[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27308: [PATCH] gnu: gnutls: Replace with 3.5.13.
|
From: |
Marius Bakke |
|
Subject: |
bug#27308: [PATCH] gnu: gnutls: Replace with 3.5.13. |
|
Date: |
Sat, 10 Jun 2017 18:16:07 +0200 |
|
User-agent: |
Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) |
Ludovic Courtès <address@hidden> writes:
> Hi Marius,
>
> Marius Bakke <address@hidden> skribis:
>
>> This update addresses the following security advisories:
>>
>> GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
>>
>> These links contain more information about the vulnerabilities and releases:
>>
>> https://gnutls.org/security.html
>> https://gnutls.org/news.html
>>
>> * gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
>> gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
>> * gnu/local.mk (dist_patch_DATA): Register patches.
>> * gnu/packages/tls.scm (gnutls)[replacement]: New field.
>> (gnutls-3.5.13): New variable.
>
> Assuming binary compatibility, that looks good to me.
The release notes since version 3.5.9 explicitly mention no API or ABI
changes.
> While you’re at it, could you update GnuTLS in ‘core-updates’?
Indeed; that was the intention. Will merge-and-ungraft after committing.
> For the trust-store.c test, we could ask upstream to arrange so that the
> test is skipped when the trust store doesn’t exist; would the test still
> make sense?
The test *only* checks that the --default-trust-store exists. However,
the current solution is rather hacky, will check for proper skipping
mechanisms.
I tested this graft on my profile, but apparently the grafting code
checks the store item length and refuses since the .13 is one byte
longer than .9:
Backtrace:
In ice-9/boot-9.scm:
160: 14 [catch #t #<catch-closure 8c5dc0> ...]
In unknown file:
?: 13 [apply-smob/1 #<catch-closure 8c5dc0>]
In ice-9/boot-9.scm:
66: 12 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
432: 11 [eval # #]
In ice-9/boot-9.scm:
2412: 10 [save-module-excursion #<procedure 8e6840 at ice-9/boot-9.scm:4084:3
()>]
4089: 9 [#<procedure 8e6840 at ice-9/boot-9.scm:4084:3 ()>]
1734: 8 [%start-stack load-stack #<procedure 8f6e20 at ice-9/boot-9.scm:4080:10
()>]
1739: 7 [#<procedure 8f8960 ()>]
In unknown file:
?: 6 [primitive-load
"/gnu/store/aaxbysgk1j098i8i6ag24jslnizwmdlw-ffmpeg-3.3.2-guile-builder"]
In ice-9/eval.scm:
387: 5 [eval # ()]
In ice-9/boot-9.scm:
797: 4 [for-each #<procedure d0cd20 at ice-9/eval.scm:416:20 (a b)> # #]
In
/gnu/store/9a54ididkvfkgkv7rgjw07vmdc16k9cv-module-import/guix/build/graft.scm:
262: 3 [rewrite-directory
"/gnu/store/kx3gc2swra9f2clkrgxall1bb5mcxhpc-ffmpeg-3.3.2" ...]
In srfi/srfi-1.scm:
575: 2 [map #<procedure ae0860 at
/gnu/store/9a54ididkvfkgkv7rgjw07vmdc16k9cv-module-import/guix/build/graft.scm:262:11
(expr)> ...]
In
/gnu/store/9a54ididkvfkgkv7rgjw07vmdc16k9cv-module-import/guix/build/graft.scm:
268: 1 [#<procedure ae0860 at
/gnu/store/9a54ididkvfkgkv7rgjw07vmdc16k9cv-module-import/guix/build/graft.scm:262:11
(expr)> #]
In unknown file:
?: 0 [scm-error misc-error #f ...]
ERROR: In procedure scm-error:
ERROR: replacement length differs from the original length
"56dbd2gw33g3wdxmq78lr39lamg8gxnq-gnutls-3.5.9"
"78kvf0ma45z3h14850wzkcvz3zqg59xy-gnutls-3.5.13"
builder for `/gnu/store/hjzqpxdirqv5hmlyc2cg1pisnchnfisi-ffmpeg-3.3.2.drv'
failed with exit code 1
cannot build derivation
`/gnu/store/dn6qzxbp9xk659ypldnpgdb07fvx4343-profile.drv': 1 dependencies
couldn't be built
guix package: error: build failed: build of
`/gnu/store/dn6qzxbp9xk659ypldnpgdb07fvx4343-profile.drv' failed
Not sure what to do about it. Ideas?
signature.asc
Description: PGP signature