(base32
"1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--disable-static")))
(native-inputs `(("perl" ,perl)))
(home-page "https://www.gnu.org/software/libtasn1/")
(synopsis "ASN.1 library")
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.12")
+ (version "0.23.14")
(source
(origin
(method url-fetch)
"download/" version "/p11-kit-" version ".tar.gz"))
(sha256
(base32
- "00ylbx2gxrm9bv6w4y3qf8z30vpdkqaa8z1y22hy27fv34py5fjq"))))
+ "0w0dkq9388grbbn4bv2p55vy1j51f7nd9hzlc9gz4fbm4dnzmf8w"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.18")
+ (version "3.6.5")
(source (origin
(method url-fetch)
(uri
(string-append "mirror://gnupg/gnutls/v"
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
- (patches
- (search-patches "gnutls-skip-trust-store-test.patch"
- "gnutls-skip-pkgconfig-test.patch"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
+ "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; XXX: The generated configure script in GnuTLS 3.6.5
+ ;; apparently does not know about Guile 2.2.
+ (substitute* "configure"
+ (("guile_versions_to_search=\"2\\.0 1\\.8\"")
+ "guile_versions_to_search=\"2.2 2.0 1.8\""))
+ #t))))
(build-system gnu-build-system)
(arguments
`(; Ensure we don't keep a reference to this buggy software.
(define-public openssl
(package
(name "openssl")
- (replacement openssl/fixed)
- (version "1.0.2o")
+ (version "1.0.2p")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ "003xh9f898i56344vpvpxxxzmikivxig4xwlm7vbi7m8n43qxaah"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
(string-append "--openssldir=" out
"/share/openssl-" ,version)
- (string-append "--prefix=" out)
-
- ;; XXX FIXME: Work around a code generation bug in GCC
- ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
- ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
- ,@(if (and (not (%current-target-system))
- (string-prefix? "armhf" (%current-system)))
- '("-mfpu=vfpv3")
- '())))))
+ (string-append "--prefix=" out)))))
(add-after
'install 'make-libraries-writable
(lambda* (#:key outputs #:allow-other-keys)
(license license:openssl)
(home-page "https://www.openssl.org/")))
-(define openssl/fixed
- (package
- (inherit openssl)
- (source (origin
- (inherit (package-source openssl))
- (patches (append (origin-patches (package-source openssl))
- (search-patches "openssl-1.0.2-CVE-2018-0495.patch"
- "openssl-1.0.2-CVE-2018-0732.patch")))))))
-
(define-public openssl-next
(package
(inherit openssl)
(name "openssl")
- (version "1.1.0h")
+ (version "1.1.1a")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
- (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"
- "openssl-1.1.0-CVE-2018-0495.patch"
- "openssl-1.1.0-CVE-2018-0732.patch"))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
- "05x509lccqjscgyi935z809pwfm708islypwhmjnb6cyvrn64daq"))))
+ "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w"))))
(outputs '("out"
- "doc" ;1.3MiB of man3 pages
- "static")) ; 5.5MiB of .a files
+ "doc" ; 6.8 MiB of man3 pages and full HTML documentation
+ "static")) ; 6.4 MiB of .a files
(arguments
(substitute-keyword-arguments (package-arguments openssl)
((#:phases phases)
`(modify-phases ,phases
(delete 'patch-tests) ; These two phases are not needed by
- (delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
+ (delete 'patch-Makefile.org) ; OpenSSL 1.1.
;; Override configure phase since -rpath is now a configure option.
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(lib (string-append out "/lib")))
+ ;; It's not a shebang so patch-source-shebangs misses it.
+ (substitute* "config"
+ (("/usr/bin/env")
+ (string-append (assoc-ref %build-inputs "coreutils")
+ "/bin/env")))
(invoke "./config"
"shared" ;build shared libraries
"--libdir=lib"
'("-mfpu=vfpv3")
'())))))
+ (delete 'move-man3-pages)
+ (add-after 'install 'move-extra-documentation
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move man3 pages and full HTML documentation to "doc".
+ (let* ((out (assoc-ref outputs "out"))
+ (man3 (string-append out "/share/man/man3"))
+ (html (string-append out "/share/doc/openssl"))
+ (doc (assoc-ref outputs "doc"))
+ (man-target (string-append doc "/share/man/man3"))
+ (html-target (string-append doc "/share/doc/openssl")))
+ (copy-recursively man3 man-target)
+ (delete-file-recursively man3)
+ (copy-recursively html html-target)
+ (delete-file-recursively html)
+ #t)))
;; XXX: Duplicate this phase to make sure 'version' evaluates
;; in the current scope and not the inherited one.
(replace 'remove-miscellany
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
- (version "0.25.1")
+ (version "0.29.1")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
- "0d177dhy8a7472pz9v4blrlk02d8fp6s52li7z8v3dv97pvz7da7"))))
+ "0z5l966b1asbcdzl77bmywf22c1q0xill00jj7qyml9wx2nh7qm2"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'build 'build-documentation
(lambda _
- (zero? (system* "make" "-C" "docs" "man" "info"))))
+ (invoke "make" "-C" "docs" "man" "info")))
(add-after 'install 'install-documentation
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(uri (pypi-uri name version))
(sha256
(base32
- "0kp56gwn1bnlrag9qidhm1i5ifdp5z6y1ravh3yimfrkc4cfa8sw"))))
+ "14i6yrcb9s7ygy99gccfc8jscymi24xb72s5lgg9b2y40z909ikg"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)
finally access to the SSL api of the SSLeay/OpenSSL package so you can write
servers or clients for more complicated applications.")
(license license:perl-license)
- (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+ (home-page "https://metacpan.org/release/Net-SSLeay")))
(define-public perl-crypt-openssl-rsa
(package
(name "perl-crypt-openssl-rsa")
- (version "0.30")
+ (version "0.31")
(source
(origin
(method url-fetch)
".tar.gz"))
(sha256
(base32
- "1b19kaaw4wda8dy6kjiwqa2prpbs2dqcyjyj9zdh5wbs74qkbq93"))))
+ "0djl5i6kibl7862b6ih29q8dhg5zpwzq77q9j8hp6xngshx40ws1"))))
(build-system perl-build-system)
(native-inputs
`(("perl-crypt-openssl-guess" ,perl-crypt-openssl-guess)))
("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-RSA")
+ "https://metacpan.org/release/Crypt-OpenSSL-RSA")
(synopsis
"RSA encoding and decoding, using the openSSL libraries")
(description "Crypt::OpenSSL::RSA does RSA encoding and decoding (using the
(inputs `(("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-Bignum")
+ "https://metacpan.org/release/Crypt-OpenSSL-Bignum")
(synopsis
"OpenSSL's multiprecision integer arithmetic in Perl")
(description "Crypt::OpenSSL::Bignum provides multiprecision integer
(base32
"0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"))))
(build-system perl-build-system)
- (home-page "http://search.cpan.org/dist/Crypt-OpenSSL-Guess/")
+ (home-page "https://metacpan.org/release/Crypt-OpenSSL-Guess")
(synopsis "Guess the OpenSSL include path")
(description
"The Crypt::OpenSSL::Guess Perl module provides helpers to guess the
`(("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(home-page
- "http://search.cpan.org/dist/Crypt-OpenSSL-Random")
+ "https://metacpan.org/release/Crypt-OpenSSL-Random")
(synopsis
"OpenSSL/LibreSSL pseudo-random number generator access")
(description "Crypt::OpenSSL::Random is a OpenSSL/LibreSSL pseudo-random
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- (version "2.7.3")
+ (version "2.16.0")
(source
(origin
(method url-fetch)
version "-apache.tgz"))
(sha256
(base32
- "0rfpcc4i01qsl66iy1z9vaw00s34h4qgx3r41i1v5vazv7vjla05"))))
+ "1qlscr0m97favkqmrlj90rlgw40h8lcypxz0snvr1iwkj1pbbnp3"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
(list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")))
(native-inputs
- `(("perl" ,perl)))
+ `(("perl" ,perl)
+ ("python" ,python)))
(synopsis "Small TLS library")
(description
"@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
(home-page "https://tls.mbed.org")
(license license:asl2.0)))
+;; The Hiawatha Web server requires some specific features to be enabled.
+(define-public mbedtls-for-hiawatha
+ (hidden-package
+ (package
+ (inherit mbedtls-apache)
+ (arguments
+ (substitute-keyword-arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'configure 'configure-extra-features
+ (lambda _
+ (for-each (lambda (feature)
+ (invoke "scripts/config.pl" "set" feature))
+ (list "MBEDTLS_THREADING_C"
+ "MBEDTLS_THREADING_PTHREAD"))
+ #t)))
+ ,@(package-arguments mbedtls-apache)))))))
+
(define-public ghc-tls
(package
(name "ghc-tls")
- (version "1.3.8")
+ (version "1.4.1")
(source (origin
(method url-fetch)
(uri (string-append "https://hackage.haskell.org/package/"
"tls/tls-" version ".tar.gz"))
(sha256
(base32
- "1rdidf18i781c0vdvy9yn79yh08hmcacf6fp3sgghyiy3h0wyh5l"))))
+ "1y083724mym28n6xfaz7pcc7zqxdhjpaxpbvzxfbs25qq2px3smv"))))
(build-system haskell-build-system)
(inputs
- `(("ghc-mtl" ,ghc-mtl)
- ("ghc-cereal" ,ghc-cereal)
+ `(("ghc-cereal" ,ghc-cereal)
("ghc-data-default-class" ,ghc-data-default-class)
("ghc-memory" ,ghc-memory)
("ghc-cryptonite" ,ghc-cryptonite)