diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2016-08-01 23:30:52 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2016-08-01 23:30:52 +0200 |
| commit | 455859a50f88f625d13fc2f304111f02369b366b (patch) | |
| tree | 285d8aa9253f033fa8d64e6b5f9f8d856aae04d2 /gnu/packages/tls.scm | |
| parent | 742effef5629667b274087adc70b06abab86b252 (diff) | |
| download | guix-455859a50f88f625d13fc2f304111f02369b366b.tar.gz | |
Merge branch 'core-updates'
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 95 |
1 files changed, 49 insertions, 46 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index bdc1d7c997..9abaabad89 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -36,6 +36,7 @@ #:use-module (gnu packages guile) #:use-module (gnu packages libffi) #:use-module (gnu packages libidn) + #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages perl) @@ -47,7 +48,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.7") + (version "4.8") (source (origin (method url-fetch) @@ -55,7 +56,7 @@ version ".tar.gz")) (sha256 (base32 - "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4")))) + "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -65,22 +66,8 @@ for transmitting machine-neutral encodings of data objects in computer networking, allowing for formal validation of data according to some specifications.") - (replacement libtasn1/fixed) (license license:lgpl2.0+))) -(define libtasn1/fixed ;for CVE-2016-4008 - (package - (inherit libtasn1) - (source - (let ((version "4.8")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libtasn1/libtasn1-" - version ".tar.gz")) - (sha256 - (base32 - "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))))) - (define-public p11-kit (package (name "p11-kit") @@ -122,7 +109,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.4.7") + (version "3.5.2") (source (origin (method url-fetch) (uri @@ -133,7 +120,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) + "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -172,7 +159,8 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("pkg-config" ,pkg-config) + `(("net-tools" ,net-tools) + ("pkg-config" ,pkg-config) ("which" ,which))) (inputs `(("guile" ,guile-2.0) @@ -183,7 +171,7 @@ living in the same process.") ("libidn" ,libidn) ("nettle" ,nettle) ("zlib" ,zlib))) - (home-page "http://www.gnu.org/software/gnutls/") + (home-page "https://www.gnu.org/software/gnutls/") (synopsis "Transport layer security library") (description "GnuTLS is a secure communications library implementing the SSL, TLS @@ -197,8 +185,7 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2g") - (replacement openssl/fixed) + (version "1.0.2h") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -208,15 +195,25 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "openssl-c-rehash-in.patch" + "openssl-CVE-2016-2177.patch" + "openssl-CVE-2016-2178.patch")))) (build-system gnu-build-system) + (outputs '("out" + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (native-inputs `(("perl" ,perl))) (arguments - `(#:parallel-build? #f + `(#:disallowed-references (,perl) + #:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, + ;; so we explicitly disallow it here. + #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before @@ -263,6 +260,33 @@ required structures.") (find-files (string-append out "/lib") "\\.so")) #t))) + (add-after 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (file) + (install-file file slib) + (delete-file file)) + (find-files lib "\\.a$")) + #t))) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + #t))) (add-before 'patch-source-shebangs 'patch-tests (lambda* (#:key inputs native-inputs #:allow-other-keys) @@ -299,27 +323,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl/fixed - (package - (inherit openssl) - (source - (let ((name "openssl") - (version "1.0.2h")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch" - "openssl-CVE-2016-2177.patch" - "openssl-CVE-2016-2178.patch"))))))) - (define-public libressl (package (name "libressl") |