From 9749746544f9d759ad1308b30a2ce19f44e3e391 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 30 Aug 2017 22:41:40 +0200
Subject: gnu: mbedtls-apache: Update to 2.6.0 [fixes CVE-2017-14032].

* gnu/packages/tls.scm (mbedtls-apache): Update to 2.6.0.
---
 gnu/packages/tls.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 111a1c3734..4183dda3c6 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -763,7 +763,7 @@ then ported to the GNU / Linux environment.")
 (define-public mbedtls-apache
   (package
     (name "mbedtls-apache")
-    (version "2.5.1")
+    (version "2.6.0")
     (source
      (origin
        (method url-fetch)
@@ -773,7 +773,7 @@ then ported to the GNU / Linux environment.")
                            version "-apache.tgz"))
        (sha256
         (base32
-         "1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm"))))
+         "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("perl" ,perl)))
-- 
cgit v1.2.3


From 3b2802f8c451f7d8f0e02ee81a55046648c0735e Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 7 Sep 2017 15:23:21 -0400
Subject: gnu: certbot, python-acme: Update to 0.18.0.

* gnu/packages/tls.scm (certbot, python-acme, python2-acme): Update to 0.18.0.
---
 gnu/packages/tls.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4183dda3c6..52554a2922 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -486,13 +486,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.17.0")
+    (version "0.18.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
        (base32
-        "0vmnv7qhdhl9qhq03v6zrcj1lsmpmpjb94s0xsc7piwqxfmf9jrw"))))
+        "0f49v661nw8sccaqc85q64vi8alnzb88y3nimn1123gq128hq6rh"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -543,7 +543,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "173619jkq4bg88f6i837z3pcjkrfabrvv8vrpyx18k9i7xnb5xa3"))))
+                "0pqryjjc8ywg4z9akfk6iv6sxr32lks8pd0h4vvw3w2mlkbxy2zp"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
-- 
cgit v1.2.3


From 72fe8956f5add37271590d412b3ad8104472d884 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 8 Sep 2017 19:26:43 -0400
Subject: gnu: certbot, python-acme: Update to 0.18.1.

* gnu/packages/tls.scm (certbot, python-acme, python2-acme): Update to 0.18.1.
---
 gnu/packages/tls.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 52554a2922..995c4e303c 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -486,13 +486,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.18.0")
+    (version "0.18.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
        (base32
-        "0f49v661nw8sccaqc85q64vi8alnzb88y3nimn1123gq128hq6rh"))))
+        "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -543,7 +543,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0pqryjjc8ywg4z9akfk6iv6sxr32lks8pd0h4vvw3w2mlkbxy2zp"))))
+                "0k3bqfkjxyg0qivs4a6iz6gyqx8li4hgn8m268r72lxgq46ay2mf"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
-- 
cgit v1.2.3


From 45bed1d3eaac6d4fe077f7a2427f2d9d7125ee6a Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 7 Sep 2017 18:14:04 -0400
Subject: gnu: python2-acme: Remove package.

This package has not built successfully for a long time. Since it
appears to have no users, we remove it for now.

* gnu/packages/tls.scm (python2-acme): Remove variable.
---
 gnu/packages/tls.scm | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 995c4e303c..4b3d766b05 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -529,9 +529,6 @@ netcat implementation that supports TLS.")
     (description "ACME protocol implementation in Python")
     (license license:asl2.0)))
 
-(define-public python2-acme
-  (package-with-python2 python-acme))
-
 (define-public certbot
   (package
     (name "certbot")
-- 
cgit v1.2.3


From 881006b65cd7693a1f473870fef1ae38f497f9ae Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Sun, 17 Sep 2017 17:39:30 +0200
Subject: gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.

* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/tls.scm (python-acme)[source]: Use it.
---
 gnu/packages/tls.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4b3d766b05..add371ffa3 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -490,9 +490,10 @@ netcat implementation that supports TLS.")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
-      (sha256
-       (base32
-        "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
+              (patches (search-patches "python-acme-dont-use-openssl-rand.patch"))
+              (sha256
+               (base32
+                "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
-- 
cgit v1.2.3


From 66660960ba75233ae5b6c539f43d97d06d64e9ad Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 24 Sep 2017 17:56:19 -0400
Subject: gnu: certbot, python-acme: Update to 0.18.2.

* gnu/packages/tls.scm (certbot, python-acme): Update to 0.18.2.
* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/packages/tls.scm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index add371ffa3..3251c102b0 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -486,14 +486,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.18.1")
+    (version "0.18.2")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
-              (patches (search-patches "python-acme-dont-use-openssl-rand.patch"))
               (sha256
                (base32
-                "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
+                "1xiy8m7501g5l9kpdmyvyz72nfnl72l19qkrf76fyvby7adzm3ki"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -541,7 +540,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0k3bqfkjxyg0qivs4a6iz6gyqx8li4hgn8m268r72lxgq46ay2mf"))))
+                "16lw4n7kwnkvh9sz2f97c7ad1wwp33mg5fc332lpy5n17zpfc8h1"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
-- 
cgit v1.2.3


From 5b9aa107d28f1187e3dde5b3e9aee3bf580b5475 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.

Signed-off-by: Christopher Baines <mail@cbaines.net>
---
 gnu/packages/tls.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b0..0e59d7df10 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
cgit v1.2.3