From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id KAi/FZXaEWV4GgEAauVa8A:P1 (envelope-from ) for ; Mon, 25 Sep 2023 21:08:05 +0200 Received: from aspmx1.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id KAi/FZXaEWV4GgEAauVa8A (envelope-from ) for ; Mon, 25 Sep 2023 21:08:05 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1007751976 for ; Mon, 25 Sep 2023 21:08:05 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1695668885; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=iHlk4flerXhJ6Uy5rS4NMAFQU34Z45fAKFpkYN1Hybk=; b=lF1Q3ChD75wifPkvg9fN5kZF9BjQ0hqb0iPROtASiYgVjMZofLX7VMDLiEW+7B6gh2olgG BnjouYDBn+b1LKGyvdRNxQYXMmXVVKVnQHddhsc2lhAFKBThsJkCszNaEYJcfVhmtMKxP7 +lcb25G3wfPFijs6gn+0dA1HP/Mj6CcpW2EJ898tjQM31YKtj1W/rI/BUhLjEvA2tKwFF9 9kH9/efhPDdRrmeJWrfyRkrcEP4k4uEtO+ONNGP/SLd6ADztQX0c+zY54S6xb3cPzZ+Hel PIDwl87lKtPSt5nNO+6xn48ktcUUuh1WyNWiHPzgu7vr0O6kqPqpDcrs/HODPQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1695668885; a=rsa-sha256; cv=none; b=JRJilbsVq7TVUJzJbb7c/Le1xIneCBNX78RFIBcZXU8CqPQtu5ubqTOrmxabTTZ8ItkEmC BxmeOsa5hp9VNDG3uIKWEmaENrDM8PB3OqhmC5NcffjP7vVvacQNDLj/kMseHmrB068XwI Fi+hfflz+p1ActwQ2gTCdZPlx7kErZEFc6dncNUXQnqdS+Sjo5aiR7FzHOgmBZmjsFs0pd j/qvUO75zP1WeMH5VJOQtmz/63QvUzpi5Qr4CpIscH+HVun60saZvZmnQB4tBzNRKdwDwK 4oBKYrXLsPHYz0MT40xWh2tlQn8zVCPtKqRGxekNMBCfWDiK/s+7E3kUngA5GA== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qkqvu-00021z-Rg; Mon, 25 Sep 2023 15:07:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qkqvt-00021i-Ju for guix-patches@gnu.org; Mon, 25 Sep 2023 15:07:49 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qkqvt-0006tt-Ao for guix-patches@gnu.org; Mon, 25 Sep 2023 15:07:49 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qkqw5-0002Qr-RU for guix-patches@gnu.org; Mon, 25 Sep 2023 15:08:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1. Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 25 Sep 2023 19:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 66195 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66195@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16956688409288 (code B ref -1); Mon, 25 Sep 2023 19:08:01 +0000 Received: (at submit) by debbugs.gnu.org; 25 Sep 2023 19:07:20 +0000 Received: from localhost ([127.0.0.1]:46683 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qkqvP-0002Pj-Kk for submit@debbugs.gnu.org; Mon, 25 Sep 2023 15:07:19 -0400 Received: from lists.gnu.org ([2001:470:142::17]:47634) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qkqvM-0002PS-2V for submit@debbugs.gnu.org; Mon, 25 Sep 2023 15:07:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qkqv4-0001jd-45 for guix-patches@gnu.org; Mon, 25 Sep 2023 15:06:58 -0400 Received: from mira.cbaines.net ([212.71.252.8]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qkqv2-0006nn-HY for guix-patches@gnu.org; Mon, 25 Sep 2023 15:06:57 -0400 Received: from localhost (unknown [79.173.170.234]) by mira.cbaines.net (Postfix) with ESMTPSA id 009E427BBE2 for ; Mon, 25 Sep 2023 20:06:54 +0100 (BST) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 63e685c9 for ; Mon, 25 Sep 2023 19:06:51 +0000 (UTC) From: Christopher Baines Date: Mon, 25 Sep 2023 20:06:51 +0100 Message-ID: <4f21f3a5aba2851c7b943c283f5f6a21b93444eb.1695668811.git.mail@cbaines.net> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=212.71.252.8; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.70 X-Migadu-Scanner: mx2.migadu.com X-Migadu-Queue-Id: 1007751976 X-Spam-Score: -4.70 X-TUID: 8Es7vW4IcN4s The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to upgrade to 3.8.0 or later. * gnu/packages/tls.scm (gnutls-3.8.1): New variable. (gnutls)[replacement]: Use it. --- gnu/packages/tls.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b669ac2e8d..99252464e6 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,6 +200,7 @@ (define-public gnutls (package (name "gnutls") (version "3.7.7") + (replacement gnutls-3.8.1) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -303,6 +304,20 @@ (define-public gnutls (define-deprecated/public-alias gnutls-latest gnutls) +(define-public gnutls-3.8.1 + (package + (inherit gnutls) + (version "3.8.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch")) + (sha256 + (base32 + "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs")))))) + (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based ;; Authentication of Named Entities. This is required for GNS functionality base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac -- 2.41.0