From 85ac7906661e42fb89e186f77fcf01a5c96586bd Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Wed, 11 Jan 2017 06:19:04 +0100
Subject: [PATCH] gnutls35: 3.5.5 -> 3.5.8

Fixes the following security issues:

  * CVE-2017-5334
  * CVE-2017-5335
  * CVE-2017-5336
  * CVE-2017-5337

See https://www.gnutls.org/news.html#2017-01-09 for more information.
---
 pkgs/development/libraries/gnutls/3.5.nix     | 8 +++++---
 pkgs/development/libraries/gnutls/generic.nix | 6 ++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/libraries/gnutls/3.5.nix b/pkgs/development/libraries/gnutls/3.5.nix
index 602df9f44a3..7d58bfcd67f 100644
--- a/pkgs/development/libraries/gnutls/3.5.nix
+++ b/pkgs/development/libraries/gnutls/3.5.nix
@@ -1,10 +1,12 @@
-{ callPackage, fetchurl, autoreconfHook, ... } @ args:
+{ callPackage, fetchurl, libunistring, ... } @ args:
 
 callPackage ./generic.nix (args // rec {
-  version = "3.5.5";
+  version = "3.5.8";
 
   src = fetchurl {
     url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-${version}.tar.xz";
-    sha256 = "0ag5q3dfxzv0dmqy7q0a8y74yc3m5yzvjrp324l6vqafh3klz6c6";
+    sha256 = "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf";
   };
+
+  buildInputs = [ libunistring ];
 })
diff --git a/pkgs/development/libraries/gnutls/generic.nix b/pkgs/development/libraries/gnutls/generic.nix
index 9425bd7c6a6..67a969b1178 100644
--- a/pkgs/development/libraries/gnutls/generic.nix
+++ b/pkgs/development/libraries/gnutls/generic.nix
@@ -4,6 +4,7 @@
 
 # Version dependent args
 , version, src, patches ? [], postPatch ? "", nativeBuildInputs ? []
+, buildInputs ? []
 , ...}:
 
 assert guileBindings -> guile != null;
@@ -41,7 +42,8 @@ stdenv.mkDerivation {
     ++ lib.optional (stdenv.isFreeBSD || stdenv.isDarwin) libiconv
     ++ lib.optional (tpmSupport && stdenv.isLinux) trousers
     ++ [ unbound ]
-    ++ lib.optional guileBindings guile;
+    ++ lib.optional guileBindings guile
+    ++ buildInputs;
 
   nativeBuildInputs = [ perl pkgconfig ] ++ nativeBuildInputs;
 
@@ -75,7 +77,7 @@ stdenv.mkDerivation {
 
     homepage = http://www.gnu.org/software/gnutls/;
     license = licenses.lgpl21Plus;
-    maintainers = with maintainers; [ eelco wkennington ];
+    maintainers = with maintainers; [ eelco wkennington fpletz ];
     platforms = platforms.all;
   };
 }