gnu: gnutls: Update to 3.6.15 and remove replacement.
* gnu/packages/tls.scm (gnutls): Update to 3.6.15. [source]: Add "gnutls-cross.patch". [replacement]: Remove. [native-inputs]: Add GUILE-3.0 when (%current-target-system) is true. (gnutls/fixed): Remove. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Remove reference to 'gnutls/fixed'. * gnu/packages/tls.scm (gnutls/dane): Inherit from gnutls. * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Remove gnutls/fixed, add gnutls. Co-authored-by: Efraim Flashner <efraim@flashner.co.il>
This commit is contained in:
Ludovic Courtès
parent
2dfb16150e
commit
51a365c183
3 changed files with 18 additions and 39 deletions
|
|
@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n")))
|
||||||
|
|
||||||
("glibc-utf8-locales" ,glibc-utf8-locales)))
|
("glibc-utf8-locales" ,glibc-utf8-locales)))
|
||||||
(propagated-inputs
|
(propagated-inputs
|
||||||
`(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls))
|
`(("gnutls" ,gnutls)
|
||||||
;; Avahi requires "glib" which doesn't cross-compile yet.
|
;; Avahi requires "glib" which doesn't cross-compile yet.
|
||||||
,@(if (%current-target-system)
|
,@(if (%current-target-system)
|
||||||
'()
|
'()
|
||||||
|
|
|
||||||
|
|
@ -164,21 +164,19 @@ living in the same process.")
|
||||||
(define-public gnutls
|
(define-public gnutls
|
||||||
(package
|
(package
|
||||||
(name "gnutls")
|
(name "gnutls")
|
||||||
;; XXX Unversion openconnect's "gnutls" input when ungrafting.
|
(version "3.6.15")
|
||||||
(replacement gnutls/fixed)
|
|
||||||
(version "3.6.12")
|
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri
|
|
||||||
;; Note: Releases are no longer on ftp.gnu.org since the
|
;; Note: Releases are no longer on ftp.gnu.org since the
|
||||||
;; schism (after version 3.1.5).
|
;; schism (after version 3.1.5).
|
||||||
(string-append "mirror://gnupg/gnutls/v"
|
(uri (string-append "mirror://gnupg/gnutls/v"
|
||||||
(version-major+minor version)
|
(version-major+minor version)
|
||||||
"/gnutls-" version ".tar.xz"))
|
"/gnutls-" version ".tar.xz"))
|
||||||
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
|
(patches (search-patches "gnutls-skip-trust-store-test.patch"
|
||||||
(sha256
|
"gnutls-cross.patch"))
|
||||||
(base32
|
(sha256
|
||||||
"0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z"))))
|
(base32
|
||||||
|
"0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
`(#:tests? ,(not (or (%current-target-system)
|
`(#:tests? ,(not (or (%current-target-system)
|
||||||
|
|
@ -228,7 +226,11 @@ living in the same process.")
|
||||||
"debug"
|
"debug"
|
||||||
"doc")) ;4.1 MiB of man pages
|
"doc")) ;4.1 MiB of man pages
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(,@(if (hurd-target?) '()
|
`(,@(if (%current-target-system) ;for cross-build
|
||||||
|
`(("guile" ,guile-3.0)) ;to create .go files
|
||||||
|
'())
|
||||||
|
,@(if (hurd-target?)
|
||||||
|
'()
|
||||||
`(("net-tools" ,net-tools)))
|
`(("net-tools" ,net-tools)))
|
||||||
("pkg-config" ,pkg-config)
|
("pkg-config" ,pkg-config)
|
||||||
("which" ,which)
|
("which" ,which)
|
||||||
|
|
@ -254,27 +256,6 @@ required structures.")
|
||||||
(properties '((ftp-server . "ftp.gnutls.org")
|
(properties '((ftp-server . "ftp.gnutls.org")
|
||||||
(ftp-directory . "/gcrypt/gnutls")))))
|
(ftp-directory . "/gcrypt/gnutls")))))
|
||||||
|
|
||||||
;; Replacement package to fix multiple security vulnerabilities.
|
|
||||||
(define-public gnutls/fixed
|
|
||||||
(package
|
|
||||||
(inherit gnutls)
|
|
||||||
(version "3.6.15")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (string-append "mirror://gnupg/gnutls/v"
|
|
||||||
(version-major+minor version)
|
|
||||||
"/gnutls-" version ".tar.xz"))
|
|
||||||
(patches (search-patches "gnutls-skip-trust-store-test.patch"
|
|
||||||
"gnutls-cross.patch"))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
|
|
||||||
(native-inputs
|
|
||||||
`(,@(if (%current-target-system) ;for cross-build
|
|
||||||
`(("guile" ,guile-3.0)) ;to create .go files
|
|
||||||
'())
|
|
||||||
,@(package-native-inputs gnutls)))))
|
|
||||||
|
|
||||||
(define-public gnutls/guile-2.0
|
(define-public gnutls/guile-2.0
|
||||||
;; GnuTLS for Guile 2.0.
|
;; GnuTLS for Guile 2.0.
|
||||||
(package/inherit gnutls
|
(package/inherit gnutls
|
||||||
|
|
@ -287,7 +268,7 @@ required structures.")
|
||||||
;; Authentication of Named Entities. This is required for GNS functionality
|
;; Authentication of Named Entities. This is required for GNS functionality
|
||||||
;; by GNUnet and gnURL. This is done in an extra package definition
|
;; by GNUnet and gnURL. This is done in an extra package definition
|
||||||
;; to have the choice between GnuTLS with Dane and without Dane.
|
;; to have the choice between GnuTLS with Dane and without Dane.
|
||||||
(package/inherit gnutls/fixed
|
(package/inherit gnutls
|
||||||
(name "gnutls-dane")
|
(name "gnutls-dane")
|
||||||
(inputs `(("unbound" ,unbound)
|
(inputs `(("unbound" ,unbound)
|
||||||
,@(package-inputs gnutls)))))
|
,@(package-inputs gnutls)))))
|
||||||
|
|
|
||||||
|
|
@ -263,9 +263,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(propagated-inputs
|
(propagated-inputs
|
||||||
`(("libxml2" ,libxml2)
|
`(("libxml2" ,libxml2)
|
||||||
;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
|
("gnutls" ,gnutls)
|
||||||
;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
|
|
||||||
("gnutls" ,gnutls/fixed)
|
|
||||||
("zlib" ,zlib)))
|
("zlib" ,zlib)))
|
||||||
(inputs
|
(inputs
|
||||||
`(("lz4" ,lz4)
|
`(("lz4" ,lz4)
|
||||||
|
|
|
||||||
Reference in a new issue