From e8fe5c4eb4d447e01b6237bf4e4f719329e7ed86 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Wed, 8 Sep 2021 00:59:44 +0100 Subject: [PATCH] botan2: add patch for CVE-2021-40529 (cherry picked from commit 63bf10c8487963d50d67024859178178f776164a) --- pkgs/development/libraries/botan/2.0.nix | 11 ++++++++++- pkgs/development/libraries/botan/generic.nix | 2 ++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix index 84f0ebef69b..113c4a27b91 100644 --- a/pkgs/development/libraries/botan/2.0.nix +++ b/pkgs/development/libraries/botan/2.0.nix @@ -1,4 +1,4 @@ -{ callPackage, ... } @ args: +{ callPackage, fetchpatch, ... } @ args: callPackage ./generic.nix (args // { baseVersion = "2.18"; @@ -7,4 +7,13 @@ callPackage ./generic.nix (args // { postPatch = '' sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt ''; + extraPatches = [ + (fetchpatch { + name = "CVE-2021-40529.patch"; + url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch"; + sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y"; + # our source tarball doesn't include the tests + excludes = [ "src/tests/*" ]; + }) + ]; }) diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix index 2fc5abc2928..58f329fc8af 100644 --- a/pkgs/development/libraries/botan/generic.nix +++ b/pkgs/development/libraries/botan/generic.nix @@ -3,6 +3,7 @@ , baseVersion, revision, sha256 , sourceExtension ? "tar.xz" , extraConfigureFlags ? "" +, extraPatches ? [ ] , postPatch ? null , knownVulnerabilities ? [ ] , CoreServices @@ -22,6 +23,7 @@ stdenv.mkDerivation rec { ]; inherit sha256; }; + patches = extraPatches; inherit postPatch; buildInputs = [ python3 bzip2 zlib gmp openssl boost ]