From 7bc396bf353c5550c49b3f8791b34072ba417d90 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 2 Jun 2020 14:05:46 -0400
Subject: gnu: nss: Fix CVE-2020-12399 via graft.

* gnu/packages/patches/nss-CVE-2020-12399.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nss.scm (nss/fixed): New variable.
(nss)[replacement]: Add field.
---
 gnu/packages/nss.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/packages/nss.scm')

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index e423bdd3a2..887860157d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -73,6 +73,7 @@ in the Mozilla clients.")
   (package
     (name "nss")
     (version "3.50")
+    (replacement nss/fixed)
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -191,3 +192,11 @@ applications.  Applications built with NSS can support SSL v2 and v3, TLS,
 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
 security standards.")
     (license license:mpl2.0)))
+
+(define nss/fixed
+  (package
+    (inherit nss)
+    (source (origin
+              (inherit (package-source nss))
+              (patches (append (search-patches "nss-CVE-2020-12399.patch")
+                               (origin-patches (package-source nss))))))))
-- 
cgit v1.2.3