From 39855bfef12c8ab66a29cc7d096c719187c71b56 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 28 Jan 2019 20:36:21 +0100
Subject: [PATCH] gnu: p11-kit: Update to 0.23.15.

* gnu/packages/patches/p11-kit-jks-timestamps.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/tls.scm (p11-kit): Update to 0.23.15.
[source](patches): New field.
---
 gnu/local.mk                                  |  1 +
 .../patches/p11-kit-jks-timestamps.patch      | 42 +++++++++++++++++++
 gnu/packages/tls.scm                          |  5 ++-
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/p11-kit-jks-timestamps.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index bf2b2cb4e4..7481b39007 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1104,6 +1104,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
   %D%/packages/patches/owncloud-disable-updatecheck.patch	\
+  %D%/packages/patches/p11-kit-jks-timestamps.patch		\
   %D%/packages/patches/p7zip-CVE-2016-9296.patch		\
   %D%/packages/patches/p7zip-CVE-2017-17969.patch		\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
diff --git a/gnu/packages/patches/p11-kit-jks-timestamps.patch b/gnu/packages/patches/p11-kit-jks-timestamps.patch
new file mode 100644
index 0000000000..8cb8ed8684
--- /dev/null
+++ b/gnu/packages/patches/p11-kit-jks-timestamps.patch
@@ -0,0 +1,42 @@
+Fix test failures induced by setting the SOURCE_DATE_EPOCH variable.
+
+Taken from upstream: <https://github.com/p11-glue/p11-kit/pull/213>.
+
+From 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Mon, 28 Jan 2019 13:03:15 +0100
+Subject: [PATCH] extract-jks: Prefer _p11_extract_jks_timestamp to
+ SOURCE_DATE_EPOCH
+
+Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so
+that the test results are not affected by the envvar settings.
+---
+ trust/extract-jks.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/trust/extract-jks.c b/trust/extract-jks.c
+index ad8dc35..a6f855f 100644
+--- a/trust/extract-jks.c
++++ b/trust/extract-jks.c
+@@ -250,7 +250,9 @@ prepare_jks_buffer (p11_enumerate *ex,
+ 	 * when this was this certificate was added to the keystore, however
+ 	 * we don't have that information. Java uses time in milliseconds
+ 	 */
+-	{
++	if (_p11_extract_jks_timestamp)
++		now = _p11_extract_jks_timestamp;
++	else {
+ 		char *source_date_epoch;
+ 		source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH");
+ 		if (source_date_epoch) {
+@@ -276,9 +278,7 @@ prepare_jks_buffer (p11_enumerate *ex,
+ 				return false;
+ 			}
+ 			now = epoch;
+-		} else if (_p11_extract_jks_timestamp)
+-			now = _p11_extract_jks_timestamp;
+-		else
++		} else
+ 			now = time (NULL);
+ 	}
+ 
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 864f55b2f8..84f71255fe 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -123,15 +123,16 @@ in intelligent transportation networks.")
 (define-public p11-kit
   (package
     (name "p11-kit")
-    (version "0.23.14")
+    (version "0.23.15")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
                           "download/" version "/p11-kit-" version ".tar.gz"))
+      (patches (search-patches "p11-kit-jks-timestamps.patch"))
       (sha256
        (base32
-        "0w0dkq9388grbbn4bv2p55vy1j51f7nd9hzlc9gz4fbm4dnzmf8w"))))
+        "166pwj00cffv4qq4dvx0k53zka0b0r1fa0whc49007vsqyh3khgp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))