From 4630fcf686b7b178e101e89d0bd8e8af1684ab97 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 30 Nov 2020 17:00:57 +0100
Subject: [PATCH 1/2] botan2: 2.9.0 -> 2.17.2

In botan 2.11.0 the upstream switched to tar.xz archives. To continue
supporting botan1 the source package extension can now be overriden from
within the specialized package.

Addresses two advisories, neither of which received a CVE:
- 2020-07-05: Failure to enforce name constraints on alternative names
- 2020-03-24: Side channel during CBC padding
---
 pkgs/development/libraries/botan/2.0.nix     | 6 +++---
 pkgs/development/libraries/botan/default.nix | 1 +
 pkgs/development/libraries/botan/generic.nix | 7 ++++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix
index 22ddb76b29b..2346153e2a1 100644
--- a/pkgs/development/libraries/botan/2.0.nix
+++ b/pkgs/development/libraries/botan/2.0.nix
@@ -1,9 +1,9 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  baseVersion = "2.9";
-  revision = "0";
-  sha256 = "06fiyalvc68p11qqh953azx2vrbav5vr00yvcfp67p9l4csn8m9h";
+  baseVersion = "2.17";
+  revision = "2";
+  sha256 = "0v0yiq0qxcrsn5b34j6bz8i6pds8dih2ds90ylmy1msm5gz7vqpb";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';
diff --git a/pkgs/development/libraries/botan/default.nix b/pkgs/development/libraries/botan/default.nix
index 04652aa013a..8bcc6aaa8ef 100644
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@@ -4,6 +4,7 @@ callPackage ./generic.nix (args // {
   baseVersion = "1.10";
   revision = "17";
   sha256 = "04rnha712dd3sdb2q7k2yw45sf405jyigk7yrjfr6bwd9fvgyiv8";
+  sourceExtension = "tgz";
   extraConfigureFlags = "--with-gnump";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix
index 18b1b47f6d3..4d2cf7515c0 100644
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@@ -1,6 +1,7 @@
 { stdenv, fetchurl, python, bzip2, zlib, gmp, openssl, boost
 # Passed by version specific builders
 , baseVersion, revision, sha256
+, sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
 , darwin
@@ -12,10 +13,10 @@ stdenv.mkDerivation rec {
   version = "${baseVersion}.${revision}";
 
   src = fetchurl {
-    name = "Botan-${version}.tgz";
+    name = "Botan-${version}.${sourceExtension}";
     urls = [
-       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.tgz"
-       "http://botan.randombit.net/releases/Botan-${version}.tgz"
+       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.${sourceExtension}"
+       "http://botan.randombit.net/releases/Botan-${version}.${sourceExtension}"
     ];
     inherit sha256;
   };

From e88bdd5f50d949fdd6b2a8722c22119bdc4bfefc Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 30 Nov 2020 19:57:30 +0100
Subject: [PATCH 2/2] neopg: mark as broken

Fails to build with recent versions of botan2. The issue has been
reported upstream at https://github.com/das-labor/neopg/issues/98.
---
 pkgs/tools/security/neopg/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix
index 4f4f660e20f..8c0d31853ff 100644
--- a/pkgs/tools/security/neopg/default.nix
+++ b/pkgs/tools/security/neopg/default.nix
@@ -44,5 +44,6 @@ stdenv.mkDerivation rec {
     '';
     maintainers = with maintainers; [ erictapen ];
     platforms = platforms.linux;
+    broken = true; # fails to build with recent versions of botan. https://github.com/das-labor/neopg/issues/98
   };
 }