From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#24418: GnuTLS security update Date: Fri, 14 Oct 2016 23:37:04 +0200 Message-ID: <87insuvchr.fsf__15616.6400098757$1476481108$gmane$org@gnu.org> References: <20160911154108.GA13920@jasmine> <87zinei2dq.fsf@gnu.org> <20160912015322.GA3951@jasmine> <87zindtgya.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54571) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bvAB4-0002wV-PB for bug-guix@gnu.org; Fri, 14 Oct 2016 17:38:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bvAB0-0008OM-EO for bug-guix@gnu.org; Fri, 14 Oct 2016 17:38:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:49889) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bvAB0-0008N2-A1 for bug-guix@gnu.org; Fri, 14 Oct 2016 17:38:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87zindtgya.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 12 Sep 2016 14:56:13 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Leo Famulari Cc: guix-devel@gnu.org, 24418@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello! ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > $ git describe > v0.11.0-970-g8d4169a > $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls > /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2 > $ ./pre-inst-env guix build gnutls > /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug > /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc > /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2 > $ ./pre-inst-env guix build gnutls --no-grafts > /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug > /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc > /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2 > $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli= --version > gnutls-cli 3.5.2 > Copyright (C) 2000-2016 Free Software Foundation, and others, all rights = reserved. > This is free software. It is licensed for use, modification and > redistribution under the terms of the GNU General Public License, > version 3 or later > > > Please send bug reports to: > $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli= --version > gnutls-cli 3.5.4 > Copyright (C) 2000-2016 Free Software Foundation, and others, all rights = reserved. > This is free software. It is licensed for use, modification and > redistribution under the terms of the GNU General Public License, > version 3 or later AFAICS this is fixed by these two patches: b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow = other grafts. d0025d0 * packages: 'package-grafts' applies grafts on replacement. Please let know if you notice anything wrong. For debugging purposes, I found it easier to have the attached patch applied, so that replacements are easily distinguishable from the original packages. You might want to use it too. :-) (I didn=E2=80=99t apply it to master because it would lead to merge conflic= ts in core-updates, but feel free to apply it if that seems OK to you.) Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline modified gnu/packages/gnupg.scm @@ -138,15 +138,14 @@ generation.") (define libgcrypt-1.5.6 (package (inherit libgcrypt-1.5) - (source - (let ((version "1.5.6")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))) + (version "1.5.6") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))) (define-public libassuan (package modified gnu/packages/tls.scm @@ -215,16 +215,15 @@ required structures.") (define gnutls-3.5.4 (package (inherit gnutls) - (source - (let ((version "3.5.4")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-" version ".tar.xz")) - (sha256 - (base32 - "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))) + (version "3.5.4") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (sha256 + (base32 + "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))) (define-public openssl --=-=-=--