diff options
author | Marius Bakke <marius@gnu.org> | 2020-06-24 20:24:30 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-06-24 22:10:58 +0200 |
commit | af91d13385d0f6239a0d7a777d6a72e11a40af2e (patch) | |
tree | e5d36ea7665fd3cfce9331e6cc96c8ba4078ca99 | |
parent | f9cb49d761c911b57d4d7aac5881eea0e89d45c6 (diff) | |
download | guix-af91d13385d0f6239a0d7a777d6a72e11a40af2e.tar.gz |
gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-8177].
* gnu/packages/curl.scm (curl-7.71.0): New variable. (curl)[replacement]: New field.
-rw-r--r-- | gnu/packages/curl.scm | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 48d7dd40bd..bf93639716 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -52,6 +52,7 @@ (package (name "curl") (version "7.69.1") + (replacement curl-7.71.0) (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" @@ -168,6 +169,31 @@ tunneling, and so on.") (name "curl-minimal") (inputs (alist-delete "openldap" (package-inputs curl)))))) +;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177. +(define curl-7.71.0 + (package + (inherit curl) + (version "7.71.0") + (source (origin + (inherit (package-source curl)) + (uri (string-append "https://curl.haxx.se/download/curl-" + version ".tar.xz")) + (sha256 + (base32 + "0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd")))) + (arguments + (substitute-keyword-arguments (package-arguments curl) + ((#:phases phases) + `(modify-phases ,phases + (replace 'check + (lambda _ + ;; Test 1510 is now disabled upstream, and the test runner + ;; complains that it can not disable a non-existing test. + ;; Thus, override the phase to not delete the test. + (substitute* "tests/runtests.pl" + (("/bin/sh") (which "sh"))) + (invoke "make" "-C" "tests" "test"))))))))) + (define-public kurly (package (name "kurly") |