botan2: add patch for CVE-2021-40529
This commit is contained in:
parent
509b969a18
commit
63bf10c848
@ -1,4 +1,4 @@
|
|||||||
{ callPackage, ... } @ args:
|
{ callPackage, fetchpatch, ... } @ args:
|
||||||
|
|
||||||
callPackage ./generic.nix (args // {
|
callPackage ./generic.nix (args // {
|
||||||
baseVersion = "2.18";
|
baseVersion = "2.18";
|
||||||
@ -7,4 +7,13 @@ callPackage ./generic.nix (args // {
|
|||||||
postPatch = ''
|
postPatch = ''
|
||||||
sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
|
sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
|
||||||
'';
|
'';
|
||||||
|
extraPatches = [
|
||||||
|
(fetchpatch {
|
||||||
|
name = "CVE-2021-40529.patch";
|
||||||
|
url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch";
|
||||||
|
sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y";
|
||||||
|
# our source tarball doesn't include the tests
|
||||||
|
excludes = [ "src/tests/*" ];
|
||||||
|
})
|
||||||
|
];
|
||||||
})
|
})
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
, baseVersion, revision, sha256
|
, baseVersion, revision, sha256
|
||||||
, sourceExtension ? "tar.xz"
|
, sourceExtension ? "tar.xz"
|
||||||
, extraConfigureFlags ? ""
|
, extraConfigureFlags ? ""
|
||||||
|
, extraPatches ? [ ]
|
||||||
, postPatch ? null
|
, postPatch ? null
|
||||||
, knownVulnerabilities ? [ ]
|
, knownVulnerabilities ? [ ]
|
||||||
, CoreServices
|
, CoreServices
|
||||||
@ -22,6 +23,7 @@ stdenv.mkDerivation rec {
|
|||||||
];
|
];
|
||||||
inherit sha256;
|
inherit sha256;
|
||||||
};
|
};
|
||||||
|
patches = extraPatches;
|
||||||
inherit postPatch;
|
inherit postPatch;
|
||||||
|
|
||||||
buildInputs = [ python3 bzip2 zlib gmp openssl boost ]
|
buildInputs = [ python3 bzip2 zlib gmp openssl boost ]
|
||||||
|
Loading…
Reference in New Issue
Block a user