diff options
author | Marius Bakke <marius@gnu.org> | 2020-12-03 16:59:10 +0100 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-12-03 21:56:52 +0100 |
commit | c5df560fd3762c0dbe99562f52223c73d445e597 (patch) | |
tree | e816a740ca41a1d6cfc077f7a78a0a9af435eea2 /gnu | |
parent | 7776fc4c0f8c4b4c68598756a7282240aede7e75 (diff) | |
download | guix-c5df560fd3762c0dbe99562f52223c73d445e597.tar guix-c5df560fd3762c0dbe99562f52223c73d445e597.tar.gz |
gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659].
* gnu/packages/tls.scm (gnutls-3.6.14): Rename to ...
(gnutls/fixed): ... this. Update to 3.6.15.
(gnutls): Adjust for renamed replacement.
* gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise.
* gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/package-management.scm | 2 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 9 | ||||
-rw-r--r-- | gnu/packages/vpn.scm | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 2cb9350bbd..906c04c7ff 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n"))) ("glibc-utf8-locales" ,glibc-utf8-locales))) (propagated-inputs - `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 gnutls)) + `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls)) ;; Avahi requires "glib" which doesn't cross-compile yet. ,@(if (%current-target-system) '() diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 00b0bf6ddb..3b681426ad 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -165,7 +165,7 @@ living in the same process.") (package (name "gnutls") ;; XXX Unversion openconnect's "gnutls" input when ungrafting. - (replacement gnutls-3.6.14) + (replacement gnutls/fixed) (version "3.6.12") (source (origin (method url-fetch) @@ -254,10 +254,11 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define-public gnutls-3.6.14 +;; Replacement package to fix multiple security vulnerabilities. +(define-public gnutls/fixed (package (inherit gnutls) - (version "3.6.14") + (version "3.6.15") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -267,7 +268,7 @@ required structures.") "gnutls-cross.patch")) (sha256 (base32 - "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n")))) + "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) (native-inputs `(,@(if (%current-target-system) ;for cross-build `(("guile" ,guile-3.0)) ;to create .go files diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 39a9825893..04c34c3d4d 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -265,7 +265,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer `(("libxml2" ,libxml2) ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’ ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>. - ("gnutls" ,gnutls-3.6.14) + ("gnutls" ,gnutls/fixed) ("zlib" ,zlib))) (inputs `(("lz4" ,lz4) |