| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
- recent versions only accept libidn2 (not libidn)
- it's for free, as it's a runtime dependency of glibc anyway
|
|
|
|
|
| |
Includes a low-severity security fix.
https://lists.gnupg.org/pipermail/gnutls-help/2022-January/004736.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GnuTLS has a single hard-coded location for the system trust store,
currently set to the path used by NixOS, Debian, Arch, Gentoo, etc.
Since not all distributions use the same path, notably Fedora and RHEL,
the certificate validation will break on some non-NixOS system.
This can be solved by enabling the p11-kit integration, so that by
default p11-kit (properly configured for all major distos) will provide
GnuTLS with the CA roots though the PKCS #11 API.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The point is to reduce rebuild amount when updating cacert/nss,
though at *this* point it remains quite high - before & after:
Estimating rebuild amount by counting changed Hydra jobs (parallel=unset).
13109 x86_64-darwin
21567 x86_64-linux
Estimating rebuild amount by counting changed Hydra jobs (parallel=unset).
13109 x86_64-darwin
17141 x86_64-linux
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>GnuTLS - GNU Project - Free Software Foundation</title>
<meta http-equiv="content-type" content='text/html; charset=utf-8' />
<meta http-equiv="refresh" content="1; url=https://gnutls.org/" />
<script type="text/javascript">
window.location.href = "https://gnutls.org/"
</script>
</head>
<body>
<p>GnuTLS is at <a
href="https://gnutls.org/">https://gnutls.org/</a>.</p>
<hr/>
</body>
</html>
|
| |
| |
| | |
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
|
| |
| |
| |
| | |
It was forgotten in commit 8a91c70ec14.
|
| |
| |
| |
| | |
We haven't supported multiple versions for a long time.
|
|/
|
|
| |
https://lists.gnupg.org/pipermail/gnutls-help/2021-May/004708.html
|
|
|
|
|
|
|
| |
* gnutls: fix build with musl
* gnutls: don't handle old versions
Co-authored-by: Kasper Gałkowski <kpg@posteo.net>
|
| |
|
|
|
|
|
|
|
|
| |
https://lists.gnupg.org/pipermail/gnutls-help/2021-March/004698.html
It includes a low-severity security fix:
https://gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
postPatch: the patched file doesn't exist now and all tests still pass.
|
|
|
|
| |
https://lists.gnupg.org/pipermail/gnutls-help/2020-December/004670.html
|
|
|
|
|
|
|
|
| |
There's an error when compiling autogen on macos Big Sur with #105026,
and it compiles fine without autogen, so I see no reason to keep it.
The dependency on autogen was originally introduced in 31a128b32bd12b5ebae,
but unfortunately there's no explanation for the reason and no linked issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
|
|\
| |
| | |
coreutils, findutils, gnutls: fix build on 32-bit ARM
|
| |
| |
| |
| |
| | |
Add an upstream patch to fix failing tests. The patch actually affects gnulib,
which is included as a vendored dependency.
|
|/ |
|
|
|
|
|
| |
Security: on-wire alert could cause NULL pointer dereference.
https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html
|
|
|
|
|
|
|
|
| |
Fixes CVE-2020-13777 [1].
Changes: https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-13777
|
|\
| |
| | |
gnutls: fix guile bindings
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`musl` produces a different output than `glibc` during some tests, which
let's them fail.
Using `getpass(3)` under `musl` when `stdin` is not a tty omits the
prompt, which the `certtool` test expects to find.
See https://gitlab.com/gnutls/gnutls/-/issues/945
|
| |
| |
| |
| |
| | |
tarballs.nixos.org is omitted from the change because urls from there
are always hashed and checked
|
|\ \ |
|
| |/ |
|
|/
|
|
|
|
| |
Fixes CVE-2020-11501.
Changes: https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
|
| |
|
| |
|
| |
|
|\
| |
| | |
gnutls: 3.6.9 -> 3.6.10
|
| |
| |
| |
| |
| |
| |
| | |
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/gnutls/versions
|
|/
|
|
| |
See https://gitlab.com/gnutls/gnutls/issues/764 for more info.
|
|
|
|
| |
https://gitlab.com/gnutls/gnutls/blob/gnutls_3_6_9/NEWS
|
|
|
|
|
| |
No security fixes announced.
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html
|
|
|
|
|
|
| |
It's one of the places that would reach out to /etc/ otherwise,
so I expect we have to pay this price to get the effect.
Hopefully there won't be too many places to patch.
|
|
|
|
| |
The patch should work fine, regardless of the Darwin patch being applied.
|
|
|
|
|
|
|
|
| |
Nix packages are expected to honor NIX_SSL_CERT_FILE and this removes the
dependency on the framework while bootstrapping the stdenv.
(+ nitpick changes from vcunat)
The patch is based on https://gitlab.com/gnutls/gnutls/commit/c0eb46d3463cd21b3f822ac377ff37f067f66b8d
|
|
|
|
|
| |
https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html
Close #58437.
|
| |
|
| |
|
|
|
|
|
|
| |
"bug fix release on the stable branch"
https://lists.gnupg.org/pipermail/gnutls-help/2019-January/004484.html
|
|\ |
|
| |
| |
| |
| |
| |
| | |
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
|
|/
|
|
|
|
| |
No security problems have been published about 3.6.x so far,
but I'd certainly count the almost-transparent TLS 1.3 support
as a security improvement.
|
|
|
|
|
|
|
|
|
|
|
| |
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
|
| |
|
| |
|