diff options
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 81 |
1 files changed, 43 insertions, 38 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 55410f3911..2930c61659 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name> -;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017, 2019, 2021 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> @@ -15,6 +15,7 @@ ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2021 Solene Rapenne <solene@perso.pw> ;;; ;;; This file is part of GNU Guix. @@ -59,6 +60,7 @@ #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) + #:use-module (gnu packages networking) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) @@ -74,7 +76,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.16.0") + (version "4.17.0") (source (origin (method url-fetch) @@ -82,7 +84,7 @@ version ".tar.gz")) (sha256 (base32 - "179jskl7dmfp1rd2khkzmlibzgki4wi6hvmmwfv7q49r728b03qf")))) + "19a53i1ajs4dd8nnlr2i6gbzvla84ay71g3y1phvh8krx8f5brzc")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--disable-static"))) @@ -165,8 +167,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.6.15") - (replacement gnutls-3.6.16) + (version "3.7.2") (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -175,20 +176,20 @@ living in the same process.") (version-major+minor version) "/gnutls-" version ".tar.xz")) (patches (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-cross.patch" - "gnutls-CVE-2021-20231.patch" - "gnutls-CVE-2021-20232.patch")) + "gnutls-cross.patch")) (sha256 (base32 - "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) + "0li7mwjnm64mbxhacz0rpf6i9qd83f53fvbrx96alpqqk9d6qvk4")))) (build-system gnu-build-system) (arguments `(#:tests? ,(not (or (%current-target-system) (hurd-target?))) - ;; Ensure we don't keep a reference to net-tools. - #:disallowed-references ,(if (hurd-target?) '() (list net-tools)) + ;; Ensure we don't keep a reference to the tools used for testing. + #:disallowed-references ,(if (hurd-target?) + '() + (list net-tools iproute socat)) #:configure-flags - (list + (cons* ;; GnuTLS doesn't consult any environment variables to specify ;; the location of the system-wide trust store. Instead it has a ;; configure-time option. Unless specified, its configure script @@ -209,13 +210,25 @@ living in the same process.") (string-append "--with-guile-extension-dir=" "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions") - ;; FIXME: Temporarily disable p11-kit support since it is not - ;; working on mips64el. - "--without-p11-kit") + (let ((system ,(or (%current-target-system) + (%current-system)))) + (if (string-prefix? "mips64el" system) + (list + ;; FIXME: Temporarily disable p11-kit support since it is + ;; not working on mips64el. + "--without-p11-kit") + '()))) #:phases (modify-phases %standard-phases - (add-after - 'install 'move-doc + ;; fastopen.sh fails to connect to the server in the builder + ;; environment (see: + ;; https://gitlab.com/gnutls/gnutls/-/issues/1095). + (add-after 'unpack 'disable-failing-tests + (lambda _ + (substitute* "tests/fastopen.sh" + (("^unset RETCODE") + "exit 77\n")))) ;skip + (add-after 'install 'move-doc (lambda* (#:key outputs #:allow-other-keys) ;; Copy the 4.1 MiB of section 3 man pages to "doc". (let* ((out (assoc-ref outputs "out")) @@ -224,8 +237,7 @@ living in the same process.") (oldman (string-append out "/share/man/man3"))) (mkdir-p mandir) (copy-recursively oldman mandir) - (delete-file-recursively oldman) - #t)))))) + (delete-file-recursively oldman))))))) (outputs '("out" ;4.4 MiB "debug" "doc")) ;4.1 MiB of man pages @@ -235,10 +247,14 @@ living in the same process.") '()) ,@(if (hurd-target?) '() - `(("net-tools" ,net-tools))) + `(("net-tools" ,net-tools) + ("iproute" ,iproute) ;for 'ss' + ("socat" ,socat))) ;several tests rely on it ("pkg-config" ,pkg-config) + ("texinfo" ,texinfo) ("which" ,which) - ,@(if (hurd-target?) '() + ,@(if (hurd-target?) + '() `(("datefudge" ,datefudge))) ;tests rely on 'datefudge' ("util-linux" ,util-linux))) ;one test needs 'setsid' (inputs @@ -248,7 +264,12 @@ living in the same process.") `(("libtasn1" ,libtasn1) ("libidn2" ,libidn2) ("nettle" ,nettle) - ("zlib" ,zlib))) + ("zlib" ,zlib) + ,@(let ((system (or (%current-target-system) + (%current-system)))) + (if (string-prefix? "mips64el" system) + '() + `(("p11-kit" ,p11-kit)))))) (home-page "https://www.gnu.org/software/gnutls/") (synopsis "Transport layer security library") (description @@ -260,22 +281,6 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -;; Replacement package to fix CVE-2021-20305. -(define gnutls-3.6.16 - (package - (inherit gnutls) - (version "3.6.16") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-" version ".tar.xz")) - (patches (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-cross.patch")) - (sha256 - (base32 - "1czk511pslz367shf32f2jvvkp7y1323bcv88c2qng98mj0v6y8v")))))) - (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls |