aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2020-12-03 16:59:10 +0100
committerMarius Bakke <marius@gnu.org>2020-12-03 21:56:52 +0100
commitc5df560fd3762c0dbe99562f52223c73d445e597 (patch)
treee816a740ca41a1d6cfc077f7a78a0a9af435eea2 /gnu
parent7776fc4c0f8c4b4c68598756a7282240aede7e75 (diff)
downloadguix-c5df560fd3762c0dbe99562f52223c73d445e597.tar
guix-c5df560fd3762c0dbe99562f52223c73d445e597.tar.gz
gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659].
* gnu/packages/tls.scm (gnutls-3.6.14): Rename to ... (gnutls/fixed): ... this. Update to 3.6.15. (gnutls): Adjust for renamed replacement. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise. * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/package-management.scm2
-rw-r--r--gnu/packages/tls.scm9
-rw-r--r--gnu/packages/vpn.scm2
3 files changed, 7 insertions, 6 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 2cb9350bbd..906c04c7ff 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n")))
("glibc-utf8-locales" ,glibc-utf8-locales)))
(propagated-inputs
- `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 gnutls))
+ `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls))
;; Avahi requires "glib" which doesn't cross-compile yet.
,@(if (%current-target-system)
'()
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 00b0bf6ddb..3b681426ad 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -165,7 +165,7 @@ living in the same process.")
(package
(name "gnutls")
;; XXX Unversion openconnect's "gnutls" input when ungrafting.
- (replacement gnutls-3.6.14)
+ (replacement gnutls/fixed)
(version "3.6.12")
(source (origin
(method url-fetch)
@@ -254,10 +254,11 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define-public gnutls-3.6.14
+;; Replacement package to fix multiple security vulnerabilities.
+(define-public gnutls/fixed
(package
(inherit gnutls)
- (version "3.6.14")
+ (version "3.6.15")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
@@ -267,7 +268,7 @@ required structures.")
"gnutls-cross.patch"))
(sha256
(base32
- "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
+ "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
(native-inputs
`(,@(if (%current-target-system) ;for cross-build
`(("guile" ,guile-3.0)) ;to create .go files
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 39a9825893..04c34c3d4d 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -265,7 +265,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
`(("libxml2" ,libxml2)
;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
- ("gnutls" ,gnutls-3.6.14)
+ ("gnutls" ,gnutls/fixed)
("zlib" ,zlib)))
(inputs
`(("lz4" ,lz4)