gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659].

* gnu/packages/tls.scm (gnutls-3.6.14): Rename to ... (gnutls/fixed): ... this. Update to 3.6.15. (gnutls): Adjust for renamed replacement. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise. * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise.
author: Marius Bakke <marius@gnu.org> 2020-12-03 16:59:10 +0100
committer: Marius Bakke <marius@gnu.org> 2020-12-03 21:56:52 +0100
commit: c5df560fd3762c0dbe99562f52223c73d445e597 (patch)
tree: e816a740ca41a1d6cfc077f7a78a0a9af435eea2 /gnu
parent: 7776fc4c0f8c4b4c68598756a7282240aede7e75 (diff)
3 files changed, 7 insertions, 6 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 2cb9350bbd..906c04c7ff 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n")))
 
          ("glibc-utf8-locales" ,glibc-utf8-locales)))
       (propagated-inputs
-       `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 gnutls))
+       `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls))
          ;; Avahi requires "glib" which doesn't cross-compile yet.
          ,@(if (%current-target-system)
                '()
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 00b0bf6ddb..3b681426ad 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -165,7 +165,7 @@ living in the same process.")
   (package
     (name "gnutls")
     ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
-    (replacement gnutls-3.6.14)
+    (replacement gnutls/fixed)
     (version "3.6.12")
     (source (origin
              (method url-fetch)
@@ -254,10 +254,11 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define-public gnutls-3.6.14
+;; Replacement package to fix multiple security vulnerabilities.
+(define-public gnutls/fixed
   (package
     (inherit gnutls)
-    (version "3.6.14")
+    (version "3.6.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnutls/v"
@@ -267,7 +268,7 @@ required structures.")
                                        "gnutls-cross.patch"))
               (sha256
                (base32
-                "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
+                "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
     (native-inputs
      `(,@(if (%current-target-system)             ;for cross-build
              `(("guile" ,guile-3.0))              ;to create .go files
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 39a9825893..04c34c3d4d 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -265,7 +265,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
     `(("libxml2" ,libxml2)
       ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
       ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
-      ("gnutls" ,gnutls-3.6.14)
+      ("gnutls" ,gnutls/fixed)
       ("zlib" ,zlib)))
    (inputs
     `(("lz4" ,lz4)
author	Marius Bakke <marius@gnu.org>	2020-12-03 16:59:10 +0100
committer	Marius Bakke <marius@gnu.org>	2020-12-03 21:56:52 +0100
commit	c5df560fd3762c0dbe99562f52223c73d445e597 (patch)
tree	e816a740ca41a1d6cfc077f7a78a0a9af435eea2 /gnu
parent	7776fc4c0f8c4b4c68598756a7282240aede7e75 (diff)