summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-12-08 11:12:14 +0100
committerLudovic Courtès <ludo@gnu.org>2020-12-08 14:06:20 +0100
commit51a365c1834ced822ca3e1cfdf625edf6b883513 (patch)
tree9de6132d6b3abb31852f28fb0f88cf85de6a4408
parent2dfb16150e11f273fd6f991bb563bf02a8a69402 (diff)
downloadguix-51a365c1834ced822ca3e1cfdf625edf6b883513.tar.gz
gnu: gnutls: Update to 3.6.15 and remove replacement.
* gnu/packages/tls.scm (gnutls): Update to 3.6.15.
[source]: Add "gnutls-cross.patch".
[replacement]: Remove.
[native-inputs]: Add GUILE-3.0 when (%current-target-system) is true.
(gnutls/fixed): Remove.
* gnu/packages/package-management.scm (guix)[propagated-inputs]: Remove
reference to 'gnutls/fixed'.
* gnu/packages/tls.scm (gnutls/dane): Inherit from gnutls.
* gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Remove
gnutls/fixed, add gnutls.

Co-authored-by: Efraim Flashner <efraim@flashner.co.il>
-rw-r--r--gnu/packages/package-management.scm2
-rw-r--r--gnu/packages/tls.scm51
-rw-r--r--gnu/packages/vpn.scm4
3 files changed, 18 insertions, 39 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 9e8f9df76d..a76fc49b3e 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n")))
 
          ("glibc-utf8-locales" ,glibc-utf8-locales)))
       (propagated-inputs
-       `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls))
+       `(("gnutls" ,gnutls)
          ;; Avahi requires "glib" which doesn't cross-compile yet.
          ,@(if (%current-target-system)
                '()
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 28c6d8c392..42ea384524 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -164,21 +164,19 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
-    (replacement gnutls/fixed)
-    (version "3.6.12")
+    (version "3.6.15")
     (source (origin
-             (method url-fetch)
-             (uri
+              (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
               ;; schism (after version 3.1.5).
-              (string-append "mirror://gnupg/gnutls/v"
-                             (version-major+minor version)
-                             "/gnutls-" version ".tar.xz"))
-             (patches (search-patches "gnutls-skip-trust-store-test.patch"))
-             (sha256
-              (base32
-               "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (patches (search-patches "gnutls-skip-trust-store-test.patch"
+                                       "gnutls-cross.patch"))
+              (sha256
+               (base32
+                "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? ,(not (or (%current-target-system)
@@ -228,7 +226,11 @@ living in the same process.")
                "debug"
                "doc"))                            ;4.1 MiB of man pages
     (native-inputs
-     `(,@(if (hurd-target?) '()
+     `(,@(if (%current-target-system)             ;for cross-build
+             `(("guile" ,guile-3.0))              ;to create .go files
+             '())
+       ,@(if (hurd-target?)
+             '()
              `(("net-tools" ,net-tools)))
        ("pkg-config" ,pkg-config)
        ("which" ,which)
@@ -254,27 +256,6 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-;; Replacement package to fix multiple security vulnerabilities.
-(define-public gnutls/fixed
-  (package
-    (inherit gnutls)
-    (version "3.6.15")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnupg/gnutls/v"
-                                  (version-major+minor version)
-                                  "/gnutls-" version ".tar.xz"))
-              (patches (search-patches "gnutls-skip-trust-store-test.patch"
-                                       "gnutls-cross.patch"))
-              (sha256
-               (base32
-                "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
-    (native-inputs
-     `(,@(if (%current-target-system)             ;for cross-build
-             `(("guile" ,guile-3.0))              ;to create .go files
-             '())
-       ,@(package-native-inputs gnutls)))))
-
 (define-public gnutls/guile-2.0
   ;; GnuTLS for Guile 2.0.
   (package/inherit gnutls
@@ -287,7 +268,7 @@ required structures.")
   ;; Authentication of Named Entities.  This is required for GNS functionality
   ;; by GNUnet and gnURL.  This is done in an extra package definition
   ;; to have the choice between GnuTLS with Dane and without Dane.
-  (package/inherit gnutls/fixed
+  (package/inherit gnutls
     (name "gnutls-dane")
     (inputs `(("unbound" ,unbound)
               ,@(package-inputs gnutls)))))
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 04c34c3d4d..2763fba935 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -263,9 +263,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
    (build-system gnu-build-system)
    (propagated-inputs
     `(("libxml2" ,libxml2)
-      ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
-      ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
-      ("gnutls" ,gnutls/fixed)
+      ("gnutls" ,gnutls)
       ("zlib" ,zlib)))
    (inputs
     `(("lz4" ,lz4)