01/05: gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-817

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/05: gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-817

From:	guix-commits
Subject:	01/05: gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-8177].
Date:	Wed, 24 Jun 2020 16:12:09 -0400 (EDT)

mbakke pushed a commit to branch master
in repository guix.

commit af91d13385d0f6239a0d7a777d6a72e11a40af2e
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Wed Jun 24 20:24:30 2020 +0200

    gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-8177].
    
    * gnu/packages/curl.scm (curl-7.71.0): New variable.
    (curl)[replacement]: New field.
---
 gnu/packages/curl.scm | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 48d7dd4..bf93639 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -52,6 +52,7 @@
   (package
    (name "curl")
    (version "7.69.1")
+   (replacement curl-7.71.0)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-";
@@ -168,6 +169,31 @@ tunneling, and so on.")
     (name "curl-minimal")
     (inputs (alist-delete "openldap" (package-inputs curl))))))
 
+;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177.
+(define curl-7.71.0
+  (package
+    (inherit curl)
+    (version "7.71.0")
+    (source (origin
+              (inherit (package-source curl))
+              (uri (string-append "https://curl.haxx.se/download/curl-";
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments curl)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (replace 'check
+             (lambda _
+               ;; Test 1510 is now disabled upstream, and the test runner
+               ;; complains that it can not disable a non-existing test.
+               ;; Thus, override the phase to not delete the test.
+               (substitute* "tests/runtests.pl"
+                 (("/bin/sh") (which "sh")))
+               (invoke "make" "-C" "tests" "test")))))))))
+
 (define-public kurly
   (package
     (name "kurly")

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (f9cb49d -> fb77ed2), guix-commits, 2020/06/24
- 02/05: gnu: python-on-guile: Update to 1.2.3.5., guix-commits, 2020/06/24
- 05/05: gnu: Add sideload., guix-commits, 2020/06/24
- 01/05: gnu: cURL: Replace with 7.71.0 [fixes CVE-2020-8169, CVE-2020-8177]., guix-commits <=
- 03/05: gnu: Add photoflare., guix-commits, 2020/06/24
- 04/05: gnu: Add gmic., guix-commits, 2020/06/24

Prev by Date: 05/05: gnu: Add sideload.
Next by Date: 03/05: gnu: Add photoflare.
Previous by thread: 05/05: gnu: Add sideload.
Next by thread: 03/05: gnu: Add photoflare.
Index(es):
- Date
- Thread