summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/p11-kit-jks-timestamps.patch42
-rw-r--r--gnu/packages/tls.scm5
3 files changed, 46 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bf2b2cb4e4..7481b39007 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1104,6 +1104,7 @@ dist_patch_DATA = \
%D%/packages/patches/osip-CVE-2017-7853.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/owncloud-disable-updatecheck.patch \
+ %D%/packages/patches/p11-kit-jks-timestamps.patch \
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
%D%/packages/patches/p7zip-CVE-2017-17969.patch \
%D%/packages/patches/p7zip-remove-unused-code.patch \
diff --git a/gnu/packages/patches/p11-kit-jks-timestamps.patch b/gnu/packages/patches/p11-kit-jks-timestamps.patch
new file mode 100644
index 0000000000..8cb8ed8684
--- /dev/null
+++ b/gnu/packages/patches/p11-kit-jks-timestamps.patch
@@ -0,0 +1,42 @@
+Fix test failures induced by setting the SOURCE_DATE_EPOCH variable.
+
+Taken from upstream: <https://github.com/p11-glue/p11-kit/pull/213>.
+
+From 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Mon, 28 Jan 2019 13:03:15 +0100
+Subject: [PATCH] extract-jks: Prefer _p11_extract_jks_timestamp to
+ SOURCE_DATE_EPOCH
+
+Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so
+that the test results are not affected by the envvar settings.
+---
+ trust/extract-jks.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/trust/extract-jks.c b/trust/extract-jks.c
+index ad8dc35..a6f855f 100644
+--- a/trust/extract-jks.c
++++ b/trust/extract-jks.c
+@@ -250,7 +250,9 @@ prepare_jks_buffer (p11_enumerate *ex,
+ * when this was this certificate was added to the keystore, however
+ * we don't have that information. Java uses time in milliseconds
+ */
+- {
++ if (_p11_extract_jks_timestamp)
++ now = _p11_extract_jks_timestamp;
++ else {
+ char *source_date_epoch;
+ source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH");
+ if (source_date_epoch) {
+@@ -276,9 +278,7 @@ prepare_jks_buffer (p11_enumerate *ex,
+ return false;
+ }
+ now = epoch;
+- } else if (_p11_extract_jks_timestamp)
+- now = _p11_extract_jks_timestamp;
+- else
++ } else
+ now = time (NULL);
+ }
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 864f55b2f8..84f71255fe 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -123,15 +123,16 @@ in intelligent transportation networks.")
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.14")
+ (version "0.23.15")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
"download/" version "/p11-kit-" version ".tar.gz"))
+ (patches (search-patches "p11-kit-jks-timestamps.patch"))
(sha256
(base32
- "0w0dkq9388grbbn4bv2p55vy1j51f7nd9hzlc9gz4fbm4dnzmf8w"))))
+ "166pwj00cffv4qq4dvx0k53zka0b0r1fa0whc49007vsqyh3khgp"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))