summaryrefslogtreecommitdiff
path: root/gnu/packages/mit-krb5.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-02-04 02:02:20 -0500
committerMark H Weaver <mhw@netris.org>2016-02-10 10:41:11 -0500
commit16114c3494026b908b116bf93b9eee5d871860ef (patch)
treeefca01aac6efa9edfd3f2ec3bed86859a91b66af /gnu/packages/mit-krb5.scm
parent42395bf5143b39a7b79520a94e825be472692482 (diff)
gnu: mit-krb5: Update to 1.13.3; add fixes for CVE-2015-{8629,8630,8631}.
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch, gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch, gnu/packages/patches/mit-krb5-CVE-2015-2696.patch, gnu/packages/patches/mit-krb5-CVE-2015-2697.patch, gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch, gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: Delete files. * gnu/packages/patches/mit-krb5-CVE-2015-8629.patch, gnu/packages/patches/mit-krb5-CVE-2015-8630.patch, gnu/packages/patches/mit-krb5-CVE-2015-8631.patch, gnu/packages/patches/mit-krb5-init-context-null-spnego.patch: New files. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/mit-krb5.scm (mit-krb5): Update to 1.13.3. [source]: Update URI to download conventional .tar.gz file. Add patches. [native-inputs]: Remove old patches-as-inputs. [arguments]: Remove hacks needed to cope with the older unconventional tarball that contained an inner source tarball and signature: Remove #:modules argument, and the custom 'unpack' and 'apply-patches' phases.
Diffstat (limited to 'gnu/packages/mit-krb5.scm')
-rw-r--r--gnu/packages/mit-krb5.scm70
1 files changed, 15 insertions, 55 deletions
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
index 16bef8d97d..5f9868979a 100644
--- a/gnu/packages/mit-krb5.scm
+++ b/gnu/packages/mit-krb5.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -21,7 +21,6 @@
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages perl)
- #:use-module (gnu packages gcc)
#:use-module (guix licenses)
#:use-module (guix packages)
#:use-module (guix download)
@@ -31,70 +30,31 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.13.2")
+ (version "1.13.3")
(source (origin
(method url-fetch)
- (uri (string-append "http://web.mit.edu/kerberos/www/dist/krb5/"
+ (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
(version-major+minor version)
- "/krb5-" version "-signed.tar"))
- (sha256 (base32
- "1qbdzyrws7d0q4filsibh28z54pd5l987jr0ygv43iq9085w6a75"))))
+ "/krb5-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx"))
+ (patches
+ (map search-patch '("mit-krb5-init-context-null-spnego.patch"
+ "mit-krb5-CVE-2015-8629.patch"
+ "mit-krb5-CVE-2015-8630.patch"
+ "mit-krb5-CVE-2015-8631.patch")))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
- ("perl" ,perl)
-
- ;; Include the patches as native-inputs.
- ,@(map (lambda (label)
- (let ((input-name (string-append "patch/" label))
- (file-name (string-append name "-" label ".patch")))
- `(,input-name ,(search-patch file-name))))
- '("CVE-2015-2695-pt1"
- "CVE-2015-2695-pt2"
- "CVE-2015-2696"
- "CVE-2015-2697"
- "CVE-2015-2698-pt1"
- "CVE-2015-2698-pt2"))))
+ ("perl" ,perl)))
(arguments
- `(#:modules ((ice-9 ftw)
- (ice-9 match)
- (srfi srfi-1)
- ,@%gnu-build-system-modules)
- #:phases
+ `(#:phases
(modify-phases %standard-phases
- (replace 'unpack
- (lambda* (#:key source #:allow-other-keys)
- (define (sub-directory? name)
- (and (not (member name '("." "..")))
- (equal? (stat:type (stat name))
- 'directory)))
- (and (zero? (system* "tar" "xvf" source))
- (match (find-files "." "\\.tar\\.gz$")
- ((inner-tar-file)
- (zero? (system* "tar" "xvf" inner-tar-file))))
- (match (scandir "." sub-directory?)
- ((directory)
- (chdir directory)
- #t)))))
-
- (add-after 'unpack 'apply-patches
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- (let ((patches (filter (match-lambda
- ((name . file)
- (string-prefix? "patch/" name)))
- (or native-inputs inputs))))
- (every (match-lambda
- ((name . file)
- (format (current-error-port)
- "applying '~a'...~%" name)
- (zero? (system* "patch" "-p1" "--force" "-i" file))))
- patches))))
-
- (add-after 'apply-patches 'enter-source-directory
+ (add-after 'unpack 'enter-source-directory
(lambda _
(chdir "src")
#t))
-
(add-before 'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(let ((perl (assoc-ref inputs "perl")))