diff options
author | Mark H Weaver <mhw@netris.org> | 2016-02-04 02:02:20 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-02-10 10:41:11 -0500 |
commit | 16114c3494026b908b116bf93b9eee5d871860ef (patch) | |
tree | efca01aac6efa9edfd3f2ec3bed86859a91b66af /gnu/packages/mit-krb5.scm | |
parent | 42395bf5143b39a7b79520a94e825be472692482 (diff) |
gnu: mit-krb5: Update to 1.13.3; add fixes for CVE-2015-{8629,8630,8631}.
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch,
gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch,
gnu/packages/patches/mit-krb5-CVE-2015-2696.patch,
gnu/packages/patches/mit-krb5-CVE-2015-2697.patch,
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch,
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: Delete files.
* gnu/packages/patches/mit-krb5-CVE-2015-8629.patch,
gnu/packages/patches/mit-krb5-CVE-2015-8630.patch,
gnu/packages/patches/mit-krb5-CVE-2015-8631.patch,
gnu/packages/patches/mit-krb5-init-context-null-spnego.patch: New files.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/mit-krb5.scm (mit-krb5): Update to 1.13.3.
[source]: Update URI to download conventional .tar.gz file. Add patches.
[native-inputs]: Remove old patches-as-inputs.
[arguments]: Remove hacks needed to cope with the older unconventional
tarball that contained an inner source tarball and signature: Remove
#:modules argument, and the custom 'unpack' and 'apply-patches' phases.
Diffstat (limited to 'gnu/packages/mit-krb5.scm')
-rw-r--r-- | gnu/packages/mit-krb5.scm | 70 |
1 files changed, 15 insertions, 55 deletions
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm index 16bef8d97d..5f9868979a 100644 --- a/gnu/packages/mit-krb5.scm +++ b/gnu/packages/mit-krb5.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,7 +21,6 @@ #:use-module (gnu packages) #:use-module (gnu packages bison) #:use-module (gnu packages perl) - #:use-module (gnu packages gcc) #:use-module (guix licenses) #:use-module (guix packages) #:use-module (guix download) @@ -31,70 +30,31 @@ (define-public mit-krb5 (package (name "mit-krb5") - (version "1.13.2") + (version "1.13.3") (source (origin (method url-fetch) - (uri (string-append "http://web.mit.edu/kerberos/www/dist/krb5/" + (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" (version-major+minor version) - "/krb5-" version "-signed.tar")) - (sha256 (base32 - "1qbdzyrws7d0q4filsibh28z54pd5l987jr0ygv43iq9085w6a75")))) + "/krb5-" version ".tar.gz")) + (sha256 + (base32 + "1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx")) + (patches + (map search-patch '("mit-krb5-init-context-null-spnego.patch" + "mit-krb5-CVE-2015-8629.patch" + "mit-krb5-CVE-2015-8630.patch" + "mit-krb5-CVE-2015-8631.patch"))))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) - ("perl" ,perl) - - ;; Include the patches as native-inputs. - ,@(map (lambda (label) - (let ((input-name (string-append "patch/" label)) - (file-name (string-append name "-" label ".patch"))) - `(,input-name ,(search-patch file-name)))) - '("CVE-2015-2695-pt1" - "CVE-2015-2695-pt2" - "CVE-2015-2696" - "CVE-2015-2697" - "CVE-2015-2698-pt1" - "CVE-2015-2698-pt2")))) + ("perl" ,perl))) (arguments - `(#:modules ((ice-9 ftw) - (ice-9 match) - (srfi srfi-1) - ,@%gnu-build-system-modules) - #:phases + `(#:phases (modify-phases %standard-phases - (replace 'unpack - (lambda* (#:key source #:allow-other-keys) - (define (sub-directory? name) - (and (not (member name '("." ".."))) - (equal? (stat:type (stat name)) - 'directory))) - (and (zero? (system* "tar" "xvf" source)) - (match (find-files "." "\\.tar\\.gz$") - ((inner-tar-file) - (zero? (system* "tar" "xvf" inner-tar-file)))) - (match (scandir "." sub-directory?) - ((directory) - (chdir directory) - #t))))) - - (add-after 'unpack 'apply-patches - (lambda* (#:key inputs native-inputs #:allow-other-keys) - (let ((patches (filter (match-lambda - ((name . file) - (string-prefix? "patch/" name))) - (or native-inputs inputs)))) - (every (match-lambda - ((name . file) - (format (current-error-port) - "applying '~a'...~%" name) - (zero? (system* "patch" "-p1" "--force" "-i" file)))) - patches)))) - - (add-after 'apply-patches 'enter-source-directory + (add-after 'unpack 'enter-source-directory (lambda _ (chdir "src") #t)) - (add-before 'check 'pre-check (lambda* (#:key inputs #:allow-other-keys) (let ((perl (assoc-ref inputs "perl"))) |