diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2020-06-11 18:54:15 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2020-06-11 19:05:05 +0200 |
| commit | ecf92194a55188a9c217d76617378749db063453 (patch) | |
| tree | b6eae2a04cfc49511b4ed9f0d13f72d02a9fe4d0 | |
| parent | 03a70e4c190420e87c0b535285caf8f77260d4ff (diff) | |
| download | guix-ecf92194a55188a9c217d76617378749db063453.tar.gz guix-ecf92194a55188a9c217d76617378749db063453.zip | |
gnu: nghttp2: Replace with version 1.41 [fixes CVE-2020-11080].
* gnu/packages/web.scm (nghttp2-1.41): New variable.
(nghttp2)[replacement]: New field.
| -rw-r--r-- | gnu/packages/web.scm | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 82174c0033..a04d755a83 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -7193,6 +7193,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") (package (name "nghttp2") (version "1.40.0") + (replacement nghttp2-1.41) (source (origin (method url-fetch) @@ -7272,6 +7273,20 @@ compressed JSON header blocks. @end itemize\n") (license license:expat))) +(define-public nghttp2-1.41 ;fixes CVE-2020-11080 + (package + (inherit nghttp2) + (version "1.41.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/nghttp2/nghttp2/" + "releases/download/v" version "/" + "nghttp2-" version ".tar.xz")) + (sha256 + (base32 + "1hk77vngjmvvzb5y1gi1aqwf6qywrc7yak08zvzb7x81qs6mphmb")))))) + (define-public hpcguix-web (let ((commit "9de63562b06b4aef3a3afe5ecb18d3c91e57ee74") (revision "5")) |