gnu: nghttp2: Replace with version 1.41 [fixes CVE-2020-11080].

* gnu/packages/web.scm (nghttp2-1.41): New variable. (nghttp2)[replacement]: New field.
author: Ludovic Courtès <ludo@gnu.org> 2020-06-11 18:54:15 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2020-06-11 19:05:05 +0200
commit: ecf92194a55188a9c217d76617378749db063453 (patch)
tree: b6eae2a04cfc49511b4ed9f0d13f72d02a9fe4d0 /gnu/packages/web.scm
parent: 03a70e4c190420e87c0b535285caf8f77260d4ff (diff)
download: guix-ecf92194a55188a9c217d76617378749db063453.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 82174c0033..a04d755a83 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7193,6 +7193,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
   (package
     (name "nghttp2")
     (version "1.40.0")
+    (replacement nghttp2-1.41)
     (source
      (origin
        (method url-fetch)
@@ -7272,6 +7273,20 @@ compressed JSON header blocks.
 @end itemize\n")
     (license license:expat)))
 
+(define-public nghttp2-1.41                       ;fixes CVE-2020-11080
+  (package
+    (inherit nghttp2)
+    (version "1.41.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/nghttp2/nghttp2/"
+                           "releases/download/v" version "/"
+                           "nghttp2-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1hk77vngjmvvzb5y1gi1aqwf6qywrc7yak08zvzb7x81qs6mphmb"))))))
+
 (define-public hpcguix-web
   (let ((commit "9de63562b06b4aef3a3afe5ecb18d3c91e57ee74")
         (revision "5"))
author	Ludovic Courtès <ludo@gnu.org>	2020-06-11 18:54:15 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2020-06-11 19:05:05 +0200
commit	ecf92194a55188a9c217d76617378749db063453 (patch)
tree	b6eae2a04cfc49511b4ed9f0d13f72d02a9fe4d0 /gnu/packages/web.scm
parent	03a70e4c190420e87c0b535285caf8f77260d4ff (diff)
download	guix-ecf92194a55188a9c217d76617378749db063453.tar.gz