diff options
Diffstat (limited to 'pkgs/development/libraries/gnutls/default.nix')
| -rw-r--r-- | pkgs/development/libraries/gnutls/default.nix | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 728d4a82b23c7..b527c0d3c3331 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -44,6 +44,8 @@ , rsyslog , openconnect , samba + +, gitUpdater }: let @@ -58,11 +60,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; - version = "3.8.4"; + version = "3.8.5"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; - hash = "sha256-K+pOFUeU8/ABgPoqXFH+iwBax6Mc1YvUTN+n8268Ops="; + hash = "sha256-ZiaaLP4OHC2r7Ie9u9irZW85bt2aQN0AaXjgA8+lK/w="; }; outputs = [ "bin" "dev" "out" ] @@ -83,6 +85,16 @@ stdenv.mkDerivation rec { revert = true; hash = "sha256-r/+Gmwqy0Yc1LHL/PdPLXlErUBC5JxquLzCBAN3LuRM="; }) + # Makes the system-wide configuration for RSAES-PKCS1-v1_5 actually apply + # and makes it enabled by default when the config file is missing + # Without this an error 113 is thrown when using some RSA certificates + # see https://gitlab.com/gnutls/gnutls/-/issues/1540 + # "This is pretty sever[e], since it breaks on letsencrypt-issued RSA keys." (comment from above issue) + (fetchpatch2 { + name = "fix-rsaes-pkcs1-v1_5-system-wide-configuration.patch"; + url = "https://gitlab.com/gnutls/gnutls/-/commit/2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d.diff"; + hash = "sha256-2aWcLff9jzJnY+XSqCIaK/zdwSLwkNlfDeMlWyRShN8="; + }) ]; # Skip some tests: @@ -97,12 +109,6 @@ stdenv.mkDerivation rec { sed 's:/usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/:`pkg-config --variable=p11_module_path p11-kit-1`:' -i tests/p11-kit-trust.sh '' + lib.optionalString stdenv.hostPlatform.isMusl '' # See https://gitlab.com/gnutls/gnutls/-/issues/945 sed '2iecho "certtool tests skipped in musl build"\nexit 0' -i tests/cert-tests/certtool.sh - '' + lib.optionalString stdenv.hostPlatform.isStatic '' - # Adapted from https://gitlab.com/gnutls/gnutls/-/commit/d214cd4570fb1559a20e941bb7ceac7df52e96d3 - # Can be removed with 3.8.5+. - sed -i lib/nettle/backport/rsa-sign-tr.c -e \ - '/^#include <nettle\/rsa\.h>/i\ - #define nettle_rsa_compute_root_tr _gnutls_nettle_backport_rsa_compute_root_tr' ''; preConfigure = "patchShebangs ."; @@ -153,6 +159,11 @@ stdenv.mkDerivation rec { --replace "-lunistring" "" ''; + + passthru.updateScript = gitUpdater { + url = "https://gitlab.com/gnutls/gnutls.git"; + }; + passthru.tests = { inherit ngtcp2-gnutls curlWithGnuTls ffmpeg emacs qemu knot-resolver samba openconnect; inherit (ocamlPackages) ocamlnet; |