gnu: nghttp2: Replace with 1.57.0.

This release mitigates CVE-2023-44487.

* gnu/packages/web.scm (nghttp2-1.57): New variable.
(nghttp2)[replacement]: Use it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b1cdfda862..66d09700db 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7959,6 +7959,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
   (package
     (name "nghttp2")
     (version "1.49.0")
+    (replacement nghttp2-1.57)
     (source
      (origin
        (method url-fetch)
@@ -8069,6 +8070,19 @@ compressed JSON header blocks.
                    (("print \\(ver >= '3\\.8'\\)")
                     "print (tuple(map(int, ver.split('.'))) >= (3,8))")))))))))))
 
+(define-public nghttp2-1.57
+  (package
+    (inherit nghttp2)
+    (version "1.57.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/nghttp2/nghttp2/"
+                                  "releases/download/v" version "/"
+                                  "nghttp2-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0n598w7w8rqdqiay2fad3a11253hibakan5c4vjkpx09648v044j"))))))
+
 (define-public hpcguix-web
   (package
     (name "hpcguix-web")