From 763899f0db923478c8b1b068fd61e06ae856c1fb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 2 Sep 2016 16:07:29 -0400 Subject: gnu: Add openssl-next. * gnu/packages/tls.scm (openssl-next): New variable. * gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/packages/tls.scm | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 4b87150615..efc1190980 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -323,6 +323,41 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define-public openssl-next + (package + (inherit openssl) + (name "openssl") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) + (sha256 + (base32 + "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) + (outputs '("out" + "doc" ;1.3MiB of man3 pages + "static")) ; 5.5MiB of .a files + (arguments + (substitute-keyword-arguments (package-arguments openssl) + ((#:phases phases) + `(modify-phases ,phases + (delete 'patch-tests) ; These two phases are not needed by + (delete 'patch-Makefile.org) ; OpenSSL 1.1.0. + + (add-after 'configure 'patch-runpath + (lambda* (#:key outputs #:allow-other-keys) + (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) + (substitute* "Makefile.shared" + (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") + (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" + " -Wl,-rpath," lib))) + #t))))))))) + (define-public libressl (package (name "libressl") -- cgit v1.2.3 From 375cef6c6d9eb6b0c511679e17a4d16cfab70a8e Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Thu, 1 Sep 2016 17:16:12 +0200 Subject: updated: gnu: add asn1c * gnu/packages/tls.scm (asn1c): New variable. Signed-off-by: Leo Famulari --- gnu/packages/tls.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index efc1190980..64414edc1a 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2015 Leo Famulari ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. ;;; @@ -68,6 +69,33 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) +(define-public asn1c + (package + (name "asn1c") + (version "0.9.27") + (source (origin + (method url-fetch) + (uri (string-append "https://lionet.info/soft/asn1c-" + version ".tar.gz")) + (sha256 + (base32 + "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2")))) + (build-system gnu-build-system) + (native-inputs + `(("perl" ,perl))) + (home-page "https://lionet.info/asn1c") + (synopsis "ASN.1 to C compiler") + (description "The ASN.1 to C compiler takes ASN.1 module +files and generates C++ compatible C source code. That code can be +used to serialize the native C structures into compact and unambiguous +BER/XER/PER-based data files, and deserialize the files back. + +Various ASN.1 based formats are widely used in the industry, such as to encode +the X.509 certificates employed in the HTTPS handshake, to exchange control +data between mobile phones and cellular networks, to car-to-car communication +in intelligent transportation networks.") + (license license:bsd-2))) + (define-public p11-kit (package (name "p11-kit") -- cgit v1.2.3 From 56ab55d1df3314e99c5cc860eb09d76cab1ff095 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 9 Sep 2016 21:25:51 -0400 Subject: gnu: letsencrypt: Superseded by certbot. * gnu/packages/tls.scm (letsencrypt)[properties]: New field. --- gnu/packages/tls.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 64414edc1a..4b04cac893 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -548,7 +548,8 @@ will be issuing browser-trusted certificates for free.") (define-public letsencrypt (package (inherit certbot) - (name "letsencrypt"))) + (name "letsencrypt") + (properties `((superseded . ,certbot))))) (define-public perl-net-ssleay (package -- cgit v1.2.3 From 974e2b297104d2de01632df1a56069b383e645f4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 10 Sep 2016 18:09:20 -0400 Subject: gnu: gnutls: Replace with 3.5.4 [fixes GNUTLS-SA-2016-3]. * gnu/packages/tls.scm (gnutls)[replacement]: New field. (gnutls-3.5.4): New variable. --- gnu/packages/tls.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 4b04cac893..ad9dee00ec 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -137,6 +137,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") + (replacement gnutls-3.5.4) (version "3.5.2") (source (origin (method url-fetch) @@ -210,6 +211,20 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define gnutls-3.5.4 + (package + (inherit gnutls) + (source + (let ((version "3.5.4")) + (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (sha256 + (base32 + "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))) + (define-public openssl (package (name "openssl") -- cgit v1.2.3 From 0581c273a4d5171a477d89f109c46d7ab3691429 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 10 Jul 2016 13:35:13 -0400 Subject: gnu: Add acme-client. * gnu/packages/tls.scm (acme-client): New variable. --- gnu/packages/tls.scm | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index ad9dee00ec..721eea6256 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -35,6 +35,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages) #:use-module (gnu packages guile) + #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) #:use-module (gnu packages libidn) #:use-module (gnu packages linux) @@ -698,3 +699,37 @@ arithmetic in Perl.") (description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random number generator") (license (package-license perl)))) + +(define-public acme-client + (package + (name "acme-client") + (version "0.1.11") + (source (origin + (method url-fetch) + (uri (string-append "https://kristaps.bsd.lv/" name "/" + "snapshots/" name "-portable-" + version ".tgz")) + (sha256 + (base32 + "09pipyfk448gxqr7ci56gsq5la8wlydv7wwn9wk0zgjxmlh7h6fb")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no test suite + #:make-flags + (list "CC=gcc" + (string-append "PREFIX=" (assoc-ref %outputs "out"))) + #:phases + (modify-phases %standard-phases + (delete 'configure)))) ; no './configure' script + (inputs + `(("libbsd" ,libbsd) + ("libressl" ,libressl))) + (synopsis "Let's Encrypt client by the OpenBSD project") + (description "acme-client is a Let's Encrypt client implemented in C. It +uses a modular design, and attempts to secure itself by dropping privileges and +operating in a chroot where possible. acme-client is developed on OpenBSD and +then ported to the GNU / Linux environment.") + (home-page "https://kristaps.bsd.lv/acme-client/") + ;; acme-client is distributed under the ISC license, but the files 'jsmn.h' + ;; and 'jsmn.c' are distributed under the Expat license. + (license (list license:isc license:expat)))) -- cgit v1.2.3 From d8a1be63286254fcd3293dd1accf44d79a3fd473 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 12 Sep 2016 13:00:43 -0400 Subject: gnu: certbot: Improve synopsis. * gnu/packages/tls.scm (certbot)[synopsis]: Add authorship information. --- gnu/packages/tls.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 721eea6256..412ec77bc5 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -555,7 +555,7 @@ security, and applying best practice development processes.") ("python2-psutil" ,python2-psutil) ("python2-requests" ,python2-requests) ("python2-pytz" ,python2-pytz))) - (synopsis "Let's Encrypt client") + (synopsis "Let's Encrypt client by the Electronic Frontier Foundation") (description "Tool to automatically receive and install X.509 certificates to enable TLS on servers. The client will interoperate with the Let’s Encrypt CA which will be issuing browser-trusted certificates for free.") -- cgit v1.2.3 From 8f65585b1492760407f16bf08ec769080167d28f Mon Sep 17 00:00:00 2001 From: John Darrington Date: Fri, 16 Sep 2016 08:08:48 +0200 Subject: doc: "filesystem" -> "file system" * doc/guix.texi: "filesystem" -> "file system" * gnu/packages/admin.scm: "filesystem" -> "file system" * gnu/packages/cdrom.scm: "filesystem" -> "file system" * gnu/packages/compression.scm: "filesystem" -> "file system" * gnu/packages/disk.scm: "filesystem" -> "file system" * gnu/packages/gnome.scm: "filesystem" -> "file system" * gnu/packages/irc.scm: "filesystem" -> "file system" * gnu/packages/linux.scm: "filesystem" -> "file system" * gnu/packages/mail.scm: "filesystem" -> "file system" * gnu/packages/mpd.scm: "filesystem" -> "file system" * gnu/packages/ocaml.scm: "filesystem" -> "file system" * gnu/packages/perl.scm: "filesystem" -> "file system" * gnu/packages/python.scm: "filesystem" -> "file system" * gnu/packages/search.scm: "filesystem" -> "file system" * gnu/packages/tls.scm: "filesystem" -> "file system" * gnu/services/mail.scm: "filesystem" -> "file system" --- gnu/packages/tls.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 412ec77bc5..0762703800 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -161,7 +161,7 @@ living in the same process.") ;; the location of the system-wide trust store. Instead it has a ;; configure-time option. Unless specified, its configure script ;; attempts to auto-detect the location by looking for common - ;; places in the filesystem, none of which are present in our + ;; places in the file system, none of which are present in our ;; chroot build environment. If not found, then no default trust ;; store is used, so each program has to provide its own ;; fallback, and users have to configure each program -- cgit v1.2.3 From 50f701d4f9b28123794888780977459eff2d8f33 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 22 Sep 2016 09:38:56 -0400 Subject: gnu: openssl: Replace with 1.0.2i [security fixes]. Fixes CVE-2016-{2177,2178,2179,2180,2181,2182,2183,6302,6303,6304,6306,6308}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2i): New variable. --- gnu/packages/tls.scm | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0762703800..1d4d255a45 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -229,6 +229,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2i) (version "1.0.2h") (source (origin (method url-fetch) @@ -367,6 +368,24 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl-1.0.2i + (package (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2i")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0vyy038676cv3m2523fi9ll9nkjxadqdnz18zdp5nm6925yli1wj")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))))) + (define-public openssl-next (package (inherit openssl) -- cgit v1.2.3 From 163d93a6bd231596959e2e157b60eb964db85d04 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 22 Sep 2016 09:44:17 -0400 Subject: gnu: openssl-next: Update to 1.1.0a [security fixes]. Fixes CVE-2016-{6304,6305,6307,6308}. * gnu/packages/tls.scm (openssl-next): Update to 1.1.0a. [replacement]: New field. --- gnu/packages/tls.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 1d4d255a45..15e3e43167 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -390,7 +390,8 @@ required structures.") (package (inherit openssl) (name "openssl") - (version "1.1.0") + (replacement #f) + (version "1.1.0a") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -401,7 +402,7 @@ required structures.") (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) (sha256 (base32 - "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) + "0as40a1lipl9qfax7495jc1xfb049ygavkaxxk4y5kcn8birdrn2")))) (outputs '("out" "doc" ;1.3MiB of man3 pages "static")) ; 5.5MiB of .a files -- cgit v1.2.3 From 8be42e5dafd09c1ccc9400ac87b3812dae829f32 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 26 Sep 2016 12:51:39 -0400 Subject: gnu: openssl: Update replacement to 1.0.2j [fixes CVE-2016-7052]. * gnu/packages/tls.scm (openssl): Update replacement to 1.0.2j. (openssl-1.0.2i): Replace with... (openssl-1.0.2j): ... new variable. --- gnu/packages/tls.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 15e3e43167..93c78aee5d 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -229,7 +229,7 @@ required structures.") (define-public openssl (package (name "openssl") - (replacement openssl-1.0.2i) + (replacement openssl-1.0.2j) (version "1.0.2h") (source (origin (method url-fetch) @@ -368,11 +368,11 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl-1.0.2i +(define openssl-1.0.2j (package (inherit openssl) (source (let ((name "openssl") - (version "1.0.2i")) + (version "1.0.2j")) (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -382,7 +382,7 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "0vyy038676cv3m2523fi9ll9nkjxadqdnz18zdp5nm6925yli1wj")) + "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) (patches (search-patches "openssl-runpath.patch" "openssl-c-rehash-in.patch"))))))) -- cgit v1.2.3 From 9ad09652280deb3eb0ff1d75f3d10e1436d5bc2d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 26 Sep 2016 12:53:00 -0400 Subject: gnu: openssl-next: Update to 1.1.0b [fixes CVE-2016-6309]. * gnu/packages/tls.scm (openssl-next): Update to 1.1.0b. --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 93c78aee5d..9d91f153f8 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -391,7 +391,7 @@ required structures.") (inherit openssl) (name "openssl") (replacement #f) - (version "1.1.0a") + (version "1.1.0b") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -402,7 +402,7 @@ required structures.") (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) (sha256 (base32 - "0as40a1lipl9qfax7495jc1xfb049ygavkaxxk4y5kcn8birdrn2")))) + "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4")))) (outputs '("out" "doc" ;1.3MiB of man3 pages "static")) ; 5.5MiB of .a files -- cgit v1.2.3 From a7c9b062ad3be97cb86589f5b9a43b1053023247 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 27 Sep 2016 20:40:13 -0400 Subject: gnu: libressl: Update to 2.5.0. * gnu/packages/tls.scm (libressl): Update to 2.5.0. --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 9d91f153f8..c73131a9c0 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -425,7 +425,7 @@ required structures.") (define-public libressl (package (name "libressl") - (version "2.4.2") + (version "2.5.0") (source (origin (method url-fetch) @@ -434,7 +434,7 @@ required structures.") version ".tar.gz")) (sha256 (base32 - "1qyrcyzrrn6r9cqvm66ib72qyr65q4hrdyiq1vb24a6nwmwdg1sz")))) + "1bkfvapi4z826slycmicvs7hwgk4l82gd8w6nqvznldbammvyll6")))) (build-system gnu-build-system) (native-search-paths ;; FIXME: These two variables must designate a single file or directory -- cgit v1.2.3