From 3fc6709d4285f44d1e861c7b09951adf3073e898 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 Jun 2022 22:06:13 +0200 Subject: gnu: cURL: Replace with 7.84.0 [security fixes]. This fixes CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, and CVE-2022-27782. * gnu/packages/curl.scm (curl)[replacement]: New field. (curl-7.84.0): New private variable. --- gnu/packages/curl.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 91f9ca5c50..e1aa0bd086 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Tomáš Čech ;;; Copyright © 2015, 2020, 2021 Ludovic Courtès ;;; Copyright © 2016, 2017, 2019 Leo Famulari -;;; Copyright © 2017, 2019, 2020 Marius Bakke +;;; Copyright © 2017, 2019, 2020, 2022 Marius Bakke ;;; Copyright © 2017 Efraim Flashner ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Roel Janssen @@ -63,6 +63,7 @@ (package (name "curl") (version "7.79.1") + (replacement curl-7.84.0) (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" @@ -139,6 +140,20 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) +;; Replacement package with fixes for multiple vulnerabilities. +;; See . +(define curl-7.84.0 + (package + (inherit curl) + (version "7.84.0") + (source (origin + (inherit (package-source curl)) + (uri (string-append "https://curl.se/download/curl-" + version ".tar.xz")) + (sha256 + (base32 + "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")))))) + (define-public curl-minimal (deprecated-package "curl-minimal" curl)) -- cgit v1.2.3