summaryrefslogtreecommitdiff
path: root/gnu/packages/tls.scm
diff options
context:
space:
mode:
authorChristopher Baines <mail@cbaines.net>2023-09-25 20:06:51 +0100
committerChristopher Baines <mail@cbaines.net>2023-10-20 11:38:00 +0100
commit501549137853455ca39afaf79d8a623ea4494c88 (patch)
tree4c7c91f225058fff610a305d7d2edb75406c5251 /gnu/packages/tls.scm
parent419e359a5e98f546661fc58e3a682378dcc60bca (diff)
gnu: gnutls: Replace with 3.8.1.
The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to upgrade to 3.8.0 or later. * gnu/packages/tls.scm (gnutls-3.8.1): New variable. (gnutls)[replacement]: Use it. Signed-off-by: Christopher Baines <mail@cbaines.net>
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r--gnu/packages/tls.scm17
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 61484bfd86..d62c00dcff 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,6 +200,7 @@ living in the same process.")
(package
(name "gnutls")
(version "3.7.7")
+ (replacement gnutls-3.8.1)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -303,6 +304,22 @@ required structures.")
(define-deprecated/public-alias gnutls-latest gnutls)
+;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
+;; CVE-2023-0361
+(define-public gnutls-3.8.1
+ (package
+ (inherit gnutls)
+ (version "3.8.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/gnutls/v"
+ (version-major+minor version)
+ "/gnutls-" version ".tar.xz"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
+ (sha256
+ (base32
+ "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
+
(define-public gnutls/dane
;; GnuTLS with build libgnutls-dane, implementing DNS-based
;; Authentication of Named Entities. This is required for GNS functionality
generated by cgit v1.2.3 (git 2.44.0) at 2024-06-28 06:28:45 +0000