From unknown Fri Aug 15 20:04:35 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#68516] [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-security@gnu.org, guix-patches@gnu.org Resent-Date: Tue, 16 Jan 2024 19:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68516 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68516@debbugs.gnu.org Cc: X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Received: via spool by submit@debbugs.gnu.org id=B.170543197922844 (code B ref -1); Tue, 16 Jan 2024 19:07:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jan 2024 19:06:19 +0000 Received: from localhost ([127.0.0.1]:49773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolP-0005wO-CC for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:19 -0500 Received: from lists.gnu.org ([2001:470:142::17]:54120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolN-0005wA-NQ for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolG-0005ZJ-6F for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:10 -0500 Received: from minsky.hcoop.net ([104.248.1.95]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolD-00057B-Vx for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:09 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPolB-0007hI-Mi for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:05 -0500 From: Jack Hill Date: Tue, 16 Jan 2024 14:05:53 -0500 Message-ID: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=104.248.1.95; envelope-from=jackhill@jackhill.us; helo=minsky.hcoop.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..0af60c652e 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -309,7 +309,7 @@ (define-deprecated/public-alias gnutls-latest gnutls) (define gnutls-3.8.2 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +318,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From unknown Fri Aug 15 20:04:35 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#68516] [PATCH v2] gnu: gnutls: Update to 3.8.3 [security-fixes] Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-security@gnu.org, guix-patches@gnu.org Resent-Date: Tue, 16 Jan 2024 19:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68516 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68516@debbugs.gnu.org Cc: X-Debbugs-Original-Xcc: Received: via spool by 68516-submit@debbugs.gnu.org id=B68516.170543440924655 (code B ref 68516); Tue, 16 Jan 2024 19:47:02 +0000 Received: (at 68516) by debbugs.gnu.org; 16 Jan 2024 19:46:49 +0000 Received: from localhost ([127.0.0.1]:49822 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpOb-0006PU-8o for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:49 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:36856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpOZ-0006Jg-6N for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:47 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPpOS-0001LG-JB for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:40 -0500 From: Jack Hill Date: Tue, 16 Jan 2024 14:45:43 -0500 Message-ID: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 In-Reply-To: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> References: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- Version 2 updates the variable name to match the sofware version. gnu/packages/tls.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..7be74a26b9 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,7 +200,7 @@ (define-public gnutls (package (name "gnutls") (version "3.7.7") - (replacement gnutls-3.8.2) + (replacement gnutls-3.8.3) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -306,10 +306,10 @@ (define-deprecated/public-alias gnutls-latest gnutls) ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / ;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. -(define gnutls-3.8.2 +(define gnutls-3.8.3 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +318,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From unknown Fri Aug 15 20:04:35 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-security@gnu.org, guix-patches@gnu.org Resent-Date: Tue, 16 Jan 2024 20:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68516 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68516@debbugs.gnu.org Cc: X-Debbugs-Original-Xcc: Received: via spool by 68516-submit@debbugs.gnu.org id=B68516.170543516326694 (code B ref 68516); Tue, 16 Jan 2024 20:00:02 +0000 Received: (at 68516) by debbugs.gnu.org; 16 Jan 2024 19:59:23 +0000 Received: from localhost ([127.0.0.1]:49830 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpal-0006wS-6u for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:23 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:48392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpaj-0006vu-ER for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:21 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPpad-0001wI-1G for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:15 -0500 From: Jack Hill Date: Tue, 16 Jan 2024 14:58:43 -0500 Message-ID: <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 In-Reply-To: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- Version 3 updates the code comment for the new CVEs gnu/packages/tls.scm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..207763bdc2 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,7 +200,7 @@ (define-public gnutls (package (name "gnutls") (version "3.7.7") - (replacement gnutls-3.8.2) + (replacement gnutls-3.8.3) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -305,11 +305,12 @@ (define-public gnutls (define-deprecated/public-alias gnutls-latest gnutls) ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. -(define gnutls-3.8.2 +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, +;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567 +(define gnutls-3.8.3 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +319,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From unknown Fri Aug 15 20:04:35 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Jack Hill Subject: bug#68516: closed (Re: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes]) Message-ID: References: <87cytvd4zw.fsf@protonmail.com> <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> X-Gnu-PR-Message: they-closed 68516 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 68516@debbugs.gnu.org Date: Sat, 20 Jan 2024 22:18:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1705789082-5900-1" This is a multi-part message in MIME format... ------------=_1705789082-5900-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #68516: [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 68516@debbugs.gnu.org. --=20 68516: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D68516 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1705789082-5900-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 68516-done) by debbugs.gnu.org; 20 Jan 2024 22:17:46 +0000 Received: from localhost ([127.0.0.1]:36051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJes-0001Wa-D8 for submit@debbugs.gnu.org; Sat, 20 Jan 2024 17:17:46 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]:56895) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJem-0001WI-Ps for 68516-done@debbugs.gnu.org; Sat, 20 Jan 2024 17:17:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705789051; x=1706048251; bh=z2MTKTNfmLRJkQfK/o7ozin4umkzekhgzb7csp1rtFY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=SLA/YFSrJ2zTh2JbjZya1clDAh9QNHnPN8F72RhMnjAzV3oAFLHOgOT6u5Um3CYOK putqhBUeMMwY/+1yf2S3WyFDlCDqvsneL0kRCklC2j+CHPQdh4clh8uBbnV3/IHhhh j0FL4sq5PzVvanyLYHUXLvGCZUZWwToCfIXjTpBkhIby8fgpP6hXEWuIv560KbPKUl SeuKJKD5JMEpJ0MMObCx/phXKTpA3h0I7rvtaUwqb9BWKFeSd/zhw1WE/DMLz12dN8 042ft0JbmTVrdLJaJhS1xnEV7EqEJ3aJFgz3hZTX+NHM/A2FyhXvEOYRHVw+Yqww3h 9m2j6sAJE5YLg== Date: Sat, 20 Jan 2024 22:17:28 +0000 To: Jack Hill From: John Kehayias Subject: Re: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] Message-ID: <87cytvd4zw.fsf@protonmail.com> In-Reply-To: <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68516-done Cc: 68516-done@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) (apologies if this went through twice, wrong email used) Hi Jack, On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote: > Fixes CVE-2024-0553 and CVE-2024-0567. > > gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. > Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I changed the replacement name to gnutls/fixed rather than using the version number. I think that is a bit easier to maintain and pretty common with our grafts. And thank you for emailing the security list for this. Something we should probably mention directly in the manual for patch submission/teams. John > Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 > --- > > Version 3 updates the code comment for the new CVEs > > gnu/packages/tls.scm | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm > index 6441b8ed43..207763bdc2 100644 > --- a/gnu/packages/tls.scm > +++ b/gnu/packages/tls.scm > @@ -200,7 +200,7 @@ (define-public gnutls > (package > (name "gnutls") > (version "3.7.7") > - (replacement gnutls-3.8.2) > + (replacement gnutls-3.8.3) > (source (origin > (method url-fetch) > ;; Note: Releases are no longer on ftp.gnu.org since the > @@ -305,11 +305,12 @@ (define-public gnutls > (define-deprecated/public-alias gnutls-latest gnutls) > > ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / > -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. > -(define gnutls-3.8.2 > +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, > +;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-= 2024-0567 > +(define gnutls-3.8.3 > (package > (inherit gnutls) > - (version "3.8.2") > + (version "3.8.3") > (source (origin > (method url-fetch) > (uri (string-append "mirror://gnupg/gnutls/v" > @@ -318,7 +319,7 @@ (define gnutls-3.8.2 > (patches (search-patches "gnutls-skip-trust-store-test.pat= ch")) > (sha256 > (base32 > - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))= )))) > + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))= )))) > > (define-public gnutls/dane > ;; GnuTLS with build libgnutls-dane, implementing DNS-based > > base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 ------------=_1705789082-5900-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 16 Jan 2024 19:06:19 +0000 Received: from localhost ([127.0.0.1]:49773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolP-0005wO-CC for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:19 -0500 Received: from lists.gnu.org ([2001:470:142::17]:54120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolN-0005wA-NQ for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolG-0005ZJ-6F for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:10 -0500 Received: from minsky.hcoop.net ([104.248.1.95]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolD-00057B-Vx for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:09 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPolB-0007hI-Mi for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:05 -0500 From: Jack Hill To: guix-patches@gnu.org Subject: [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Date: Tue, 16 Jan 2024 14:05:53 -0500 Message-ID: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbugs-Cc: Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=104.248.1.95; envelope-from=jackhill@jackhill.us; helo=minsky.hcoop.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..0af60c652e 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -309,7 +309,7 @@ (define-deprecated/public-alias gnutls-latest gnutls) (define gnutls-3.8.2 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +318,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 ------------=_1705789082-5900-1-- From unknown Fri Aug 15 20:04:35 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 22 Jan 2024 01:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68516 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: John Kehayias Cc: 68516-done@debbugs.gnu.org, guix-security@gnu.org Received: via spool by 68516-done@debbugs.gnu.org id=D68516.170588664829201 (code D ref 68516); Mon, 22 Jan 2024 01:25:01 +0000 Received: (at 68516-done) by debbugs.gnu.org; 22 Jan 2024 01:24:08 +0000 Received: from localhost ([127.0.0.1]:39499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRj2l-0007av-Uk for submit@debbugs.gnu.org; Sun, 21 Jan 2024 20:24:08 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:49392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRj2j-0007aQ-TX for 68516-done@debbugs.gnu.org; Sun, 21 Jan 2024 20:24:06 -0500 Received: from 071-069-176-211.res.spectrum.com ([71.69.176.211] helo=mimolette.home.eronel.org) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rRj2Z-0004vJ-TL; Sun, 21 Jan 2024 20:23:56 -0500 Date: Sun, 21 Jan 2024 20:23:54 -0500 (EST) From: Jack Hill In-Reply-To: <87cytvd4zw.fsf@protonmail.com> Message-ID: <655aae1d-5010-562a-772f-227d04709215@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> <87cytvd4zw.fsf@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sat, 20 Jan 2024, John Kehayias wrote: > (apologies if this went through twice, wrong email used) > > Hi Jack, > > On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote: > >> Fixes CVE-2024-0553 and CVE-2024-0567. >> >> gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. >> > > Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I > changed the replacement name to gnutls/fixed rather than using the > version number. I think that is a bit easier to maintain and pretty > common with our grafts. > > And thank you for emailing the security list for this. Something we > should probably mention directly in the manual for patch > submission/teams. > > John Awesome, thank you!