From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org, 24418@debbugs.gnu.org
Subject: bug#24418: GnuTLS security update
Date: Fri, 14 Oct 2016 23:37:04 +0200 [thread overview]
Message-ID: <87insuvchr.fsf__15616.6400098757$1476481108$gmane$org@gnu.org> (raw)
In-Reply-To: <87zindtgya.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 12 Sep 2016 14:56:13 +0200")
[-- Attachment #1: Type: text/plain, Size: 2144 bytes --]
Hello!
ludo@gnu.org (Ludovic Courtès) skribis:
> $ git describe
> v0.11.0-970-g8d4169a
> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls --no-grafts
> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.2
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
>
>
> Please send bug reports to: <bugs@gnutls.org>
> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.4
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
AFAICS this is fixed by these two patches:
b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow other grafts.
d0025d0 * packages: 'package-grafts' applies grafts on replacement.
Please let know if you notice anything wrong.
For debugging purposes, I found it easier to have the attached patch
applied, so that replacements are easily distinguishable from the
original packages. You might want to use it too. :-)
(I didn’t apply it to master because it would lead to merge conflicts in
core-updates, but feel free to apply it if that seems OK to you.)
Thanks,
Ludo’.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1767 bytes --]
modified gnu/packages/gnupg.scm
@@ -138,15 +138,14 @@ generation.")
(define libgcrypt-1.5.6
(package
(inherit libgcrypt-1.5)
- (source
- (let ((version "1.5.6"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+ (version "1.5.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
(define-public libassuan
(package
modified gnu/packages/tls.scm
@@ -215,16 +215,15 @@ required structures.")
(define gnutls-3.5.4
(package
(inherit gnutls)
- (source
- (let ((version "3.5.4"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (sha256
- (base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
+ (version "3.5.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/gnutls/v"
+ (version-major+minor version)
+ "/gnutls-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))
(define-public openssl
prev parent reply other threads:[~2016-10-14 21:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-11 15:41 GnuTLS security update Leo Famulari
2016-09-11 16:08 ` Vincent Legoll
2016-09-11 20:45 ` Ludovic Courtès
2016-09-11 20:54 ` Ludovic Courtès
2016-09-12 1:53 ` Leo Famulari
2016-09-12 3:28 ` Leo Famulari
2016-09-12 12:56 ` Ludovic Courtès
2016-09-12 16:34 ` Leo Famulari
2016-10-14 7:57 ` bug#24418: Grafted item refers to a mixture of grafted and ungrafted outputs of the same derivation Ludovic Courtès
2016-10-14 21:37 ` bug#24418: GnuTLS security update Ludovic Courtès
2016-10-14 21:37 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='87insuvchr.fsf__15616.6400098757$1476481108$gmane$org@gnu.org' \
--to=ludo@gnu.org \
--cc=24418@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.