6 +1,7 @@
 { stdenv, fetchurl, python, bzip2, zlib, gmp, openssl, boost
 # Passed by version specific builders
 , baseVersion, revision, sha256
+, sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
 , darwin
@@ -12,10 +13,10 @@ stdenv.mkDerivation rec {
  version = "${baseVersion}.${revision}";

  src = fetchurl {
-    name = "Botan-${version}.tgz";
+    name = "Botan-${version}.${sourceExtension}";
    urls = [
-       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.tgz"
-       "http://botan.randombit.net/releases/Botan-${version}.tgz"
+       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.${sourceExtension}"
+       "http://botan.randombit.net/releases/Botan-${version}.${sourceExtension}"
    ];
    inherit sha256;
  };