gnu: perl-crypt-openssl-bignum: Update to 0.08.
* gnu/packages/tls.scm (perl-crypt-openssl-bignum): Update to 0.08.
gnu: p11-kit: Update to 0.23.8.
* gnu/packages/tls.scm (p11-kit): Update to 0.23.8.
gnu: libtasn1: Fix CVE-2017-10790.
* gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it.
gnu: certbot, python-acme: Update to 0.17.0.
* gnu/packages/tls.scm (certbot, python-acme, python2-acme): Update to 0.17.0.
gnu: net-tools: Add a test-only variant and use it for GnuTLS.
* gnu/packages/linux.scm (net-tools-for-tests): Add hidden net-tools variant.
* gnu/packages/tls.scm (gnutls)[native-inputs]: Use net-tools-for-tests instead
of net-tools.
download: Add OpenBSD mirrors.
* guix/download.scm (%mirrors) <openbsd>: Add HTTPS OpenBSD mirrors.
* gnu/packages/ntp.scm (openntpd)[source]: Use them.
* gnu/packages/ssh.scm (openssh)[source]: Likewise.
* gnu/packages/tls.scm (libressl)[source]: Likewise.
gnu: certbot, python-acme: Update to 0.16.0.
* gnu/pckages/tls.scm (certbot, python-acme, python2-acme): Update to 0.16.0.
gnu: libressl: Provide a TLS-enabled implementation of netcat.
* gnu/packages/tls.scm (libressl)[arguments]: Pass '--enable-nc'
to #:configure-flags.
gnu: libressl: Update to 2.5.5.
* gnu/packages/tls.scm (libressl): Update to 2.5.5.
[source]: Use HTTPS URL.
packages: Mark 'replacement' as an "innate" field.
Suggested by Mark H Weaver
at <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00355.html>.
* guix/packages.scm (<package>)[replacement]: Mark as "innate".
* gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24)
(glibc-2.23, glibc-2.22, glibc-2.21, glibc-locales): Remove
'replacement' field, which was set to #f.
* gnu/packages/commencement.scm (perl-boot0): Likewise.
* gnu/packages/fontutils.scm (graphite2/fixed): Likewise.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Likewise.
* gnu/packages/gnupg.scm (libgcrypt-1.7.8): Likewise.
* gnu/packages/guile.scm (guile-2.0/fixed, guile-2.2): Likewise.
* gnu/packages/icu4c.scm (icu4c/fixed): Likewise.
* gnu/packages/image.scm (libpng-apng): Likewise.
* gnu/packages/make-bootstrap.scm (%guile-static): Likewise.
* gnu/packages/pcre.scm (pcre/fixed): Likewise.
* gnu/packages/perl.scm (perl/fixed): Likewise.
* gnu/packages/ruby.scm (ruby-2.3, ruby-2.2, ruby-2.1)
(ruby-1.8): Likewise.
* gnu/packages/tls.scm (gnutls-3.5.13, gnutls/guile-2.2): Likewise.
* gnu/packages/xml.scm (expat-2.2.1): Likewise.
gnu: mbedtls-apache: Update to 2.5.1.
* gnu/packages/tls.scm (mbedtls-apache): Update to 2.5.1.
gnu: certbot: Build with Python 3.
* gnu/packages/tls.scm (certbot): Use python-3 to build.
[native-inputs, propagated-inputs]: Use Python 3 variants of dependencies. Use
python-mock-2.
gnu: gnutls: Replace with 3.5.13.
This update addresses the following security advisories:
GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
See <https://gnutls.org/security.html> and <https://gnutls.org/news.html>.
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register patches.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.13): New variable.
(gnutls/guile-2.2)[replacement]: New field. Set #f.
[source]: Inherit from GNUTLS-3.5.13.
Merge branch 'master' into staging
gnu: certbot, python-acme: Update to 0.14.2.
* gnu/packages/tls.scm (certbot, python-acme, python2-acme): Update to 0.14.2.
Merge branch 'master' into staging
gnu: openssl@1.1.0: Update to 1.1.0f.
* gnu/packages/tls.scm (openssl-next): Update to 1.1.0f.
gnu: libtasn1: Fix CVE-2017-6891.
* gnu/packages/patches/libtasn1-CVE-2017-6891.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1)[replacement]: New field.
(libtasn1/fixed): New variable.