gnu: p11-kit: Update to 0.23.15.

* gnu/packages/patches/p11-kit-jks-timestamps.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/tls.scm (p11-kit): Update to 0.23.15.
[source](patches): New field.
This commit is contained in:
Marius Bakke 2019-01-28 20:36:21 +01:00
parent 7c56237b4c
commit 39855bfef1
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 46 additions and 2 deletions

View file

@ -1104,6 +1104,7 @@ dist_patch_DATA = \
%D%/packages/patches/osip-CVE-2017-7853.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/owncloud-disable-updatecheck.patch \
%D%/packages/patches/p11-kit-jks-timestamps.patch \
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
%D%/packages/patches/p7zip-CVE-2017-17969.patch \
%D%/packages/patches/p7zip-remove-unused-code.patch \

View file

@ -0,0 +1,42 @@
Fix test failures induced by setting the SOURCE_DATE_EPOCH variable.
Taken from upstream: <https://github.com/p11-glue/p11-kit/pull/213>.
From 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 28 Jan 2019 13:03:15 +0100
Subject: [PATCH] extract-jks: Prefer _p11_extract_jks_timestamp to
SOURCE_DATE_EPOCH
Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so
that the test results are not affected by the envvar settings.
---
trust/extract-jks.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/trust/extract-jks.c b/trust/extract-jks.c
index ad8dc35..a6f855f 100644
--- a/trust/extract-jks.c
+++ b/trust/extract-jks.c
@@ -250,7 +250,9 @@ prepare_jks_buffer (p11_enumerate *ex,
* when this was this certificate was added to the keystore, however
* we don't have that information. Java uses time in milliseconds
*/
- {
+ if (_p11_extract_jks_timestamp)
+ now = _p11_extract_jks_timestamp;
+ else {
char *source_date_epoch;
source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH");
if (source_date_epoch) {
@@ -276,9 +278,7 @@ prepare_jks_buffer (p11_enumerate *ex,
return false;
}
now = epoch;
- } else if (_p11_extract_jks_timestamp)
- now = _p11_extract_jks_timestamp;
- else
+ } else
now = time (NULL);
}

View file

@ -123,15 +123,16 @@ (define-public asn1c
(define-public p11-kit
(package
(name "p11-kit")
(version "0.23.14")
(version "0.23.15")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
"download/" version "/p11-kit-" version ".tar.gz"))
(patches (search-patches "p11-kit-jks-timestamps.patch"))
(sha256
(base32
"0w0dkq9388grbbn4bv2p55vy1j51f7nd9hzlc9gz4fbm4dnzmf8w"))))
"166pwj00cffv4qq4dvx0k53zka0b0r1fa0whc49007vsqyh3khgp"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))