diff options
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r-- | gnu/packages/tls.scm | 105 |
1 files changed, 47 insertions, 58 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index bd86b2e0d9..6b1005c2f8 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,10 +1,10 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org> -;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> +;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> @@ -65,8 +65,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.12") - (replacement libtasn1/fixed) + (version "4.13") (source (origin (method url-fetch) @@ -74,8 +73,7 @@ version ".tar.gz")) (sha256 (base32 - "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")) - (patches (search-patches "libtasn1-CVE-2017-10790.patch")))) + "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -87,14 +85,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source (origin - (inherit (package-source libtasn1)) - (patches (search-patches "libtasn1-CVE-2017-10790.patch" - "libtasn1-CVE-2018-6003.patch")))))) - (define-public asn1c (package (name "asn1c") @@ -155,7 +145,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.5.13") + (version "3.5.18") (source (origin (method url-fetch) (uri @@ -169,7 +159,7 @@ living in the same process.") "gnutls-skip-pkgconfig-test.patch")) (sha256 (base32 - "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))) + "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf")))) (build-system gnu-build-system) (arguments `(; Ensure we don't keep a reference to this buggy software. @@ -307,26 +297,25 @@ required structures.") 'configure (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) - (zero? - (system* "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out) - - ;; XXX FIXME: Work around a code generation bug in GCC - ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: - ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> - ,@(if (and (not (%current-target-system)) - (string-prefix? "armhf" (%current-system))) - '("-mfpu=vfpv3") - '())))))) + (apply invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + + ;; XXX FIXME: Work around a code generation bug in GCC + ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: + ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> + ,@(if (and (not (%current-target-system)) + (string-prefix? "armhf" (%current-system))) + '("-mfpu=vfpv3") + '()))))) (add-after 'install 'make-libraries-writable (lambda* (#:key outputs #:allow-other-keys) @@ -432,27 +421,26 @@ required structures.") (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (lib (string-append out "/lib"))) - (zero? - (system* "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out) - (string-append "-Wl,-rpath," lib) - - ;; XXX FIXME: Work around a code generation bug in GCC - ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: - ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> - ,@(if (and (not (%current-target-system)) - (string-prefix? "armhf" (%current-system))) - '("-mfpu=vfpv3") - '())))))) + (apply invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib) + + ;; XXX FIXME: Work around a code generation bug in GCC + ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: + ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> + ,@(if (and (not (%current-target-system)) + (string-prefix? "armhf" (%current-system))) + '("-mfpu=vfpv3") + '()))))) ;; XXX: Duplicate this phase to make sure 'version' evaluates ;; in the current scope and not the inherited one. @@ -805,7 +793,8 @@ then ported to the GNU / Linux environment.") '(begin (substitute* "include/mbedtls/dhm.h" (("#define MBEDTLS_DHM_RFC5114_MODP_P") - "#define MBEDTLS_DHM_RFC5114_MODP_2048_P")))))) + "#define MBEDTLS_DHM_RFC5114_MODP_2048_P")) + #t)))) (build-system cmake-build-system) (arguments `(#:configure-flags |