* [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
@ 2023-09-25 19:06 Christopher Baines
2023-10-19 20:17 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Christopher Baines @ 2023-09-25 19:06 UTC (permalink / raw)
To: 66195
The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
upgrade to 3.8.0 or later.
* gnu/packages/tls.scm (gnutls-3.8.1): New variable.
(gnutls)[replacement]: Use it.
---
gnu/packages/tls.scm | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b669ac2e8d..99252464e6 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,6 +200,7 @@ (define-public gnutls
(package
(name "gnutls")
(version "3.7.7")
+ (replacement gnutls-3.8.1)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -303,6 +304,20 @@ (define-public gnutls
(define-deprecated/public-alias gnutls-latest gnutls)
+(define-public gnutls-3.8.1
+ (package
+ (inherit gnutls)
+ (version "3.8.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/gnutls/v"
+ (version-major+minor version)
+ "/gnutls-" version ".tar.xz"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
+ (sha256
+ (base32
+ "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
+
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
;; Authentication of Named Entities. This is required for GNS functionality
base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac
--
2.41.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
2023-09-25 19:06 [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1 Christopher Baines
@ 2023-10-19 20:17 ` Ludovic Courtès
2023-10-20 11:42 ` bug#66195: " Christopher Baines
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2023-10-19 20:17 UTC (permalink / raw)
To: Christopher Baines; +Cc: 66195
Hi,
Christopher Baines <mail@cbaines.net> skribis:
> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
> upgrade to 3.8.0 or later.
>
> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
> (gnutls)[replacement]: Use it.
Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
3.7.7 as currently packaged.
> +(define-public gnutls-3.8.1
Maybe add a comment here with the SA and CVE references.
Then, assuming the ABIs are compatible (which can be checked with
libabigail’s abidiff), LGTM.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#66195: [PATCH] gnu: gnutls: Replace with 3.8.1.
2023-10-19 20:17 ` Ludovic Courtès
@ 2023-10-20 11:42 ` Christopher Baines
0 siblings, 0 replies; 3+ messages in thread
From: Christopher Baines @ 2023-10-20 11:42 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 66195-done
[-- Attachment #1: Type: text/plain, Size: 1753 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
>> upgrade to 3.8.0 or later.
>>
>> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
>> (gnutls)[replacement]: Use it.
>
> Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
> 3.7.7 as currently packaged.
>
>> +(define-public gnutls-3.8.1
>
> Maybe add a comment here with the SA and CVE references.
Done, and pushed to master as 501549137853455ca39afaf79d8a623ea4494c88.
> Then, assuming the ABIs are compatible (which can be checked with
> libabigail’s abidiff), LGTM.
→ abidiff /gnu/store/yr4lbvdyc4dgs76yij1dw2w2z8s84af8-gnutls-3.7.7/lib/libgnutls.so /gnu/store/92h0r4f0h2hz3vz9k31nfj62mv7sy1zc-gnutls-3.8.1/lib/libgnutls.so
Functions changes summary: 0 Removed, 0 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
Function symbols changes summary: 0 Removed, 8 Added function symbols not referenced by debug info
Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info
8 Added function symbols not referenced by debug info:
[A] _gnutls_pathbuf_append@@GNUTLS_PRIVATE_3_4
[A] _gnutls_pathbuf_deinit@@GNUTLS_PRIVATE_3_4
[A] _gnutls_pathbuf_init@@GNUTLS_PRIVATE_3_4
[A] _gnutls_pathbuf_truncate@@GNUTLS_PRIVATE_3_4
[A] _gnutls_session_ticket_disable_server@@GNUTLS_PRIVATE_3_4
[A] gnutls_psk_format_imported_identity@@GNUTLS_3_8_1
[A] gnutls_psk_set_client_credentials_function3@@GNUTLS_3_8_1
[A] gnutls_psk_set_server_credentials_function3@@GNUTLS_3_8_1
Thanks for taking a look,
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-10-20 11:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-25 19:06 [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1 Christopher Baines
2023-10-19 20:17 ` Ludovic Courtès
2023-10-20 11:42 ` bug#66195: " Christopher Baines
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).