New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
botan2: 2.9.0 -> 2.17.2 #105461
botan2: 2.9.0 -> 2.17.2 #105461
Conversation
@@ -1,6 +1,7 @@ | |||
{ stdenv, fetchurl, python, bzip2, zlib, gmp, openssl, boost | |||
# Passed by version specific builders | |||
, baseVersion, revision, sha256 | |||
, srcext ? "tar.xz" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets keep these camelCase:
, srcext ? "tar.xz" | |
, sourceExtension ? "tar.xz" |
|
Given that
(source: https://github.com/das-labor/neopg/blame/05b370c04ffc019e55d75ab262d17abe6e69cafc/README.md#L34-L38) |
Other than the commit message, neopg (see above) & the small nit regarding |
In botan 2.11.0 the upstream switched to tar.xz archives. To continue supporting botan1 the source package extension can now be overriden from within the specialized package. Addresses two advisories, neither of which received a CVE: - 2020-07-05: Failure to enforce name constraints on alternative names - 2020-03-24: Side channel during CBC padding
Reported the neopg issue upstream. das-labor/neopg#98 |
Fails to build with recent versions of botan2. The issue has been reported upstream at das-labor/neopg#98.
@erictapen I believe this update warrants a backport as well. |
Backport in 01c6a08. |
Motivation for this change
Updated botan2 by a bunch of versions. Thereby addressing the two advisories botan2 got in 2020.
https://botan.randombit.net/security.html
I have not checked the release notes yet and the commit message could probably use some love after doing that.
I have made sure that botan and botan2 build.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)