From c5df560fd3762c0dbe99562f52223c73d445e597 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 3 Dec 2020 16:59:10 +0100 Subject: gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659]. * gnu/packages/tls.scm (gnutls-3.6.14): Rename to ... (gnutls/fixed): ... this. Update to 3.6.15. (gnutls): Adjust for renamed replacement. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise. * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise. --- gnu/packages/package-management.scm | 2 +- gnu/packages/tls.scm | 9 +++++---- gnu/packages/vpn.scm | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 2cb9350bbd..906c04c7ff 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n"))) ("glibc-utf8-locales" ,glibc-utf8-locales))) (propagated-inputs - `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 gnutls)) + `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls)) ;; Avahi requires "glib" which doesn't cross-compile yet. ,@(if (%current-target-system) '() diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 00b0bf6ddb..3b681426ad 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -165,7 +165,7 @@ living in the same process.") (package (name "gnutls") ;; XXX Unversion openconnect's "gnutls" input when ungrafting. - (replacement gnutls-3.6.14) + (replacement gnutls/fixed) (version "3.6.12") (source (origin (method url-fetch) @@ -254,10 +254,11 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define-public gnutls-3.6.14 +;; Replacement package to fix multiple security vulnerabilities. +(define-public gnutls/fixed (package (inherit gnutls) - (version "3.6.14") + (version "3.6.15") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -267,7 +268,7 @@ required structures.") "gnutls-cross.patch")) (sha256 (base32 - "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n")))) + "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) (native-inputs `(,@(if (%current-target-system) ;for cross-build `(("guile" ,guile-3.0)) ;to create .go files diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 39a9825893..04c34c3d4d 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -265,7 +265,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer `(("libxml2" ,libxml2) ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’ ;; See . - ("gnutls" ,gnutls-3.6.14) + ("gnutls" ,gnutls/fixed) ("zlib" ,zlib))) (inputs `(("lz4" ,lz4) -- cgit v1.2.3