gnu: nghttp2: Replace with 1.39.2 [fixes CVE-2019-9511, CVE-2019-9513].

* gnu/packages/web.scm (nghttp2-1.39.2): New variable. (nghttp2)[replacement]: New field.
author: Marius Bakke <mbakke@fastmail.com> 2019-10-13 20:50:47 +0200
committer: Marius Bakke <mbakke@fastmail.com> 2019-10-13 22:49:16 +0200
commit: cb867883ea5cfc56dd7fe5bc6c29fda491d374c2 (patch)
tree: ccd15a1ff8146f8a0619a30cb89249fb3a1ccc33 /gnu/packages/web.scm
parent: d6718086f8904c72eb97a8c274cd156a9c08072a (diff)
download: guix-cb867883ea5cfc56dd7fe5bc6c29fda491d374c2.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 7b0bb915ca..728fb6046c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6530,6 +6530,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
   (package
     (name "nghttp2")
     (version "1.39.1")
+    (replacement nghttp2-1.39.2)
     (source
      (origin
        (method url-fetch)
@@ -6607,6 +6608,19 @@ compressed JSON header blocks.
 @end itemize\n")
     (license license:expat)))
 
+(define nghttp2-1.39.2
+  (package
+    (inherit nghttp2)
+    (version "1.39.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/nghttp2/nghttp2/"
+                                  "releases/download/v" version "/"
+                                  "nghttp2-" version ".tar.xz"))
+              (sha256
+               (base32
+                "12yfsjghbaypp4w964d45ih9vs38g6anih80wbsflaxx192idlm2"))))))
+
 (define-public hpcguix-web
   (let ((commit "f39c90b35e99e4122b0866ec4337020d61c81508")
         (revision "4"))
author	Marius Bakke <mbakke@fastmail.com>	2019-10-13 20:50:47 +0200
committer	Marius Bakke <mbakke@fastmail.com>	2019-10-13 22:49:16 +0200
commit	cb867883ea5cfc56dd7fe5bc6c29fda491d374c2 (patch)
tree	ccd15a1ff8146f8a0619a30cb89249fb3a1ccc33 /gnu/packages/web.scm
parent	d6718086f8904c72eb97a8c274cd156a9c08072a (diff)
download	guix-cb867883ea5cfc56dd7fe5bc6c29fda491d374c2.tar.gz