aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/tls.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r--gnu/packages/tls.scm64
1 files changed, 19 insertions, 45 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d8cc1ccbc2..2aa082cfb5 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;;
;;; This file is part of GNU Guix.
@@ -65,7 +66,6 @@
(package
(name "libtasn1")
(version "4.12")
- (replacement libtasn1/fixed)
(source
(origin
(method url-fetch)
@@ -73,7 +73,8 @@
version ".tar.gz"))
(sha256
(base32
- "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
+ "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
+ (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "https://www.gnu.org/software/libtasn1/")
@@ -85,13 +86,6 @@ networking, allowing for formal validation of data according to some
specifications.")
(license license:lgpl2.0+)))
-(define libtasn1/fixed
- (package
- (inherit libtasn1)
- (source (origin
- (inherit (package-source libtasn1))
- (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
-
(define-public asn1c
(package
(name "asn1c")
@@ -149,9 +143,6 @@ coordinating the use of PKCS#11 by different components or libraries
living in the same process.")
(license license:bsd-3)))
-
-;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
-;; rebuild GnuTLS (i.e. core-updates).
(define-public gnutls
(package
(name "gnutls")
@@ -172,7 +163,9 @@ living in the same process.")
"15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
(build-system gnu-build-system)
(arguments
- '(#:configure-flags
+ `(; Ensure we don't keep a reference to this buggy software.
+ #:disallowed-references (,net-tools)
+ #:configure-flags
(list
;; GnuTLS doesn't consult any environment variables to specify
;; the location of the system-wide trust store. Instead it has a
@@ -206,7 +199,7 @@ living in the same process.")
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("net-tools" ,net-tools-for-tests)
+ `(("net-tools" ,net-tools)
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
@@ -253,18 +246,19 @@ required structures.")
(define-public openssl
(package
(name "openssl")
- (version "1.0.2l")
- (replacement openssl-1.0.2m)
+ (version "1.0.2m")
(source (origin
(method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
+ "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))
(snippet
'(begin
;; Remove ELF files. 'substitute*' can't read them.
@@ -381,15 +375,14 @@ required structures.")
,version "/misc"))
#t))))))
(native-search-paths
- ;; FIXME: These two variables must designate a single file or directory
- ;; and are not actually "search paths." In practice it works OK in user
- ;; profiles because there's always just one item that matches the
- ;; specification.
(list (search-path-specification
(variable "SSL_CERT_DIR")
+ (separator #f) ;single entry
(files '("etc/ssl/certs")))
(search-path-specification
(variable "SSL_CERT_FILE")
+ (file-type 'regular)
+ (separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(synopsis "SSL/TLS implementation")
(description
@@ -397,25 +390,6 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
-;; Fixes CVE-2017-3735 and CVE-2017-3736.
-;; See <https://www.openssl.org/news/cl102.txt>.
-(define-public openssl-1.0.2m
- (package
- (inherit openssl)
- (version "1.0.2m")
- (source (origin
- (inherit (package-source openssl))
- (uri (list (string-append "https://www.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/openssl-" version ".tar.gz")))
- (sha256
- (base32
- "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
-
(define-public openssl-next
(package
(inherit openssl)
@@ -553,7 +527,7 @@ netcat implementation that supports TLS.")
#t))))))
;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python-mock" ,python-mock-2)
+ `(("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
@@ -602,7 +576,7 @@ netcat implementation that supports TLS.")
;; TODO: Add optional inputs for testing.
(native-inputs
`(("python-nose" ,python-nose)
- ("python-mock" ,python-mock-2)
+ ("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
@@ -638,14 +612,14 @@ certificates for free.")
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
- (version "1.81")
+ (version "1.82")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
"Net-SSLeay-" version ".tar.gz"))
(sha256
(base32
- "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
+ "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq"))))
(build-system perl-build-system)
(inputs `(("openssl" ,openssl)))
(arguments