summary refs log tree commit diff
path: root/pkgs/development/libraries/gnutls
diff options
context:
space:
mode:
authorVladimír Čunát <v@cunat.cz>2023-02-11 09:22:47 +0100
committerAlyssa Ross <hi@alyssa.is>2023-02-14 20:39:48 +0000
commit0442267e821a573737ec9a858ad3551bb144fb93 (patch)
tree0271c31dc596d99f4398a00cf86797496f10b439 /pkgs/development/libraries/gnutls
parent6f9fd8585b0807774e3f722c7ec15efb8654e7a3 (diff)
downloadnixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.gz
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.bz2
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.lz
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.xz
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.zst
nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.zip
gnutls: 3.7.8 -> 3.8.0
https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html

Also fixes a "medium" severity CVE-2023-0361
http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14

nix-ssl-cert-file.patch: upstream's only changed whitespace around here
Diffstat (limited to 'pkgs/development/libraries/gnutls')
-rw-r--r--pkgs/development/libraries/gnutls/default.nix4
-rw-r--r--pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch8
2 files changed, 5 insertions, 7 deletions
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 4ab7360f1f0..adb25f8f8a9 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -35,11 +35,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "gnutls";
-  version = "3.7.8";
+  version = "3.8.0";
 
   src = fetchurl {
     url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
-    sha256 = "sha256-xYrTmvBnDv5qiu5eOosjMaEgBBi2S3xRl3+zltRhcRQ=";
+    sha256 = "sha256-DqDRGhZgoeY/lg8Vexl6vm0MjLMlW+JOH7OBWTC5vcU=";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch
index 90d1e85ee8c..c0f27f7b5a4 100644
--- a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch
+++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch
@@ -1,14 +1,13 @@
 allow overriding system trust store location via $NIX_SSL_CERT_FILE
 
-diff --git a/lib/system/certs.c b/lib/system/certs.c
-index 611c645..6ef6edb 100644
 --- a/lib/system/certs.c
 +++ b/lib/system/certs.c
-@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
+@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
  					unsigned int tl_flags,
  					unsigned int tl_vflags)
  {
--	return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags);
+-	return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES,
+-				tl_vflags);
 +	tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
 +	const char *file = secure_getenv("NIX_SSL_CERT_FILE");
 +	return file
@@ -16,4 +15,3 @@ index 611c645..6ef6edb 100644
 +			list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
 +		: add_system_trust(list, tl_flags, tl_vflags);
  }
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-14 22:44:24 +0000