[bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

* [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
@ 2023-09-25 19:06 Christopher Baines
  2023-10-19 20:17 ` Ludovic Courtès
  0 siblings, 1 reply; 3+ messages in thread
From: Christopher Baines @ 2023-09-25 19:06 UTC (permalink / raw)
  To: 66195

The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
upgrade to 3.8.0 or later.

* gnu/packages/tls.scm (gnutls-3.8.1): New variable.
(gnutls)[replacement]: Use it.
---
 gnu/packages/tls.scm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b669ac2e8d..99252464e6 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,6 +200,7 @@ (define-public gnutls
   (package
     (name "gnutls")
     (version "3.7.7")
+    (replacement gnutls-3.8.1)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -303,6 +304,20 @@ (define-public gnutls
 
 (define-deprecated/public-alias gnutls-latest gnutls)
 
+(define-public gnutls-3.8.1
+  (package
+    (inherit gnutls)
+    (version "3.8.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (patches (search-patches "gnutls-skip-trust-store-test.patch"))
+              (sha256
+               (base32
+                "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
+
 (define-public gnutls/dane
   ;; GnuTLS with build libgnutls-dane, implementing DNS-based
   ;; Authentication of Named Entities.  This is required for GNS functionality

base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
  2023-09-25 19:06 [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1 Christopher Baines
@ 2023-10-19 20:17 ` Ludovic Courtès
  2023-10-20 11:42   ` bug#66195: " Christopher Baines
  0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2023-10-19 20:17 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 66195

Hi,

Christopher Baines <mail@cbaines.net> skribis:

> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
> upgrade to 3.8.0 or later.
>
> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
> (gnutls)[replacement]: Use it.

Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
3.7.7 as currently packaged.

> +(define-public gnutls-3.8.1

Maybe add a comment here with the SA and CVE references.

Then, assuming the ABIs are compatible (which can be checked with
libabigail’s abidiff), LGTM.

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#66195: [PATCH] gnu: gnutls: Replace with 3.8.1.
  2023-10-19 20:17 ` Ludovic Courtès
@ 2023-10-20 11:42   ` Christopher Baines
  0 siblings, 0 replies; 3+ messages in thread
From: Christopher Baines @ 2023-10-20 11:42 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 66195-done

[-- Attachment #1: Type: text/plain, Size: 1753 bytes --]


Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
>> upgrade to 3.8.0 or later.
>>
>> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
>> (gnutls)[replacement]: Use it.
>
> Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
> 3.7.7 as currently packaged.
>
>> +(define-public gnutls-3.8.1
>
> Maybe add a comment here with the SA and CVE references.

Done, and pushed to master as 501549137853455ca39afaf79d8a623ea4494c88.

> Then, assuming the ABIs are compatible (which can be checked with
> libabigail’s abidiff), LGTM.

→ abidiff /gnu/store/yr4lbvdyc4dgs76yij1dw2w2z8s84af8-gnutls-3.7.7/lib/libgnutls.so /gnu/store/92h0r4f0h2hz3vz9k31nfj62mv7sy1zc-gnutls-3.8.1/lib/libgnutls.so
Functions changes summary: 0 Removed, 0 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
Function symbols changes summary: 0 Removed, 8 Added function symbols not referenced by debug info
Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info

8 Added function symbols not referenced by debug info:

  [A] _gnutls_pathbuf_append@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_deinit@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_init@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_truncate@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_session_ticket_disable_server@@GNUTLS_PRIVATE_3_4
  [A] gnutls_psk_format_imported_identity@@GNUTLS_3_8_1
  [A] gnutls_psk_set_client_credentials_function3@@GNUTLS_3_8_1
  [A] gnutls_psk_set_server_credentials_function3@@GNUTLS_3_8_1


Thanks for taking a look,

Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-10-20 11:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-25 19:06 [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1 Christopher Baines
2023-10-19 20:17 ` Ludovic Courtès
2023-10-20 11:42   ` bug#66195: " Christopher Baines

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.