gnu: c-ares: Update to 1.17.1 [fixes CVE-2020-8277].

* gnu/packages/adns.scm (c-ares/fixed): New variable. (c-ares)[replacement]: Graft.
2021-03-10 03:52:04 +01:00 · 2021-03-10 03:52:04 +01:00 · 674474f646
parent 852ba914a4
commit 674474f646
1 changed files with 18 additions and 0 deletions
--- a/gnu/packages/adns.scm
+++ b/gnu/packages/adns.scm
@ -74,6 +74,7 @@ (define-public c-ares
              (sha256
               (base32
                "129sm0wzij0mp8vdv68v18hnykcjb6ivi66wnqnnw598q7bql1fy"))))
+    (replacement c-ares/fixed)
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
@ -87,6 +88,23 @@ (define-public c-ares
 multiple clients and programs with graphical user interfaces.")
    (license (x11-style "https://c-ares.haxx.se/license.html"))))

+(define-public c-ares/fixed
+  (package
+    (inherit c-ares)
+    (name "c-ares")
+    (version "1.17.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://c-ares.haxx.se/download/" name "-" version
+                    ".tar.gz"))
+              (sha256
+               (base32
+                "0h7wjfnk2092glqcp9mqaax7xx0s13m501z1gi0gsjl2vvvd0gfp"))))
+    (arguments
+     `(;; FIXME: Some tests require network access
+       #:tests? #f))))
+
 ;; gRPC requires a c-ares built with CMake in order to get the .cmake modules.
 ;; We can not build c-ares itself with CMake because that would introduce a
 ;; circular dependency through nghttp2.