diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-06-10 15:47:00 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-06-11 01:08:58 +0200 |
| commit | 88e2511e217f2c23c6048d6cf104df99be3fef63 (patch) | |
| tree | 9a65d80a426ed6c0e04a9b5fbcb3c1fc10791174 /gnu/packages/tls.scm | |
| parent | e35dc5e75ea0fe98f9777f48715584b38b4cc302 (diff) | |
| download | guix-88e2511e217f2c23c6048d6cf104df99be3fef63.tar guix-88e2511e217f2c23c6048d6cf104df99be3fef63.tar.gz | |
gnu: gnutls: Replace with 3.5.13.
This update addresses the following security advisories:
GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
See <https://gnutls.org/security.html> and <https://gnutls.org/news.html>.
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register patches.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls-3.5.13): New variable.
(gnutls/guile-2.2)[replacement]: New field. Set #f.
[source]: Inherit from GNUTLS-3.5.13.
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 8964abb2f2..bba95eb9bc 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> +;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -142,6 +143,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") + (replacement gnutls-3.5.13) (version "3.5.9") (source (origin (method url-fetch) @@ -214,10 +216,32 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define gnutls-3.5.13 ;GNUTLS-SA-2017-{3,4} + (package + (inherit gnutls) + ;; We use 'D' instead of '13' here to keep the store file name at + ;; the same length. See <https://bugs.gnu.org/27308>. + (version "3.5.D") + (replacement #f) + (source (origin + (method url-fetch) + (uri + (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-3.5.13.tar.xz")) + (patches + (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-skip-pkgconfig-test.patch")) + (sha256 + (base32 + "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))))) + (define-public gnutls/guile-2.2 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. (package (inherit gnutls) + (replacement #f) + (source (package-source gnutls-3.5.13)) (name "guile2.2-gnutls") (arguments ;; Remove '--with-guile-site-dir=…/2.0'. |