[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24418: GnuTLS security update
|
From: |
Ludovic Courtès |
|
Subject: |
bug#24418: GnuTLS security update |
|
Date: |
Fri, 14 Oct 2016 23:37:04 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hello!
address@hidden (Ludovic Courtès) skribis:
> $ git describe
> v0.11.0-970-g8d4169a
> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls --no-grafts
> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli
> --version
> gnutls-cli 3.5.2
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights
> reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
>
>
> Please send bug reports to: <address@hidden>
> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli
> --version
> gnutls-cli 3.5.4
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights
> reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
AFAICS this is fixed by these two patches:
b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow
other grafts.
d0025d0 * packages: 'package-grafts' applies grafts on replacement.
Please let know if you notice anything wrong.
For debugging purposes, I found it easier to have the attached patch
applied, so that replacements are easily distinguishable from the
original packages. You might want to use it too. :-)
(I didn’t apply it to master because it would lead to merge conflicts in
core-updates, but feel free to apply it if that seems OK to you.)
Thanks,
Ludo’.
modified gnu/packages/gnupg.scm
@@ -138,15 +138,14 @@ generation.")
(define libgcrypt-1.5.6
(package
(inherit libgcrypt-1.5)
- (source
- (let ((version "1.5.6"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+ (version "1.5.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
(define-public libassuan
(package
modified gnu/packages/tls.scm
@@ -215,16 +215,15 @@ required structures.")
(define gnutls-3.5.4
(package
(inherit gnutls)
- (source
- (let ((version "3.5.4"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (sha256
- (base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
+ (version "3.5.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnupg/gnutls/v"
+ (version-major+minor version)
+ "/gnutls-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))
(define-public openssl
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#24418: GnuTLS security update,
Ludovic Courtès <=