diff options
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r-- | gnu/packages/tls.scm | 64 |
1 files changed, 19 insertions, 45 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b321525d33..d0948ab555 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -10,6 +10,7 @@ ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; ;;; This file is part of GNU Guix. @@ -65,7 +66,6 @@ (package (name "libtasn1") (version "4.12") - (replacement libtasn1/fixed) (source (origin (method url-fetch) @@ -73,7 +73,8 @@ version ".tar.gz")) (sha256 (base32 - "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")))) + "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")) + (patches (search-patches "libtasn1-CVE-2017-10790.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -85,13 +86,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source (origin - (inherit (package-source libtasn1)) - (patches (search-patches "libtasn1-CVE-2017-10790.patch")))))) - (define-public asn1c (package (name "asn1c") @@ -149,9 +143,6 @@ coordinating the use of PKCS#11 by different components or libraries living in the same process.") (license license:bsd-3))) - -;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford -;; rebuild GnuTLS (i.e. core-updates). (define-public gnutls (package (name "gnutls") @@ -172,7 +163,9 @@ living in the same process.") "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))) (build-system gnu-build-system) (arguments - '(#:configure-flags + `(; Ensure we don't keep a reference to this buggy software. + #:disallowed-references (,net-tools) + #:configure-flags (list ;; GnuTLS doesn't consult any environment variables to specify ;; the location of the system-wide trust store. Instead it has a @@ -206,7 +199,7 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("net-tools" ,net-tools-for-tests) + `(("net-tools" ,net-tools) ("pkg-config" ,pkg-config) ("which" ,which))) (inputs @@ -253,18 +246,19 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2l") - (replacement openssl-1.0.2m) + (version "1.0.2m") (source (origin (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" name "-" version ".tar.gz") (string-append "ftp://ftp.openssl.org/source/old/" (string-trim-right version char-set:letter) "/" name "-" version ".tar.gz"))) (sha256 (base32 - "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf")) + "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")) (snippet '(begin ;; Remove ELF files. 'substitute*' can't read them. @@ -381,15 +375,14 @@ required structures.") ,version "/misc")) #t)))))) (native-search-paths - ;; FIXME: These two variables must designate a single file or directory - ;; and are not actually "search paths." In practice it works OK in user - ;; profiles because there's always just one item that matches the - ;; specification. (list (search-path-specification (variable "SSL_CERT_DIR") + (separator #f) ;single entry (files '("etc/ssl/certs"))) (search-path-specification (variable "SSL_CERT_FILE") + (file-type 'regular) + (separator #f) ;single entry (files '("etc/ssl/certs/ca-certificates.crt"))))) (synopsis "SSL/TLS implementation") (description @@ -397,25 +390,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -;; Fixes CVE-2017-3735 and CVE-2017-3736. -;; See <https://www.openssl.org/news/cl102.txt>. -(define-public openssl-1.0.2m - (package - (inherit openssl) - (version "1.0.2m") - (source (origin - (inherit (package-source openssl)) - (uri (list (string-append "https://www.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/openssl-" version ".tar.gz"))) - (sha256 - (base32 - "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")))))) - (define-public openssl-next (package (inherit openssl) @@ -553,7 +527,7 @@ netcat implementation that supports TLS.") #t)))))) ;; TODO: Add optional inputs for testing. (native-inputs - `(("python-mock" ,python-mock-2) + `(("python-mock" ,python-mock) ;; For documentation ("python-sphinx" ,python-sphinx) ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) @@ -602,7 +576,7 @@ netcat implementation that supports TLS.") ;; TODO: Add optional inputs for testing. (native-inputs `(("python-nose" ,python-nose) - ("python-mock" ,python-mock-2) + ("python-mock" ,python-mock) ;; For documentation ("python-sphinx" ,python-sphinx) ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) @@ -638,14 +612,14 @@ certificates for free.") (define-public perl-net-ssleay (package (name "perl-net-ssleay") - (version "1.81") + (version "1.82") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" "Net-SSLeay-" version ".tar.gz")) (sha256 (base32 - "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0")))) + "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq")))) (build-system perl-build-system) (inputs `(("openssl" ,openssl))) (arguments |