GNU bug report logs - #27308
[PATCH] gnu: gnutls: Replace with 3.5.13.

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Sat, 10 Jun 2017 14:00:03 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 27308 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 27308 <at> debbugs.gnu.org
Subject: Re: bug#27308: [PATCH] gnu: gnutls: Replace with 3.5.13.
Date: Sat, 10 Jun 2017 16:29:44 +0200

Hi Marius,

Marius Bakke <mbakke <at> fastmail.com> skribis:

> This update addresses the following security advisories:
>
> GNUTLS-SA-2017-3 (aka CVE-2017-7869) and GNUTLS-SA-2017-4.
>
> These links contain more information about the vulnerabilities and releases:
>
> https://gnutls.org/security.html
> https://gnutls.org/news.html
>
> * gnu/packages/patches/gnutls-skip-pkgconfig-test.patch,
> gnu/packages/patches/gnutls-skip-trust-store-test.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Register patches.
> * gnu/packages/tls.scm (gnutls)[replacement]: New field.
> (gnutls-3.5.13): New variable.

Assuming binary compatibility, that looks good to me.

While you’re at it, could you update GnuTLS in ‘core-updates’?

For the trust-store.c test, we could ask upstream to arrange so that the
test is skipped when the trust store doesn’t exist; would the test still
make sense?

Thanks,
Ludo’.

This bug report was last modified 7 years and 346 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27308 [PATCH] gnu: gnutls: Replace with 3.5.13.

GNU bug report logs - #27308
[PATCH] gnu: gnutls: Replace with 3.5.13.