diff options
author | John Kehayias <john.kehayias@protonmail.com> | 2024-03-31 20:46:45 -0400 |
---|---|---|
committer | John Kehayias <john.kehayias@protonmail.com> | 2024-03-31 20:46:45 -0400 |
commit | 155f23a52e626e8ac60f818937d5bb1a3ebe3184 (patch) | |
tree | a19317812471db31ae2a97844d6cf74e45057466 /gnu/packages/tls.scm | |
parent | d9dee5ea2f564fa6979ae552fd9bd5ac22f86ecc (diff) | |
parent | 1cba1f8ce6f84c4737650401c0eb0473a45f9ff7 (diff) | |
download | guix-patches-155f23a52e626e8ac60f818937d5bb1a3ebe3184.tar guix-patches-155f23a52e626e8ac60f818937d5bb1a3ebe3184.tar.gz |
Merge branch 'master' into mesa-updates
Change-Id: I4cd94a58b62d8c3987e4a60c76b37894ad851e35
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r-- | gnu/packages/tls.scm | 108 |
1 files changed, 49 insertions, 59 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 806a761d9b..2f212e9f90 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,7 +200,7 @@ living in the same process.") (package (name "gnutls") (version "3.7.7") - (replacement gnutls-3.8.2) + (replacement gnutls/fixed) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -305,11 +305,12 @@ required structures.") (define-deprecated/public-alias gnutls-latest gnutls) ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. -(define gnutls-3.8.2 +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, GNUTLS-SA-2024-01-14 / +;; CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567 +(define gnutls/fixed (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +319,7 @@ required structures.") (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based @@ -335,7 +336,7 @@ required structures.") ;; This package supersedes the Guile bindings that came with GnuTLS until ;; version 3.7.8 included. (name "guile-gnutls") - (version "3.7.12") + (version "3.7.14") (home-page "https://gitlab.com/gnutls/guile/") (source (origin ;; url-fetch is used here to avoid a circular dependency with @@ -343,12 +344,11 @@ required structures.") (method url-fetch) (uri (string-append "https://gitlab.com/gnutls/guile/uploads/" - "3fe12c208bdc6155c5116cf5eac7a2ad" + "1fdc941351d54cd7affda1bb912b9ca5" "/guile-gnutls-" version ".tar.gz")) (sha256 (base32 - "0dp3zsbnwgb4q4p8n6i5vnlwq52v5hp8f5c44ngyag89fcaz2fjx")) - (patches (search-patches "gnutls-cross.patch")))) + "0ldnxq5qxzy92jd8w5c717bgx4038x9qmi43bzl6kmlkzpagqayy")))) (build-system gnu-build-system) (arguments (list @@ -973,14 +973,10 @@ correct OpenSSL include path. It is intended for use in your number generator") (license license:perl-license))) -;; The "-apache" variant is the upstreamed prefered variant. A "-gpl" -;; variant exists in addition to the "-apache" one. -(define-public mbedtls-apache +(define-public mbedtls-lts (package - (name "mbedtls-apache") - ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha - ;; when updating. - (version "2.28.5") + (name "mbedtls") + (version "2.28.7") (source (origin (method git-fetch) @@ -989,17 +985,17 @@ number generator") (commit (string-append "mbedtls-" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "1jlkvvyigpjvv404b8vmx68f1v6g1h2zr6rd78dhc0xgqi018phs")))) + (base32 "070i5pxciw04swfqk1rmdprhsafn4cias3dlmkm467pqpjnhb394")))) (build-system cmake-build-system) (arguments - `(#:configure-flags - (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" - "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'make-source-writable - (lambda _ - (for-each make-file-writable (find-files "."))))))) + (list #:configure-flags + #~(list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" + "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF") + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'make-source-writable + (lambda _ + (for-each make-file-writable (find-files "."))))))) (native-inputs (list perl python)) (synopsis "Small TLS library") @@ -1009,47 +1005,41 @@ for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint.") (home-page "https://www.trustedfirmware.org/projects/mbed-tls/") - (license license:asl2.0))) + (license (list license:asl2.0 license:gpl2+)))) ;dual licensed + +(define-public mbedtls + (package + (inherit mbedtls-lts) + (name "mbedtls") + (version "3.5.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ARMmbed/mbedtls") + (commit (string-append "mbedtls-" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1wsjrx98h74q0q4zqwsghiqvjz4aqgvigpxb9f8xjw0w4sfsclcm")))))) + +(define-public mbedtls-apache + (deprecated-package "mbedtls-apache" mbedtls-lts)) ;; The Hiawatha Web server requires some specific features to be enabled. (define-public mbedtls-for-hiawatha (hidden-package (package - (inherit mbedtls-apache) - (name "mbedtls-apache") - (version "2.26.0") - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/ARMmbed/mbedtls") - (commit (string-append "mbedtls-" version)))) - (sha256 - (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m")) - (file-name (git-file-name name version)) - (modules '((guix build utils))) - (snippet - '(begin - ;; Can be removed with the next version. - ;; Reduce level of format truncation warnings due to false positives. - ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434 - (substitute* "CMakeLists.txt" - (("Wformat-truncation=2") "Wformat-truncation")) - #t)))) + (inherit mbedtls-lts) (arguments - (substitute-keyword-arguments (package-arguments mbedtls-apache) + (substitute-keyword-arguments (package-arguments mbedtls-lts) ((#:phases phases) - `(modify-phases ,phases - (add-before 'configure 'configure-extra-features - (lambda _ - (for-each (lambda (feature) - (invoke "scripts/config.pl" "set" feature)) - (list "MBEDTLS_THREADING_C" - "MBEDTLS_THREADING_PTHREAD")) - ;; XXX The above enables code that breaks with -Werror… - (substitute* "CMakeLists.txt" - ((" -Wformat-signedness") "")) - #t))))))))) + #~(modify-phases #$phases + (add-before 'configure 'configure-extra-features + (lambda _ + (for-each (lambda (feature) + (invoke "scripts/config.pl" "set" feature)) + (list "MBEDTLS_THREADING_C" + "MBEDTLS_THREADING_PTHREAD"))))))))))) (define-public dehydrated (package |