gnu: gnutls: Update to 3.8.3 [security-fixes].

Fixes CVE-2024-0553 and CVE-2024-0567. gnu/packages/tls.scm (gnutls-3.8.2): Rename to ... (gnutls/fixed): ... this. Update to 3.8.3. (gnutls): Rename replacement to gnutls/fixed. Change-Id: Ic44b3b0481ffd51cdc42a2d71a598f001b43c6f7 Signed-off-by: John Kehayias <john.kehayias@protonmail.com> Co-authored-by: John Kehayias <john.kehayias@protonmail.com>
2025-01-26 12:39:36 -05:00 · 2024-01-16 14:58:43 -05:00 · 2024-01-16 14:58:43 -05:00 · 856b4a603a
commit 856b4a603a
parent 782d69fb7f
1 changed files with 6 additions and 5 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -200,7 +200,7 @@ (define-public gnutls
  (package
    (name "gnutls")
    (version "3.7.7")
-    (replacement gnutls-3.8.2)
+    (replacement gnutls/fixed)
    (source (origin
              (method url-fetch)
              ;; Note: Releases are no longer on ftp.gnu.org since the
@ -305,11 +305,12 @@ (define-public gnutls
 (define-deprecated/public-alias gnutls-latest gnutls)

 ;; Replacement for gnutls@3.7.7 to address GNUTLS-SA-2020-07-14 /
-;; CVE-2023-0361 and GNUTLS-SA-2023-10-23 / CVE-2023-5981.
-(define gnutls-3.8.2
+;; CVE-2023-0361, GNUTLS-SA-2023-10-23 / CVE-2023-5981, GNUTLS-SA-2024-01-14 /
+;; CVE-2024-0553, and GNUTLS-SA-2024-01-09 / CVE-2024-0567
+(define gnutls/fixed
  (package
    (inherit gnutls)
-    (version "3.8.2")
+    (version "3.8.3")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/gnutls/v"
@ -318,7 +319,7 @@ (define gnutls-3.8.2
              (patches (search-patches "gnutls-skip-trust-store-test.patch"))
              (sha256
               (base32
-                "0xzgmp1ck5ifvdki4jg29r278w2p1m3a0qz38g99v6zsdw0yarg7"))))))
+                "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp"))))))

 (define-public gnutls/dane
  ;; GnuTLS with build libgnutls-dane, implementing DNS-based