From 4630fcf686b7b178e101e89d0bd8e8af1684ab97 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 30 Nov 2020 17:00:57 +0100
Subject: [PATCH] botan2: 2.9.0 -> 2.17.2

In botan 2.11.0 the upstream switched to tar.xz archives. To continue
supporting botan1 the source package extension can now be overriden from
within the specialized package.

Addresses two advisories, neither of which received a CVE:
- 2020-07-05: Failure to enforce name constraints on alternative names
- 2020-03-24: Side channel during CBC padding
---
 pkgs/development/libraries/botan/2.0.nix     | 6 +++---
 pkgs/development/libraries/botan/default.nix | 1 +
 pkgs/development/libraries/botan/generic.nix | 7 ++++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix
index 22ddb76b29bd71..2346153e2a153b 100644
--- a/pkgs/development/libraries/botan/2.0.nix
+++ b/pkgs/development/libraries/botan/2.0.nix
@@ -1,9 +1,9 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  baseVersion = "2.9";
-  revision = "0";
-  sha256 = "06fiyalvc68p11qqh953azx2vrbav5vr00yvcfp67p9l4csn8m9h";
+  baseVersion = "2.17";
+  revision = "2";
+  sha256 = "0v0yiq0qxcrsn5b34j6bz8i6pds8dih2ds90ylmy1msm5gz7vqpb";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';
diff --git a/pkgs/development/libraries/botan/default.nix b/pkgs/development/libraries/botan/default.nix
index 04652aa013aaa1..8bcc6aaa8efbfd 100644
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@@ -4,6 +4,7 @@ callPackage ./generic.nix (args // {
   baseVersion = "1.10";
   revision = "17";
   sha256 = "04rnha712dd3sdb2q7k2yw45sf405jyigk7yrjfr6bwd9fvgyiv8";
+  sourceExtension = "tgz";
   extraConfigureFlags = "--with-gnump";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix
index 18b1b47f6d3832..4d2cf7515c0393 100644
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@@ -1,6 +1,7 @@
 { stdenv, fetchurl, python, bzip2, zlib, gmp, openssl, boost
 # Passed by version specific builders
 , baseVersion, revision, sha256
+, sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
 , darwin
@@ -12,10 +13,10 @@ stdenv.mkDerivation rec {
   version = "${baseVersion}.${revision}";
 
   src = fetchurl {
-    name = "Botan-${version}.tgz";
+    name = "Botan-${version}.${sourceExtension}";
     urls = [
-       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.tgz"
-       "http://botan.randombit.net/releases/Botan-${version}.tgz"
+       "http://files.randombit.net/botan/v${baseVersion}/Botan-${version}.${sourceExtension}"
+       "http://botan.randombit.net/releases/Botan-${version}.${sourceExtension}"
     ];
     inherit sha256;
   };