gnu: gnutls: Replace with 3.8.1.

The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to upgrade to 3.8.0 or later. * gnu/packages/tls.scm (gnutls-3.8.1): New variable. (gnutls)[replacement]: Use it. Signed-off-by: Christopher Baines <mail@cbaines.net>
2023-09-25 20:06:51 +01:00 · 2023-09-25 20:06:51 +01:00 · 5015491378
parent 419e359a5e
commit 5015491378
1 changed files with 17 additions and 0 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -200,6 +200,7 @@ living in the same process.")
  (package
    (name "gnutls")
    (version "3.7.7")
+    (replacement gnutls-3.8.1)
    (source (origin
              (method url-fetch)
              ;; Note: Releases are no longer on ftp.gnu.org since the
@ -303,6 +304,22 @@ required structures.")

 (define-deprecated/public-alias gnutls-latest gnutls)

+;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
+;; CVE-2023-0361
+(define-public gnutls-3.8.1
+  (package
+    (inherit gnutls)
+    (version "3.8.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (patches (search-patches "gnutls-skip-trust-store-test.patch"))
+              (sha256
+               (base32
+                "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
+
 (define-public gnutls/dane
  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
  ;; Authentication of Named Entities.  This is required for GNS functionality