Fixes CVE-2024-0553 and CVE-2024-0567.
gnu/packages/tls.scm (gnutls-3.8.2): Rename to ...
(gnutls/fixed): ... this. Update to 3.8.3.
(gnutls): Rename replacement to gnutls/fixed.
Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
Co-authored-by: John Kehayias <john.kehayias@protonmail.com>
This fixes mbedtls-apache failing some tests for unknown reasons after recent
updates and ungrafting to other packages. This should soon be renamed to
mbedtls-apache-lts and a newer version added; see
<https://issues.guix.gnu.org/66718>.
* gnu/packages/tls.scm (mbedtls-apache): Update to 2.28.5.
Change-Id: Ie513c11cb60262be9865ebbd1f6238d39f299c42
The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
upgrade to 3.8.0 or later.
* gnu/packages/tls.scm (gnutls-3.8.1): New variable.
(gnutls)[replacement]: Use it.
Signed-off-by: Christopher Baines <mail@cbaines.net>
The ‘replacement’ field of ‘openssl-1.1’ was apparently lost in a
previous merge commit ca. Jan. 2023; consequently, ‘openssl/fixed’ was
unused.
* gnu/packages/tls.scm (openssl-1.1)[replacement]: New field.
Thanks to Dennis 'GNUtoo' Carikli for <https://issues.guix.gnu.org/64982>,
but upgrading to 3.8.0 breaks (at least) OpenSMTPd.
* gnu/packages/tls.scm (libressl): Update to 3.7.3.
* gnu/packages/tls.scm (aws-lc)[native-inputs]: Add libfaketime.
[arguments]<#:phases>: Replace and wrap 'check with faketime due to
certificate expiration.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The patch was inadvertently removed in
5e1e67442188ccca8db8c1dd092efbc6fc2c33dc.
* gnu/packages/tls.scm (guile-gnutls)[source]: Re-add 'gnutls-cross.patch'.
* gnu/packages/tls.scm (guile-gnutls): Update to 3.7.12.
[source]: Switch to a tarball, to avoid a circular dependency if guile-gnutls
is used in git-download.
[arguments]: Remove phase changes for building from Git.
[native-inputs]: Remove autoconf and automake as they're now unnecessary.
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/tls.scm (guile-gnutls) [phase patch-more-shebangs]: Fix how
autogen.sh invokes gnulib-tool, and how configure.ac invokes git-version-gen,
so as not to rely on shebangs.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/tls.scm (gnutls-latest): Define as a deprecated alias for
'gnutls'.
(guile-gnutls)[inputs, native-inputs]: Replace 'gnutls-latest' with 'gnutls'.
README.md says to use meson to build.
* gnu/packages/tls.scm (p11-kit-next)[build-system]: Use meson-build-system.
[arguments]: Adjust accordingly.
Signed-off-by: Christopher Baines <mail@cbaines.net>
* gnu/packages/julia.scm (julia): Update to 1.8.3.
[source]: Remove one patch.
[arguments]: Adjust 'prepare-deps phase to changes in inputs. Remove
custom 'use-system-libwhich, 'change-number-of-precompiled-statements,
'symlink-libraries phases. In 'fix-include-and-link-paths phase remove
substitution for utf8proc linking and adjust libuv linking. Fix
reference to shell in 'replace-default-shell phase. Adjust the
'shared-objects-path phase to changes in the source. Change the
'enable-parallel-tests phase for upstream changes. Adjust the
'adjust-test-suite phase to be more robust. Change the
'disable-broken-tests phase to help the test suite pass. Rename
'symlink-llvm-utf8proc phase to 'symlink-missing-libraries and add two
more. Adjust make-flags for changes in shared system libraries. Reorder
make-flags to changes in the source. Except for aarch64, use the
defaults for choosing to use 64-bit blas.
[inputs]: Add libblastrampoline. Replace libgit-1.1 with libgit-1.3,
utf8proc-2.7.1 with utf8proc-2.8.0.
[native-inputs]: Replace python-2 with python.
(libunwind-julia): Update to 1.5.0.
[source]: Update patches.
* gnu/packages/libevent.scm (libuv-julia): Update to 2.0.0-4.e6f0e49.
[arguments]: Also build static library, build position-independent-code.
* gnu/packages/llvm.scm (llvm-julia): Update to llvm-13, following
upstream's build instructions.
* gnu/packages/maths.scm (openlibm): Update to 0.8.1.
* gnu/packages/textutils.scm (utf8proc-2.7.1): Update and rename to
utf8proc-2.8.0.
[native-inputs]: Update unicode to 14.0.0.
* gnu/packages/tls.scm (mbedtls-apache): Update to 2.28.0.
[source]: Remove snippet.
[arguments]: Remove trailing #t from phases.
* gnu/packages/patches/julia-allow-parallel-build.patch,
(julia-patch): Update version string to 1.8.2.
gnu/packages/patches/libunwind-julia-fix-GCC10-fno-common.patch: Remove
files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Co-authored-by: Akira Kyle <akira@akirakyle.com>
