From 45d492b3b3967ca965e3741386fd2f59e3d9e126 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Thu, 29 Apr 2021 15:21:48 +0200
Subject: [PATCH 1/2] botan2: 2.17.3 -> 2.18.0

https://botan.randombit.net/news.html#version-2-18-0-2021-04-15
---
 pkgs/development/libraries/botan/2.0.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix
index cb40e535b0c..a486ba49820 100644
--- a/pkgs/development/libraries/botan/2.0.nix
+++ b/pkgs/development/libraries/botan/2.0.nix
@@ -1,9 +1,9 @@
 { callPackage, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  baseVersion = "2.17";
-  revision = "3";
-  sha256 = "121vn1aryk36cpks70kk4c4cfic5g0qs82bf92xap9258ijkn4kr";
+  baseVersion = "2.18";
+  revision = "0";
+  sha256 = "09z3fy31q1pvnvpy4fswrsl2aq8ksl94lbh5rl7b6nqc3qp8ar6c";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';

From d4c033a206e7c275232e7d8c7724988f16b2250b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Thu, 29 Apr 2021 15:32:10 +0200
Subject: [PATCH 2/2] botan: mark as insecure

---
 pkgs/development/libraries/botan/default.nix | 4 ++++
 pkgs/development/libraries/botan/generic.nix | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/pkgs/development/libraries/botan/default.nix b/pkgs/development/libraries/botan/default.nix
index 8bcc6aaa8ef..c494fa25f77 100644
--- a/pkgs/development/libraries/botan/default.nix
+++ b/pkgs/development/libraries/botan/default.nix
@@ -9,4 +9,8 @@ callPackage ./generic.nix (args // {
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';
+  knownVulnerabilities = [
+    # https://botan.randombit.net/security.html#id1
+    "2020-03-24: Side channel during CBC padding"
+  ];
 })
diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix
index 33f9daf7b50..2fc5abc2928 100644
--- a/pkgs/development/libraries/botan/generic.nix
+++ b/pkgs/development/libraries/botan/generic.nix
@@ -4,6 +4,7 @@
 , sourceExtension ? "tar.xz"
 , extraConfigureFlags ? ""
 , postPatch ? null
+, knownVulnerabilities ? [ ]
 , CoreServices
 , Security
 , ...
@@ -49,6 +50,7 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ raskin ];
     platforms = platforms.unix;
     license = licenses.bsd2;
+    inherit knownVulnerabilities;
   };
   passthru.updateInfo.downloadPage = "http://files.randombit.net/botan/";
 }