01/03: gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659].

[guix-commits]

mbakke pushed a commit to branch master
in repository guix.

commit c5df560fd3762c0dbe99562f52223c73d445e597
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Thu Dec 3 16:59:10 2020 +0100

    gnu: GnuTLS: Update replacement to 3.6.15 [fixes CVE-2020-24659].
    
    * gnu/packages/tls.scm (gnutls-3.6.14): Rename to ...
    (gnutls/fixed): ... this.  Update to 3.6.15.
    (gnutls): Adjust for renamed replacement.
    * gnu/packages/package-management.scm (guix)[propagated-inputs]: Likewise.
    * gnu/packages/vpn.scm (openconnect)[propagated-inputs]: Likewise.
---
 gnu/packages/package-management.scm | 2 +-
 gnu/packages/tls.scm                | 9 +++++----
 gnu/packages/vpn.scm                | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/gnu/packages/package-management.scm 
b/gnu/packages/package-management.scm
index 2cb9350..906c04c 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -405,7 +405,7 @@ $(prefix)/etc/init.d\n")))
 
          ("glibc-utf8-locales" ,glibc-utf8-locales)))
       (propagated-inputs
-       `(("gnutls" ,(if (%current-target-system) gnutls-3.6.14 gnutls))
+       `(("gnutls" ,(if (%current-target-system) gnutls/fixed gnutls))
          ;; Avahi requires "glib" which doesn't cross-compile yet.
          ,@(if (%current-target-system)
                '()
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 00b0bf6..3b68142 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -165,7 +165,7 @@ living in the same process.")
   (package
     (name "gnutls")
     ;; XXX Unversion openconnect's "gnutls" input when ungrafting.
-    (replacement gnutls-3.6.14)
+    (replacement gnutls/fixed)
     (version "3.6.12")
     (source (origin
              (method url-fetch)
@@ -254,10 +254,11 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define-public gnutls-3.6.14
+;; Replacement package to fix multiple security vulnerabilities.
+(define-public gnutls/fixed
   (package
     (inherit gnutls)
-    (version "3.6.14")
+    (version "3.6.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnutls/v"
@@ -267,7 +268,7 @@ required structures.")
                                        "gnutls-cross.patch"))
               (sha256
                (base32
-                "0qwxsfizynly0ns537vnhnlm5lh03la4vbsmz675n0n7vqd7ac2n"))))
+                "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
     (native-inputs
      `(,@(if (%current-target-system)             ;for cross-build
              `(("guile" ,guile-3.0))              ;to create .go files
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 39a9825..04c34c3 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -265,7 +265,7 @@ the user specifically asks to proxy, so the @dfn{VPN} 
interface no longer
     `(("libxml2" ,libxml2)
       ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
       ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
-      ("gnutls" ,gnutls-3.6.14)
+      ("gnutls" ,gnutls/fixed)
       ("zlib" ,zlib)))
    (inputs
     `(("lz4" ,lz4)