summary refs log tree commit diff
path: root/gnu/packages/tls.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r--gnu/packages/tls.scm86
1 files changed, 66 insertions, 20 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index fad62d9614..39ed7d74af 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
@@ -167,6 +167,7 @@ living in the same process.")
   (package
     (name "gnutls")
     (version "3.6.15")
+    (replacement gnutls/fixed)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -282,6 +283,15 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+(define gnutls/fixed
+  (package
+    (inherit gnutls)
+    (source (origin
+              (inherit (package-source gnutls))
+              (patches (append (search-patches "gnutls-CVE-2021-20231.patch"
+                                               "gnutls-CVE-2021-20232.patch")
+                               (origin-patches (package-source gnutls))))))))
+
 (define-public gnutls/guile-2.0
   ;; GnuTLS for Guile 2.0.
   (package/inherit gnutls
@@ -300,8 +310,7 @@ required structures.")
               ,@(package-inputs gnutls)))))
 
 (define-public guile2.2-gnutls
-  (package
-    (inherit gnutls)
+  (package/inherit gnutls
     (name "guile2.2-gnutls")
     (inputs `(("guile" ,guile-2.2)
               ,@(alist-delete "guile"
@@ -313,6 +322,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.1.1i")
    (source (origin
              (method url-fetch)
@@ -387,7 +397,8 @@ required structures.")
                       ;; PREFIX/ssl.  Change that to something more
                       ;; conventional.
                       (string-append "--openssldir=" out
-                                     "/share/openssl-" ,version)
+                                     "/share/openssl-"
+                                     ,(package-version this-package))
 
                       (string-append "--prefix=" out)
                       (string-append "-Wl,-rpath," lib)
@@ -427,7 +438,8 @@ required structures.")
            ;; scripts.  Remove them to avoid retaining a reference on Perl.
            (let ((out (assoc-ref outputs "out")))
              (delete-file-recursively (string-append out "/share/openssl-"
-                                                     ,version "/misc"))
+                                                     ,(package-version this-package)
+                                                     "/misc"))
              #t))))))
    (native-search-paths
     (list (search-path-specification
@@ -445,6 +457,24 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define-public openssl/fixed
+  (package
+   (inherit openssl)
+   (version "1.1.1j")
+   (source (origin
+             (method url-fetch)
+             (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                       version ".tar.gz")
+                        (string-append "ftp://ftp.openssl.org/source/"
+                                       "openssl-" version ".tar.gz")
+                        (string-append "ftp://ftp.openssl.org/source/old/"
+                                       (string-trim-right version char-set:letter)
+                                       "/openssl-" version ".tar.gz")))
+             (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+             (sha256
+              (base32
+               "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))))
+
 (define-public openssl-1.0
   (package
     (inherit openssl)
@@ -583,13 +613,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "1.12.0")
+    (version "1.13.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
               (sha256
                (base32
-                "1wn2jvkg18z31nd060hfcp2yqvxjxykim2ybgaidv7qfsms38dma"))))
+                "1260a7bcgmha19drqzn6syz3cy61482b3w6lihgg1md6svgmfhkb"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -606,8 +636,7 @@ netcat implementation that supports TLS.")
                (install-file "docs/_build/man/acme-python.1" man)
                #t))))))
     (native-inputs
-     `(("python-mock" ,python-mock)
-       ("python-pytest" ,python-pytest)
+     `(("python-pytest" ,python-pytest)
        ;; For documentation
        ("python-sphinx" ,python-sphinx)
        ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
@@ -615,7 +644,6 @@ netcat implementation that supports TLS.")
        ("texinfo" ,texinfo)))
     (propagated-inputs
      `(("python-josepy" ,python-josepy)
-       ("python-six" ,python-six)
        ("python-requests" ,python-requests)
        ("python-requests-toolbelt" ,python-requests-toolbelt)
        ("python-pytz" ,python-pytz)
@@ -639,20 +667,12 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri "certbot" version))
               (sha256
                (base32
-                "0nfzk6fzyfqy8lgs5lmxfndrdh5c2ljdvzj39rwvgg3r6ivkirsy"))))
+                "0n7lwajmlypkqgsd2cv74j41f5ag381skjlzhjfpsrppgnsl3kv4"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
            ((#:phases phases)
             `(modify-phases ,phases
-             (replace 'build-documentation
-               (lambda _
-                 ;; Fix building the manual page in 1.12.0:
-                 ;; https://github.com/certbot/certbot/issues/8633
-                 ;; TODO Remove the substitution in later releases.
-                 (substitute* "docs/conf.py"
-                   (("'man',") ""))
-             (invoke "make" "-C" "docs" "man" "info")))
               (replace 'install-documentation
                 (lambda* (#:key outputs #:allow-other-keys)
                   (let* ((out (assoc-ref outputs "out"))
@@ -683,7 +703,6 @@ netcat implementation that supports TLS.")
        ("python-distro" ,python-distro)
        ("python-zope-component" ,python-zope-component)
        ("python-parsedatetime" ,python-parsedatetime)
-       ("python-six" ,python-six)
        ("python-psutil" ,python-psutil)
        ("python-requests" ,python-requests)
        ("python-pytz" ,python-pytz)))
@@ -1056,3 +1075,30 @@ relatively simple Bash script.")
 derived from Mozilla's collection.")
       (home-page "https://certifi.io")
       (license license:mpl2.0))))
+
+(define-public s2n
+  (package
+    (name "s2n")
+    (version "1.0.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url (string-append "https://github.com/awslabs/" name))
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1q6kmgwb8jxmc4ijzk9pkqzz8lsbfsv9hyzqvy944w7306zx1r5h"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:tests? #f                      ; tests fail to build for static library
+       #:configure-flags
+       '("-DBUILD_TESTING=OFF"
+         "-DBUILD_SHARED_LIBS=ON")))
+    (propagated-inputs
+     `(("openssl" ,openssl)
+       ("openssl:static" ,openssl "static")))
+    (synopsis "SSL/TLS implementation")
+    (description "This library provides a C99 implementation of SSL/TLS.")
+    (home-page "https://github.com/awslabs/s2n")
+    (license license:asl2.0)))