diff options
| author | Nicolas Graves <ngraves@ngraves.fr> | 2024-11-06 00:13:58 +0100 |
|---|---|---|
| committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2024-11-12 17:41:38 +0900 |
| commit | 7b8c099f3e12625a9db51a4dd1e45de9fd5aff85 (patch) | |
| tree | 95322985894f26c823899076fd63739ed54909bd | |
| parent | 603407fa0a9b2435b9688d0bb2d099c31f22ec45 (diff) | |
| download | guix-7b8c099f3e12625a9db51a4dd1e45de9fd5aff85.tar guix-7b8c099f3e12625a9db51a4dd1e45de9fd5aff85.tar.gz | |
gnu: rnp: Update to 0.17.1. [security fixes]
This fixes CVE-2023-29479 and CVE-2023-29480.
* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Co-authored-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Ic1d4740da168cd9fde8b642f279c2c77a1c3806f
| -rw-r--r-- | gnu/packages/openpgp.scm | 57 |
1 files changed, 32 insertions, 25 deletions
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm index 356908ab1f..c98023566f 100644 --- a/gnu/packages/openpgp.scm +++ b/gnu/packages/openpgp.scm @@ -23,6 +23,7 @@ #:use-module (guix git-download) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) + #:use-module (guix gexp) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) #:use-module (gnu packages check) @@ -98,10 +99,10 @@ environments.") (license license:gpl2+))) (define-public rnp - (let ((day-of-release "2022-09-22")) + (let ((day-of-release "2024-05-14")) (package (name "rnp") - (version "0.16.2") + (version "0.17.1") (source (origin (method git-fetch) (uri (git-reference @@ -110,33 +111,39 @@ environments.") (file-name (git-file-name name version)) (sha256 (base32 - "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8")))) + "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d")))) (build-system cmake-build-system) - (arguments `(#:configure-flags - '("-DBUILD_SHARED_LIBS=on" - "-DBUILD_TESTING=on" - "-DDOWNLOAD_GTEST=off" - "-DDOWNLOAD_RUBYRNP=off") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'patch-tests - (lambda _ - (substitute* "src/tests/support.cpp" - (("\"cp\"") (search-input-file inputs "/bin/cp"))))) - (replace 'check - (lambda* (#:key tests? #:allow-other-keys) - (when tests? - ;; Some OpenPGP certificates used by the tests expire. - ;; To work around that, set the time to roughly the - ;; release date. - (invoke "faketime" ,day-of-release "make" "test"))))))) + (arguments + (list + #:configure-flags + #~(list "-DBUILD_SHARED_LIBS=on" + "-DSYSTEM_LIBSEXPP=on" + ;; Lower the minimum tuning ratio from 6 to 4, as suggested + ;; upstream to avoid the s2k_iteration_tuning failing. + "-DS2K_MINIMUM_TUNING_RATIO=4" + "-DBUILD_TESTING=on" + "-DDOWNLOAD_GTEST=off" + "-DDOWNLOAD_RUBYRNP=off") + #:phases + #~(modify-phases %standard-phases + (replace 'check + (lambda* (#:key tests? parallel-tests? #:allow-other-keys) + (when tests? + ;; Some OpenPGP certificates used by the tests expire. + ;; To work around that, set the time to roughly the + ;; release date. + (setenv "CTEST_OUTPUT_ON_FAILURE" "1") + (invoke "faketime" #$day-of-release "ctest" + "-j" (if parallel-tests? + (number->string (parallel-job-count)) + "1")))))))) (native-inputs - (list gnupg ; for tests - googletest ; for tests - libfaketime ; for tests + (list gnupg ;for tests + googletest ;for tests + libfaketime ;for tests pkg-config python)) - (inputs (list botan bzip2 json-c zlib)) + (inputs (list botan bzip2 json-c sexpp zlib)) (synopsis "RFC4880-compliant OpenPGP library written in C++") (description |