* [bug#68516] [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes]
@ 2024-01-16 19:05 Jack Hill
2024-01-16 19:45 ` [bug#68516] [PATCH v2] " Jack Hill
0 siblings, 1 reply; 5+ messages in thread
From: Jack Hill @ 2024-01-16 19:05 UTC (permalink / raw)
To: 68516; +Cc: guix-security
Fixes CVE-2024-0553 and CVE-2024-0567.
gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
---
gnu/packages/tls.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 6441b8ed43..0af60c652e 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -309,7 +309,7 @@ (define-deprecated/public-alias gnutls-latest gnutls)
(define gnutls-3.8.2
(package
(inherit gnutls)
- (version "3.8.2")
+ (version "3.8.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
@@ -318,7 +318,7 @@ (define gnutls-3.8.2
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+ "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#68516] [PATCH v2] gnu: gnutls: Update to 3.8.3 [security-fixes]
2024-01-16 19:05 [bug#68516] [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Jack Hill
@ 2024-01-16 19:45 ` Jack Hill
2024-01-16 19:58 ` [bug#68516] [PATCH v3] " Jack Hill
0 siblings, 1 reply; 5+ messages in thread
From: Jack Hill @ 2024-01-16 19:45 UTC (permalink / raw)
To: 68516; +Cc: guix-security
Fixes CVE-2024-0553 and CVE-2024-0567.
gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
---
Version 2 updates the variable name to match the sofware version.
gnu/packages/tls.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 6441b8ed43..7be74a26b9 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,7 +200,7 @@ (define-public gnutls
(package
(name "gnutls")
(version "3.7.7")
- (replacement gnutls-3.8.2)
+ (replacement gnutls-3.8.3)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -306,10 +306,10 @@ (define-deprecated/public-alias gnutls-latest gnutls)
;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
-(define gnutls-3.8.2
+(define gnutls-3.8.3
(package
(inherit gnutls)
- (version "3.8.2")
+ (version "3.8.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
@@ -318,7 +318,7 @@ (define gnutls-3.8.2
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+ "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes]
2024-01-16 19:45 ` [bug#68516] [PATCH v2] " Jack Hill
@ 2024-01-16 19:58 ` Jack Hill
2024-01-20 22:17 ` bug#68516: " John Kehayias via Guix-patches via
0 siblings, 1 reply; 5+ messages in thread
From: Jack Hill @ 2024-01-16 19:58 UTC (permalink / raw)
To: 68516; +Cc: guix-security
Fixes CVE-2024-0553 and CVE-2024-0567.
gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
---
Version 3 updates the code comment for the new CVEs
gnu/packages/tls.scm | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 6441b8ed43..207763bdc2 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,7 +200,7 @@ (define-public gnutls
(package
(name "gnutls")
(version "3.7.7")
- (replacement gnutls-3.8.2)
+ (replacement gnutls-3.8.3)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -305,11 +305,12 @@ (define-public gnutls
(define-deprecated/public-alias gnutls-latest gnutls)
;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
-;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
-(define gnutls-3.8.2
+;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981,
+;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567
+(define gnutls-3.8.3
(package
(inherit gnutls)
- (version "3.8.2")
+ (version "3.8.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnutls/v"
@@ -318,7 +319,7 @@ (define gnutls-3.8.2
(patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+ "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#68516: [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes]
2024-01-16 19:58 ` [bug#68516] [PATCH v3] " Jack Hill
@ 2024-01-20 22:17 ` John Kehayias via Guix-patches via
2024-01-22 1:23 ` [bug#68516] " Jack Hill
0 siblings, 1 reply; 5+ messages in thread
From: John Kehayias via Guix-patches via @ 2024-01-20 22:17 UTC (permalink / raw)
To: Jack Hill; +Cc: 68516-done, guix-security
(apologies if this went through twice, wrong email used)
Hi Jack,
On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote:
> Fixes CVE-2024-0553 and CVE-2024-0567.
>
> gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
>
Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I
changed the replacement name to gnutls/fixed rather than using the
version number. I think that is a bit easier to maintain and pretty
common with our grafts.
And thank you for emailing the security list for this. Something we
should probably mention directly in the manual for patch
submission/teams.
John
> Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
> ---
>
> Version 3 updates the code comment for the new CVEs
>
> gnu/packages/tls.scm | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
> index 6441b8ed43..207763bdc2 100644
> --- a/gnu/packages/tls.scm
> +++ b/gnu/packages/tls.scm
> @@ -200,7 +200,7 @@ (define-public gnutls
> (package
> (name "gnutls")
> (version "3.7.7")
> - (replacement gnutls-3.8.2)
> + (replacement gnutls-3.8.3)
> (source (origin
> (method url-fetch)
> ;; Note: Releases are no longer on ftp.gnu.org since the
> @@ -305,11 +305,12 @@ (define-public gnutls
> (define-deprecated/public-alias gnutls-latest gnutls)
>
> ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
> -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
> -(define gnutls-3.8.2
> +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981,
> +;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567
> +(define gnutls-3.8.3
> (package
> (inherit gnutls)
> - (version "3.8.2")
> + (version "3.8.3")
> (source (origin
> (method url-fetch)
> (uri (string-append "mirror://gnupg/gnutls/v"
> @@ -318,7 +319,7 @@ (define gnutls-3.8.2
> (patches (search-patches "gnutls-skip-trust-store-test.patch"))
> (sha256
> (base32
> - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
> + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
>
> (define-public gnutls/dane
> ;; GnuTLS with build libgnutls-dane, implementing DNS-based
>
> base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes]
2024-01-20 22:17 ` bug#68516: " John Kehayias via Guix-patches via
@ 2024-01-22 1:23 ` Jack Hill
0 siblings, 0 replies; 5+ messages in thread
From: Jack Hill @ 2024-01-22 1:23 UTC (permalink / raw)
To: John Kehayias; +Cc: 68516-done, guix-security
On Sat, 20 Jan 2024, John Kehayias wrote:
> (apologies if this went through twice, wrong email used)
>
> Hi Jack,
>
> On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote:
>
>> Fixes CVE-2024-0553 and CVE-2024-0567.
>>
>> gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3.
>>
>
> Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I
> changed the replacement name to gnutls/fixed rather than using the
> version number. I think that is a bit easier to maintain and pretty
> common with our grafts.
>
> And thank you for emailing the security list for this. Something we
> should probably mention directly in the manual for patch
> submission/teams.
>
> John
Awesome, thank you!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-22 1:25 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-16 19:05 [bug#68516] [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Jack Hill
2024-01-16 19:45 ` [bug#68516] [PATCH v2] " Jack Hill
2024-01-16 19:58 ` [bug#68516] [PATCH v3] " Jack Hill
2024-01-20 22:17 ` bug#68516: " John Kehayias via Guix-patches via
2024-01-22 1:23 ` [bug#68516] " Jack Hill
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.