summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorPhilip McGrath <philip@philipmcgrath.com>2023-10-21 00:20:30 -0400
committerLudovic Courtès <ludo@gnu.org>2023-10-30 00:29:53 +0100
commit642769707c05dc1dd5674d60cd3b55d77b35c9d9 (patch)
treedcb4ef03df60497817488c22ede7b0f12665d038 /gnu
parent593a2e63547d458631ca44abbdab46457fd8d2ed (diff)
downloadguix-642769707c05dc1dd5674d60cd3b55d77b35c9d9.tar.gz
gnu: nghttp2: Replace with 1.57.0.
This release mitigates CVE-2023-44487.

* gnu/packages/web.scm (nghttp2-1.57): New variable.
(nghttp2)[replacement]: Use it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/web.scm14
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b1cdfda862..66d09700db 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7959,6 +7959,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
   (package
     (name "nghttp2")
     (version "1.49.0")
+    (replacement nghttp2-1.57)
     (source
      (origin
        (method url-fetch)
@@ -8069,6 +8070,19 @@ compressed JSON header blocks.
                    (("print \\(ver >= '3\\.8'\\)")
                     "print (tuple(map(int, ver.split('.'))) >= (3,8))")))))))))))
 
+(define-public nghttp2-1.57
+  (package
+    (inherit nghttp2)
+    (version "1.57.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/nghttp2/nghttp2/"
+                                  "releases/download/v" version "/"
+                                  "nghttp2-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0n598w7w8rqdqiay2fad3a11253hibakan5c4vjkpx09648v044j"))))))
+
 (define-public hpcguix-web
   (package
     (name "hpcguix-web")