summary refs log tree commit diff
path: root/gnu/packages/curl.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2019-03-21 13:34:24 -0400
committerLeo Famulari <leo@famulari.name>2019-03-21 13:37:01 -0400
commitaf8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6 (patch)
tree0b749834d579ec6f5ec4be5d00d888b68941ef19 /gnu/packages/curl.scm
parent1e70d72b18207292a60cdf153d4e7efb9ee767ff (diff)
downloadguix-af8f7eb4f2a664c2d0fb3faabaf2e80c72993ef6.tar.gz
gnu: libssh2: Update to 1.8.1 [security fixes].
Fixes CVE-2019-{3855,3856,3857,3858,3859,3860,3861,3862,3863}.

* gnu/packages/ssh.scm (libssh2): Update to 1.8.1.
(libssh2-1.8.0): New variable.
* gnu/packages/curl.scm (curl)[inputs]: Use libssh2-1.8.0.
Diffstat (limited to 'gnu/packages/curl.scm')
-rw-r--r--gnu/packages/curl.scm10
1 files changed, 7 insertions, 3 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 456a18012d..a36a1ee4a6 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017, 2019 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -66,10 +66,14 @@
    (inputs `(("gnutls" ,gnutls)
              ("gss" ,gss)
              ("libidn" ,libidn)
-             ("libssh2" ,libssh2)
              ("openldap" ,openldap)
              ("nghttp2" ,nghttp2 "lib")
-             ("zlib" ,zlib)))
+             ("zlib" ,zlib)
+             ;; TODO XXX <https://bugs.gnu.org/34927>
+             ;; Curl doesn't actually use or refer to libssh2 because the build
+             ;; is not configured with '--with-libssh2'.  Remove this input when
+             ;; a mass rebuild is appropriate (e.g. core-updates).
+             ("libssh2" ,libssh2-1.8.0)))
    (native-inputs
      `(("perl" ,perl)
        ;; to enable the --manual option and make test 1026 pass