gnutls: 3.7.8 -> 3.8.0

https://lists.gnupg.org/pipermail/gnutls-help/2023-February/004816.html Also fixes a "medium" severity CVE-2023-0361 http://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 nix-ssl-cert-file.patch: upstream's only changed whitespace around here
2023-02-11 09:22:47 +01:00 · 2023-02-11 09:22:47 +01:00 · 0442267e82
parent 6f9fd8585b
commit 0442267e82
2 changed files with 5 additions and 7 deletions
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@ -35,11 +35,11 @@ in

 stdenv.mkDerivation rec {
  pname = "gnutls";
-  version = "3.7.8";
+  version = "3.8.0";

  src = fetchurl {
    url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
-    sha256 = "sha256-xYrTmvBnDv5qiu5eOosjMaEgBBi2S3xRl3+zltRhcRQ=";
+    sha256 = "sha256-DqDRGhZgoeY/lg8Vexl6vm0MjLMlW+JOH7OBWTC5vcU=";
  };

  outputs = [ "bin" "dev" "out" "man" "devdoc" ];
--- a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch
+++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch
@ -1,14 +1,13 @@
 allow overriding system trust store location via $NIX_SSL_CERT_FILE

-diff --git a/lib/system/certs.c b/lib/system/certs.c
-index 611c645..6ef6edb 100644
 --- a/lib/system/certs.c
 +++ b/lib/system/certs.c
-@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
+@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
 					unsigned int tl_flags,
 					unsigned int tl_vflags)
 {
-	return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags);
+-	return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES,
+-				tl_vflags);
 +	tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
 +	const char *file = secure_getenv("NIX_SSL_CERT_FILE");
 +	return file
@ -16,4 +15,3 @@ index 611c645..6ef6edb 100644
 +			list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
 +		: add_system_trust(list, tl_flags, tl_vflags);
 }
-