From patchwork Mon Apr 10 19:52:24 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Lechner <felix.lechner@lease-up.com>
X-Patchwork-Id: 49063
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 79D6C17483; Mon, 10 Apr 2023 20:53:32 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 50EB917483
	for <patchwork@mira.cbaines.net>; Mon, 10 Apr 2023 20:53:31 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1plxZa-0000yN-MN; Mon, 10 Apr 2023 15:53:06 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZX-0000xh-48
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZW-0006gY-S2
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1plxZW-0003O9-7j
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#62760] [PATCH 1/3] gnu: heimdal: Update to 7.8.0.
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 10 Apr 2023 19:53:02 +0000
Resent-Message-ID: <handler.62760.B62760.168115635612964@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62760
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 62760@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>
Received: via spool by 62760-submit@debbugs.gnu.org id=B62760.168115635612964
 (code B ref 62760); Mon, 10 Apr 2023 19:53:02 +0000
Received: (at 62760) by debbugs.gnu.org; 10 Apr 2023 19:52:36 +0000
Received: from localhost ([127.0.0.1]:35992 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1plxZ6-0003N2-CO
 for submit@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:36 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:39340)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@us-core.com>) id 1plxZ4-0003Mu-Fa
 for 62760@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=uzSDAtQBQAbtihg
 DvoOF3DUz7whduu5DHBLE/6j73Ig=;
 h=references:in-reply-to:date:subject:
 cc:to:from; d=lease-up.com; b=R0tldSr7YSPUfyMDW2YIta2iTAxwuxMN21zxpDhI
 57N6iob4og2F37Khi44U6u68bMTh61V21+/MRjm/UeugCSV/8c9NY0HNe/ulON1muRaZcZ
 ZkTGg/Y9t8ndYP425Li1hif8X4TK5JNtaVsTgz8+O+wSwfMKIoC5yT9m5I7Eo=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 263aef1b
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
 Mon, 10 Apr 2023 19:52:33 +0000 (UTC)
Received: from localhost (localhost [local])
 by localhost (OpenSMTPD) with ESMTPA id ff5eb31e;
 Mon, 10 Apr 2023 19:52:33 +0000 (UTC)
Date: Mon, 10 Apr 2023 12:52:24 -0700
Message-Id: 
 <754f9ad3afb378e4e0100b865ca81b28181e3054.1681155077.git.felix.lechner@lease-up.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <cover.1681155077.git.felix.lechner@lease-up.com>
References: <cover.1681155077.git.felix.lechner@lease-up.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Felix Lechner <felix.lechner@lease-up.com>
X-ACL-Warn: ,  Felix Lechner via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Felix Lechner via Guix-patches via
 <guix-patches@gnu.org>
From: Felix Lechner <felix.lechner@lease-up.com>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Fixes CVE-2022-44640 [1] "Heimdal KDC: invalid free in ASN.1 codec." The
upstream release announcement calls it "a severe vulnerability, possibly a
10.0 on the Common Vulnerability Scoring System (CVSS) v3."

The upstream developers further "believe it should be possible to get an RCE
[remote code execution] on a KDC, which means that credentials can be
compromised that can be used to impersonate anyone in a realm or forest of
realms." "While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure." [2]

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-44640
[2] https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0

* gnu/packages/kerberos.scm (heimdal): Update to 7.8.0.
---
 gnu/packages/kerberos.scm | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 9454a5983e..ae4efcbc23 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -35,6 +35,7 @@ (define-module (gnu packages kerberos)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages dbm)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages libidn)
@@ -166,7 +167,7 @@ (define-public shishi
 (define-public heimdal
   (package
     (name "heimdal")
-    (version "7.7.0")
+    (version "7.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -174,14 +175,14 @@ (define-public heimdal
                     "heimdal-" version "/" "heimdal-" version ".tar.gz"))
               (sha256
                (base32
-                "06vx3cb01s4lv3lpv0qzbbj97cln1np1wjphkkmmbk1lsqa36bgh"))
+                "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   (substitute* "configure"
                     (("User=.*$") "User=Guix\n")
                     (("Host=.*$") "Host=GNU")
-                    (("Date=.*$") "Date=2019\n"))))))
+                    (("Date=.*$") "Date=2022\n"))))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -249,7 +250,8 @@ (define-public heimdal
     (native-inputs (list e2fsprogs ;for 'compile_et'
                          texinfo
                          unzip ;for tests
-                         perl))
+                         perl
+                         python))
     (inputs (list readline
                   bash-minimal
                   bdb

From patchwork Mon Apr 10 19:52:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Lechner <felix.lechner@lease-up.com>
X-Patchwork-Id: 49064
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id A8C071748D; Mon, 10 Apr 2023 20:53:32 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 338D417421
	for <patchwork@mira.cbaines.net>; Mon, 10 Apr 2023 20:53:30 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1plxZb-0000yc-0q; Mon, 10 Apr 2023 15:53:07 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZX-0000xi-6K
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZW-0006gd-Us
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1plxZW-0003OH-KQ
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#62760] [PATCH 2/3] gnu: heimdal: Patch for CVE-2022-45142.
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 10 Apr 2023 19:53:02 +0000
Resent-Message-ID: <handler.62760.B62760.168115635912986@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62760
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 62760@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>
Received: via spool by 62760-submit@debbugs.gnu.org id=B62760.168115635912986
 (code B ref 62760); Mon, 10 Apr 2023 19:53:02 +0000
Received: (at 62760) by debbugs.gnu.org; 10 Apr 2023 19:52:39 +0000
Received: from localhost ([127.0.0.1]:35996 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1plxZ8-0003NG-P2
 for submit@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:39 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:39340)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@us-core.com>) id 1plxZ7-0003Mu-Gp
 for 62760@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=IJzA+eLCekX8Gmm
 Q09HQLZA4Z+ETmJXOnK/Z9HX5t9Q=;
 h=references:in-reply-to:date:subject:
 cc:to:from; d=lease-up.com; b=JwpRWHLX+wHQoHDTLkANE1OBMzaNeCP4DkuxcpDc
 /Jc3uJEJYNNz+IjrfkENL54C1+Pwg1C5Z/r+jeBlRsWGqElzEp15OqDC/ZSIQhTxAR1hIX
 FfNrZhEJZxPyI7SHyf6aCocLevZIV/qcuCbk56HNxReN9cIZcCKZxOwY6r9RA=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 6f3ae34e
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
 Mon, 10 Apr 2023 19:52:36 +0000 (UTC)
Received: from localhost (localhost [local])
 by localhost (OpenSMTPD) with ESMTPA id 9eca8e9e;
 Mon, 10 Apr 2023 19:52:36 +0000 (UTC)
Date: Mon, 10 Apr 2023 12:52:25 -0700
Message-Id: 
 <52829030c170d0be6e11efdc69fddaa88f290ea9.1681155077.git.felix.lechner@lease-up.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <cover.1681155077.git.felix.lechner@lease-up.com>
References: <cover.1681155077.git.felix.lechner@lease-up.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Felix Lechner <felix.lechner@lease-up.com>
X-ACL-Warn: ,  Felix Lechner via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Felix Lechner via Guix-patches via
 <guix-patches@gnu.org>
From: Felix Lechner <felix.lechner@lease-up.com>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Several recent Heimdal releases are affected by the serious vulnerability
CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]

At the time of writing, the upstream developers had not yet cut any releases
post-7.8.0, which is why the patch is being applied here.

The patch was extracted from Helmut Grohne's public vulnerability
disclosure. [2]

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
[2] https://www.openwall.com/lists/oss-security/2023/02/08/1

* gnu/packages/kerberos.scm (heimdal)[patches]: Add patch for CVE-2022-45142.
---
 gnu/packages/kerberos.scm                     |  2 +
 .../patches/heimdal-CVE-2022-45142.patch      | 49 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 gnu/packages/patches/heimdal-CVE-2022-45142.patch

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index ae4efcbc23..0faf879e35 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -176,6 +176,8 @@ (define-public heimdal
               (sha256
                (base32
                 "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
+              (patches (search-patches
+                        "heimdal-CVE-2022-45142.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/heimdal-CVE-2022-45142.patch b/gnu/packages/patches/heimdal-CVE-2022-45142.patch
new file mode 100644
index 0000000000..a7258a937c
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2022-45142.patch
@@ -0,0 +1,49 @@
+From: Helmut Grohne <helmut@...divi.de>
+Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions
+
+The referenced commit attempted to fix miscompilations with gcc-9 and
+gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
+it also inverted the result of the comparison in two occasions. This
+inversion happened during backporting the patch to 7.7.1 and 7.8.0.
+
+Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
+ for arcfour unwrap")
+Signed-off-by: Helmut Grohne <helmut@...divi.de>
+---
+ lib/gssapi/krb5/arcfour.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Changes since v1:
+ * Fix typo in commit message.
+ * Mention 7.8.0 in commit message. Thanks to Jeffrey Altman.
+
+Changes since v2:
+ * Add CVE identifier.
+
+NB (Felix Lechner): The message above and the patch below were taken from the
+disclosure here: https://www.openwall.com/lists/oss-security/2023/02/08/1
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index e838d007a..eee6ad72f 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+ 	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+ 	*minor_status = 0;
+ 	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+ 	return GSS_S_FAILURE;
+     }
+
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+ 	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+ 	*minor_status = 0;
+--
+2.38.1

From patchwork Mon Apr 10 19:52:26 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Lechner <felix.lechner@lease-up.com>
X-Patchwork-Id: 49062
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 664621748D; Mon, 10 Apr 2023 20:53:18 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 98CD817421
	for <patchwork@mira.cbaines.net>; Mon, 10 Apr 2023 20:53:17 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1plxZb-0000z0-8D; Mon, 10 Apr 2023 15:53:07 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZZ-0000yA-I7
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1plxZX-0006gp-3z
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1plxZX-0003OP-0R
 for guix-patches@gnu.org; Mon, 10 Apr 2023 15:53:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#62760] [PATCH 3/3] gnu: heimdal: Enable OpenLDAP support;
 converge inputs toward Debian packaging.
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 10 Apr 2023 19:53:02 +0000
Resent-Message-ID: <handler.62760.B62760.168115636212996@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62760
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 62760@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>
Received: via spool by 62760-submit@debbugs.gnu.org id=B62760.168115636212996
 (code B ref 62760); Mon, 10 Apr 2023 19:53:02 +0000
Received: (at 62760) by debbugs.gnu.org; 10 Apr 2023 19:52:42 +0000
Received: from localhost ([127.0.0.1]:35998 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1plxZC-0003NX-Aa
 for submit@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:42 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:39340)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@us-core.com>) id 1plxZ8-0003Mu-Gd
 for 62760@debbugs.gnu.org; Mon, 10 Apr 2023 15:52:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=JE/Qn3ThE/OOoaa
 ADgmvhxIq5bKee87XcmoK4LHfBgM=;
 h=references:in-reply-to:date:subject:
 cc:to:from; d=lease-up.com; b=Pdw7VuXF7zjGJvpANqdM7TpQRji8zc8B9Bq3O8DO
 J9Y5+oXDcYN2m07HkpQYpiBx4iwldea/QBLr51cIm2qzGQTPewY5rqp7NcksLmu8br1YMe
 6fzRHLevJwRgL0elNFv5LiAS2w1F0MIRvyo2+6clS4ZLUXsMP8FfJmWTIIf7w=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 2ba2b248
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
 Mon, 10 Apr 2023 19:52:37 +0000 (UTC)
Received: from localhost (localhost [local])
 by localhost (OpenSMTPD) with ESMTPA id cc22c690;
 Mon, 10 Apr 2023 19:52:37 +0000 (UTC)
Date: Mon, 10 Apr 2023 12:52:26 -0700
Message-Id: 
 <c821badc931f18a08bf34947d460f14b60d5c1e7.1681155077.git.felix.lechner@lease-up.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <cover.1681155077.git.felix.lechner@lease-up.com>
References: <cover.1681155077.git.felix.lechner@lease-up.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Felix Lechner <felix.lechner@lease-up.com>
X-ACL-Warn: ,  Felix Lechner via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Felix Lechner via Guix-patches via
 <guix-patches@gnu.org>
From: Felix Lechner <felix.lechner@lease-up.com>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

This commit took several cues for the inputs from the Debian packaging for
Heimdal. [1]

First, it was not clear why the alternative implementation mit-krb5 should be
supplied as an input to Heimdal. It was dropped.

The other inputs were added to address detection attempts in ./configure that
failed. They were evident from the build log.

Also enables support for the OpenLDAP backend for the principals database.

[1] https://tracker.debian.org/media/packages/h/heimdal/control-7.8.git20221117.28daf24dfsg-2

* gnu/packages/kerberos.scm (darktable)[inputs, native-inputs]: Enable
OpenLDAP; converge inputs toward Debian packaging.
---
 gnu/packages/kerberos.scm | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 0faf879e35..c9c86f9541 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -30,10 +30,12 @@
 
 (define-module (gnu packages kerberos)
   #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages dbm)
+  #:use-module (gnu packages flex)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
   #:use-module (gnu packages gettext)
@@ -41,6 +43,7 @@ (define-module (gnu packages kerberos)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages hurd)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages openldap)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages readline)
@@ -249,16 +252,22 @@ (define-public heimdal
                           (format #t "#!~a~%exit 1~%" (which "sh")))))))
        ;; Tests fail when run in parallel.
        #:parallel-tests? #f))
-    (native-inputs (list e2fsprogs ;for 'compile_et'
+    (native-inputs (list bison
+                         e2fsprogs ;for 'compile_et'
+                         flex
+                         libcap-ng
                          texinfo
                          unzip ;for tests
+                         openldap
                          perl
+                         pkg-config
                          python))
     (inputs (list readline
                   bash-minimal
                   bdb
                   e2fsprogs ;for libcom_err
-                  mit-krb5
+                  libcap-ng
+                  openldap
                   sqlite))
     (home-page "http://www.h5l.org/")
     (synopsis "Kerberos 5 network authentication")