From 8951b9496b5c390adb3b3292d234bb8ab9936c40 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Sat, 6 Jun 2020 15:00:42 +0200
Subject: gnu: GnuTLS: Update replacement to 3.6.14 [fixes CVE-2020-13777].

* gnu/packages/tls.scm (gnutls-3.6.13): Rename to ...
(gnutls-3.6.14): ... this.  Update to 3.6.14.
(gnutls)[replacement]: Adjust accordingly.
* gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise.
* gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise.
---
 gnu/packages/package-management.scm |  2 +-
 gnu/packages/tls.scm                | 10 +++++-----
 gnu/packages/vpn.scm                |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'gnu/packages')

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index ecaebac291..cc3a40cb93 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -371,7 +371,7 @@ $(prefix)/etc/init.d\n")))
 
          ("glibc-utf8-locales" ,glibc-utf8-locales)))
       (propagated-inputs
-       `(("gnutls" ,(if (%current-target-system) gnutls-3.6.13 guile3.0-gnutls))
+       `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 guile3.0-gnutls))
          ("guile-gcrypt" ,guile-gcrypt)
          ("guile-json" ,guile-json-4)
          ("guile-sqlite3" ,guile-sqlite3)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 8a644a3ef2..ec401416ce 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -166,7 +166,7 @@ living in the same process.")
   (package
     (name "gnutls")
     ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
-    (replacement gnutls-3.6.13)
+    (replacement gnutls-3.6.14)
     (version "3.6.12")
     (source (origin
              (method url-fetch)
@@ -254,20 +254,20 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define-public gnutls-3.6.13
+(define-public gnutls-3.6.14
   (package
     (inherit gnutls)
-    (version "3.6.13")
+    (version "3.6.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnutls/v"
                                   (version-major+minor version)
-                                  "/gnutls-3.6.13.tar.xz"))
+                                  "/gnutls-" version ".tar.xz"))
               (patches (search-patches "gnutls-skip-trust-store-test.patch"
                                        "gnutls-cross.patch"))
               (sha256
                (base32
-                "0f1gnm0756qms5cpx6yn6xb8d3imc2gkqmygf12n9x6r8zs1s11j"))))
+                "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
     (native-inputs
      `(,@(if (%current-target-system)             ;for cross-build
              `(("guile" ,guile-3.0))              ;to create .go files
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 5c38ac71e8..e16ac81961 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -261,7 +261,7 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
     `(("libxml2" ,libxml2)
       ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
       ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
-      ("gnutls" ,gnutls-3.6.13)
+      ("gnutls" ,gnutls-3.6.14)
       ("zlib" ,zlib)))
    (inputs
     `(("lz4" ,lz4)
-- 
cgit v1.2.3