From 77cc22179bab9cf48c594ef91aa416231217e9e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 18 Mar 2021 15:47:46 +0100 Subject: [PATCH] gnutls: 3.7.0 -> 3.7.1 https://lists.gnupg.org/pipermail/gnutls-help/2021-March/004698.html It includes a low-severity security fix: https://gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 postPatch: the patched file doesn't exist now and all tests still pass. --- pkgs/development/libraries/gnutls/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index 00fd391bf80..e97630871a9 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -8,7 +8,7 @@ assert guileBindings -> guile != null; let - version = "3.7.0"; + version = "3.7.1"; # XXX: Gnulib's `test-select' fails on FreeBSD: # https://hydra.nixos.org/build/2962084/nixlog/1/raw . @@ -24,7 +24,7 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://gnupg/gnutls/v3.7/gnutls-${version}.tar.xz"; - sha256 = "1y0xi8cabh7i0lgka658qmdhjngkm29v4acq9brcjlnjj4ka5qj9"; + sha256 = "0vxcbig87sdc73h58pmcpbi4al1zgcxid1jn67mhcpna7sbdfxrp"; }; outputs = [ "bin" "dev" "out" "man" "devdoc" ]; @@ -45,9 +45,7 @@ stdenv.mkDerivation { # - trust-store: default trust store path (/etc/ssl/...) is missing in sandbox (3.5.11) # - psk-file: no idea; it broke between 3.6.3 and 3.6.4 # Change p11-kit test to use pkg-config to find p11-kit - postPatch = lib.optionalString (lib.versionAtLeast version "3.4") '' - sed '2iecho "name constraints tests skipped due to datefudge problems"\nexit 0' -i tests/cert-tests/name-constraints - '' + lib.optionalString (lib.versionAtLeast version "3.6") '' + postPatch = lib.optionalString (lib.versionAtLeast version "3.6") '' sed '2iexit 77' -i tests/{pkgconfig,fastopen}.sh sed '/^void doit(void)/,/^{/ s/{/{ exit(77);/' -i tests/{trust-store,psk-file}.c sed 's:/usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/:`pkg-config --variable=p11_module_path p11-kit-1`:' -i tests/p11-kit-trust.sh