aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/nss.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2020-06-02 14:05:46 -0400
committerMark H Weaver <mhw@netris.org>2020-06-02 14:05:46 -0400
commit7bc396bf353c5550c49b3f8791b34072ba417d90 (patch)
treed205b805297d2346fff6a4aabbdf2d536a7b98b5 /gnu/packages/nss.scm
parent8f7cf3b50cda98afab1bef89bef2d6c01aa2b626 (diff)
downloadguix-7bc396bf353c5550c49b3f8791b34072ba417d90.tar
guix-7bc396bf353c5550c49b3f8791b34072ba417d90.tar.gz
gnu: nss: Fix CVE-2020-12399 via graft.
* gnu/packages/patches/nss-CVE-2020-12399.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field.
Diffstat (limited to 'gnu/packages/nss.scm')
-rw-r--r--gnu/packages/nss.scm9
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index e423bdd3a2..887860157d 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -73,6 +73,7 @@ in the Mozilla clients.")
(package
(name "nss")
(version "3.50")
+ (replacement nss/fixed)
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -191,3 +192,11 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
(license license:mpl2.0)))
+
+(define nss/fixed
+ (package
+ (inherit nss)
+ (source (origin
+ (inherit (package-source nss))
+ (patches (append (search-patches "nss-CVE-2020-12399.patch")
+ (origin-patches (package-source nss))))))))