Commit Graph

237 Commits

Author SHA1 Message Date
Vladimír Čunát
0cedc3dedf gnutls: drop the withSecurity option
The patch for `withSecurity = false` wouldn't apply anymore,
and it didn't seem sufficient for several months already.
Noone's shown interest in fixing that.
2023-02-14 20:39:48 +00:00
Vladimír Čunát
0442267e82 gnutls: 3.7.8 -> 3.8.0
https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html

Also fixes a "medium" severity CVE-2023-0361
http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14

nix-ssl-cert-file.patch: upstream's only changed whitespace around here
2023-02-14 20:39:48 +00:00
Robert Scott
dba170886f gnutls: add some key reverse dependencies to passthru.tests 2023-02-11 20:07:29 +00:00
Artturin
7e49471316 treewide: optional -> optionals where the argument is a list
the argument to optional should not be list
2022-10-10 15:40:21 +03:00
Vladimír Čunát
45406f8116
gnutls: 3.7.7 -> 3.7.8
https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html
2022-09-28 08:57:21 +02:00
github-actions[bot]
de2d4d270d
Merge staging-next into staging 2022-08-11 00:03:19 +00:00
Vladimír Čunát
bf742b9b98
gnutls: officially adopt the package
I've been keeping an eye on it for years due to day job at knot-resolver

Eelco apparently hasn't touched gnutls since 2016,
so let's drop him from the list.
2022-08-10 20:14:13 +02:00
Maximilian Bosch
c9c802dfd8
gnutls: 3.7.6 -> 3.7.7, fix CVE-2022-2509
https://nvd.nist.gov/vuln/detail/CVE-2022-2509
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
2022-08-08 10:57:29 +02:00
Franz Pletz
c092a502df
treewide: remove myself as maintainer from some pkgs
Only packages I'm not able to maintain anymore as of today. Mostly
because I'm haven't been using them in a while.
2022-08-03 14:17:51 +02:00
Vladimír Čunát
8fb70dee32
gnutls: [darwin] propagate the security framework (#179298)
https://hydra.nixos.org/build/181628152
https://hydra.nixos.org/build/181629306
2022-06-27 09:51:49 +02:00
Vladimír Čunát
672046dceb
gnutls: enable Security framework on darwin (PR #179078)
Otherwise the builds started to fail since the last bump:
https://hydra.nixos.org/build/181462581
https://hydra.nixos.org/build/181520558
2022-06-26 08:56:24 +02:00
Vladimír Čunát
f344b4da35
gnutls: 3.7.3 -> 3.7.6
https://lists.gnupg.org/pipermail/gnutls-help/2022-March/004738.html
https://lists.gnupg.org/pipermail/gnutls-help/2022-May/004743.html
https://lists.gnupg.org/pipermail/gnutls-help/2022-May/004744.html
2022-06-23 09:15:03 +02:00
Vladimír Čunát
a10d11b59f gnutls: fix IDN support
- recent versions only accept libidn2 (not libidn)
- it's for free, as it's a runtime dependency of glibc anyway
2022-01-28 12:48:48 -08:00
Vladimír Čunát
67fc40aa12 gnutls: 3.7.2 -> 3.7.3
Includes a low-severity security fix.
https://lists.gnupg.org/pipermail/gnutls-help/2022-January/004736.html
2022-01-28 12:48:48 -08:00
Alyssa Ross
630883559a
pkgsStatic.gnutls: fix build 2021-11-23 20:34:44 +00:00
rnhmjoj
6f3b6a2fea
gnutls: enable p11-kit by default
GnuTLS has a single hard-coded location for the system trust store,
currently set to the path used by NixOS, Debian, Arch, Gentoo, etc.
Since not all distributions use the same path, notably Fedora and RHEL,
the certificate validation will break on some non-NixOS system.

This can be solved by enabling the p11-kit integration, so that by
default p11-kit (properly configured for all major distos) will provide
GnuTLS with the CA roots though the PKCS #11 API.
2021-11-18 22:38:22 +01:00
Vladimír Čunát
f083f92c1f
gnutls: avoid the (check-time) cacert dependency
The point is to reduce rebuild amount when updating cacert/nss,
though at *this* point it remains quite high - before & after:

Estimating rebuild amount by counting changed Hydra jobs (parallel=unset).
  13109 x86_64-darwin
  21567 x86_64-linux
Estimating rebuild amount by counting changed Hydra jobs (parallel=unset).
  13109 x86_64-darwin
  17141 x86_64-linux
2021-11-02 11:29:52 +01:00
github-actions[bot]
8b9fa8d446
Merge staging-next into staging 2021-06-16 18:04:48 +00:00
Alyssa Ross
b2ba2a9a4c
gnutls: fix homepage
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>GnuTLS - GNU Project - Free Software Foundation</title>
    <meta http-equiv="content-type" content='text/html; charset=utf-8' />

    <meta http-equiv="refresh" content="1; url=https://gnutls.org/" />
    <script type="text/javascript">
          window.location.href = "https://gnutls.org/"
    </script>
  </head>
  <body>
    <p>GnuTLS is at <a
    href="https://gnutls.org/">https://gnutls.org/</a>.</p>
    <hr/>
  </body>
</html>
2021-06-16 13:14:38 +00:00
Vladimír Čunát
ace52589b0
gnutls: construct url from version
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-06-16 08:50:04 +02:00
Vladimír Čunát
99ab89a4f5
gnutls: remove unused patch
It was forgotten in commit 8a91c70ec1.
2021-06-11 06:55:04 +02:00
Vladimír Čunát
c41788d925
gnutls: simplify expression (pname + version)
We haven't supported multiple versions for a long time.
2021-06-11 06:53:41 +02:00
Vladimír Čunát
5945d9c484
gnutls: 3.7.1 -> 3.7.2
https://lists.gnupg.org/pipermail/gnutls-help/2021-May/004708.html
2021-06-10 19:54:41 +02:00
Kasper
54a942426e
gnutls: fix build with musl (#119569)
* gnutls: fix build with musl

* gnutls: don't handle old versions

Co-authored-by: Kasper Gałkowski <kpg@posteo.net>
2021-04-16 07:48:27 +01:00
Ben Wolsieffer
8a91c70ec1 gnutls: remove upstreamed armv7l patch 2021-04-16 00:14:30 -04:00
Vladimír Čunát
77cc22179b
gnutls: 3.7.0 -> 3.7.1
https://lists.gnupg.org/pipermail/gnutls-help/2021-March/004698.html
It includes a low-severity security fix:
https://gnutls.org/security-new.html#GNUTLS-SA-2021-03-10

postPatch: the patched file doesn't exist now and all tests still pass.
2021-03-18 16:02:56 +01:00
Martin Weinelt
e8308f4cbd
gnutls: 3.6.15 -> 3.7.0
https://lists.gnupg.org/pipermail/gnutls-help/2020-December/004670.html
2021-02-24 01:44:25 +01:00
Ivan Babrou
47f4eb0d66 gnutls: remove autogen from build dependencies
There's an error when compiling autogen on macos Big Sur with #105026,
and it compiles fine without autogen, so I see no reason to keep it.

The dependency on autogen was originally introduced in 31a128b32b,
but unfortunately there's no explanation for the reason and no linked issue.
2021-01-20 07:36:45 +00:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Anderson Torres
52242b4e7d
Merge pull request #103925 from lopsided98/coreutils-tests-arm
coreutils, findutils, gnutls: fix build on 32-bit ARM
2020-12-07 23:38:08 -03:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Ben Wolsieffer
f54266824d gnutls: fix build on 32-bit ARM
Add an upstream patch to fix failing tests. The patch actually affects gnulib,
which is included as a vendored dependency.
2020-11-21 20:02:22 -05:00
Vladimír Čunát
2363e6eb9c
gnutls: 3.6.14 -> 3.6.15
Security: on-wire alert could cause NULL pointer dereference.
https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html
2020-09-23 10:34:00 +02:00
Cole Helbling
1dba117541
gnutls: 3.6.13 -> 3.6.14
Fixes CVE-2020-13777 [1].

Changes: https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-13777
2020-06-08 23:14:05 -07:00
Timo Kaufmann
bbb8132790
Merge pull request #80206 from Thra11/guile-gnutls
gnutls: fix guile bindings
2020-05-07 18:01:32 +00:00
Fabian Möller
0665c8776a
gnutls: fix musl build
`musl` produces a different output than `glibc` during some tests, which
let's them fail.

Using `getpass(3)` under `musl` when `stdin` is not a tty omits the
prompt, which the `certtool` test expects to find.

See https://gitlab.com/gnutls/gnutls/-/issues/945
2020-05-06 17:37:55 +02:00
Pavol Rusnak
7b0167204d treewide: use https for nixos.org and hydra.nixos.org
tarballs.nixos.org is omitted from the change because urls from there
are always hashed and checked
2020-05-03 22:14:21 -07:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Martin Milata
7cb24f9a8f gnutls: 3.6.12 -> 3.6.13
Fixes CVE-2020-11501.

Changes: https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
2020-04-04 22:04:07 +02:00
Tom Hall
a7dc5f524c gnutls: fix guile bindings 2020-02-15 21:50:34 +00:00
Vladimír Čunát
3668d993a3
gnutls: move some docs that don't seem useful normally 2020-02-10 21:55:23 +01:00
R. RyanTM
07db37b935 gnutls: 3.6.11.1 -> 3.6.12 2020-02-09 09:00:17 +01:00
Will Dietz
c555684c6d gnutls: 3.6.10 -> 3.6.11 2019-12-05 10:26:56 +01:00
Robin Gloster
04fac845a4
Merge pull request #70596 from r-ryantm/auto-update/gnutls
gnutls: 3.6.9 -> 3.6.10
2019-10-16 00:15:24 +02:00
Ricardo M. Correia
2b24d465cc gnutls: fix test-ciphers-api.sh failure on aarch64
See https://gitlab.com/gnutls/gnutls/issues/764 for more info.
2019-10-10 01:12:11 +02:00
R. RyanTM
8340bd9562 gnutls: 3.6.9 -> 3.6.10
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/gnutls/versions
2019-10-07 02:16:44 -07:00
Will Dietz
e309ddb263
gnutls: 3.6.8 -> 3.6.9
https://gitlab.com/gnutls/gnutls/blob/gnutls_3_6_9/NEWS
2019-07-25 23:43:53 -05:00
Vladimír Čunát
07dbc438cc
gnutls: 3.6.7 -> 3.6.8 (bugfix)
No security fixes announced.
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html
2019-05-28 13:51:55 +02:00
Vladimír Čunát
347cd8add7
gnutls: fix tests after 79bd4ad57 (PR #61179)
It's one of the places that would reach out to /etc/ otherwise,
so I expect we have to pay this price to get the effect.
Hopefully there won't be too many places to patch.
2019-05-19 14:45:52 +02:00