me
/
guix
Archived
1
0
Fork 0
Code

gnu: gnutls: Replace with 3.8.1. 

The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
upgrade to 3.8.0 or later.

* gnu/packages/tls.scm (gnutls-3.8.1): New variable.
(gnutls)[replacement]: Use it.

Signed-off-by: Christopher Baines <mail@cbaines.net>
Christopher Baines 2023-09-25 20:06:51 +01:00
parent 419e359a5e
commit 5015491378
No known key found for this signature in database
GPG Key ID: 5E28A33B0B84F577
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
gnu/packages/tls.scm
View File

@ -200,6 +200,7 @@ living in the same process.")
(package (package
(name "gnutls") (name "gnutls")
(version "3.7.7") (version "3.7.7")
(replacement gnutls-3.8.1)
(source (origin (source (origin
(method url-fetch) (method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the ;; Note: Releases are no longer on ftp.gnu.org since the
@ -303,6 +304,22 @@ required structures.")
(define-deprecated/public-alias gnutls-latest gnutls) (define-deprecated/public-alias gnutls-latest gnutls)
;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
;; CVE-2023-0361
(define-public gnutls-3.8.1
(package
(inherit gnutls)
(version "3.8.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
"1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
(define-public gnutls/dane (define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based ;; GnuTLS with build libgnutls-dane, implementing DNS-based
;; Authentication of Named Entities. This is required for GNS functionality ;; Authentication of Named Entities. This is required for GNS functionality