guix-play/gnu/packages/mit-krb5.scm
Mark H Weaver ff45a00e79 gnu: mit-krb5: Add fixes for CVE-2015-{2695,2696,2697,2698}.
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2696.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2697.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/mit-krb5.scm (mit-krb5)[native-inputs]: Add patches.
2015-11-13 12:42:47 -05:00

119 lines
4.8 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages mit-krb5)
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages perl)
#:use-module (gnu packages gcc)
#:use-module (guix licenses)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu))
(define-public mit-krb5
(package
(name "mit-krb5")
(version "1.13.2")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/www/dist/krb5/"
(version-major+minor version)
"/krb5-" version "-signed.tar"))
(sha256 (base32
"1qbdzyrws7d0q4filsibh28z54pd5l987jr0ygv43iq9085w6a75"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
("perl" ,perl)
;; Include the patches as native-inputs.
,@(map (lambda (label)
(let ((input-name (string-append "patch/" label))
(file-name (string-append name "-" label ".patch")))
`(,input-name ,(search-patch file-name))))
'("CVE-2015-2695-pt1"
"CVE-2015-2695-pt2"
"CVE-2015-2696"
"CVE-2015-2697"
"CVE-2015-2698-pt1"
"CVE-2015-2698-pt2"))))
(arguments
`(#:modules ((ice-9 ftw)
(ice-9 match)
(srfi srfi-1)
,@%gnu-build-system-modules)
#:phases
(modify-phases %standard-phases
(replace 'unpack
(lambda* (#:key source #:allow-other-keys)
(define (sub-directory? name)
(and (not (member name '("." "..")))
(equal? (stat:type (stat name))
'directory)))
(and (zero? (system* "tar" "xvf" source))
(match (find-files "." "\\.tar\\.gz$")
((inner-tar-file)
(zero? (system* "tar" "xvf" inner-tar-file))))
(match (scandir "." sub-directory?)
((directory)
(chdir directory)
#t)))))
(add-after 'unpack 'apply-patches
(lambda* (#:key inputs native-inputs #:allow-other-keys)
(let ((patches (filter (match-lambda
((name . file)
(string-prefix? "patch/" name)))
(or native-inputs inputs))))
(every (match-lambda
((name . file)
(format (current-error-port)
"applying '~a'...~%" name)
(zero? (system* "patch" "-p1" "--force" "-i" file))))
patches))))
(add-after 'apply-patches 'enter-source-directory
(lambda _
(chdir "src")
#t))
(add-before 'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(let ((perl (assoc-ref inputs "perl")))
(substitute* "plugins/kdb/db2/libdb2/test/run.test"
(("/bin/cat") (string-append perl "/bin/perl"))
(("D/bin/sh") (string-append "D" (which "bash")))
(("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
;; avoid service names since /etc/services is unavailable
(substitute* "tests/resolve/Makefile"
(("-p telnet") "-p 23"))
#t)))))
(synopsis "MIT Kerberos 5")
(description
"Massachusetts Institute of Technology implementation of Kerberos.
Kerberos is a network authentication protocol designed to provide strong
authentication for client/server applications by using secret-key
cryptography.")
(license (non-copyleft "file://NOTICE"
"See NOTICE in the distribution."))
(home-page "http://web.mit.edu/kerberos/")))