[Backport release-24.05] heimdal: 7.8.0-unstable-2023-11-29 -> 7.8.0-unstable-2024-09-10

pkgs/development/libraries/kerberos/0001-Define-HAVE_DB_185_H.patch

@@ -0,0 +1,26 @@
+From 08d719e96214f648ae95043acc308deca36e1f7a Mon Sep 17 00:00:00 2001
+From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
+Date: Tue, 15 Oct 2024 13:52:39 -0400
+Subject: [PATCH] Define HAVE_DB_185_H
+
+---
+ cf/db.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/cf/db.m4 b/cf/db.m4
+index c0b4510b6..c95a9dee9 100644
+--- a/cf/db.m4
++++ b/cf/db.m4
+@@ -57,6 +57,9 @@ AS_IF([test "x$with_berkeley_db" != xno],
+ 	           db.h					\
+     ])])
+
++dnl detect if compat db_185.h is present
++AC_CHECK_HEADERS([db_185.h])
++
+ dnl db_create is used by db3 and db4 and db5 and db6
+
+   AC_FIND_FUNC_NO_LIBS(db_create, [$dbheader] db-6 db-5 db4 db3 db, [
+-- 
+2.46.0
+

pkgs/development/libraries/kerberos/0001-Include-db.h-for-nbdb-compat-mode.patch

@@ -0,0 +1,25 @@
+From 749d9451293f9d9f8a3f506401cae369003aeebf Mon Sep 17 00:00:00 2001
+From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
+Date: Sun, 13 Oct 2024 17:16:13 -0400
+Subject: [PATCH] Include db.h for nbdb compat mode
+
+---
+ lib/otp/otp_db.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/otp/otp_db.c b/lib/otp/otp_db.c
+index 036359c1d..32c04bc8c 100644
+--- a/lib/otp/otp_db.c
++++ b/lib/otp/otp_db.c
+@@ -39,7 +39,7 @@ RCSID("$Id$");
+ #include "otp_locl.h"
+
+ #if defined(HAVE_DB_NDBM)
+-# include <ndbm.h>
++# include <db.h>
+ #elif !defined(HAVE_NDBM)
+ # include "ndbm_wrap.h"
+ #endif
+-- 
+2.46.0
+

pkgs/development/libraries/kerberos/0001-Link-tests-with-libresolv.patch

@@ -0,0 +1,51 @@
+From 862900febaec4a2c70257a39374b81138ee9f168 Mon Sep 17 00:00:00 2001
+From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
+Date: Tue, 15 Oct 2024 16:06:33 -0400
+Subject: [PATCH] Link tests with libresolv
+
+---
+ lib/gssapi/Makefile.am | 1 +
+ lib/krb5/Makefile.am   | 2 ++
+ lib/roken/Makefile.am  | 1 +
+ 3 files changed, 4 insertions(+)
+
+diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am
+index 3254866dc..db967e586 100644
+--- a/lib/gssapi/Makefile.am
++++ b/lib/gssapi/Makefile.am
+@@ -403,6 +403,7 @@ LDADD = libgssapi.la \
+ 	$(top_builddir)/lib/krb5/libkrb5.la \
+ 	$(LIB_roken)
+
++test_names_LDFLAGS = -lresolv
+ test_names_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la
+ test_context_LDADD = $(LDADD) $(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/wind/libwind.la
+
+diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am
+index ecce461dd..e22cfe87c 100644
+--- a/lib/krb5/Makefile.am
++++ b/lib/krb5/Makefile.am
+@@ -330,6 +330,8 @@ test_rfc3961_LDADD = 				\
+ 	$(LIB_hcrypto)				\
+ 	$(LIB_roken)
+
++test_plugin_LDFLAGS = -lresolv
++
+ if DEVELOPER_MODE
+ headerdeps = $(dist_libkrb5_la_SOURCES)
+ endif
+diff --git a/lib/roken/Makefile.am b/lib/roken/Makefile.am
+index 1f530c7ae..8350d7034 100644
+--- a/lib/roken/Makefile.am
++++ b/lib/roken/Makefile.am
+@@ -54,6 +54,7 @@ libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
+
+ parse_reply_test_SOURCES = parse_reply-test.c resolve.c
+ parse_reply_test_CFLAGS  = -DTEST_RESOLVE
++parse_reply_test_LDFLAGS = -lresolv
+
+ test_readenv_SOURCES = test-readenv.c test-mem.c
+ test_auxval_SOURCES = test-auxval.c
+-- 
+2.46.0
+

pkgs/development/libraries/kerberos/heimdal.nix

@@ -49,13 +49,13 @@ assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
 
 stdenv.mkDerivation {
   pname = "heimdal";
-  version = "7.8.0-unstable-2023-11-29";
+  version = "7.8.0-unstable-2024-09-10";
 
   src = fetchFromGitHub {
     owner = "heimdal";
     repo = "heimdal";
-    rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794";
-    hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM=";
+    rev = "fd2d434dd375c402d803e6f948cfc6e257d3facc";
+    hash = "sha256-WA3lo3eD05l7zKuKEVxudMmiG7OvjK/calaUzPQ2pWs=";
   };
 
   outputs = [ "out" "dev" "man" "info" ];
@@ -67,9 +67,9 @@ stdenv.mkDerivation {
     perl
     bison
     flex
+    perlPackages.JSON
     texinfo
-  ]
-  ++ (with perlPackages; [ JSON ]);
+  ];
 
   buildInputs = [ db libedit pam ]
     ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]
@@ -108,6 +108,15 @@ stdenv.mkDerivation {
     "--with-sqlite3=${sqlite.dev}"
   ];
 
+  patches = [
+    # Proposed @ https://github.com/heimdal/heimdal/pull/1262
+    ./0001-Include-db.h-for-nbdb-compat-mode.patch
+    # Proposed @ https://github.com/heimdal/heimdal/pull/1264
+    ./0001-Define-HAVE_DB_185_H.patch
+    # Proposed @ https://github.com/heimdal/heimdal/pull/1265
+    ./0001-Link-tests-with-libresolv.patch
+  ];
+
   # (check-ldap) slapd resides within ${openldap}/libexec,
   #              which is not part of $PATH by default.
   # (check-ldap) prepending ${openldap}/bin to the path to avoid
@@ -116,17 +125,15 @@ stdenv.mkDerivation {
   # (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0,
   #              but the heimdal tests still seem to expect bdb as the openldap backend.
   #              This might be fixed upstream in a future update.
-  patchPhase = ''
-    runHook prePatch
-
+  postPatch = ''
     substituteInPlace tests/ldap/slapd-init.in \
-      --replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
+      --replace-fail 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
     substituteInPlace tests/ldap/check-ldap.in \
-      --replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
+      --replace-fail 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
     substituteInPlace tests/ldap/slapd.conf \
-      --replace 'database	bdb' 'database mdb'
-
-    runHook postPatch
+      --replace-fail 'database	bdb' 'database mdb'
+    substituteInPlace tests/kdc/check-iprop.in \
+      --replace-fail '/bin/pwd' 'pwd'
   '';
 
   # (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin,