amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: curl: Fix CVE-2024-8096.

Browse source 
* gnu/packages/curl.scm (curl) [replacement]: New field.
(curl/fixed): New variable.
* gnu/packages/patches/curl-CVE-2024-8096.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

Change-Id: I42facad095d97dc94302e9db60626b9fa00f3738
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit is contained in:
Ashish SHUKLA 2024-09-28 01:40:45 +02:00 committed by Maxim Cournoyer
parent 6b8af015b2
commit 7fdda1c4bb
No known key found for this signature in database
GPG key ID: 1260E46482E63562
3 changed files with 212 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
gnu/packages/curl.scm
View file

@ -16,6 +16,7 @@
;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se>
;;;
;;; This file is part of GNU Guix.
;;;
@ -67,6 +68,7 @@
(package
(name "curl")
(version "8.6.0")
(replacement curl/fixed)
(source (origin
(method url-fetch)
(uri (string-append "https://curl.se/download/curl-"
@ -176,6 +178,15 @@ tunneling, and so on.")
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
(define-public curl/fixed
(hidden-package
(package
(inherit curl)
(replacement curl/fixed)
(source (origin
(inherit (package-source curl))
(patches (search-patches "curl-CVE-2024-8096.patch")))))))
(define-public gnurl (deprecated-package "gnurl" curl))
(define-public curl-ssh