diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-08-26 15:34:29 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-08-26 15:34:29 +0200 |
| commit | 4028fd395e6d7f80f7bbeb4ff616b6b89b0bf654 (patch) | |
| tree | 17bac0c3211a872d3a0292cae20347718ecdd5f7 /gnu/packages/tls.scm | |
| parent | 9d1cc6bc69d53bf8ad45ac94bc3c268125f86359 (diff) | |
| parent | 72e2815d18ad688b0a16ce3b3efba1172423cec4 (diff) | |
| download | guix-4028fd395e6d7f80f7bbeb4ff616b6b89b0bf654.tar.gz | |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 126 |
1 files changed, 49 insertions, 77 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 00e99439b0..111a1c3734 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org> @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. @@ -53,8 +54,8 @@ (define-public libtasn1 (package (name "libtasn1") + (version "4.12") (replacement libtasn1/fixed) - (version "4.10") (source (origin (method url-fetch) @@ -62,7 +63,7 @@ version ".tar.gz")) (sha256 (base32 - "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8")))) + "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -77,11 +78,9 @@ specifications.") (define libtasn1/fixed (package (inherit libtasn1) - (source - (origin - (inherit (package-source libtasn1)) - (patches - (search-patches "libtasn1-CVE-2017-6891.patch")))))) + (source (origin + (inherit (package-source libtasn1)) + (patches (search-patches "libtasn1-CVE-2017-10790.patch")))))) (define-public asn1c (package @@ -113,7 +112,7 @@ in intelligent transportation networks.") (define-public p11-kit (package (name "p11-kit") - (version "0.23.7") + (version "0.23.8") (source (origin (method url-fetch) @@ -121,7 +120,7 @@ in intelligent transportation networks.") "download/" version "/p11-kit-" version ".tar.gz")) (sha256 (base32 - "0hdy4h8byvcvd4av504xqfqyd1h6xy914j034mq3c6v4ya37r3lq")))) + "0gqk1d09yyin75lvlywpbf3kxlnrcwbq8ridgapvqqjbzvjk98ab")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -140,11 +139,13 @@ coordinating the use of PKCS#11 by different components or libraries living in the same process.") (license license:bsd-3))) + +;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford +;; rebuild GnuTLS (i.e. core-updates). (define-public gnutls (package (name "gnutls") - (replacement gnutls-3.5.13) - (version "3.5.9") + (version "3.5.13") (source (origin (method url-fetch) (uri @@ -153,15 +154,16 @@ living in the same process.") (string-append "mirror://gnupg/gnutls/v" (version-major+minor version) "/gnutls-" version ".tar.xz")) + (patches + (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-skip-pkgconfig-test.patch")) (sha256 (base32 - "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2")))) + "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))) (build-system gnu-build-system) (arguments '(#:configure-flags - (list (string-append "--with-guile-site-dir=" - (assoc-ref %outputs "out") - "/share/guile/site/2.0") + (list ;; GnuTLS doesn't consult any environment variables to specify ;; the location of the system-wide trust store. Instead it has a ;; configure-time option. Unless specified, its configure script @@ -194,11 +196,11 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("net-tools" ,net-tools) + `(("net-tools" ,net-tools-for-tests) ("pkg-config" ,pkg-config) ("which" ,which))) (inputs - `(("guile" ,guile-2.0))) + `(("guile" ,guile-2.2))) (propagated-inputs ;; These are all in the 'Requires.private' field of gnutls.pc. `(("libtasn1" ,libtasn1) @@ -216,43 +218,21 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define gnutls-3.5.13 ;GNUTLS-SA-2017-{3,4} - (package - (inherit gnutls) - ;; We use 'D' instead of '13' here to keep the store file name at - ;; the same length. See <https://bugs.gnu.org/27308>. - (version "3.5.D") - (source (origin - (method url-fetch) - (uri - (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-3.5.13.tar.xz")) - (patches - (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-skip-pkgconfig-test.patch")) - (sha256 - (base32 - "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))))) - (define-public gnutls/guile-2.2 - ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. + (deprecated-package "guile2.2-gnutls" gnutls)) + +(define-public gnutls/guile-2.0 + ;; GnuTLS for Guile 2.0. (package (inherit gnutls) - (source (package-source gnutls-3.5.13)) - (name "guile2.2-gnutls") - (arguments - ;; Remove '--with-guile-site-dir=…/2.0'. - (substitute-keyword-arguments (package-arguments gnutls) - ((#:configure-flags flags) - `(cdr ,flags)))) - (inputs `(("guile" ,guile-2.2) + (name "guile2.0-gnutls") + (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) (define-public openssl (package (name "openssl") - (version "1.0.2k") + (version "1.0.2l") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -262,7 +242,14 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb")) + "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf")) + (snippet + '(begin + ;; Remove ELF files. 'substitute*' can't read them. + (delete-file "test/ssltest_old") + (delete-file "test/v3ext") + (delete-file "test/x509aux") + #t)) (patches (search-patches "openssl-runpath.patch" "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) @@ -456,15 +443,13 @@ required structures.") (package (name "libressl") (version "2.5.5") - (source - (origin - (method url-fetch) - (uri (string-append - "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-" - version ".tar.gz")) - (sha256 - (base32 - "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5")))) + (source (origin + (method url-fetch) + (uri (string-append "mirror://openbsd/LibreSSL/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5")))) (build-system gnu-build-system) (arguments ;; Do as if 'getentropy' was missing since older Linux kernels lack it @@ -501,13 +486,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "0.15.0") + (version "0.17.0") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "11zwgj663vr575pbqw74ia10wxaw16i8rnkcivsrbsx148rxdbcz")))) + "0vmnv7qhdhl9qhq03v6zrcj1lsmpmpjb94s0xsc7piwqxfmf9jrw")))) (build-system python-build-system) (arguments `(#:phases @@ -558,7 +543,7 @@ netcat implementation that supports TLS.") (uri (pypi-uri name version)) (sha256 (base32 - "1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q")))) + "173619jkq4bg88f6i837z3pcjkrfabrvv8vrpyx18k9i7xnb5xa3")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) @@ -613,32 +598,19 @@ certificates for free.") (define-public perl-net-ssleay (package (name "perl-net-ssleay") - (version "1.68") + (version "1.81") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" "Net-SSLeay-" version ".tar.gz")) (sha256 (base32 - "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")))) + "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0")))) (build-system perl-build-system) - (native-inputs - `(("patch" ,patch) - ("patch/disable-ede-test" - ,(search-patch "perl-net-ssleay-disable-ede-test.patch")))) (inputs `(("openssl" ,openssl))) (arguments `(#:phases (modify-phases %standard-phases - (add-after - 'unpack 'apply-patch - (lambda* (#:key inputs #:allow-other-keys) - ;; XXX We apply this patch here instead of in the 'origin' because - ;; this package's build system fails badly when the source file - ;; times are zeroed. - ;; XXX Try removing this patch for perl-net-ssleay > 1.68 - (zero? (system* "patch" "--force" "-p1" "-i" - (assoc-ref inputs "patch/disable-ede-test"))))) (add-before 'configure 'set-ssl-prefix (lambda* (#:key inputs #:allow-other-keys) @@ -695,7 +667,7 @@ OpenSSL libraries).") (define-public perl-crypt-openssl-bignum (package (name "perl-crypt-openssl-bignum") - (version "0.06") + (version "0.08") (source (origin (method url-fetch) @@ -705,7 +677,7 @@ OpenSSL libraries).") ".tar.gz")) (sha256 (base32 - "05yzrdglrrzp191krf77zrwfkmzrfwrsrx1vyskbj94522lszk67")))) + "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8")))) (build-system perl-build-system) (inputs `(("openssl" ,openssl))) (arguments perl-crypt-arguments) |