From 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 10 Dec 2019 18:20:51 -0500 Subject: gnu: nss: Fix CVE-2019-11745 via graft. * gnu/packages/patches/nss-CVE-2019-11745.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field. --- gnu/packages/nss.scm | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'gnu/packages/nss.scm') diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 65f95aaa8a..4f421f6e9d 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -71,6 +71,7 @@ in the Mozilla clients.") (package (name "nss") (version "3.46.1") + (replacement nss/fixed) (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -183,3 +184,11 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))) + +(define nss/fixed + (package + (inherit nss) + (source (origin + (inherit (package-source nss)) + (patches (append (search-patches "nss-CVE-2019-11745.patch") + (origin-patches (package-source nss)))))))) -- cgit v1.2.3