aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-06-11 18:54:15 +0200
committerLudovic Courtès <ludo@gnu.org>2020-06-11 19:05:05 +0200
commitecf92194a55188a9c217d76617378749db063453 (patch)
treeb6eae2a04cfc49511b4ed9f0d13f72d02a9fe4d0 /gnu
parent03a70e4c190420e87c0b535285caf8f77260d4ff (diff)
downloadguix-ecf92194a55188a9c217d76617378749db063453.tar.gz
guix-ecf92194a55188a9c217d76617378749db063453.zip
gnu: nghttp2: Replace with version 1.41 [fixes CVE-2020-11080].
* gnu/packages/web.scm (nghttp2-1.41): New variable. (nghttp2)[replacement]: New field.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/web.scm15
1 files changed, 15 insertions, 0 deletions
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 82174c0033..a04d755a83 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7193,6 +7193,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
(package
(name "nghttp2")
(version "1.40.0")
+ (replacement nghttp2-1.41)
(source
(origin
(method url-fetch)
@@ -7272,6 +7273,20 @@ compressed JSON header blocks.
@end itemize\n")
(license license:expat)))
+(define-public nghttp2-1.41 ;fixes CVE-2020-11080
+ (package
+ (inherit nghttp2)
+ (version "1.41.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/nghttp2/nghttp2/"
+ "releases/download/v" version "/"
+ "nghttp2-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1hk77vngjmvvzb5y1gi1aqwf6qywrc7yak08zvzb7x81qs6mphmb"))))))
+
(define-public hpcguix-web
(let ((commit "9de63562b06b4aef3a3afe5ecb18d3c91e57ee74")
(revision "5"))