gnu: mbedtls-apache: Update to 2.23.0 [security fixes].

* gnu/packages/tls.scm (mbedtls-apache): Update to 2.23.0. [source]: Use GIT-FETCH and GIT-FILE-NAME. [arguments]: Make source files writable. Enable threading.
2024-11-07 23:46:13 -05:00 · 2020-07-14 03:06:05 +02:00 · 2020-07-14 03:06:05 +02:00 · 927ecd4ebe
commit 927ecd4ebe
parent 338f5428d6
1 changed files with 26 additions and 9 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -891,22 +891,39 @@ (define-public acme-client
 (define-public mbedtls-apache
  (package
    (name "mbedtls-apache")
-    (version "2.16.6")
+    ;; XXX Check whether ‘-Wformat-signedness’ below still breaks when updating.
+    (version "2.23.0")
    (source
     (origin
-       (method url-fetch)
-       ;; XXX: The download links on the website are script redirection links
-       ;; which effectively lead to the format listed in the uri here.
-       (uri (string-append "https://tls.mbed.org/download/mbedtls-"
-                           version "-apache.tgz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/ARMmbed/mbedtls")
+             (commit (string-append "mbedtls-" version))))
       (sha256
-        (base32
-         "0w0p51vx0cc6fyqfdn59669q6n4187vi64fw5ha302hrlqimwib6"))))
+        (base32 "13fa9h2i989cbf8n8c0j019mshv6wg213va18my1s787lhcq2d62"))
+       (file-name (git-file-name name version))))
    (build-system cmake-build-system)
    (arguments
     `(#:configure-flags
       (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
-             "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")))
+             "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'make-source-writable
+           (lambda _
+             (for-each make-file-writable (find-files "."))
+             #t))
+         (add-before 'configure 'enable-features
+           ;; Some packages like Hiawatha depend on ’less embedded’ features.
+           (lambda _
+             (substitute* "include/mbedtls/config.h"
+               (("//(#define MBEDTLS_THREADING_(C|PTHREAD))"
+                 _ match)
+                match))
+             ;; XXX The above enables code that breaks with -Werror…
+             (substitute* "CMakeLists.txt"
+               ((" -Wformat-signedness") ""))
+             #t)))))
    (native-inputs
     `(("perl" ,perl)
       ("python" ,python)))