amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: libssh2: Update to 1.7.0 [fixes CVE-2016-0787].

Browse source 
* gnu/packages/ssh.scm (libssh2): Update to 1.7.0.
  (libssh2-1.4): New variable.
* gnu/packages/curl.scm (curl)[inputs]: Use libssh4-1.4.

Modified-By: Mark H Weaver <mhw@netris.org>
This commit is contained in:
Leo Famulari 2016-02-24 15:57:30 -05:00 committed by Mark H Weaver
parent c8e26887ed
commit 78d80c5c6a
2 changed files with 34 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
gnu/packages/curl.scm
View file

@ -54,7 +54,16 @@
(inputs `(("gnutls" ,gnutls)
("gss" ,gss)
("libidn" ,libidn)
("libssh2" ,libssh2)
;; XXX libssh2-1.4 is a temporary package for use only by curl,
;; to allow most users of libssh2 to get the security update for
;; CVE-2016-7087 while postponing the large number of rebuilds
;; entailed by updating curl. Soon, curl should be updated to
;; use the latest libssh2 and libssh2-1.4 should be removed.
;; XXX libssh2-1.4 is vulnerable to CVE-2016-0787.
("libssh2" ,libssh2-1.4)
("openldap" ,openldap)
("zlib" ,zlib)))
(native-inputs