gnu: cURL: Update replacement to 7.74.0 [security fixes].

This fixes CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286.

* gnu/packages/curl.scm (curl-7.71.0): Rename to ...
(curl-7.74.0): ... this.  Update to 7.74.0.
(curl)[replacement]: Adjust accordingly.
This commit is contained in:
Marius Bakke 2020-12-12 22:03:37 +01:00
parent ddeec8cad3
commit 1adeb74456
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA

View file

@ -54,7 +54,7 @@ (define-public curl
(package
(name "curl")
(version "7.69.1")
(replacement curl-7.71.0)
(replacement curl-7.74.0)
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
@ -171,18 +171,18 @@ (define-public curl-minimal
(name "curl-minimal")
(inputs (alist-delete "openldap" (package-inputs curl))))))
;; Replacement package to fix CVE-2020-8169 and CVE-2020-8177.
(define curl-7.71.0
;; Replacement package to fix multiple security vulnerabilities.
(define curl-7.74.0
(package
(inherit curl)
(version "7.71.0")
(version "7.74.0")
(source (origin
(inherit (package-source curl))
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
"0wlppmx9iry8slh4pqcxj7lwc6fqwnlhh9ri2pcym2rx76a8gwfd"))))
"12w7gskrglg6qrmp822j37fmbr0icrcxv7rib1fy5xiw80n5z7cr"))))
(arguments
(substitute-keyword-arguments (package-arguments curl)
((#:phases phases)