GNU bug report logs - #66195
[PATCH] gnu: gnutls: Replace with 3.8.1.

Previous Next

Package: guix-patches;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Mon, 25 Sep 2023 19:08:01 UTC

Severity: normal

Tags: patch

Done: Christopher Baines <mail <at> cbaines.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Christopher Baines <mail <at> cbaines.net>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#66195: closed ([PATCH] gnu: gnutls: Replace with 3.8.1.)
Date: Fri, 20 Oct 2023 11:48:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Fri, 20 Oct 2023 12:42:41 +0100
with message-id <87h6ml4iub.fsf <at> cbaines.net>
and subject line Re: [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
has caused the debbugs.gnu.org bug report #66195,
regarding [PATCH] gnu: gnutls: Replace with 3.8.1.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
66195: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66195
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Christopher Baines <mail <at> cbaines.net>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: gnutls: Replace with 3.8.1.
Date: Mon, 25 Sep 2023 20:06:51 +0100

The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
upgrade to 3.8.0 or later.

* gnu/packages/tls.scm (gnutls-3.8.1): New variable.
(gnutls)[replacement]: Use it.
---
 gnu/packages/tls.scm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b669ac2e8d..99252464e6 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,6 +200,7 @@ (define-public gnutls
   (package
     (name "gnutls")
     (version "3.7.7")
+    (replacement gnutls-3.8.1)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -303,6 +304,20 @@ (define-public gnutls
 
 (define-deprecated/public-alias gnutls-latest gnutls)
 
+(define-public gnutls-3.8.1
+  (package
+    (inherit gnutls)
+    (version "3.8.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (patches (search-patches "gnutls-skip-trust-store-test.patch"))
+              (sha256
+               (base32
+                "1742jiigwsfhx7nj5rz7dwqr8d46npsph6b68j7siar0mqarx2xs"))))))
+
 (define-public gnutls/dane
   ;; GnuTLS with build libgnutls-dane, implementing DNS-based
   ;; Authentication of Named Entities.  This is required for GNS functionality

base-commit: fafd3caef0d51811a5da81d6061789e2908b0dac
-- 
2.41.0




[Message part 3 (message/rfc822, inline)]
From: Christopher Baines <mail <at> cbaines.net>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 66195-done <at> debbugs.gnu.org
Subject: Re: [bug#66195] [PATCH] gnu: gnutls: Replace with 3.8.1.
Date: Fri, 20 Oct 2023 12:42:41 +0100

[Message part 4 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi,
>
> Christopher Baines <mail <at> cbaines.net> skribis:
>
>> The recommended way to address GNUTLS-SA-2020-07-14 / CVE-2023-0361 is to
>> upgrade to 3.8.0 or later.
>>
>> * gnu/packages/tls.scm (gnutls-3.8.1): New variable.
>> (gnutls)[replacement]: Use it.
>
> Surprisingly, ‘guix lint -c cve gnutls’ doesn’t report anything with
> 3.7.7 as currently packaged.
>
>> +(define-public gnutls-3.8.1
>
> Maybe add a comment here with the SA and CVE references.

Done, and pushed to master as 501549137853455ca39afaf79d8a623ea4494c88.

> Then, assuming the ABIs are compatible (which can be checked with
> libabigail’s abidiff), LGTM.

→ abidiff /gnu/store/yr4lbvdyc4dgs76yij1dw2w2z8s84af8-gnutls-3.7.7/lib/libgnutls.so /gnu/store/92h0r4f0h2hz3vz9k31nfj62mv7sy1zc-gnutls-3.8.1/lib/libgnutls.so
Functions changes summary: 0 Removed, 0 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
Function symbols changes summary: 0 Removed, 8 Added function symbols not referenced by debug info
Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info

8 Added function symbols not referenced by debug info:

  [A] _gnutls_pathbuf_append@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_deinit@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_init@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_pathbuf_truncate@@GNUTLS_PRIVATE_3_4
  [A] _gnutls_session_ticket_disable_server@@GNUTLS_PRIVATE_3_4
  [A] gnutls_psk_format_imported_identity@@GNUTLS_3_8_1
  [A] gnutls_psk_set_client_credentials_function3@@GNUTLS_3_8_1
  [A] gnutls_psk_set_server_credentials_function3@@GNUTLS_3_8_1


Thanks for taking a look,

Chris

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 215 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.