gnu: curl: Update to 7.76.0 [security fixes].

Fixes CVE-2021-22876 and CVE-2021-22890. * gnu/packages/curl.scm (curl/fixed): New variable. (curl)[replacement]: New field. * gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
2025-10-02 02:15:12 +00:00 · 2021-04-02 21:33:02 +02:00 · 2021-04-02 21:33:02 +02:00 · f4dc8ac6df
commit f4dc8ac6df
parent 591c930337
3 changed files with 80 additions and 0 deletions
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@ -62,6 +62,7 @@
              (base32
               "12w7gskrglg6qrmp822j37fmbr0icrcxv7rib1fy5xiw80n5z7cr"))
             (patches (search-patches "curl-use-ssl-cert-env.patch"))))
+   (replacement curl/fixed)
   (build-system gnu-build-system)
   (outputs '("out"
              "doc"))                             ;1.2 MiB of man3 pages
@ -151,6 +152,20 @@ tunneling, and so on.")
    (name "curl-minimal")
    (inputs (alist-delete "openldap" (package-inputs curl))))))

+(define-public curl/fixed
+  (package
+    (inherit curl)
+    (version "7.76.0")
+    (source
+     (origin
+       (inherit (package-source curl))
+       (uri (string-append "https://curl.haxx.se/download/curl-"
+                           version ".tar.xz"))
+       (patches (search-patches "curl-7.76-use-ssl-cert-env.patch"))
+       (sha256
+        (base32
+         "1j2g04m6als6hmqzvddv84c31m0x90bfgyz3bjrwdkarbkby40k3"))))))
+
 (define-public kurly
  (package
    (name "kurly")