diff options
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 91 |
1 files changed, 46 insertions, 45 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 9a8a03b695..39b8e99f11 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -47,7 +47,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.7") + (version "4.8") (source (origin (method url-fetch) @@ -55,7 +55,7 @@ version ".tar.gz")) (sha256 (base32 - "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4")))) + "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -65,22 +65,8 @@ for transmitting machine-neutral encodings of data objects in computer networking, allowing for formal validation of data according to some specifications.") - (replacement libtasn1/fixed) (license license:lgpl2.0+))) -(define libtasn1/fixed ;for CVE-2016-4008 - (package - (inherit libtasn1) - (source - (let ((version "4.8")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libtasn1/libtasn1-" - version ".tar.gz")) - (sha256 - (base32 - "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))))) - (define-public p11-kit (package (name "p11-kit") @@ -122,7 +108,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.4.7") + (version "3.5.0") (source (origin (method url-fetch) (uri @@ -133,7 +119,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) + "09dfb0fn4spmdja6hs2yl470fn85fx0pa5nn9njnq7j19ma3nszw")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -183,7 +169,7 @@ living in the same process.") ("libidn" ,libidn) ("nettle" ,nettle) ("zlib" ,zlib))) - (home-page "http://www.gnu.org/software/gnutls/") + (home-page "https://www.gnu.org/software/gnutls/") (synopsis "Transport layer security library") (description "GnuTLS is a secure communications library implementing the SSL, TLS @@ -197,8 +183,7 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2g") - (replacement openssl/fixed) + (version "1.0.2h") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -208,15 +193,25 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "openssl-c-rehash-in.patch" + "openssl-CVE-2016-2177.patch" + "openssl-CVE-2016-2178.patch")))) (build-system gnu-build-system) + (outputs '("out" + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (native-inputs `(("perl" ,perl))) (arguments - `(#:parallel-build? #f + `(#:disallowed-references (,perl) + #:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, + ;; so we explicitly disallow it here. + #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before @@ -263,6 +258,33 @@ required structures.") (find-files (string-append out "/lib") "\\.so")) #t))) + (add-after 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (file) + (install-file file slib) + (delete-file file)) + (find-files lib "\\.a$")) + #t))) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + #t))) (add-before 'patch-source-shebangs 'patch-tests (lambda* (#:key inputs native-inputs #:allow-other-keys) @@ -299,27 +321,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl/fixed - (package - (inherit openssl) - (source - (let ((name "openssl") - (version "1.0.2h")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch" - "openssl-CVE-2016-2177.patch" - "openssl-CVE-2016-2178.patch"))))))) - (define-public libressl (package (name "libressl") |