botan2: add patch for CVE-2021-40529

This commit is contained in:
Robert Scott 2021-09-08 00:59:44 +01:00
parent 509b969a18
commit 63bf10c848
2 changed files with 12 additions and 1 deletions

View File

@ -1,4 +1,4 @@
{ callPackage, ... } @ args: { callPackage, fetchpatch, ... } @ args:
callPackage ./generic.nix (args // { callPackage ./generic.nix (args // {
baseVersion = "2.18"; baseVersion = "2.18";
@ -7,4 +7,13 @@ callPackage ./generic.nix (args // {
postPatch = '' postPatch = ''
sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
''; '';
extraPatches = [
(fetchpatch {
name = "CVE-2021-40529.patch";
url = "https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2.patch";
sha256 = "1ax1n2l9zh0hk35vkkywgkhzpdk76xb9apz2wm3h9kjvjs9acr3y";
# our source tarball doesn't include the tests
excludes = [ "src/tests/*" ];
})
];
}) })

View File

@ -3,6 +3,7 @@
, baseVersion, revision, sha256 , baseVersion, revision, sha256
, sourceExtension ? "tar.xz" , sourceExtension ? "tar.xz"
, extraConfigureFlags ? "" , extraConfigureFlags ? ""
, extraPatches ? [ ]
, postPatch ? null , postPatch ? null
, knownVulnerabilities ? [ ] , knownVulnerabilities ? [ ]
, CoreServices , CoreServices
@ -22,6 +23,7 @@ stdenv.mkDerivation rec {
]; ];
inherit sha256; inherit sha256;
}; };
patches = extraPatches;
inherit postPatch; inherit postPatch;
buildInputs = [ python3 bzip2 zlib gmp openssl boost ] buildInputs = [ python3 bzip2 zlib gmp openssl boost ]