gnu: cURL: Replace with 7.84.0 [security fixes].
This fixes CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, and CVE-2022-27782. * gnu/packages/curl.scm (curl)[replacement]: New field. (curl-7.84.0): New private variable.
This commit is contained in:
parent
d06de25cd2
commit
3fc6709d42
@ -4,7 +4,7 @@
|
||||
;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
|
||||
;;; Copyright © 2015, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2016, 2017, 2019 Leo Famulari <leo@famulari.name>
|
||||
;;; Copyright © 2017, 2019, 2020 Marius Bakke <mbakke@fastmail.com>
|
||||
;;; Copyright © 2017, 2019, 2020, 2022 Marius Bakke <marius@gnu.org>
|
||||
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;; Copyright © 2018 Roel Janssen <roel@gnu.org>
|
||||
@ -63,6 +63,7 @@
|
||||
(package
|
||||
(name "curl")
|
||||
(version "7.79.1")
|
||||
(replacement curl-7.84.0)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://curl.se/download/curl-"
|
||||
@ -139,6 +140,20 @@ tunneling, and so on.")
|
||||
"See COPYING in the distribution."))
|
||||
(home-page "https://curl.haxx.se/")))
|
||||
|
||||
;; Replacement package with fixes for multiple vulnerabilities.
|
||||
;; See <https://curl.se/docs/security.html>.
|
||||
(define curl-7.84.0
|
||||
(package
|
||||
(inherit curl)
|
||||
(version "7.84.0")
|
||||
(source (origin
|
||||
(inherit (package-source curl))
|
||||
(uri (string-append "https://curl.se/download/curl-"
|
||||
version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d"))))))
|
||||
|
||||
(define-public curl-minimal
|
||||
(deprecated-package "curl-minimal" curl))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user