summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2016-01-05 18:10:38 +0200
committerEfraim Flashner <efraim@flashner.co.il>2016-01-05 21:06:59 +0200
commit5a75865f9d6ae08251d789251aa1ea4eac23ab0f (patch)
treee53e831411e9e6c8fd1e97715e2a8ff176d1b361 /gnu
parent3ea110b704fb6ffcb512b9ff708948c06d594598 (diff)
downloadguix-5a75865f9d6ae08251d789251aa1ea4eac23ab0f.tar.gz
gnu: gnutls: Update to 3.4.7.
* gnu/packages/tls.scm (gnutls): Update to 3.4.7.
[source]: Remove gnutls-doc-fix.patch.
[arguments]: Remove delete-prebuilt-unfixed-info-file phase.
[native-inputs]: Remove texinfo.
* gnu-system.am (dist_patch_DATA): Remove gnutls-doc-fix.patch
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/patches/gnutls-doc-fix.patch546
-rw-r--r--gnu/packages/tls.scm13
2 files changed, 2 insertions, 557 deletions
diff --git a/gnu/packages/patches/gnutls-doc-fix.patch b/gnu/packages/patches/gnutls-doc-fix.patch
deleted file mode 100644
index 170d2468bc..0000000000
--- a/gnu/packages/patches/gnutls-doc-fix.patch
+++ /dev/null
@@ -1,546 +0,0 @@
-diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi
---- gnutls-3.4.4.1/doc/invoke-certtool.texi	2015-08-10 13:43:52.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-certtool.texi	2015-07-31 15:44:21.000000000 -0400
-@@ -41,7 +41,97 @@
- 
- @exampleindent 0
- @example
--certtool is unavailable - no --help
-+certtool - GnuTLS certificate tool
-+Usage:  certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -V, --verbose              More verbose output
-+                                - may appear multiple times
-+       --infile=file          Input file
-+                                - file must pre-exist
-+       --outfile=str          Output file
-+   -s, --generate-self-signed  Generate a self-signed certificate
-+   -c, --generate-certificate  Generate a signed certificate
-+       --generate-proxy       Generates a proxy certificate
-+       --generate-crl         Generate a CRL
-+   -u, --update-certificate   Update a signed certificate
-+   -p, --generate-privkey     Generate a private key
-+   -q, --generate-request     Generate a PKCS #10 certificate request
-+                                - prohibits the option 'infile'
-+   -e, --verify-chain         Verify a PEM encoded certificate chain
-+       --verify               Verify a PEM encoded certificate chain using a trusted list
-+       --verify-crl           Verify a CRL using a trusted list
-+                                - requires the option 'load-ca-certificate'
-+       --generate-dh-params   Generate PKCS #3 encoded Diffie-Hellman parameters
-+       --get-dh-params        Get the included PKCS #3 encoded Diffie-Hellman parameters
-+       --dh-info              Print information PKCS #3 encoded Diffie-Hellman parameters
-+       --load-privkey=str     Loads a private key file
-+       --load-pubkey=str      Loads a public key file
-+       --load-request=str     Loads a certificate request file
-+       --load-certificate=str Loads a certificate file
-+       --load-ca-privkey=str  Loads the certificate authority's private key file
-+       --load-ca-certificate=str Loads the certificate authority's certificate file
-+       --password=str         Password to use
-+       --null-password        Enforce a NULL password
-+       --empty-password       Enforce an empty password
-+       --hex-numbers          Print big number in an easier format to parse
-+       --cprint               In certain operations it prints the information in C-friendly format
-+   -i, --certificate-info     Print information on the given certificate
-+       --certificate-pubkey   Print certificate's public key
-+       --pgp-certificate-info  Print information on the given OpenPGP certificate
-+       --pgp-ring-info        Print information on the given OpenPGP keyring structure
-+   -l, --crl-info             Print information on the given CRL structure
-+       --crq-info             Print information on the given certificate request
-+       --no-crq-extensions    Do not use extensions in certificate requests
-+       --p12-info             Print information on a PKCS #12 structure
-+       --p12-name=str         The PKCS #12 friendly name to use
-+       --p7-info              Print information on a PKCS #7 structure
-+       --smime-to-p7          Convert S/MIME to PKCS #7 structure
-+   -k, --key-info             Print information on a private key
-+       --pgp-key-info         Print information on an OpenPGP private key
-+       --pubkey-info          Print information on a public key
-+       --v1                   Generate an X.509 version 1 certificate (with no extensions)
-+   -!, --to-p12               Generate a PKCS #12 structure
-+                                - requires the option 'load-certificate'
-+   -", --to-p8                Generate a PKCS #8 structure
-+   -8, --pkcs8                Use PKCS #8 format for private keys
-+   -#, --rsa                  Generate RSA key
-+   -$, --dsa                  Generate DSA key
-+   -%, --ecc                  Generate ECC (ECDSA) key
-+   -&, --ecdsa                an alias for the 'ecc' option
-+   -', --hash=str             Hash algorithm to use for signing
-+   -(, --inder                Use DER format for input certificates, private keys, and DH parameters
-+                                - disabled as '--no-inder'
-+   -), --inraw                an alias for the 'inder' option
-+   -*, --outder               Use DER format for output certificates, private keys, and DH parameters
-+                                - disabled as '--no-outder'
-+   -+, --outraw               an alias for the 'outder' option
-+   -,, --bits=num             Specify the number of bits for key generate
-+   --, --curve=str            Specify the curve used for EC key generation
-+   -., --sec-param=str        Specify the security level [low, legacy, medium, high, ultra]
-+   -/, --disable-quick-random  No effect
-+   -0, --template=str         Template file to use for non-interactive operation
-+   -1, --stdout-info          Print information to stdout instead of stderr
-+   -2, --ask-pass             Enable interaction for entering password when in batch mode.
-+   -3, --pkcs-cipher=str      Cipher to use for PKCS #8 and #12 operations
-+   -4, --provider=str         Specify the PKCS #11 provider library
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+
-+Tool to parse and generate X.509 certificates, requests and private keys.
-+It can be used interactively or non interactively by specifying the
-+template command line option.
-+
-+The tool accepts files or URLs supported by GnuTLS.  In case PIN is
-+required for the URL access you can provide it using the environment
-+variables GNUTLS_PIN and GNUTLS_SO_PIN.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi
---- gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi	2015-08-10 13:43:50.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi	2015-07-31 15:44:18.000000000 -0400
-@@ -40,7 +40,34 @@
- 
- @exampleindent 0
- @example
--gnutls-cli-debug is unavailable - no --help
-+gnutls-cli-debug - GnuTLS debug client
-+Usage:  gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... 
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -V, --verbose              More verbose output
-+                                - may appear multiple times
-+   -p, --port=num             The port to connect to
-+                                - it must be in the range:
-+                                  0 to 65536
-+       --app-proto=str        The application protocol to be used to obtain the server's certificate
-+(https, ftp, smtp, imap)
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+Operands and options may be intermixed.  They will be reordered.
-+
-+TLS debug client.  It sets up multiple TLS connections to a server and
-+queries its capabilities.  It was created to assist in debugging GnuTLS,
-+but it might be useful to extract a TLS server's capabilities.  It connects
-+to a TLS server, performs tests and print the server's capabilities.  If
-+called with the `-v' parameter more checks will be performed.  Can be used
-+to check for servers with special needs or bugs.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi
---- gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi	2015-08-10 13:43:49.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-gnutls-cli.texi	2015-07-31 15:44:17.000000000 -0400
-@@ -36,7 +36,95 @@
- 
- @exampleindent 0
- @example
--gnutls-cli is unavailable - no --help
-+gnutls-cli - GnuTLS client
-+Usage:  gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname]
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -V, --verbose              More verbose output
-+                                - may appear multiple times
-+       --tofu                 Enable trust on first use authentication
-+                                - disabled as '--no-tofu'
-+       --strict-tofu          Fail to connect if a known certificate has changed
-+                                - disabled as '--no-strict-tofu'
-+       --dane                 Enable DANE certificate verification (DNSSEC)
-+                                - disabled as '--no-dane'
-+       --local-dns            Use the local DNS server for DNSSEC resolving
-+                                - disabled as '--no-local-dns'
-+       --ca-verification      Disable CA certificate verification
-+                                - disabled as '--no-ca-verification'
-+                                - enabled by default
-+       --ocsp                 Enable OCSP certificate verification
-+                                - disabled as '--no-ocsp'
-+   -r, --resume               Establish a session and resume
-+   -e, --rehandshake          Establish a session and rehandshake
-+   -s, --starttls             Connect, establish a plain session and start TLS
-+       --app-proto=str        an alias for the 'starttls-proto' option
-+       --starttls-proto=str   The application protocol to be used to obtain the server's certificate
-+(https, ftp, smtp, imap)
-+                                - prohibits the option 'starttls'
-+   -u, --udp                  Use DTLS (datagram TLS) over UDP
-+       --mtu=num              Set MTU for datagram TLS
-+                                - it must be in the range:
-+                                  0 to 17000
-+       --crlf                 Send CR LF instead of LF
-+       --x509fmtder           Use DER format for certificates to read from
-+   -f, --fingerprint          Send the openpgp fingerprint, instead of the key
-+       --print-cert           Print peer's certificate in PEM format
-+       --dh-bits=num          The minimum number of bits allowed for DH
-+       --priority=str         Priorities string
-+       --x509cafile=str       Certificate file or PKCS #11 URL to use
-+       --x509crlfile=file     CRL file to use
-+                                - file must pre-exist
-+       --pgpkeyfile=file      PGP Key file to use
-+                                - file must pre-exist
-+       --pgpkeyring=file      PGP Key ring file to use
-+                                - file must pre-exist
-+       --pgpcertfile=file     PGP Public Key (certificate) file to use
-+                                - file must pre-exist
-+       --x509keyfile=str      X.509 key file or PKCS #11 URL to use
-+       --x509certfile=str     X.509 Certificate file or PKCS #11 URL to use
-+       --pgpsubkey=str        PGP subkey to use (hex or auto)
-+       --srpusername=str      SRP username to use
-+       --srppasswd=str        SRP password to use
-+       --pskusername=str      PSK username to use
-+       --pskkey=str           PSK key (in hex) to use
-+   -p, --port=str             The port or service to connect to
-+       --insecure             Don't abort program if server certificate can't be validated
-+       --ranges               Use length-hiding padding to prevent traffic analysis
-+       --benchmark-ciphers    Benchmark individual ciphers
-+       --benchmark-tls-kx     Benchmark TLS key exchange methods
-+       --benchmark-tls-ciphers  Benchmark TLS ciphers
-+   -l, --list                 Print a list of the supported algorithms and modes
-+                                - prohibits the option 'port'
-+       --noticket             Don't allow session tickets
-+   -!, --srtp-profiles=str    Offer SRTP profiles
-+   -", --alpn=str             Application layer protocol
-+                                - may appear multiple times
-+   -b, --heartbeat            Activate heartbeat support
-+   -#, --recordsize=num       The maximum record size to advertize
-+                                - it must be in the range:
-+                                  0 to 4096
-+   -$, --disable-sni          Do not send a Server Name Indication (SNI)
-+   -%, --disable-extensions   Disable all the TLS extensions
-+   -&, --inline-commands      Inline commands of the form ^<cmd>^
-+   -', --inline-commands-prefix=str Change the default delimiter for inline commands.
-+   -(, --provider=file        Specify the PKCS #11 provider library
-+                                - file must pre-exist
-+   -), --fips140-mode         Reports the status of the FIPS140-2 mode in gnutls library
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+Operands and options may be intermixed.  They will be reordered.
-+
-+Simple client program to set up a TLS connection to some other computer.  It
-+sets up a TLS connection and forwards data from the standard input to the
-+secured socket and vice versa.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-gnutls-serv.texi gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi
---- gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi	2015-08-10 13:43:51.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-gnutls-serv.texi	2015-07-31 15:44:20.000000000 -0400
-@@ -35,7 +35,69 @@
- 
- @exampleindent 0
- @example
--gnutls-serv is unavailable - no --help
-+gnutls-serv - GnuTLS server
-+Usage:  gnutls-serv [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+       --noticket             Don't accept session tickets
-+   -g, --generate             Generate Diffie-Hellman and RSA-export parameters
-+   -q, --quiet                Suppress some messages
-+       --nodb                 Do not use a resumption database
-+       --http                 Act as an HTTP server
-+       --echo                 Act as an Echo server
-+   -u, --udp                  Use DTLS (datagram TLS) over UDP
-+       --mtu=num              Set MTU for datagram TLS
-+                                - it must be in the range:
-+                                  0 to 17000
-+       --srtp-profiles=str    Offer SRTP profiles
-+   -a, --disable-client-cert  Do not request a client certificate
-+   -r, --require-client-cert  Require a client certificate
-+       --verify-client-cert   If a client certificate is sent then verify it.
-+   -b, --heartbeat            Activate heartbeat support
-+       --x509fmtder           Use DER format for certificates to read from
-+       --priority=str         Priorities string
-+       --dhparams=file        DH params file to use
-+                                - file must pre-exist
-+       --x509cafile=str       Certificate file or PKCS #11 URL to use
-+       --x509crlfile=file     CRL file to use
-+                                - file must pre-exist
-+       --pgpkeyfile=file      PGP Key file to use
-+                                - file must pre-exist
-+       --pgpkeyring=file      PGP Key ring file to use
-+                                - file must pre-exist
-+       --pgpcertfile=file     PGP Public Key (certificate) file to use
-+                                - file must pre-exist
-+       --x509keyfile=str      X.509 key file or PKCS #11 URL to use
-+       --x509certfile=str     X.509 Certificate file or PKCS #11 URL to use
-+       --x509dsakeyfile=str   Alternative X.509 key file or PKCS #11 URL to use
-+       --x509dsacertfile=str  Alternative X.509 Certificate file or PKCS #11 URL to use
-+       --x509ecckeyfile=str   Alternative X.509 key file or PKCS #11 URL to use
-+       --x509ecccertfile=str  Alternative X.509 Certificate file or PKCS #11 URL to use
-+       --pgpsubkey=str        PGP subkey to use (hex or auto)
-+       --srppasswd=file       SRP password file to use
-+                                - file must pre-exist
-+       --srppasswdconf=file   SRP password configuration file to use
-+                                - file must pre-exist
-+       --pskpasswd=file       PSK password file to use
-+                                - file must pre-exist
-+       --pskhint=str          PSK identity hint to use
-+       --ocsp-response=file   The OCSP response to send to client
-+                                - file must pre-exist
-+   -p, --port=num             The port to connect to
-+   -l, --list                 Print a list of the supported algorithms and modes
-+       --provider=file        Specify the PKCS #11 provider library
-+                                - file must pre-exist
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+
-+Server program that listens to incoming TLS connections.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-ocsptool.texi gnutls-3.4.4.1/doc/invoke-ocsptool.texi
---- gnutls-3.4.4.1/doc/invoke-ocsptool.texi	2015-08-10 13:43:53.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-ocsptool.texi	2015-07-31 15:44:22.000000000 -0400
-@@ -37,7 +37,53 @@
- 
- @exampleindent 0
- @example
--ocsptool is unavailable - no --help
-+ocsptool - GnuTLS OCSP tool
-+Usage:  ocsptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -V, --verbose              More verbose output
-+                                - may appear multiple times
-+       --infile=file          Input file
-+                                - file must pre-exist
-+       --outfile=str          Output file
-+       --ask[=arg]            Ask an OCSP/HTTP server on a certificate validity
-+                                - requires these options:
-+                                load-cert
-+                                load-issuer
-+   -e, --verify-response      Verify response
-+   -i, --request-info         Print information on a OCSP request
-+   -j, --response-info        Print information on a OCSP response
-+   -q, --generate-request     Generate an OCSP request
-+       --nonce                Use (or not) a nonce to OCSP request
-+                                - disabled as '--no-nonce'
-+       --load-issuer=file     Read issuer certificate from file
-+                                - file must pre-exist
-+       --load-cert=file       Read certificate to check from file
-+                                - file must pre-exist
-+       --load-trust=file      Read OCSP trust anchors from file
-+                                - prohibits the option 'load-signer'
-+                                - file must pre-exist
-+       --load-signer=file     Read OCSP response signer from file
-+                                - prohibits the option 'load-trust'
-+                                - file must pre-exist
-+       --inder                Use DER format for input certificates and private keys
-+                                - disabled as '--no-inder'
-+   -Q, --load-request=file    Read DER encoded OCSP request from file
-+                                - file must pre-exist
-+   -S, --load-response=file   Read DER encoded OCSP response from file
-+                                - file must pre-exist
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+
-+Ocsptool is a program that can parse and print information about OCSP
-+requests/responses, generate requests and verify responses.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-p11tool.texi gnutls-3.4.4.1/doc/invoke-p11tool.texi
---- gnutls-3.4.4.1/doc/invoke-p11tool.texi	2015-08-10 13:43:58.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-p11tool.texi	2015-07-31 15:44:26.000000000 -0400
-@@ -45,7 +45,97 @@
- 
- @exampleindent 0
- @example
--p11tool is unavailable - no --help
-+p11tool - GnuTLS PKCS #11 tool
-+Usage:  p11tool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [url]
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+       --outfile=str          Output file
-+       --list-tokens          List all available tokens
-+       --export               Export the object specified by the URL
-+       --export-chain         Export the certificate specified by the URL and its chain of trust
-+       --list-mechanisms      List all available mechanisms in a token
-+       --info                 List information on an available object in a token
-+       --list-all             List all available objects in a token
-+       --list-all-certs       List all available certificates in a token
-+       --list-certs           List all certificates that have an associated private key
-+       --list-all-privkeys    List all available private keys in a token
-+       --list-privkeys        an alias for the 'list-all-privkeys' option
-+       --list-keys            an alias for the 'list-all-privkeys' option
-+       --list-all-trusted     List all available certificates marked as trusted
-+       --write                Writes the loaded objects to a PKCS #11 token
-+       --delete               Deletes the objects matching the PKCS #11 URL
-+       --generate-random=num  Generate random data
-+       --generate-rsa         Generate an RSA private-public key pair
-+       --generate-dsa         Generate an RSA private-public key pair
-+       --generate-ecc         Generate an RSA private-public key pair
-+       --export-pubkey        Export the public key for a private key
-+       --label=str            Sets a label for the write operation
-+       --mark-wrap            Marks the generated key to be a wrapping key
-+                                - disabled as '--no-mark-wrap'
-+       --mark-trusted         Marks the object to be written as trusted
-+                                - disabled as '--no-mark-trusted'
-+       --mark-ca              Marks the object to be written as a CA
-+                                - disabled as '--no-mark-ca'
-+       --mark-private         Marks the object to be written as private
-+                                - disabled as '--no-mark-private'
-+                                - enabled by default
-+       --trusted              an alias for the 'mark-trusted' option
-+       --ca                   an alias for the 'mark-ca' option
-+       --private              an alias for the 'mark-private' option
-+                                - enabled by default
-+       --login                Force (user) login to token
-+                                - disabled as '--no-login'
-+       --so-login             Force security officer login to token
-+                                - disabled as '--no-so-login'
-+       --admin-login          an alias for the 'so-login' option
-+       --detailed-url         Print detailed URLs
-+                                - disabled as '--no-detailed-url'
-+   -!, --secret-key=str       Provide a hex encoded secret key
-+   -", --load-privkey=file    Private key file to use
-+                                - file must pre-exist
-+   -#, --load-pubkey=file     Public key file to use
-+                                - file must pre-exist
-+   -$, --load-certificate=file Certificate file to use
-+                                - file must pre-exist
-+   -8, --pkcs8                Use PKCS #8 format for private keys
-+   -%, --bits=num             Specify the number of bits for key generate
-+   -&, --curve=str            Specify the curve used for EC key generation
-+   -', --sec-param=str        Specify the security level
-+   -(, --inder                Use DER/RAW format for input
-+                                - disabled as '--no-inder'
-+   -), --inraw                an alias for the 'inder' option
-+   -*, --outder               Use DER format for output certificates, private keys, and DH parameters
-+                                - disabled as '--no-outder'
-+   -+, --outraw               an alias for the 'outder' option
-+   -,, --initialize           Initializes a PKCS #11 token
-+   --, --set-pin=str          Specify the PIN to use on token initialization
-+   -., --set-so-pin=str       Specify the Security Officer's PIN to use on token initialization
-+   -/, --provider=file        Specify the PKCS #11 provider library
-+                                - file must pre-exist
-+   -0, --batch                Disable all interaction with the tool.  All parameters need to be
-+specified on command line.
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+Operands and options may be intermixed.  They will be reordered.
-+
-+Program that allows operations on PKCS #11 smart cards and security
-+modules.
-+
-+To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to
-+be setup.  That is create a .module file in /etc/pkcs11/modules with the
-+contents 'module: /path/to/pkcs11.so'.  Alternatively the configuration
-+file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of
-+the form 'load=/usr/lib/opensc-pkcs11.so'.
-+
-+You can provide the PIN to be used for the PKCS #11 operations with the
-+environment variables GNUTLS_PIN and GNUTLS_SO_PIN.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-psktool.texi gnutls-3.4.4.1/doc/invoke-psktool.texi
---- gnutls-3.4.4.1/doc/invoke-psktool.texi	2015-08-10 13:43:57.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-psktool.texi	2015-07-31 15:44:25.000000000 -0400
-@@ -36,7 +36,27 @@
- 
- @exampleindent 0
- @example
--psktool is unavailable - no --help
-+psktool - GnuTLS PSK tool
-+Usage:  psktool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -s, --keysize=num          specify the key size in bytes
-+                                - it must be in the range:
-+                                  0 to 512
-+   -u, --username=str         specify a username
-+   -p, --passwd=str           specify a password file
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+
-+Program that generates random keys for use with TLS-PSK.  The keys are
-+stored in hexadecimal format in a key file.
-+
- @end example
- @exampleindent 4
- 
-diff -ru gnutls-3.4.4/doc/invoke-srptool.texi gnutls-3.4.4.1/doc/invoke-srptool.texi
---- gnutls-3.4.4.1/doc/invoke-srptool.texi	2015-08-10 13:43:56.000000000 -0400
-+++ gnutls-3.4.4/doc/invoke-srptool.texi	2015-07-31 15:44:24.000000000 -0400
-@@ -41,7 +41,34 @@
- 
- @exampleindent 0
- @example
--srptool is unavailable - no --help
-+srptool - GnuTLS SRP tool
-+Usage:  srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-+
-+   -d, --debug=num            Enable debugging
-+                                - it must be in the range:
-+                                  0 to 9999
-+   -i, --index=num            specify the index of the group parameters in tpasswd.conf to use
-+   -u, --username=str         specify a username
-+   -p, --passwd=str           specify a password file
-+   -s, --salt=num             specify salt size
-+       --verify               just verify the password.
-+   -v, --passwd-conf=str      specify a password conf file.
-+       --create-conf=str      Generate a password configuration file.
-+   -v, --version[=arg]        output version information and exit
-+   -h, --help                 display extended usage information and exit
-+   -!, --more-help            extended usage information passed thru pager
-+
-+Options are specified by doubled hyphens and their name or by a single
-+hyphen and the flag character.
-+
-+Simple program that emulates the programs in the Stanford SRP (Secure
-+Remote Password) libraries using GnuTLS.  It is intended for use in places
-+where you don't expect SRP authentication to be the used for system users.
-+
-+In brief, to use SRP you need to create two files.  These are the password
-+file that holds the users and the verifiers associated with them and the
-+configuration file to hold the group parameters (called tpasswd.conf).
-+
- @end example
- @exampleindent 4
- 
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 494128eeae..c10d1cbfc7 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -107,7 +107,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    (version "3.4.5")
+    (version "3.4.7")
     (source (origin
              (method url-fetch)
              (uri
@@ -118,8 +118,7 @@ living in the same process.")
                              "/gnutls-" version ".tar.xz"))
              (sha256
               (base32
-               "1bks1zpmhmnkz2v32dd9b44pz6x0a5w4yi9zzwsd0a078vhbi25g"))
-             (patches (list (search-patch "gnutls-doc-fix.patch")))))
+               "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -143,13 +142,6 @@ living in the same process.")
 
        #:phases (modify-phases %standard-phases
                   (add-after
-                   'unpack 'delete-prebuilt-unfixed-info-file
-                   (lambda _
-                     ;; XXX Delete the prebuilt info file, so that it will be
-                     ;; rebuilt with the fixes in gnutls-doc-fix.patch.
-                     (delete-file "doc/gnutls.info")
-                     #t))
-                  (add-after
                    'install 'move-doc
                    (lambda* (#:key outputs #:allow-other-keys)
                      ;; Copy the 4.1 MiB of section 3 man pages to "doc".
@@ -166,7 +158,6 @@ living in the same process.")
                "doc"))                            ;4.1 MiB of man pages
     (native-inputs
      `(("pkg-config" ,pkg-config)
-       ("texinfo" ,texinfo) ; XXX needed only to replace prebuilt, unfixed docs.
        ("which" ,which)))
     (inputs
      `(("guile" ,guile-2.0)