botan: mark as insecure

3 years ago · d4c033a206
parent 45d492b3b3
commit d4c033a206
2 changed files with 6 additions and 0 deletions
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@ -9,4 +9,8 @@ callPackage ./generic.nix (args // {
  postPatch = ''
    sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
  '';
+  knownVulnerabilities = [
+    # https://botan.randombit.net/security.html#id1
+    "2020-03-24: Side channel during CBC padding"
+  ];
 })
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@ -4,6 +4,7 @@
 , sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
+, knownVulnerabilities ? [ ]
 , CoreServices
 , Security
 , ...
@ -49,6 +50,7 @@ stdenv.mkDerivation rec {
    maintainers = with maintainers; [ raskin ];
    platforms = platforms.unix;
    license = licenses.bsd2;
+    inherit knownVulnerabilities;
  };
  passthru.updateInfo.downloadPage = "http://files.randombit.net/botan/";
 }