GNU bug report logs -
#28702
[PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes]
Previous Next
Reported by: Kei Kebreau <kkebreau <at> posteo.net>
Date: Wed, 4 Oct 2017 15:03:01 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kkebreau <at> posteo.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 28702 in the body.
You can then email your comments to 28702 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#28702; Package
guix-patches.
(Wed, 04 Oct 2017 15:03:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 04 Oct 2017 15:03:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2017-1000254.
See <https://curl.haxx.se/docs/adv_20171004.html> for details.
* gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
(curl-7.55.0): Rename to ...
(curl-7.56.0): ... this.
[arguments]: Remove 'fix-Makefile' phase.
---
gnu/packages/curl.scm | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 23606b481..552df5dc3 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -126,25 +126,12 @@ tunneling, and so on.")
(define-public curl-7.55.0
(package
(inherit curl)
- (version "7.55.0")
+ (version "7.56.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
- (patches (search-patches "curl-bounds-check.patch"))
(sha256
(base32
- "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
- (arguments
- `(,@(substitute-keyword-arguments (package-arguments curl)
- ((#:phases phases)
- `(modify-phases ,phases
- (add-before 'install 'fix-Makefile
- ;; Fix a regression in 7.55.0 where docs are not installed.
- ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
- (lambda _
- (substitute* "Makefile"
- (("install-data-hook:\n")
- "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
- #t)))))))))
+ "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj"))))))
--
2.14.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#28702; Package
guix-patches.
(Wed, 04 Oct 2017 15:25:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 28702 <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2017-1000254.
See <https://curl.haxx.se/docs/adv_20171004.html> for details.
* gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
(curl-7.55.0): Rename to ...
(curl-7.56.0): ... this.
[arguments]: Remove 'fix-Makefile' phase.
---
gnu/packages/curl.scm | 21 ++++-----------------
1 file changed, 4 insertions(+), 17 deletions(-)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 23606b481..ef1b6c74b 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -42,7 +42,7 @@
(define-public curl
(package
(name "curl")
- (replacement curl-7.55.0)
+ (replacement curl-7.56.0)
(version "7.54.1")
(source (origin
(method url-fetch)
@@ -123,28 +123,15 @@ tunneling, and so on.")
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-(define-public curl-7.55.0
+(define-public curl-7.56.0
(package
(inherit curl)
- (version "7.55.0")
+ (version "7.56.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
- (patches (search-patches "curl-bounds-check.patch"))
(sha256
(base32
- "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
- (arguments
- `(,@(substitute-keyword-arguments (package-arguments curl)
- ((#:phases phases)
- `(modify-phases ,phases
- (add-before 'install 'fix-Makefile
- ;; Fix a regression in 7.55.0 where docs are not installed.
- ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
- (lambda _
- (substitute* "Makefile"
- (("install-data-hook:\n")
- "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
- #t)))))))))
+ "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj"))))))
--
2.14.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#28702; Package
guix-patches.
(Wed, 04 Oct 2017 21:34:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 28702 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Kei Kebreau <kkebreau <at> posteo.net> writes:
> Fixes CVE-2017-1000254.
> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>
> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
> (curl-7.55.0): Rename to ...
> (curl-7.56.0): ... this.
> [arguments]: Remove 'fix-Makefile' phase.
> ---
> gnu/packages/curl.scm | 17 ++---------------
> 1 file changed, 2 insertions(+), 15 deletions(-)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 23606b481..552df5dc3 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -126,25 +126,12 @@ tunneling, and so on.")
> (define-public curl-7.55.0
> (package
> (inherit curl)
> - (version "7.55.0")
> + (version "7.56.0")
> (source
> (origin
> (method url-fetch)
> (uri (string-append "https://curl.haxx.se/download/curl-"
> version ".tar.xz"))
> - (patches (search-patches "curl-bounds-check.patch"))
Please also delete this file and update gnu/local.mk.
LGTM otherwise, thanks!
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
You have taken responsibility.
(Wed, 04 Oct 2017 23:39:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
bug acknowledged by developer.
(Wed, 04 Oct 2017 23:39:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 28702-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes:
> Kei Kebreau <kkebreau <at> posteo.net> writes:
>
>> Fixes CVE-2017-1000254.
>> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>>
>> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
>> (curl-7.55.0): Rename to ...
>> (curl-7.56.0): ... this.
>> [arguments]: Remove 'fix-Makefile' phase.
>> ---
>> gnu/packages/curl.scm | 17 ++---------------
>> 1 file changed, 2 insertions(+), 15 deletions(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 23606b481..552df5dc3 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -126,25 +126,12 @@ tunneling, and so on.")
>> (define-public curl-7.55.0
>> (package
>> (inherit curl)
>> - (version "7.55.0")
>> + (version "7.56.0")
>> (source
>> (origin
>> (method url-fetch)
>> (uri (string-append "https://curl.haxx.se/download/curl-"
>> version ".tar.xz"))
>> - (patches (search-patches "curl-bounds-check.patch"))
>
> Please also delete this file and update gnu/local.mk.
>
> LGTM otherwise, thanks!
Thanks for reviewing this.
Pushed to master as 46cf31868c1b12eec50bc9b8dda64604dd81f986.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 02 Nov 2017 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.