gnu: cURL: Update replacement to 7.74.0 [security fixes].

This fixes CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286. * gnu/packages/curl.scm (curl-7.71.0): Rename to ... (curl-7.74.0): ... this. Update to 7.74.0. (curl)[replacement]: Adjust accordingly.
2024-12-25 22:08:16 -05:00 · 2020-12-12 22:03:37 +01:00 · 2020-12-12 22:03:37 +01:00 · 1adeb74456
commit 1adeb74456
parent ddeec8cad3
1 changed files with 5 additions and 5 deletions
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@ -54,7 +54,7 @@ (define-public curl
  (package
   (name "curl")
   (version "7.69.1")
-   (replacement curl-7.71.0)
+   (replacement curl-7.74.0)
   (source (origin
            (method url-fetch)
            (uri (string-append "https://curl.haxx.se/download/curl-"
@ -171,18 +171,18 @@ (define-public curl-minimal
    (name "curl-minimal")
    (inputs (alist-delete "openldap" (package-inputs curl))))))

-;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177.
-(define curl-7.71.0
+;; Replacement package to fix multiple security vulnerabilities.
+(define curl-7.74.0
  (package
    (inherit curl)
-    (version "7.71.0")
+    (version "7.74.0")
    (source (origin
              (inherit (package-source curl))
              (uri (string-append "https://curl.haxx.se/download/curl-"
                                  version ".tar.xz"))
              (sha256
               (base32
-                "0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
+                "12w7gskrglg6qrmp822j37fmbr0icrcxv7rib1fy5xiw80n5z7cr"))))
    (arguments
     (substitute-keyword-arguments (package-arguments curl)
       ((#:phases phases)