Merge #297657: gnutls: 3.8.3 -> 3.8.4 (medium security)

...into staging
2024-03-24 07:08:23 +01:00 · 2024-03-24 07:08:23 +01:00 · b232662c9a
parent 448e50e8eb f5487165d6
commit b232662c9a
1 changed files with 14 additions and 5 deletions
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@ -1,7 +1,7 @@
-{ config
-, lib
+{ lib
 , stdenv
 , fetchurl
+, fetchpatch2
 , zlib
 , lzo
 , libtasn1
@ -57,11 +57,11 @@ in

 stdenv.mkDerivation rec {
  pname = "gnutls";
-  version = "3.8.3";
+  version = "3.8.4";

  src = fetchurl {
    url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
-    hash = "sha256-90/FlUsn1Oxt+7Ed6ph4iLWxJCiaNwOvytoO5SD0Fz4=";
+    hash = "sha256-K+pOFUeU8/ABgPoqXFH+iwBax6Mc1YvUTN+n8268Ops=";
  };

  outputs = [ "bin" "dev" "out" ]
@ -73,6 +73,15 @@ stdenv.mkDerivation rec {

  patches = [
    ./nix-ssl-cert-file.patch
+    # Revert https://gitlab.com/gnutls/gnutls/-/merge_requests/1800
+    # dlopen isn't as easy in NixPkgs, as noticed in tests broken by this.
+    # Without getting the libs into RPATH they won't be found.
+    (fetchpatch2 {
+      name = "revert-dlopen-compression.patch";
+      url = "https://gitlab.com/gnutls/gnutls/-/commit/8584908d6b679cd4e7676de437117a793e18347c.diff";
+      revert = true;
+      hash = "sha256-r/+Gmwqy0Yc1LHL/PdPLXlErUBC5JxquLzCBAN3LuRM=";
+    })
  ];

  # Skip some tests:
@ -112,7 +121,7 @@ stdenv.mkDerivation rec {
    ++ lib.optional (withP11-kit) p11-kit
    ++ lib.optional (tpmSupport && stdenv.isLinux) trousers;

-  nativeBuildInputs = [ perl pkg-config texinfo ]
+  nativeBuildInputs = [ perl pkg-config texinfo ] ++ [ autoconf automake ]
    ++ lib.optionals doCheck [ which nettools util-linux ];

  propagatedBuildInputs = [ nettle ]