diff options
author | Philip McGrath <philip@philipmcgrath.com> | 2023-10-21 00:20:30 -0400 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-10-30 00:29:53 +0100 |
commit | 642769707c05dc1dd5674d60cd3b55d77b35c9d9 (patch) | |
tree | dcb4ef03df60497817488c22ede7b0f12665d038 /gnu | |
parent | 593a2e63547d458631ca44abbdab46457fd8d2ed (diff) | |
download | guix-642769707c05dc1dd5674d60cd3b55d77b35c9d9.tar.gz |
gnu: nghttp2: Replace with 1.57.0.
This release mitigates CVE-2023-44487. * gnu/packages/web.scm (nghttp2-1.57): New variable. (nghttp2)[replacement]: Use it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/web.scm | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index b1cdfda862..66d09700db 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -7959,6 +7959,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") (package (name "nghttp2") (version "1.49.0") + (replacement nghttp2-1.57) (source (origin (method url-fetch) @@ -8069,6 +8070,19 @@ compressed JSON header blocks. (("print \\(ver >= '3\\.8'\\)") "print (tuple(map(int, ver.split('.'))) >= (3,8))"))))))))))) +(define-public nghttp2-1.57 + (package + (inherit nghttp2) + (version "1.57.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/nghttp2/nghttp2/" + "releases/download/v" version "/" + "nghttp2-" version ".tar.xz")) + (sha256 + (base32 + "0n598w7w8rqdqiay2fad3a11253hibakan5c4vjkpx09648v044j")))))) + (define-public hpcguix-web (package (name "hpcguix-web") |