gnu: mbedtls-apache: Update to 2.23.0 [security fixes].

* gnu/packages/tls.scm (mbedtls-apache): Update to 2.23.0. [source]: Use GIT-FETCH and GIT-FILE-NAME. [arguments]: Make source files writable. Enable threading.
author: Tobias Geerinckx-Rice <me@tobias.gr> 2020-07-14 03:06:05 +0200
committer: Tobias Geerinckx-Rice <me@tobias.gr> 2020-07-14 03:25:04 +0200
commit: 927ecd4ebe234b46d6386a61e1b9a11bd4d3243c (patch)
tree: fc56daf9a8cedf95e7e4b41a8a8c43eb2f27b248 /gnu/packages
parent: 338f5428d6ca1a76a80e8378650d8b8b5e0600d4 (diff)
download: guix-927ecd4ebe234b46d6386a61e1b9a11bd4d3243c.tar.gz
1 files changed, 26 insertions, 9 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 37f62c95bf..1003ae81a8 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -891,22 +891,39 @@ then ported to the GNU / Linux environment.")
 (define-public mbedtls-apache
   (package
     (name "mbedtls-apache")
-    (version "2.16.6")
+    ;; XXX Check whether ‘-Wformat-signedness’ below still breaks when updating.
+    (version "2.23.0")
     (source
      (origin
-       (method url-fetch)
-       ;; XXX: The download links on the website are script redirection links
-       ;; which effectively lead to the format listed in the uri here.
-       (uri (string-append "https://tls.mbed.org/download/mbedtls-"
-                           version "-apache.tgz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/ARMmbed/mbedtls")
+             (commit (string-append "mbedtls-" version))))
        (sha256
-        (base32
-         "0w0p51vx0cc6fyqfdn59669q6n4187vi64fw5ha302hrlqimwib6"))))
+        (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
+       (file-name (git-file-name name version))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
        (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
-             "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
+             "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'make-source-writable
+           (lambda _
+             (for-each make-file-writable (find-files "."))
+             #t))
+         (add-before 'configure 'enable-features
+           ;; Some packages like Hiawatha depend on ’less embedded’ features.
+           (lambda _
+             (substitute* "include/mbedtls/config.h"
+               (("//(#define MBEDTLS_THREADING_(C|PTHREAD))"
+                 _ match)
+                match))
+             ;; XXX The above enables code that breaks with -Werror…
+             (substitute* "CMakeLists.txt"
+               ((" -Wformat-signedness") ""))
+             #t)))))
     (native-inputs
      `(("perl" ,perl)
        ("python" ,python)))
author	Tobias Geerinckx-Rice <me@tobias.gr>	2020-07-14 03:06:05 +0200
committer	Tobias Geerinckx-Rice <me@tobias.gr>	2020-07-14 03:25:04 +0200
commit	927ecd4ebe234b46d6386a61e1b9a11bd4d3243c (patch)
tree	fc56daf9a8cedf95e7e4b41a8a8c43eb2f27b248 /gnu/packages
parent	338f5428d6ca1a76a80e8378650d8b8b5e0600d4 (diff)
download	guix-927ecd4ebe234b46d6386a61e1b9a11bd4d3243c.tar.gz