guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/03: gnu: cURL: Replace with 7.84.0 [security fixes].

From: guix-commits
Subject: 02/03: gnu: cURL: Replace with 7.84.0 [security fixes].
Date: Thu, 30 Jun 2022 17:22:42 -0400 (EDT) 
mbakke pushed a commit to branch master
in repository guix.

commit 3fc6709d4285f44d1e861c7b09951adf3073e898
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Thu Jun 30 22:06:13 2022 +0200

    gnu: cURL: Replace with 7.84.0 [security fixes].
    
    This fixes CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776,
    CVE-2022-27781, and CVE-2022-27782.
    
    * gnu/packages/curl.scm (curl)[replacement]: New field.
    (curl-7.84.0): New private variable.
---
 gnu/packages/curl.scm | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 91f9ca5c50..e1aa0bd086 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017, 2019 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2017, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017, 2019, 2020, 2022 Marius Bakke <marius@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Roel Janssen <roel@gnu.org>
@@ -63,6 +63,7 @@
   (package
    (name "curl")
    (version "7.79.1")
+   (replacement curl-7.84.0)
    (source (origin
              (method url-fetch)
              (uri (string-append "https://curl.se/download/curl-";
@@ -139,6 +140,20 @@ tunneling, and so on.")
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/";)))
 
+;; Replacement package with fixes for multiple vulnerabilities.
+;; See <https://curl.se/docs/security.html>.
+(define curl-7.84.0
+  (package
+    (inherit curl)
+    (version "7.84.0")
+    (source (origin
+              (inherit (package-source curl))
+              (uri (string-append "https://curl.se/download/curl-";
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d"))))))
+
 (define-public curl-minimal
   (deprecated-package "curl-minimal" curl))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]