summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-04-19 18:16:22 -0400
committerLeo Famulari <leo@famulari.name>2017-04-19 18:29:00 -0400
commite1444afa2dd78742e48daa7e4f4db03d53fa0efa (patch)
treefbcb50707ab2dd28f5d58b0de98e7a696d5fed08
parent87e32101782a9bb0acc59a78f1c513d35d259f2a (diff)
downloadguix-e1444afa2dd78742e48daa7e4f4db03d53fa0efa.tar.gz
gnu: curl: Replace with curl@7.54.0 [fixes CVE-2017-7468]
* gnu/packages/curl.scm (curl)[replacement]: New field.
(curl-7.54.0): New variable.
-rw-r--r--gnu/packages/curl.scm14
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 22e18389e7..73d402ce18 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,6 +40,7 @@
 (define-public curl
   (package
    (name "curl")
+   (replacement curl-7.54.0)
    (version "7.53.0")
    (source (origin
             (method url-fetch)
@@ -119,3 +120,16 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
+
+(define curl-7.54.0
+  (package
+    (inherit curl)
+    (version "7.54.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://curl.haxx.se/download/curl-"
+                            version ".tar.lzma"))
+        (sha256
+         (base32
+          "02h7qhl8ynp75g1vcaw18ks0gp7nahvvkqck19pb1q0kkw1scsnd"))))))