nixpkgs-suyu/pkgs/development/libraries/ldns/default.nix
Vladimír Čunát cd9231a01a
ldns: security patches from upstream, /cc #32459
Also use sha256 instead of sha1 for the source.
2017-12-09 11:08:28 +01:00

65 lines
1.6 KiB
Nix

{ stdenv, fetchurl, fetchpatch, openssl, perl, dns-root-data }:
stdenv.mkDerivation rec {
pname = "ldns";
version = "1.7.0";
name = "${pname}-${version}";
src = fetchurl {
url = "https://www.nlnetlabs.nl/downloads/ldns/${name}.tar.gz";
sha256 = "1k56jw4hz8njspfxcfw0czf1smg0n48ylia89ziwyx5k9wdmp7y1";
};
patches = [
(fetchpatch {
name = "CVE-2017-1000231.patch";
url = "https://git.nlnetlabs.nl/ldns/patch/?id=c8391790";
sha256 = "1rprfh0y1c28dqiy3vgwvwdhn7b5rsylfzzblx5xdhwfqgdw8vn0";
excludes = [ "Changelog" ];
})
(fetchpatch {
name = "CVE-2017-1000232.patch";
url = "https://git.nlnetlabs.nl/ldns/patch/?id=3bdeed02";
sha256 = "0bv0s5jjp0sswfg8da47d346iwp9yjhj9w7fa3bxh174br0zj07r";
excludes = [ "Changelog" ];
})
];
postPatch = ''
patchShebangs doc/doxyparse.pl
'';
outputs = [ "out" "dev" "man" "examples" ];
nativeBuildInputs = [ perl ];
buildInputs = [ openssl ];
configureFlags = [
"--with-ssl=${openssl.dev}"
"--with-trust-anchor=${dns-root-data}/root.key"
"--with-drill"
"--disable-gost"
];
postInstall = ''
moveToOutput "bin/ldns-config" "$dev"
pushd examples
configureFlagsArray+=( "--bindir=$examples/bin" )
configurePhase
make
make install
popd
sed -i "$out/lib/libldns.la" -e "s,-L${openssl.dev},-L${openssl.out},g"
'';
meta = with stdenv.lib; {
description = "Library with the aim of simplifying DNS programming in C";
license = licenses.bsd3;
homepage = http://www.nlnetlabs.nl/projects/ldns/;
platforms = platforms.linux;
maintainers = with maintainers; [ jgeerds ];
};
}