~ruther/guix-local: gnu: gnutls: Update to 3.8.3 [security-fixes].

856b4a603ac5100be03d9c9bbd8f00dce030a79e — Jack Hill 2 years ago 782d69f

gnu: gnutls: Update to 3.8.3 [security-fixes].

Fixes CVE-2024-0553 and CVE-2024-0567.

gnu/packages/tls.scm (gnutls-3.8.2): Rename to ...
(gnutls/fixed): ... this.  Update to 3.8.3.
(gnutls): Rename replacement to gnutls/fixed.

Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
Co-authored-by: John Kehayias <john.kehayias@protonmail.com>

patch browse .tar.gz

1 files changed, 6 insertions(+), 5 deletions(-)

M gnu/packages/tls.scm

M gnu/packages/tls.scm => gnu/packages/tls.scm +6 -5

@@ 200,7 200,7 @@ living in the same process.")
   (package
     (name "gnutls")
     (version "3.7.7")
-    (replacement gnutls-3.8.2)
+    (replacement gnutls/fixed)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the


@@ 305,11 305,12 @@ required structures.")
 (define-deprecated/public-alias gnutls-latest gnutls)
 
 ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
-;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
-(define gnutls-3.8.2
+;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, GNUTLS-SA-2024-01-14 /
+;; CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567
+(define gnutls/fixed
   (package
     (inherit gnutls)
-    (version "3.8.2")
+    (version "3.8.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnutls/v"


@@ 318,7 319,7 @@ required structures.")
               (patches (search-patches "gnutls-skip-trust-store-test.patch"))
               (sha256
                (base32
-                "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+                "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))
 
 (define-public gnutls/dane
   ;; GnuTLS with build libgnutls-dane, implementing DNS-based