gnutls: 3.7.8 -> 3.8.0
https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html Also fixes a "medium" severity CVE-2023-0361 http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 nix-ssl-cert-file.patch: upstream's only changed whitespace around here
This commit is contained in:
parent
6f9fd8585b
commit
0442267e82
|
@ -35,11 +35,11 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnutls";
|
||||
version = "3.7.8";
|
||||
version = "3.8.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
|
||||
sha256 = "sha256-xYrTmvBnDv5qiu5eOosjMaEgBBi2S3xRl3+zltRhcRQ=";
|
||||
sha256 = "sha256-DqDRGhZgoeY/lg8Vexl6vm0MjLMlW+JOH7OBWTC5vcU=";
|
||||
};
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
allow overriding system trust store location via $NIX_SSL_CERT_FILE
|
||||
|
||||
diff --git a/lib/system/certs.c b/lib/system/certs.c
|
||||
index 611c645..6ef6edb 100644
|
||||
--- a/lib/system/certs.c
|
||||
+++ b/lib/system/certs.c
|
||||
@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
|
||||
@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
|
||||
unsigned int tl_flags,
|
||||
unsigned int tl_vflags)
|
||||
{
|
||||
- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags);
|
||||
- return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES,
|
||||
- tl_vflags);
|
||||
+ tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
|
||||
+ const char *file = secure_getenv("NIX_SSL_CERT_FILE");
|
||||
+ return file
|
||||
|
@ -16,4 +15,3 @@ index 611c645..6ef6edb 100644
|
|||
+ list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
|
||||
+ : add_system_trust(list, tl_flags, tl_vflags);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue