From 51a365c1834ced822ca3e1cfdf625edf6b883513 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 8 Dec 2020 11:12:14 +0100 Subject: gnu: gnutls: Update to 3.6.15 and remove replacement. * gnu/packages/tls.scm (gnutls): Update to 3.6.15. [source]: Add "gnutls-cross.patch". [replacement]: Remove. [native-inputs]: Add GUILE-3.0 when (%current-target-system) is true. (gnutls/fixed): Remove. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Remove reference to 'gnutls/fixed'. * gnu/packages/tls.scm (gnutls/dane): Inherit from gnutls. * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Remove gnutls/fixed, add gnutls. Co-authored-by: Efraim Flashner --- gnu/packages/package-management.scm | 2 +- gnu/packages/tls.scm | 51 ++++++++++++------------------------- gnu/packages/vpn.scm | 4 +-- 3 files changed, 18 insertions(+), 39 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 9e8f9df76d..a76fc49b3e 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n"))) ("glibc-utf8-locales" ,glibc-utf8-locales))) (propagated-inputs - `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls)) + `(("gnutls" ,gnutls) ;; Avahi requires "glib" which doesn't cross-compile yet. ,@(if (%current-target-system) '() diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 28c6d8c392..42ea384524 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -164,21 +164,19 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - ;; XXX Unversion openconnect's "gnutls" input when ungrafting. - (replacement gnutls/fixed) - (version "3.6.12") + (version "3.6.15") (source (origin - (method url-fetch) - (uri + (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the ;; schism (after version 3.1.5). - (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-" version ".tar.xz")) - (patches (search-patches "gnutls-skip-trust-store-test.patch")) - (sha256 - (base32 - "0jvca1qahn9lrwv6f5kfs95icirc15b2a8x9fzczyj996ipg3b5z")))) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-cross.patch")) + (sha256 + (base32 + "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) (build-system gnu-build-system) (arguments `(#:tests? ,(not (or (%current-target-system) @@ -228,7 +226,11 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(,@(if (hurd-target?) '() + `(,@(if (%current-target-system) ;for cross-build + `(("guile" ,guile-3.0)) ;to create .go files + '()) + ,@(if (hurd-target?) + '() `(("net-tools" ,net-tools))) ("pkg-config" ,pkg-config) ("which" ,which) @@ -254,27 +256,6 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -;; Replacement package to fix multiple security vulnerabilities. -(define-public gnutls/fixed - (package - (inherit gnutls) - (version "3.6.15") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-" version ".tar.xz")) - (patches (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-cross.patch")) - (sha256 - (base32 - "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) - (native-inputs - `(,@(if (%current-target-system) ;for cross-build - `(("guile" ,guile-3.0)) ;to create .go files - '()) - ,@(package-native-inputs gnutls))))) - (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls @@ -287,7 +268,7 @@ required structures.") ;; Authentication of Named Entities. This is required for GNS functionality ;; by GNUnet and gnURL. This is done in an extra package definition ;; to have the choice between GnuTLS with Dane and without Dane. - (package/inherit gnutls/fixed + (package/inherit gnutls (name "gnutls-dane") (inputs `(("unbound" ,unbound) ,@(package-inputs gnutls))))) diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 04c34c3d4d..2763fba935 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -263,9 +263,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer (build-system gnu-build-system) (propagated-inputs `(("libxml2" ,libxml2) - ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’ - ;; See . - ("gnutls" ,gnutls/fixed) + ("gnutls" ,gnutls) ("zlib" ,zlib))) (inputs `(("lz4" ,lz4) -- cgit v1.2.3