From unknown Fri Aug 15 12:50:11 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#68516 <68516@debbugs.gnu.org> To: bug#68516 <68516@debbugs.gnu.org> Subject: Status: [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Reply-To: bug#68516 <68516@debbugs.gnu.org> Date: Fri, 15 Aug 2025 19:50:11 +0000 retitle 68516 [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] reassign 68516 guix-patches submitter 68516 Jack Hill severity 68516 normal tag 68516 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 14:06:19 2024 Received: (at submit) by debbugs.gnu.org; 16 Jan 2024 19:06:19 +0000 Received: from localhost ([127.0.0.1]:49773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolP-0005wO-CC for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:19 -0500 Received: from lists.gnu.org ([2001:470:142::17]:54120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPolN-0005wA-NQ for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:06:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolG-0005ZJ-6F for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:10 -0500 Received: from minsky.hcoop.net ([104.248.1.95]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rPolD-00057B-Vx for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:09 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPolB-0007hI-Mi for guix-patches@gnu.org; Tue, 16 Jan 2024 14:06:05 -0500 From: Jack Hill To: guix-patches@gnu.org Subject: [PATCH] gnu: gnutls: Update to 3.8.3 [security-fixes] Date: Tue, 16 Jan 2024 14:05:53 -0500 Message-ID: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Debbugs-Cc: Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=104.248.1.95; envelope-from=jackhill@jackhill.us; helo=minsky.hcoop.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..0af60c652e 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -309,7 +309,7 @@ (define-deprecated/public-alias gnutls-latest gnutls) (define gnutls-3.8.2 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +318,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 14:46:49 2024 Received: (at 68516) by debbugs.gnu.org; 16 Jan 2024 19:46:49 +0000 Received: from localhost ([127.0.0.1]:49822 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpOb-0006PU-8o for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:49 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:36856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpOZ-0006Jg-6N for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:47 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPpOS-0001LG-JB for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:46:40 -0500 From: Jack Hill To: 68516@debbugs.gnu.org Subject: [PATCH v2] gnu: gnutls: Update to 3.8.3 [security-fixes] Date: Tue, 16 Jan 2024 14:45:43 -0500 Message-ID: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 In-Reply-To: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> References: <4cf4192dab9a3f523f84e598a0b39a336cbd064b.1705431953.git.jackhill@jackhill.us> MIME-Version: 1.0 X-Debbugs-Cc: Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68516 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- Version 2 updates the variable name to match the sofware version. gnu/packages/tls.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..7be74a26b9 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,7 +200,7 @@ (define-public gnutls (package (name "gnutls") (version "3.7.7") - (replacement gnutls-3.8.2) + (replacement gnutls-3.8.3) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -306,10 +306,10 @@ (define-deprecated/public-alias gnutls-latest gnutls) ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / ;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. -(define gnutls-3.8.2 +(define gnutls-3.8.3 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +318,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 16 14:59:23 2024 Received: (at 68516) by debbugs.gnu.org; 16 Jan 2024 19:59:23 +0000 Received: from localhost ([127.0.0.1]:49830 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpal-0006wS-6u for submit@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:23 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:48392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rPpaj-0006vu-ER for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:21 -0500 Received: from lib-its13.lib.duke.edu ([152.3.118.151] helo=localhost.localdomain) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rPpad-0001wI-1G for 68516@debbugs.gnu.org; Tue, 16 Jan 2024 14:59:15 -0500 From: Jack Hill To: 68516@debbugs.gnu.org Subject: [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] Date: Tue, 16 Jan 2024 14:58:43 -0500 Message-ID: <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> X-Mailer: git-send-email 2.41.0 In-Reply-To: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> MIME-Version: 1.0 X-Debbugs-Cc: Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68516 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 --- Version 3 updates the code comment for the new CVEs gnu/packages/tls.scm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6441b8ed43..207763bdc2 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,7 +200,7 @@ (define-public gnutls (package (name "gnutls") (version "3.7.7") - (replacement gnutls-3.8.2) + (replacement gnutls-3.8.3) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -305,11 +305,12 @@ (define-public gnutls (define-deprecated/public-alias gnutls-latest gnutls) ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. -(define gnutls-3.8.2 +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, +;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567 +(define gnutls-3.8.3 (package (inherit gnutls) - (version "3.8.2") + (version "3.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnutls/v" @@ -318,7 +319,7 @@ (define gnutls-3.8.2 (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7")))))) + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))))) (define-public gnutls/dane ;; GnuTLS with build libgnutls-dane, implementing DNS-based base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 20 17:17:46 2024 Received: (at 68516-done) by debbugs.gnu.org; 20 Jan 2024 22:17:46 +0000 Received: from localhost ([127.0.0.1]:36051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJes-0001Wa-D8 for submit@debbugs.gnu.org; Sat, 20 Jan 2024 17:17:46 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]:56895) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRJem-0001WI-Ps for 68516-done@debbugs.gnu.org; Sat, 20 Jan 2024 17:17:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1705789051; x=1706048251; bh=z2MTKTNfmLRJkQfK/o7ozin4umkzekhgzb7csp1rtFY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=SLA/YFSrJ2zTh2JbjZya1clDAh9QNHnPN8F72RhMnjAzV3oAFLHOgOT6u5Um3CYOK putqhBUeMMwY/+1yf2S3WyFDlCDqvsneL0kRCklC2j+CHPQdh4clh8uBbnV3/IHhhh j0FL4sq5PzVvanyLYHUXLvGCZUZWwToCfIXjTpBkhIby8fgpP6hXEWuIv560KbPKUl SeuKJKD5JMEpJ0MMObCx/phXKTpA3h0I7rvtaUwqb9BWKFeSd/zhw1WE/DMLz12dN8 042ft0JbmTVrdLJaJhS1xnEV7EqEJ3aJFgz3hZTX+NHM/A2FyhXvEOYRHVw+Yqww3h 9m2j6sAJE5YLg== Date: Sat, 20 Jan 2024 22:17:28 +0000 To: Jack Hill From: John Kehayias Subject: Re: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] Message-ID: <87cytvd4zw.fsf@protonmail.com> In-Reply-To: <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68516-done Cc: 68516-done@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) (apologies if this went through twice, wrong email used) Hi Jack, On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote: > Fixes CVE-2024-0553 and CVE-2024-0567. > > gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. > Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I changed the replacement name to gnutls/fixed rather than using the version number. I think that is a bit easier to maintain and pretty common with our grafts. And thank you for emailing the security list for this. Something we should probably mention directly in the manual for patch submission/teams. John > Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 > --- > > Version 3 updates the code comment for the new CVEs > > gnu/packages/tls.scm | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm > index 6441b8ed43..207763bdc2 100644 > --- a/gnu/packages/tls.scm > +++ b/gnu/packages/tls.scm > @@ -200,7 +200,7 @@ (define-public gnutls > (package > (name "gnutls") > (version "3.7.7") > - (replacement gnutls-3.8.2) > + (replacement gnutls-3.8.3) > (source (origin > (method url-fetch) > ;; Note: Releases are no longer on ftp.gnu.org since the > @@ -305,11 +305,12 @@ (define-public gnutls > (define-deprecated/public-alias gnutls-latest gnutls) > > ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 / > -;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981. > -(define gnutls-3.8.2 > +;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, > +;; GNUTLS-SA-2024-01-14 / CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-= 2024-0567 > +(define gnutls-3.8.3 > (package > (inherit gnutls) > - (version "3.8.2") > + (version "3.8.3") > (source (origin > (method url-fetch) > (uri (string-append "mirror://gnupg/gnutls/v" > @@ -318,7 +319,7 @@ (define gnutls-3.8.2 > (patches (search-patches "gnutls-skip-trust-store-test.pat= ch")) > (sha256 > (base32 > - "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))= )))) > + "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))= )))) > > (define-public gnutls/dane > ;; GnuTLS with build libgnutls-dane, implementing DNS-based > > base-commit: 20606ca9af1ac019073f4ed872a9ad9960ff0725 From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 21 20:24:08 2024 Received: (at 68516-done) by debbugs.gnu.org; 22 Jan 2024 01:24:08 +0000 Received: from localhost ([127.0.0.1]:39499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRj2l-0007av-Uk for submit@debbugs.gnu.org; Sun, 21 Jan 2024 20:24:08 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:49392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rRj2j-0007aQ-TX for 68516-done@debbugs.gnu.org; Sun, 21 Jan 2024 20:24:06 -0500 Received: from 071-069-176-211.res.spectrum.com ([71.69.176.211] helo=mimolette.home.eronel.org) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rRj2Z-0004vJ-TL; Sun, 21 Jan 2024 20:23:56 -0500 Date: Sun, 21 Jan 2024 20:23:54 -0500 (EST) From: Jack Hill To: John Kehayias Subject: Re: [bug#68516] [PATCH v3] gnu: gnutls: Update to 3.8.3 [security-fixes] In-Reply-To: <87cytvd4zw.fsf@protonmail.com> Message-ID: <655aae1d-5010-562a-772f-227d04709215@jackhill.us> References: <9565ce0175aa58bf444636485a3f4b2cf93eb989.1705434343.git.jackhill@jackhill.us> <540add90a912abc490cc57c3fde0b69d4661aaf4.1705435123.git.jackhill@jackhill.us> <87cytvd4zw.fsf@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 68516-done Cc: 68516-done@debbugs.gnu.org, guix-security@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sat, 20 Jan 2024, John Kehayias wrote: > (apologies if this went through twice, wrong email used) > > Hi Jack, > > On Tue, Jan 16, 2024 at 02:58 PM, Jack Hill wrote: > >> Fixes CVE-2024-0553 and CVE-2024-0567. >> >> gnu/packages/tls.scm (gnutls): Update grafted version to 3.8.3. >> > > Thanks! I applied as 856b4a603ac5100be03d9c9bbd8f00dce030a79e where I > changed the replacement name to gnutls/fixed rather than using the > version number. I think that is a bit easier to maintain and pretty > common with our grafts. > > And thank you for emailing the security list for this. Something we > should probably mention directly in the manual for patch > submission/teams. > > John Awesome, thank you! From unknown Fri Aug 15 12:50:11 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 19 Feb 2024 12:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator