From eb6a1c9238716221140cfee12ebcfc306ba17191 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Thu, 29 Sep 2016 23:07:56 +0200
Subject: [PATCH] cryptopp: 5.6.2 -> 5.6.4

Fix CVE-2016-3995. #18856

Remove broken flag. #19040

cc #19009
---
 .../crypto++/GNUmakefile-darwin.patch         | 15 +++++++++
 .../libraries/crypto++/GNUmakefile.patch      | 13 --------
 .../libraries/crypto++/default.nix            | 23 +++++++------
 pkgs/development/libraries/crypto++/dll.patch | 32 +++++++++++--------
 4 files changed, 46 insertions(+), 37 deletions(-)
 create mode 100644 pkgs/development/libraries/crypto++/GNUmakefile-darwin.patch
 delete mode 100644 pkgs/development/libraries/crypto++/GNUmakefile.patch

diff --git a/pkgs/development/libraries/crypto++/GNUmakefile-darwin.patch b/pkgs/development/libraries/crypto++/GNUmakefile-darwin.patch
new file mode 100644
index 00000000000..5a6cb3bcafb
--- /dev/null
+++ b/pkgs/development/libraries/crypto++/GNUmakefile-darwin.patch
@@ -0,0 +1,15 @@
+diff --git a/GNUmakefile b/GNUmakefile
+index 4de9d10..ff4789a 100755
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -271,8 +271,8 @@ endif # OpenMP
+ endif # IS_LINUX
+ 
+ ifneq ($(IS_DARWIN),0)
+-AR = libtool
+-ARFLAGS = -static -o
++AR = ar
++ARFLAGS = cru
+ CXX ?= c++
+ ifeq ($(IS_GCC_29),1)
+ CXXFLAGS += -fno-coalesce-templates -fno-coalesce-static-vtables
diff --git a/pkgs/development/libraries/crypto++/GNUmakefile.patch b/pkgs/development/libraries/crypto++/GNUmakefile.patch
deleted file mode 100644
index 48fdfe42048..00000000000
--- a/pkgs/development/libraries/crypto++/GNUmakefile.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- crypto++/GNUmakefile 2013-02-20 10:30:52.000000000 -0500
-+++ crypto++/GNUmakefile 2015-05-07 18:34:25.000000000 -0500
-@@ -87,8 +87,8 @@
- endif
-
- ifeq ($(UNAME),Darwin)
--AR = libtool
--ARFLAGS = -static -o
-+AR = ar
-+ARFLAGS = cru
- CXX = c++
- IS_GCC2 = $(shell $(CXX) -v 2>&1 | $(EGREP) -c gcc-932)
- ifeq ($(IS_GCC2),1)
diff --git a/pkgs/development/libraries/crypto++/default.nix b/pkgs/development/libraries/crypto++/default.nix
index 6fbd9451c56..d1476df2b60 100644
--- a/pkgs/development/libraries/crypto++/default.nix
+++ b/pkgs/development/libraries/crypto++/default.nix
@@ -1,16 +1,18 @@
 { fetchurl, stdenv, unzip }:
 
 stdenv.mkDerivation rec {
-  name = "crypto++-5.6.2";
+  name = "crypto++-${version}";
+  majorVersion = "5.6";
+  version = "${majorVersion}.4";
 
   src = fetchurl {
-    url = "mirror://sourceforge/cryptopp/cryptopp562.zip";
-    sha256 = "0x1mqpz1v071cfrw4grbw7z734cxnpry1qh2b6rsmcx6nkyd5gsw";
+    url = "mirror://sourceforge/cryptopp/cryptopp564.zip";
+    sha256 = "1msar24a38rxzq0xgmjf09hzaw2lv6s48vnbbhfrf5awn1vh6hxy";
   };
 
   patches = with stdenv;
     lib.optional (system != "i686-cygwin") ./dll.patch
-    ++ lib.optional isDarwin ./GNUmakefile.patch;
+    ++ lib.optional isDarwin ./GNUmakefile-darwin.patch;
 
   buildInputs = [ unzip ];
 
@@ -30,14 +32,18 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  makeFlags = "PREFIX=$(out)";
-  buildFlags = "libcryptopp.so";
+  makeFlags = [ "PREFIX=$(out)" ];
+  buildFlags = [ "libcryptopp.so" ];
+  installFlags = [ "LDCONF=true" ];
 
   doCheck = true;
   checkPhase = "LD_LIBRARY_PATH=`pwd` make test";
 
   # prefer -fPIC and .so to .a; cryptotest.exe seems superfluous
-  postInstall = ''rm "$out"/lib/*.a -r "$out/bin" '';
+  postInstall = ''
+    rm "$out"/lib/*.a -r "$out/bin"
+    ln -sf "$out"/lib/libcryptopp.so.${version} "$out"/lib/libcryptopp.so.${majorVersion}
+  '';
 
   meta = with stdenv.lib; {
     description = "Crypto++, a free C++ class library of cryptographic schemes";
@@ -45,8 +51,5 @@ stdenv.mkDerivation rec {
     license = licenses.boost;
     platforms = platforms.all;
     maintainers = [ ];
-    # Marked as broken due to needing an update for security issues.
-    # See: https://github.com/NixOS/nixpkgs/issues/18856
-    broken = true;
   };
 }
diff --git a/pkgs/development/libraries/crypto++/dll.patch b/pkgs/development/libraries/crypto++/dll.patch
index 36a814e67c8..12df1fb9e9e 100644
--- a/pkgs/development/libraries/crypto++/dll.patch
+++ b/pkgs/development/libraries/crypto++/dll.patch
@@ -1,19 +1,10 @@
 Get rid of Windows-specific stuff.
 
---- crypto++/dll.cpp	2009-03-01 19:44:02.000000000 +0100
-+++ crypto++/dll.cpp	2009-08-11 00:49:34.000000000 +0200
-@@ -39,7 +39,7 @@ NAMESPACE_END
- 
- #endif
- 
--#ifdef CRYPTOPP_EXPORTS
-+#if defined CRYPTOPP_EXPORTS && defined _MSC_VER
- 
- USING_NAMESPACE(CryptoPP)
- 
---- crypto++/GNUmakefile	2009-03-15 02:48:02.000000000 +0100
-+++ crypto++/GNUmakefile	2009-08-11 01:23:09.000000000 +0200
-@@ -136,7 +136,7 @@ nolib: $(OBJS)		# makes it faster to tes
+diff --git a/GNUmakefile b/GNUmakefile
+index 4de9d10..ff4789a 100755
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -656,7 +656,7 @@ nolib: $(OBJS)
  dll: cryptest.import.exe dlltest.exe
  
  cryptopp.dll: $(DLLOBJS)
@@ -22,3 +13,16 @@ Get rid of Windows-specific stuff.
  
  libcryptopp.import.a: $(LIBIMPORTOBJS)
  	$(AR) $(ARFLAGS) $@ $(LIBIMPORTOBJS)
+diff --git a/dll.cpp b/dll.cpp
+index 72dade9..b5097ab 100644
+--- a/dll.cpp
++++ b/dll.cpp
+@@ -48,7 +48,7 @@ NAMESPACE_END
+ 
+ #endif
+ 
+-#ifdef CRYPTOPP_EXPORTS
++#if defined CRYPTOPP_EXPORTS && defined _MSC_VER
+ 
+ USING_NAMESPACE(CryptoPP)
+