pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / development / libraries / libsoup / default.nix
at master 5.3 kB view raw
1{ 2 stdenv, 3 lib, 4 fetchurl, 5 fetchpatch, 6 glib, 7 libxml2, 8 meson, 9 ninja, 10 pkg-config, 11 gnome, 12 libsysprof-capture, 13 gobject-introspection, 14 vala, 15 libpsl, 16 brotli, 17 gnomeSupport ? true, 18 sqlite, 19 buildPackages, 20 withIntrospection ? 21 lib.meta.availableOn stdenv.hostPlatform gobject-introspection 22 && stdenv.hostPlatform.emulatorAvailable buildPackages, 23}: 24 25stdenv.mkDerivation rec { 26 pname = "libsoup"; 27 version = "2.74.3"; 28 29 outputs = [ 30 "out" 31 "dev" 32 ]; 33 34 src = fetchurl { 35 url = "mirror://gnome/sources/libsoup/${lib.versions.majorMinor version}/libsoup-${version}.tar.xz"; 36 sha256 = "sha256-5Ld8Qc/EyMWgNfzcMgx7xs+3XvfFoDQVPfFBP6HZLxM="; 37 }; 38 39 patches = [ 40 (fetchpatch { 41 name = "CVE-2024-52530.patch"; 42 url = "https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b.patch"; 43 hash = "sha256-WRLiW2B/xxr3hW0nmeRNrXtZL44S0nTptPRdTqBV8Iw="; 44 }) 45 (fetchpatch { 46 name = "CVE-2024-52531_1.patch"; 47 url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=4ce2f2dc8ba0c458edce0f039a087fb3ac57787e"; 48 hash = "sha256-wg1qz8xHcnTiinBTF0ECMkrsD8W6M4IbiKGgbJ1gp9o="; 49 }) 50 (fetchpatch { 51 name = "CVE-2024-52531_2.patch"; 52 url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=5866d63aed3500700c5f1d2868ff689bb2ba8b82"; 53 hash = "sha256-e/VXtKX+agCw+ESGbgQ83NaVNbB3jLTxL7+VgNGbZ7U="; 54 }) 55 (fetchpatch { 56 name = "CVE-2024-52532_1.patch"; 57 url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=98e096a0d2142e3c63de2cca7d4023f9c52ed2c6"; 58 hash = "sha256-h7k+HpcKlsVYlAONxTOiupMhsMkf2v246ouxLejurcY="; 59 }) 60 (fetchpatch { 61 name = "CVE-2024-52532_2.patch"; 62 url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=030e72420e8271299c324273f393d92f6d4bb53e"; 63 hash = "sha256-0BEJpEKgjmKACf53lHMglxhmevKsSXR4ejEoTtr4wII="; 64 }) 65 ]; 66 67 depsBuildBuild = [ 68 pkg-config 69 ]; 70 71 nativeBuildInputs = [ 72 meson 73 ninja 74 pkg-config 75 glib 76 ] 77 ++ lib.optionals withIntrospection [ 78 gobject-introspection 79 vala 80 ]; 81 82 buildInputs = [ 83 sqlite 84 libpsl 85 glib.out 86 brotli 87 ] 88 ++ lib.optionals stdenv.hostPlatform.isLinux [ 89 libsysprof-capture 90 ]; 91 92 propagatedBuildInputs = [ 93 glib 94 libxml2 95 ]; 96 97 mesonFlags = [ 98 "-Dtls_check=false" # glib-networking is a runtime dependency, not a compile-time dependency 99 "-Dgssapi=disabled" 100 "-Dvapi=${if withIntrospection then "enabled" else "disabled"}" 101 "-Dintrospection=${if withIntrospection then "enabled" else "disabled"}" 102 "-Dgnome=${lib.boolToString gnomeSupport}" 103 "-Dntlm=disabled" 104 ] 105 ++ lib.optionals (!stdenv.hostPlatform.isLinux) [ 106 "-Dsysprof=disabled" 107 ]; 108 109 env.NIX_CFLAGS_COMPILE = "-lpthread"; 110 111 doCheck = false; # ERROR:../tests/socket-test.c:37:do_unconnected_socket_test: assertion failed (res == SOUP_STATUS_OK): (2 == 200) 112 separateDebugInfo = true; 113 114 postPatch = '' 115 # fixes finding vapigen when cross-compiling 116 # the commit is in 3.0.6 117 # https://gitlab.gnome.org/GNOME/libsoup/-/commit/5280e936d0a76f94dbc5d8489cfbdc0a06343f65 118 substituteInPlace meson.build \ 119 --replace "required: vapi_opt)" "required: vapi_opt, native: false)" 120 121 patchShebangs libsoup/ 122 ''; 123 124 passthru = { 125 updateScript = gnome.updateScript { 126 attrPath = "libsoup_2_4"; 127 packageName = "libsoup"; 128 versionPolicy = "odd-unstable"; 129 freeze = true; 130 }; 131 }; 132 133 meta = { 134 description = "HTTP client/server library for GNOME"; 135 homepage = "https://gitlab.gnome.org/GNOME/libsoup"; 136 license = lib.licenses.lgpl2Plus; 137 inherit (glib.meta) maintainers platforms teams; 138 pkgConfigModules = [ 139 "libsoup-2.4" 140 "libsoup-gnome-2.4" 141 ]; 142 knownVulnerabilities = [ 143 '' 144 libsoup 2 is EOL, with many known unfixed CVEs. 145 The last release happened 2023-10-11, 146 with few security backports since and no stable release. 147 148 Vulnerabilities likely include (incomplete list): 149 - CVE-2025-4948: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 150 - CVE-2025-46421: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439 151 - CVE-2025-32914: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436 152 - CVE-2025-32913: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435 153 - CVE-2025-32912: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434 154 - CVE-2025-32911: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433 155 - CVE-2025-32910: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432 156 - CVE-2025-32909: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431 157 - CVE-2025-32907: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428 158 - CVE-2025-32053: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426 159 - CVE-2025-32052: https://gitlab.gnome.org/GNOME/libsoup/-/issues/425 160 - CVE-2025-32050: https://gitlab.gnome.org/GNOME/libsoup/-/issues/424 161 - CVE-2024-52531: https://gitlab.gnome.org/GNOME/libsoup/-/issues/423 162 - CVE-2025-2784: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 163 164 These vulnerabilities were fixed in libsoup 3, 165 with the vulnerable code present in libsoup 2 versions. 166 '' 167 ]; 168 }; 169}