;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017, 2018 Nils Gillmann <ng0@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;;
;;; This file is part of GNU Guix.
version ".tar.gz"))
(sha256
(base32
- "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
+ "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
+ (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "https://www.gnu.org/software/libtasn1/")
(inherit libtasn1)
(source (origin
(inherit (package-source libtasn1))
- (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
+ (patches (search-patches "libtasn1-CVE-2017-10790.patch"
+ "libtasn1-CVE-2018-6003.patch"))))))
(define-public asn1c
(package
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.9")
+ (version "0.23.10")
(source
(origin
(method url-fetch)
"download/" version "/p11-kit-" version ".tar.gz"))
(sha256
(base32
- "0qyvnkb5hfi94wv3bn67y20hcbbvynvjwxpk7k9sh1si6ff69hg1"))))
+ "0hxfwnyb5yllvlsh0cj6favcph36gm94b6df7zhl7xay48zjl8gr"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
("libtasn1" ,libtasn1)))
(arguments
`(#:configure-flags '("--without-trust-paths")))
- (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
+ (home-page "https://p11-glue.freedesktop.org/p11-kit.html")
(synopsis "PKCS#11 library")
(description
"p11-kit provides a way to load and enumerate PKCS#11 modules. It
living in the same process.")
(license license:bsd-3)))
-
-;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
-;; rebuild GnuTLS (i.e. core-updates).
(define-public gnutls
(package
(name "gnutls")
"15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
(build-system gnu-build-system)
(arguments
- '(#:configure-flags
+ `(; Ensure we don't keep a reference to this buggy software.
+ #:disallowed-references (,net-tools)
+ #:configure-flags
(list
;; GnuTLS doesn't consult any environment variables to specify
;; the location of the system-wide trust store. Instead it has a
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("net-tools" ,net-tools-for-tests)
+ `(("net-tools" ,net-tools)
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
(define-public openssl
(package
(name "openssl")
- (version "1.0.2l")
- (replacement openssl-1.0.2m)
+ (replacement openssl-1.0.2o)
+ (version "1.0.2n")
(source (origin
(method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
+ "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))
(snippet
'(begin
;; Remove ELF files. 'substitute*' can't read them.
,version "/misc"))
#t))))))
(native-search-paths
- ;; FIXME: These two variables must designate a single file or directory
- ;; and are not actually "search paths." In practice it works OK in user
- ;; profiles because there's always just one item that matches the
- ;; specification.
(list (search-path-specification
(variable "SSL_CERT_DIR")
+ (separator #f) ;single entry
(files '("etc/ssl/certs")))
(search-path-specification
(variable "SSL_CERT_FILE")
+ (file-type 'regular)
+ (separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(synopsis "SSL/TLS implementation")
(description
"OpenSSL is an implementation of SSL/TLS.")
(license license:openssl)
- (home-page "http://www.openssl.org/")))
+ (home-page "https://www.openssl.org/")))
-;; Fixes CVE-2017-3735 and CVE-2017-3736.
-;; See <https://www.openssl.org/news/cl102.txt>.
-(define-public openssl-1.0.2m
+(define openssl-1.0.2o
(package
(inherit openssl)
- (version "1.0.2m")
+ (name "openssl")
+ (version "1.0.2o")
(source (origin
(inherit (package-source openssl))
(uri (list (string-append "https://www.openssl.org/source/openssl-"
version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/openssl-"
- version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
- "/openssl-" version ".tar.gz")))
+ "/" name "-" version ".tar.gz")))
(sha256
(base32
- "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
+ "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ ;; Erase the inherited snippet, which isn't applicable to
+ ;; OpenSSL 1.0.2o.
+ (snippet #f)))))
(define-public openssl-next
(package
(inherit openssl)
(name "openssl")
- (version "1.1.0g")
+ (version "1.1.0h")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
(patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
(sha256
(base32
- "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"))))
+ "05x509lccqjscgyi935z809pwfm708islypwhmjnb6cyvrn64daq"))))
(outputs '("out"
"doc" ;1.3MiB of man3 pages
"static")) ; 5.5MiB of .a files
(define-public libressl
(package
(name "libressl")
- (version "2.6.3")
+ (version "2.7.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/LibreSSL/"
name "-" version ".tar.gz"))
(sha256
(base32
- "162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf"))))
+ "1589f0kg7kj51j9hid542s4isb96s1azjaqsfprpy5s2qdwqfyli"))))
(build-system gnu-build-system)
(arguments
;; Do as if 'getentropy' was missing since older Linux kernels lack it
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
- (version "0.19.0")
+ (version "0.23.0")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
- "08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz"))))
+ "0l257dq1i2gka6ynldidpwaz1aa726643crqqckga1w5awsndh88"))))
(build-system python-build-system)
(arguments
`(#:phases
#t))))))
;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python-mock" ,python-mock-2)
+ `(("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
("texinfo" ,texinfo)))
(propagated-inputs
- `(("python-six" ,python-six)
+ `(("python-josepy" ,python-josepy)
+ ("python-six" ,python-six)
("python-requests" ,python-requests)
("python-pytz" ,python-pytz)
("python-pyrfc3339" ,python-pyrfc3339)
("python-pyasn1" ,python-pyasn1)
("python-cryptography" ,python-cryptography)
("python-pyopenssl" ,python-pyopenssl)))
- (home-page "https://github.com/letsencrypt/letsencrypt")
+ (home-page "https://github.com/certbot/certbot")
(synopsis "ACME protocol implementation in Python")
(description "ACME protocol implementation in Python")
(license license:asl2.0)))
(uri (pypi-uri name version))
(sha256
(base32
- "0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7"))))
+ "0gh5fr61c3mj5vdkn68k17wcvri9rdj506cmmz6631i2l5flrzvc"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)
;; TODO: Add optional inputs for testing.
(native-inputs
`(("python-nose" ,python-nose)
- ("python-mock" ,python-mock-2)
+ ("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
- (version "1.81")
+ (version "1.82")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
"Net-SSLeay-" version ".tar.gz"))
(sha256
(base32
- "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
+ "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq"))))
(build-system perl-build-system)
(inputs `(("openssl" ,openssl)))
(arguments
(define-public perl-crypt-openssl-bignum
(package
(name "perl-crypt-openssl-bignum")
- (version "0.08")
+ (version "0.09")
(source
(origin
(method url-fetch)
".tar.gz"))
(sha256
(base32
- "0gamn4dff1bz77nswacy1dlpn9fkwahzw7yvvik4nbwwy2s63hc8"))))
+ "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"))))
(build-system perl-build-system)
(inputs `(("openssl" ,openssl)))
(arguments perl-crypt-arguments)
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- (version "2.6.0")
+ (version "2.7.2")
(source
(origin
(method url-fetch)
version "-apache.tgz"))
(sha256
(base32
- "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
+ "1mvkqlxxvl6yp1g5g9dk4l7h3wl6149p3pfwgwzgs7xybyxw4f7x"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags