From 1adeb744560af94687eb7c3780c7145c52674070 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Sat, 12 Dec 2020 22:03:37 +0100
Subject: gnu: cURL: Update replacement to 7.74.0 [security fixes].

This fixes CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.

* gnu/packages/curl.scm (curl-7.71.0): Rename to ...
(curl-7.74.0): ... this.  Update to 7.74.0.
(curl)[replacement]: Adjust accordingly.
---
 gnu/packages/curl.scm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'gnu/packages/curl.scm')

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 55b7e4393b..33a2188d70 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -54,7 +54,7 @@
   (package
    (name "curl")
    (version "7.69.1")
-   (replacement curl-7.71.0)
+   (replacement curl-7.74.0)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
@@ -171,18 +171,18 @@ tunneling, and so on.")
     (name "curl-minimal")
     (inputs (alist-delete "openldap" (package-inputs curl))))))
 
-;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177.
-(define curl-7.71.0
+;; Replacement package to fix multiple security vulnerabilities.
+(define curl-7.74.0
   (package
     (inherit curl)
-    (version "7.71.0")
+    (version "7.74.0")
     (source (origin
               (inherit (package-source curl))
               (uri (string-append "https://curl.haxx.se/download/curl-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
+                "12w7gskrglg6qrmp822j37fmbr0icrcxv7rib1fy5xiw80n5z7cr"))))
     (arguments
      (substitute-keyword-arguments (package-arguments curl)
        ((#:phases phases)
-- 
cgit v1.2.3