From 501549137853455ca39afaf79d8a623ea4494c88 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Mon, 25 Sep 2023 20:06:51 +0100 Subject: [PATCH] gnu: gnutls: Replace with 3.8.1. The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to upgrade to 3.8.0 or later. * gnu/packages/tls.scm (gnutls-3.8.1): New variable. (gnutls)[replacement]: Use it. Signed-off-by: Christopher Baines --- gnu/packages/tls.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 61484bfd86..d62c00dcff 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,6 +200,7 @@ living in the same process.") (package (name "gnutls") (version "3.7.7") + (replacement gnutls-3.8.1) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -303,6 +304,22 @@ required structures.") (define-deprecated/public-alias gnutls-latest gnutls) +;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / +;; CVE-2023-0361 +(define-public gnutls-3.8.1 + (package + (inherit gnutls) + (version "3.8.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch")) + (sha256 + (base32 + "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs")))))) + (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based ;; Authentication of Named Entities. This is required for GNS functionality