[PATCH 0/3]: gnu: wget: Upgrade to 1.16.

[PATCH 0/3]: gnu: wget: Upgrade to 1.16.

[Eric Bavier]

This upgrade fixes CVE-2014-4877.  In the previous release, the testcases
would fail but be marked as "skipped".  That behavior changed to hard failures
in 1.16, thus the need for the additional native-input perl modules.

The libpsl input can be added at a later time (i.e. libpsl needs to be packaged).

`~Eric

[PATCH 1/3] gnu: Add perl-net-ssleay.

[Eric Bavier]

* gnu/packages/openssl.scm (perl-net-ssleay): New variable.
---
 gnu/packages/openssl.scm |   34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/openssl.scm b/gnu/packages/openssl.scm
index 563290d..141e105 100644
--- a/gnu/packages/openssl.scm
+++ b/gnu/packages/openssl.scm
@@ -23,7 +23,8 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl))
 
 (define-public openssl
   (package
@@ -67,3 +68,34 @@
     "OpenSSL is an implementation of SSL/TLS")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
+
+(define-public perl-net-ssleay
+  (package
+    (name "perl-net-ssleay")
+    (version "1.66")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
+                                  "Net-SSLeay-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0mxfdhz2fyc40a4myi1yfalf875v5wq1fm4qib9sj3chdm9zvy2v"))))
+    (build-system perl-build-system)
+    (inputs `(("openssl" ,openssl)))
+    (arguments
+     `(#:phases (alist-cons-before
+                 'configure 'set-ssl-prefix
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (setenv "OPENSSL_PREFIX" (assoc-ref inputs "openssl")))
+                 %standard-phases)))
+    (synopsis "Perl extension for using OpenSSL")
+    (description
+     "This module offers some high level convenience functions for accessing
+web pages on SSL servers (for symmetry, the same API is offered for accessing
+http servers, too), an sslcat() function for writing your own clients, and
+finally access to the SSL api of the SSLeay/OpenSSL package so you can write
+servers or clients for more complicated applications.")
+    (license (package-license perl))
+    (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
+
+
-- 
1.7.9.5

[PATCH 2/3] gnu: Add perl-io-socket-ssl.

[Eric Bavier]

* gnu/packages/web.scm (perl-io-socket-ssl): New variable.
---
 gnu/packages/web.scm |   23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 1a42625..301e64b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -572,3 +572,26 @@ unavailable.")
 library.")
     (license (package-license perl))
     (home-page "http://search.cpan.org/~szbalint/WWW-Curl-4.17/lib/WWW/Curl.pm")))
+
+(define-public perl-io-socket-ssl
+  (package
+    (name "perl-io-socket-ssl")
+    (version "2.002")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/S/SU/SULLR/"
+                                  "IO-Socket-SSL-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8"))))
+    (build-system perl-build-system)
+    (propagated-inputs `(("perl-net-ssleay" ,perl-net-ssleay)))
+    (synopsis "Nearly transparent SSL encapsulation for IO::Socket::INET")
+    (description
+     "IO::Socket::SSL makes using SSL/TLS much easier by wrapping the
+necessary functionality into the familiar IO::Socket interface and providing
+secure defaults whenever possible.  This way existing applications can be made
+SSL-aware without much effort, at least if you do blocking I/O and don't use
+select or poll.")
+    (license (package-license perl))
+    (home-page "https://github.com/noxxi/p5-io-socket-ssl")))
-- 
1.7.9.5

[PATCH 3/3] gnu: wget: Upgrade to 1.16.

[Eric Bavier]

* gnu/packages/wget.scm (wget)[source]: Upgrade to 1.16.
  [inputs]: Add libidn.
  [native-inputs]: Add python, perl-http-daemon, and
  perl-io-socket-ssl.
---
 gnu/packages/wget.scm |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index fb5fbf6..674cc07 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -20,7 +20,10 @@
 (define-module (gnu packages wget)
   #:use-module (guix licenses)
   #:use-module (gnu packages gnutls)
+  #:use-module (gnu packages libidn)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages web)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
@@ -28,7 +31,7 @@
 (define-public wget
   (package
     (name "wget")
-    (version "1.15")
+    (version "1.16")
     (source
      (origin
       (method url-fetch)
@@ -36,12 +39,17 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1yw0sk4mrs7bvga3c79rkbhxivmw8cs3b5wq3cglp1f9ai1mz2ni"))))
+        "1rxhr3jmgbwryzl51di4avqxw9m9j1z2aak8q1npns0p184xsqcj"))))
     (build-system gnu-build-system)
+    ;; TODO: Add libpsl to inputs
     (inputs
-     `(("gnutls" ,gnutls)))
+     `(("gnutls" ,gnutls)
+       ("libidn" ,libidn)))
     (native-inputs
-     `(("perl" ,perl)))
+     `(("perl" ,perl)
+       ("python" ,python)               ;for testenv suite
+       ("perl-http-daemon" ,perl-http-daemon)
+       ("perl-io-socket-ssl" ,perl-io-socket-ssl)))
     (home-page "http://www.gnu.org/software/wget/")
     (synopsis "Non-interactive command-line utility for downloading files")
     (description
-- 
1.7.9.5

Re: [PATCH 0/3]: gnu: wget: Upgrade to 1.16.

[Ludovic Courtès]

Eric Bavier <ericbavier@gmail.com> skribis:

> This upgrade fixes CVE-2014-4877.  In the previous release, the testcases
> would fail but be marked as "skipped".  That behavior changed to hard failures
> in 1.16, thus the need for the additional native-input perl modules.

This all looks good to me, thank you!

Ludo’.