gnu: nss: Fix CVE-2019-11745 via graft.

* gnu/packages/patches/nss-CVE-2019-11745.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field.
author: Mark H Weaver <mhw@netris.org> 2019-12-10 18:20:51 -0500
committer: Mark H Weaver <mhw@netris.org> 2019-12-11 01:52:10 -0500
commit: 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6 (patch)
tree: 7fd5fa9d8c81036f36a950299f7dfa42e20375f5 /gnu/packages/nss.scm
parent: bc587eb178799ccb9bd051f8f46569e1673a9991 (diff)
download: gnu-guix-04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6.tar
gnu-guix-04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 65f95aaa8a..4f421f6e9d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,6 +71,7 @@ in the Mozilla clients.")
   (package
     (name "nss")
     (version "3.46.1")
+    (replacement nss/fixed)
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -183,3 +184,11 @@ applications.  Applications built with NSS can support SSL v2 and v3, TLS,
 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
 security standards.")
     (license license:mpl2.0)))
+
+(define nss/fixed
+  (package
+    (inherit nss)
+    (source (origin
+              (inherit (package-source nss))
+              (patches (append (search-patches "nss-CVE-2019-11745.patch")
+                               (origin-patches (package-source nss))))))))
author	Mark H Weaver <mhw@netris.org>	2019-12-10 18:20:51 -0500
committer	Mark H Weaver <mhw@netris.org>	2019-12-11 01:52:10 -0500
commit	04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6 (patch)
tree	7fd5fa9d8c81036f36a950299f7dfa42e20375f5 /gnu/packages/nss.scm
parent	bc587eb178799ccb9bd051f8f46569e1673a9991 (diff)
download	gnu-guix-04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6.tar gnu-guix-04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6.tar.gz