guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#48648] [PATCH] gnu: gnutls: Update to 3.6.16 [fixes CVE-2021-20305]

From: Solene Rapenne
Subject: [bug#48648] [PATCH] gnu: gnutls: Update to 3.6.16 [fixes CVE-2021-20305].
Date: Fri, 28 May 2021 19:06:52 +0200 
Le Thu, 27 May 2021 10:28:54 -0400,
Leo Famulari <leo@famulari.name> a écrit :

> On Tue, May 25, 2021 at 10:47:57PM +0200, Solene Rapenne wrote:
> > I understand from the output that there is no ABI change.  
> 
> Great! So, what's left for this patch is to set up the graft.
> 
> Concretely, that means creating a new variable 'gnutls-3.6.16' that
> inherits from 'gnutls' and adjusts the version and source fields. Then,
> add a replacement field to the new 'gnutls' package that uses
> 'gnutls-3.6.16'.
> 
> Can you send a revised patch?

here is the new patch

From 086ebe0c9e2a8999d1ce46ffa75291ea5a25f2ed Mon Sep 17 00:00:00 2001
From: Solene Rapenne <solene@perso.pw>
Date: Fri, 28 May 2021 19:05:23 +0200
Subject: [PATCH] gnu: gnutls: Replace with 3.6.16 [fixes CVE-2021-20305].

---
 gnu/packages/tls.scm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 174438ad87..55410f3911 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2021 Solene Rapenne <solene@perso.pw>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -165,6 +166,7 @@ living in the same process.")
   (package
     (name "gnutls")
     (version "3.6.15")
+    (replacement gnutls-3.6.16)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -258,6 +260,22 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+;; Replacement package to fix CVE-2021-20305.
+(define gnutls-3.6.16
+  (package
+    (inherit gnutls)
+    (version "3.6.16")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (patches (search-patches "gnutls-skip-trust-store-test.patch"
+                                       "gnutls-cross.patch"))
+              (sha256
+               (base32
+                "1czk511pslz367shf32f2jvvkp7y1323bcv88c2qng98mj0v6y8v"))))))
+
 (define-public gnutls/guile-2.0
   ;; GnuTLS for Guile 2.0.
   (package/inherit gnutls
-- 
2.31.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]