[PR PATCH] gnutls: security update to 3.7.7 (CVE-2022-2509)

[PR PATCH] gnutls: security update to 3.7.7 (CVE-2022-2509)

[dataCobra]

[-- Attachment #1: Type: text/plain, Size: 669 bytes --]

There is a new pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages gnutls_CVE-2022-2509
https://github.com/void-linux/void-packages/pull/38553

gnutls: security update to 3.7.7 (CVE-2022-2509)
#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (Void 5.18.16_1 x86_64 GenuineIntel)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64
  - x86_64-musl (crossbuild)

A patch file from https://github.com/void-linux/void-packages/pull/38553.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gnutls_CVE-2022-2509-38553.patch --]
[-- Type: text/x-diff, Size: 1092 bytes --]

From 0afd2a13b2380f3f2befeeae86ab953d68cd1e58 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 9 Aug 2022 14:32:09 +0200
Subject: [PATCH] gnutls: security update to 3.7.7 CVE-2022-2509

---
 srcpkgs/gnutls/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/gnutls/template b/srcpkgs/gnutls/template
index 228bd0334166..d8ea09e85f42 100644
--- a/srcpkgs/gnutls/template
+++ b/srcpkgs/gnutls/template
@@ -1,6 +1,6 @@
 # Template file for 'gnutls'
 pkgname=gnutls
-version=3.7.6
+version=3.7.7
 revision=1
 build_style=gnu-configure
 configure_args="--disable-guile --disable-static
@@ -21,7 +21,7 @@ maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-3.0-only, LGPL-2.1-or-later"
 homepage="https://gnutls.org"
 distfiles="https://www.gnupg.org/ftp/gcrypt/gnutls/v${version%.*}/gnutls-${version}.tar.xz"
-checksum=77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff
+checksum=be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
 
 pre_check() {
 	# same as $PASS in tests/cert-tests/certtool.sh

Re: gnutls: security update to 3.7.7 (CVE-2022-2509)

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 239 bytes --]

New comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/pull/38553#issuecomment-1209370957

Comment:
commit message should be

```
gnutls: update to 3.7.7.

[mention cve here if you'd like]
```

Re: [PR PATCH] [Updated] gnutls: security update to 3.7.7 (CVE-2022-2509)

[dataCobra]

[-- Attachment #1: Type: text/plain, Size: 674 bytes --]

There is an updated pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages gnutls_CVE-2022-2509
https://github.com/void-linux/void-packages/pull/38553

gnutls: security update to 3.7.7 (CVE-2022-2509)
#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (Void 5.18.16_1 x86_64 GenuineIntel)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64
  - x86_64-musl (crossbuild)

A patch file from https://github.com/void-linux/void-packages/pull/38553.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gnutls_CVE-2022-2509-38553.patch --]
[-- Type: text/x-diff, Size: 1088 bytes --]

From bc88c8661166b8d4b52ba2b823447cc566bb2332 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 9 Aug 2022 14:32:09 +0200
Subject: [PATCH] gnutls: update to 3.7.7

Fix: CVE-2022-2509
---
 srcpkgs/gnutls/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/gnutls/template b/srcpkgs/gnutls/template
index 228bd0334166..d8ea09e85f42 100644
--- a/srcpkgs/gnutls/template
+++ b/srcpkgs/gnutls/template
@@ -1,6 +1,6 @@
 # Template file for 'gnutls'
 pkgname=gnutls
-version=3.7.6
+version=3.7.7
 revision=1
 build_style=gnu-configure
 configure_args="--disable-guile --disable-static
@@ -21,7 +21,7 @@ maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-3.0-only, LGPL-2.1-or-later"
 homepage="https://gnutls.org"
 distfiles="https://www.gnupg.org/ftp/gcrypt/gnutls/v${version%.*}/gnutls-${version}.tar.xz"
-checksum=77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff
+checksum=be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
 
 pre_check() {
 	# same as $PASS in tests/cert-tests/certtool.sh

Re: [PR PATCH] [Updated] gnutls: security update to 3.7.7 (CVE-2022-2509)

[dataCobra]

[-- Attachment #1: Type: text/plain, Size: 674 bytes --]

There is an updated pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages gnutls_CVE-2022-2509
https://github.com/void-linux/void-packages/pull/38553

gnutls: security update to 3.7.7 (CVE-2022-2509)
#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (Void 5.18.16_1 x86_64 GenuineIntel)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64
  - x86_64-musl (crossbuild)

A patch file from https://github.com/void-linux/void-packages/pull/38553.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gnutls_CVE-2022-2509-38553.patch --]
[-- Type: text/x-diff, Size: 1089 bytes --]

From 535a581ad580c25df1b82a3b3215fa4bc0a0bfdd Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 9 Aug 2022 14:32:09 +0200
Subject: [PATCH] gnutls: update to 3.7.7.

Fix: CVE-2022-2509
---
 srcpkgs/gnutls/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/gnutls/template b/srcpkgs/gnutls/template
index 228bd0334166..d8ea09e85f42 100644
--- a/srcpkgs/gnutls/template
+++ b/srcpkgs/gnutls/template
@@ -1,6 +1,6 @@
 # Template file for 'gnutls'
 pkgname=gnutls
-version=3.7.6
+version=3.7.7
 revision=1
 build_style=gnu-configure
 configure_args="--disable-guile --disable-static
@@ -21,7 +21,7 @@ maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-3.0-only, LGPL-2.1-or-later"
 homepage="https://gnutls.org"
 distfiles="https://www.gnupg.org/ftp/gcrypt/gnutls/v${version%.*}/gnutls-${version}.tar.xz"
-checksum=77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff
+checksum=be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
 
 pre_check() {
 	# same as $PASS in tests/cert-tests/certtool.sh

Re: gnutls: security update to 3.7.7 (CVE-2022-2509)

[dataCobra]

[-- Attachment #1: Type: text/plain, Size: 222 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38553#issuecomment-1209380597

Comment:
Hey @classabbyamp,

I've fixed the commit as you mentioned.

Regards,
Ben

Re: [PR PATCH] [Merged]: gnutls: update to 3.7.7. (CVE-2022-2509)

[sgn]

[-- Attachment #1: Type: text/plain, Size: 493 bytes --]

There's a merged pull request on the void-packages repository

gnutls: update to 3.7.7. (CVE-2022-2509)
https://github.com/void-linux/void-packages/pull/38553

Description:
#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (Void 5.18.16_1 x86_64 GenuineIntel)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64
  - x86_64-musl (crossbuild)