From e9acbe6d81d94d027331d457fc12ceb9b1b2a39e Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 8 Dec 2020 17:11:11 +0200 Subject: gnu: json-c: Absorb replacement with security fix. * gnu/packages/web.scm (json-c)[source]: Add patch. [replacement]: Remove. (json-c/fixed): Remove. --- gnu/packages/web.scm | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'gnu/packages/web.scm') diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index ff40743832..163bfa22dc 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -894,7 +894,6 @@ data.") (define-public json-c (package - (replacement json-c/fixed) (name "json-c") (version "0.14") (source (origin @@ -904,7 +903,8 @@ data.") version ".tar.gz")) (sha256 (base32 - "0w381krr99q5a2rypx4g437fa7gzgl82i64sgnrs6g5jr44dwxxk")))) + "0w381krr99q5a2rypx4g437fa7gzgl82i64sgnrs6g5jr44dwxxk")) + (patches (search-patches "json-c-CVE-2020-12762.patch")))) (build-system cmake-build-system) (home-page "https://github.com/json-c/json-c/wiki") (synopsis "JSON implementation in C") @@ -915,15 +915,6 @@ parse JSON-formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159.") (license license:x11))) -(define json-c/fixed - (package - (inherit json-c) - (name "json-c") - (version "0.14") - (source (origin - (inherit (package-source json-c)) - (patches (search-patches "json-c-CVE-2020-12762.patch")))))) - ;; TODO: Remove these old versions when all dependents have been updated. (define-public json-c-0.13 (package -- cgit v1.2.3 From 3eb34c66b42d1fa520a374e9b35a6ce7bd1e8987 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 8 Dec 2020 17:12:44 +0200 Subject: gnu: nghttp2: Update to 1.41.0 and remove replacement. * gnu/packages/web.scm (nghttp2): Update to 1.41.0. [replacement]: Remove. (nghttp2-1.41): Remove. --- gnu/packages/web.scm | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) (limited to 'gnu/packages/web.scm') diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 163bfa22dc..17798c6c1d 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -7435,8 +7435,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") (define-public nghttp2 (package (name "nghttp2") - (version "1.40.0") - (replacement nghttp2-1.41) + (version "1.41.0") (source (origin (method url-fetch) @@ -7445,7 +7444,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") "nghttp2-" version ".tar.xz")) (sha256 (base32 - "0wwhwv7cvi1vxpdjwvg0kpa4jzhszclpnwrwfcw728zz53a47z09")))) + "1hk77vngjmvvzb5y1gi1aqwf6qywrc7yak08zvzb7x81qs6mphmb")))) (build-system gnu-build-system) (outputs (list "out" "lib")) ; only libnghttp2 @@ -7519,20 +7518,6 @@ compressed JSON header blocks. @end itemize\n") (license license:expat))) -(define-public nghttp2-1.41 ;fixes CVE-2020-11080 - (package - (inherit nghttp2) - (version "1.41.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://github.com/nghttp2/nghttp2/" - "releases/download/v" version "/" - "nghttp2-" version ".tar.xz")) - (sha256 - (base32 - "1hk77vngjmvvzb5y1gi1aqwf6qywrc7yak08zvzb7x81qs6mphmb")))))) - (define-public hpcguix-web (let ((commit "9de63562b06b4aef3a3afe5ecb18d3c91e57ee74") (revision "5")) -- cgit v1.2.3