From 88e2511e217f2c23c6048d6cf104df99be3fef63 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 10 Jun 2017 15:47:00 +0200 Subject: gnu: gnutls: Replace with 3.5.13. This update addresses the following security advisories: GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4. See and . * gnu/packages/patches/gnutls-skip-pkgconfig-test.patch, gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files. * gnu/local.mk (dist_patch_DATA): Register patches. * gnu/packages/tls.scm (gnutls)[replacement]: New field. (gnutls-3.5.13): New variable. (gnutls/guile-2.2)[replacement]: New field. Set #f. [source]: Inherit from GNUTLS-3.5.13. --- gnu/packages/tls.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'gnu/packages/tls.scm') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 8964abb2f2..bba95eb9bc 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016, 2017 ng0 ;;; Copyright © 2016 Hartmut Goebel +;;; Copyright © 2017 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -142,6 +143,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") + (replacement gnutls-3.5.13) (version "3.5.9") (source (origin (method url-fetch) @@ -214,10 +216,32 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define gnutls-3.5.13 ;GNUTLS-SA-2017-{3,4} + (package + (inherit gnutls) + ;; We use 'D' instead of '13' here to keep the store file name at + ;; the same length. See . + (version "3.5.D") + (replacement #f) + (source (origin + (method url-fetch) + (uri + (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-3.5.13.tar.xz")) + (patches + (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-skip-pkgconfig-test.patch")) + (sha256 + (base32 + "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))))) + (define-public gnutls/guile-2.2 ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. (package (inherit gnutls) + (replacement #f) + (source (package-source gnutls-3.5.13)) (name "guile2.2-gnutls") (arguments ;; Remove '--with-guile-site-dir=…/2.0'. -- cgit 1.4.1