diff options
author | Nikita Karetnikov <nikita@karetnikov.org> | 2012-11-23 23:00:50 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2012-11-24 00:35:33 +0100 |
commit | 5b2fd61868dfeeb60ec5252f86f46d6995a869b2 (patch) | |
tree | 0c0c7da169007c68b5fddb0f9ff2e33002bf3041 /distro/packages | |
parent | 36d4d49e694f87aa950101724800171baa74f8b3 (diff) | |
download | guix-5b2fd61868dfeeb60ec5252f86f46d6995a869b2.tar guix-5b2fd61868dfeeb60ec5252f86f46d6995a869b2.tar.gz |
distro: Add GNU Shishi.
* distro/packages/shishi.scm,
distro/packages/patches/shishi-gets-undeclared.patch: New files.
* Makefile.am (MODULES): Add 'shishi.scm'.
(dist_patch_DATA): Add 'shishi-gets-undeclared.patch'.
Diffstat (limited to 'distro/packages')
-rw-r--r-- | distro/packages/patches/shishi-gets-undeclared.patch | 71 | ||||
-rw-r--r-- | distro/packages/shishi.scm | 69 |
2 files changed, 140 insertions, 0 deletions
diff --git a/distro/packages/patches/shishi-gets-undeclared.patch b/distro/packages/patches/shishi-gets-undeclared.patch new file mode 100644 index 0000000000..a3d6d0cca2 --- /dev/null +++ b/distro/packages/patches/shishi-gets-undeclared.patch @@ -0,0 +1,71 @@ +This patch is needed to allow builds with newer versions of +the GNU libc (2.16+). + + +commit 66712c23388e93e5c518ebc8515140fa0c807348 +Author: Eric Blake <eblake@redhat.com> +Date: Thu Mar 29 13:30:41 2012 -0600 + + stdio: don't assume gets any more + + Gnulib intentionally does not have a gets module, and now that C11 + and glibc have dropped it, we should be more proactive about warning + any user on a platform that still has a declaration of this dangerous + interface. + + * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets + support. + * modules/stdio (Makefile.am): Likewise. + * lib/stdio-read.c (gets): Likewise. + * tests/test-stdio-c++.cc: Likewise. + * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment. + * lib/stdio.in.h (gets): Make warning occur in more places. + * doc/posix-functions/gets.texi (gets): Update documentation. + Reported by Christer Solskogen. + + Signed-off-by: Eric Blake <eblake@redhat.com> + +diff --git a/gl/stdio.in.h b/gl/stdio.in.h +index aa7b599..c377b6e 100644 +--- a/gl/stdio.in.h ++++ b/gl/stdio.in.h +@@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - " + # endif + #endif + +-#if @GNULIB_GETS@ +-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@ +-# if !(defined __cplusplus && defined GNULIB_NAMESPACE) +-# undef gets +-# define gets rpl_gets +-# endif +-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1))); +-_GL_CXXALIAS_RPL (gets, char *, (char *s)); +-# else +-_GL_CXXALIAS_SYS (gets, char *, (char *s)); +-# undef gets +-# endif +-_GL_CXXALIASWARN (gets); + /* It is very rare that the developer ever has full control of stdin, +- so any use of gets warrants an unconditional warning. Assume it is +- always declared, since it is required by C89. */ ++ so any use of gets warrants an unconditional warning; besides, C11 ++ removed it. */ ++#undef gets ++#if HAVE_RAW_DECL_GETS + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); + #endif + +@@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - " + # endif + #endif + +-/* Some people would argue that sprintf should be handled like gets +- (for example, OpenBSD issues a link warning for both functions), +- since both can cause security holes due to buffer overruns. ++/* Some people would argue that all sprintf uses should be warned about ++ (for example, OpenBSD issues a link warning for it), ++ since it can cause security holes due to buffer overruns. + However, we believe that sprintf can be used safely, and is more + efficient than snprintf in those safe cases; and as proof of our + belief, we use sprintf in several gnulib modules. So this header diff --git a/distro/packages/shishi.scm b/distro/packages/shishi.scm new file mode 100644 index 0000000000..3a71dc3c97 --- /dev/null +++ b/distro/packages/shishi.scm @@ -0,0 +1,69 @@ +;;; Guix --- Nix package management from Guile. -*- coding: utf-8 -*- +;;; Copyright (C) 2012 Nikita Karetnikov <nikita@karetnikov.org> +;;; Copyright (C) 2012 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of Guix. +;;; +;;; Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (distro packages shishi) + #:use-module (distro) + #:use-module (distro packages gnutls) + #:use-module (distro packages gnupg) + #:use-module (distro packages compression) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu)) + +(define-public shishi + (package + (name "shishi") + (version "1.0.1") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://gnu/shishi/shishi-" + version + ".tar.gz")) + (sha256 + (base32 + "13c6w9rpaqb3am65nrn86byvmll5r78pld2vb0i68491vww4fzlx")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags + '("CPPFLAGS=-DMAX_ERROR_DESCRIPTION_SIZE=ASN1_MAX_ERROR_DESCRIPTION_SIZE") + #:patches (list (assoc-ref %build-inputs + "patch/gets")))) + (inputs + `(("gnutls" ,gnutls) + ("zlib" ,zlib) + ("libgcrypt" ,libgcrypt) + ("libtasn1" ,libtasn1) + ("patch/gets" ,(search-patch "shishi-gets-undeclared.patch")))) + (home-page "http://www.gnu.org/software/shishi/") + (synopsis + "GNU Shishi, free implementation of the Kerberos 5 network security system") + (description + " GNU Shishi is an implementation of the Kerberos 5 network + authentication system, as specified in RFC 4120. Shishi can be + used to authenticate users in distributed systems. + + Shishi contains a library (`libshishi') that can be used by + application developers to add support for Kerberos 5. Shishi + contains a command line utility (1shishi') that is used by + users to acquire and manage tickets (and more). The server + side, a Key Distribution Center, is implemented by `shishid'. +") + (license "GPLv3+"))) ; some files are under GPLv2+ |