summary refs log tree commit diff
diff options
context:
space:
mode:
authorBjörn Höfling <bjoern.hoefling@bjoernhoefling.de>2020-03-22 13:34:01 +0100
committerBjörn Höfling <bjoern.hoefling@bjoernhoefling.de>2020-03-26 21:39:49 +0100
commiteebaed2b7662d514fa93cae753bc14451ba6814f (patch)
tree7cc72ead92a1f642d0eaa43736a99a806d7f8f8e
parent3089b70d766bd9ec70e1464867130b7b864fbe17 (diff)
downloadguix-eebaed2b7662d514fa93cae753bc14451ba6814f.tar.gz
gnu: java-tomcat: Update to 8.5.53.
This fixes CVE-2020-1938 ("Ghostcat").

* gnu/packages/web.scm (java-tomcat): Update to 8.5.53.
[properties]: Add cpe-name.
-rw-r--r--gnu/packages/web.scm6
1 files changed, 4 insertions, 2 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 10cbf6165b..6ce8b78c85 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -39,6 +39,7 @@
 ;;; Copyright © 2020 Timotej Lazar <timotej.lazar@araneo.si>
 ;;; Copyright © 2020 Alexandros Theodotou <alex@zrythm.org>
 ;;; Copyright © 2020 Pierre Neidhardt <mail@ambrevar.xyz>
+;;; Copyright © 2018, 2019, 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -6109,14 +6110,14 @@ encoder/decoder based on the draft-12 specification for UBJSON.")
 (define-public java-tomcat
   (package
     (name "java-tomcat")
-    (version "8.5.46")
+    (version "8.5.53")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://apache/tomcat/tomcat-8/v"
                                   version "/src/apache-tomcat-" version "-src.tar.gz"))
               (sha256
                (base32
-                "0fb49gsqa3r6jrwc54yynvsakq9qbzr2pbxr7a29c2zvja2v65iq"))
+                "15lwq3clf21hzk7mma70sffpxjqn8ww5mjq6zhmwcp4m17m22z26"))
               (modules '((guix build utils)))
               ;; Delete bundled jars.
               (snippet
@@ -6194,6 +6195,7 @@ encoder/decoder based on the draft-12 specification for UBJSON.")
              (let ((out (assoc-ref outputs "out")))
                (copy-recursively "output/build" out))
              #t)))))
+    (properties '((cpe-name . "tomcat")))
     (home-page "https://tomcat.apache.org")
     (synopsis "Java Servlet, JavaServer Pages, Java Expression Language and Java
 WebSocket")