diff options
author | Vladimír Čunát <v@cunat.cz> | 2023-02-11 09:22:47 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-02-14 20:39:48 +0000 |
commit | 0442267e821a573737ec9a858ad3551bb144fb93 (patch) | |
tree | 0271c31dc596d99f4398a00cf86797496f10b439 /pkgs/development/libraries/gnutls | |
parent | 6f9fd8585b0807774e3f722c7ec15efb8654e7a3 (diff) | |
download | nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.gz nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.bz2 nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.lz nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.xz nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.tar.zst nixpkgs-0442267e821a573737ec9a858ad3551bb144fb93.zip |
gnutls: 3.7.8 -> 3.8.0
https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html Also fixes a "medium" severity CVE-2023-0361 http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 nix-ssl-cert-file.patch: upstream's only changed whitespace around here
Diffstat (limited to 'pkgs/development/libraries/gnutls')
-rw-r--r-- | pkgs/development/libraries/gnutls/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | 8 |
2 files changed, 5 insertions, 7 deletions
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 4ab7360f1f0..adb25f8f8a9 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; - version = "3.7.8"; + version = "3.8.0"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; - sha256 = "sha256-xYrTmvBnDv5qiu5eOosjMaEgBBi2S3xRl3+zltRhcRQ="; + sha256 = "sha256-DqDRGhZgoeY/lg8Vexl6vm0MjLMlW+JOH7OBWTC5vcU="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch index 90d1e85ee8c..c0f27f7b5a4 100644 --- a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch +++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch @@ -1,14 +1,13 @@ allow overriding system trust store location via $NIX_SSL_CERT_FILE -diff --git a/lib/system/certs.c b/lib/system/certs.c -index 611c645..6ef6edb 100644 --- a/lib/system/certs.c +++ b/lib/system/certs.c -@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, +@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags) { -- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags); +- return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES, +- tl_vflags); + tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES; + const char *file = secure_getenv("NIX_SSL_CERT_FILE"); + return file @@ -16,4 +15,3 @@ index 611c645..6ef6edb 100644 + list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags) + : add_system_trust(list, tl_flags, tl_vflags); } - |