GNU bug report logs

#27749 gnu: heimdal: Update to 7.4.0.

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #36 received at 27749@debbugs.gnu.org (full text, mbox, reply):

Received: (at 27749) by debbugs.gnu.org; 21 Oct 2017 09:53:24 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 21 05:53:24 2017
Received: from localhost ([127.0.0.1]:53118 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1e5qSy-0007sq-DB
	for submit@debbugs.gnu.org; Sat, 21 Oct 2017 05:53:24 -0400
Received: from mail-pg0-f68.google.com ([74.125.83.68]:43230)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alexvong1995@gmail.com>) id 1e5qSw-0007sa-HU
 for 27749@debbugs.gnu.org; Sat, 21 Oct 2017 05:53:15 -0400
Received: by mail-pg0-f68.google.com with SMTP id s75so8390177pgs.0
 for <27749@debbugs.gnu.org>; Sat, 21 Oct 2017 02:53:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=PR3cOXzuITLpunNb7hygOKNYt+T5NaaPBLT1by4rniM=;
 b=fcMxdqm3m2B/6DmPtttH9UJKB8UJPG2kuwSGYCplPZAxIRrZ7KOyMiWLT0nFRZ+Ibe
 ugFZqr7eOkLTMWk3D1eYjln1Jthq4azQAdd4nZ1BTdPbKDbMQKhrhe2DGJFTslt1xn4a
 EyeV/DFgtE8d+mzhMd73Z+y7qwa1O4NRsKojZ5rzQBSGa8m6LpPDE/iJ7194WzZwqZwK
 FclncS3CgQgpLLJs9dpbK+Dz6JOKHPShjpjPa8WVIjUKFL9r0cmErHB77KSaB9GqyBdh
 /6KzrY5ntHes0vZMhJQBLSkx6R48g3XVTJgH7yT6ZT9ztuxR8/fVhHLCKfkeqNHqMqE5
 gCWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=PR3cOXzuITLpunNb7hygOKNYt+T5NaaPBLT1by4rniM=;
 b=F8MCMNATmotjEFluIEXIlsxCw9TI4ZYqNNLFZW4/6YRFRkfbPkXQggj8VhMD/9vx+H
 FWgxnQtBo/5BXb5fo0uIfUk7R0o9mHB+nhgSVXLduX+Xwh6HzPuaHKTic5eGAETJUOWv
 wVyUuoqUgUIMIvudiIRjftipSnFo3hJBhWyYCkCk4vA4snDotModR9d90s0kR7xg2lZi
 /Ww+6vHZuXdAxNytxBhjHrbJgbf1JPGW3g96+zGomJfpuSNVBFPZvwWYe1/fNo9hvA/5
 5GDpo461WJG1luZ6+oz/DKMbG+75u7ZS3tWY5BkUD6QuoyA1Gl9tMcOCsbrbJ08cYt2e
 tWCA==
X-Gm-Message-State: AMCzsaUcBZLOgzMIuFfvOjJO7LYlfDtrYGj4MH4CfGcB9peD8QeSDR9r
 O8t5vZ/tFyFymiyFCn6eTPc=
X-Google-Smtp-Source: ABhQp+RZ48DPJGcW2xvtREIKxcmlEhXFabQ0iKaMJOK3mbH47hukRYMrXT7iSqtBcrrz0JPSD/gPAw==
X-Received: by 10.98.79.80 with SMTP id d77mr7407648pfb.238.1508579588749;
 Sat, 21 Oct 2017 02:53:08 -0700 (PDT)
Received: from debian (1-64-80-064.static.netvigator.com. [1.64.80.64])
 by smtp.gmail.com with ESMTPSA id m25sm5107914pfg.49.2017.10.21.02.53.06
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 21 Oct 2017 02:53:07 -0700 (PDT)
From: Alex Vong <alexvong1995@gmail.com>
To: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: [bug#27749] [PATCH] gnu: heimdal: Update to 7.4.0 [fixes
 CVE-2017-11103].
References: <87wp76kv68.fsf@gmail.com> <20170718154906.GB16798@jasmine.lan>
 <87bmogzspe.fsf@gmail.com> <877ez4znze.fsf@gmail.com>
 <20170720195134.GA19680@jasmine.lan> <871sm03zyd.fsf@elephly.net>
 <87vajbchiv.fsf@gmail.com>
Date: Sat, 21 Oct 2017 17:52:58 +0800
In-Reply-To: <87vajbchiv.fsf@gmail.com> (Alex Vong's message of "Thu, 19 Oct
 2017 22:57:12 +0800")
Message-ID: <87k1zon7yd.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 2.4 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hello, This is the new patch. It is basically the first patch
 but with the sqlite and libedit bundled dependecies removed. I don't know
 if there are any other bundled dependencies so I am asking this on the heimdal
 mailing list. [...] 
 Content analysis details:   (2.4 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
 [URIs: autogen.sh]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [74.125.83.68 listed in list.dnswl.org]
 0.5 RCVD_IN_SORBS_SPAM     RBL: SORBS: sender is a spam source
 [74.125.83.68 listed in dnsbl.sorbs.net]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [74.125.83.68 listed in wl.mailspike.net]
 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
 digit (alexvong1995[at]gmail.com)
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (alexvong1995[at]gmail.com)
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-Debbugs-Envelope-To: 27749
Cc: 27749@debbugs.gnu.org, Leo Famulari <leo@famulari.name>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello, This is the new patch. It is basically the first patch
    but with the sqlite and libedit bundled dependecies removed. I don't know
    if there are any other bundled dependencies so I am asking this on the heimdal
    mailing list. [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                             [URIs: autogen.sh]
  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
                             digit (alexvong1995[at]gmail.com)
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                             (alexvong1995[at]gmail.com)
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

[Message part 1 (text/plain, inline)]
Hello,

This is the new patch. It is basically the first patch but with the
sqlite and libedit bundled dependecies removed. I don't know if there
are any other bundled dependencies so I am asking this on the heimdal
mailing list.

Also, since I am not a user of heimdal, we need someone to check if the
new version does work properly (as some test failures occur).


[0001-gnu-heimdal-Update-to-7.4.0.patch (text/x-diff, inline)]
From 4b2fcc8998da79aea5b09d5646569906bb447638 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Tue, 18 Jul 2017 06:36:48 +0800
Subject: [PATCH] gnu: heimdal: Update to 7.4.0.

* gnu/packages/kerberos.scm (heimdal): Update to 7.4.0.
[source]: Update source uri.
[arguments]: Adjust #:configure-flags and build phases accordingly.
[inputs]: Add autoconf, automake, libtool, perl, perl-json, texinfo, unzip
and sqlite.
---
 gnu/packages/kerberos.scm | 86 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 64 insertions(+), 22 deletions(-)

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 801b4e44a..fde310e65 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -145,16 +146,15 @@ secure manner through client-server mutual authentication via tickets.")
 (define-public heimdal
   (package
     (name "heimdal")
-    (version "1.5.3")
+    (version "7.4.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
-                                  version ".tar.gz"))
+              (uri (string-append "https://github.com/" name "/" name
+                                  "/releases/download/" name "-" version
+                                  "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
-              (patches (search-patches "heimdal-CVE-2017-6594.patch"
-                                       "heimdal-CVE-2017-11103.patch"))
+                "1b992ifwnr06h89f8vqp1l0z8ixh29sk9nhk99lw28dd6v6lxq9x"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "configure"
@@ -162,33 +162,75 @@ secure manner through client-server mutual authentication via tickets.")
                   (("Date=.*$") "Date=2017\n")))))
     (build-system gnu-build-system)
     (arguments
-     '(#:configure-flags (list
-                          ;; Work around a linker error.
-                          "CFLAGS=-pthread"
+     '(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+
+       #:configure-flags (list
+                          (string-append "CPPFLAGS=-D_PATH_BSHELL="
+                                         (assoc-ref %build-inputs "bash")
+                                         "/bin/sh")
 
                           ;; Avoid 7 MiB of .a files.
                           "--disable-static"
 
                           ;; Do not build libedit.
-                          (string-append
-                           "--with-readline-lib="
-                           (assoc-ref %build-inputs "readline") "/lib")
-                          (string-append
-                           "--with-readline-include="
-                           (assoc-ref %build-inputs "readline") "/include"))
+                          (string-append "--with-readline="
+                                         (assoc-ref %build-inputs "readline"))
+
+                          ;; Do not build sqlite.
+                          (string-append "--with-sqlite3="
+                                         (assoc-ref %build-inputs "sqlite")))
 
        #:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'pre-build
+                    (lambda _
+                      (for-each (lambda (file) ;fix sh paths
+                                  (substitute* file
+                                    (("/bin/sh")
+                                     (which "sh"))))
+                                '("appl/afsutil/pagsh.c" "tools/Makefile.am"))
+                      (substitute* "lib/roken/getxxyyy.c" ;set user during test
+                        (("user = getenv\\(\"USER\"\\);")
+                         (format #f
+                                 "#ifndef TEST_GETXXYYY
+#error \"TEST_GETXXYYY is not defined\"
+#endif
+user = \"~a\";
+"
+                                 (passwd:name (getpwuid (getuid))))))
+                      #t))
+
+                  (add-after 'pre-build 'autogen
+                    (lambda _
+                      (zero? (system* "sh" "autogen.sh"))))
+
+                  ;; FIXME: figure out the complete list of bundled libraries
+                  (add-after 'configure 'remove-bundled-libraries
+                    (lambda _
+                      (for-each delete-file-recursively
+                                '("lib/libedit" "lib/sqlite"))))
+
                   (add-before 'check 'skip-tests
                     (lambda _
-                      ;; The test simply runs 'ftp --version && ftp --help'
-                      ;; but that fails in the chroot because 'ftp' tries to
-                      ;; do a service lookup before printing the help/version.
-                      (substitute* "appl/ftp/ftp/Makefile.in"
-                        (("^CHECK_LOCAL =.*")
-                         "CHECK_LOCAL = no-check-local\n"))
+                      ;; skip db tests for now
+                      ;; FIXME: figure out why they fail
+                      (call-with-output-file "tests/db/have-db.in"
+                        (cut format <> "#!~a~%exit 1~%" (which "sh")))
                       #t)))))
+
     (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
-    (inputs `(("readline" ,readline)
+    (inputs `(("autoconf" ,autoconf)              ;for autogen
+              ("automake" ,automake)
+              ("libtool" ,libtool)
+              ("perl" ,perl)
+              ("perl-json" ,perl-json)
+
+              ("texinfo" ,texinfo)                ;for doc
+              ("unzip" ,unzip)                    ;for test
+
+              ("readline" ,readline)
+              ("sqlite" ,sqlite)
               ("bdb" ,bdb)
               ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
     (home-page "http://www.h5l.org/")
-- 
2.14.2


[Message part 3 (text/plain, inline)]
Cheers,
Alex

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sat Dec 21 16:40:57 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.