From 0442267e821a573737ec9a858ad3551bb144fb93 Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Sat, 11 Feb 2023 09:22:47 +0100 Subject: gnutls: 3.7.8 -> 3.8.0 https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html Also fixes a "medium" severity CVE-2023-0361 http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 nix-ssl-cert-file.patch: upstream's only changed whitespace around here --- pkgs/development/libraries/gnutls/default.nix | 4 ++-- pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | 8 +++----- 2 files changed, 5 insertions(+), 7 deletions(-) (limited to 'pkgs/development/libraries/gnutls') diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 4ab7360f1f0..adb25f8f8a9 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -35,11 +35,11 @@ in stdenv.mkDerivation rec { pname = "gnutls"; - version = "3.7.8"; + version = "3.8.0"; src = fetchurl { url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz"; - sha256 = "sha256-xYrTmvBnDv5qiu5eOosjMaEgBBi2S3xRl3+zltRhcRQ="; + sha256 = "sha256-DqDRGhZgoeY/lg8Vexl6vm0MjLMlW+JOH7OBWTC5vcU="; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch index 90d1e85ee8c..c0f27f7b5a4 100644 --- a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch +++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch @@ -1,14 +1,13 @@ allow overriding system trust store location via $NIX_SSL_CERT_FILE -diff --git a/lib/system/certs.c b/lib/system/certs.c -index 611c645..6ef6edb 100644 --- a/lib/system/certs.c +++ b/lib/system/certs.c -@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, +@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags) { -- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags); +- return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES, +- tl_vflags); + tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES; + const char *file = secure_getenv("NIX_SSL_CERT_FILE"); + return file @@ -16,4 +15,3 @@ index 611c645..6ef6edb 100644 + list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags) + : add_system_trust(list, tl_flags, tl_vflags); } - -- cgit 1.4.1