From unknown Tue Jun 24 05:11:08 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] Resent-From: Kei Kebreau Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 04 Oct 2017 15:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28702 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 28702@debbugs.gnu.org Cc: Kei Kebreau X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150712935416880 (code B ref -1); Wed, 04 Oct 2017 15:03:01 +0000 Received: (at submit) by debbugs.gnu.org; 4 Oct 2017 15:02:34 +0000 Received: from localhost ([127.0.0.1]:49045 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlBy-0004OC-Do for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:34 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33890) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlBw-0004Nx-P7 for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dzlBm-0004Fl-OR for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58469) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dzlBm-0004Fh-L3 for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53092) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dzlBl-0003Yo-4a for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dzlBf-00049u-2G for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:21 -0400 Received: from mout02.posteo.de ([185.67.36.66]:50922) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dzlBe-00049O-S7 for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:14 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 001B820D50 for ; Wed, 4 Oct 2017 17:02:12 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3y6fJL6F1rz10Ht; Wed, 4 Oct 2017 17:02:08 +0200 (CEST) From: Kei Kebreau Date: Wed, 4 Oct 2017 11:01:45 -0400 Message-Id: <20171004150145.13595-1-kkebreau@posteo.net> X-Mailer: git-send-email 2.14.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. --- gnu/packages/curl.scm | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b481..552df5dc3 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -126,25 +126,12 @@ tunneling, and so on.") (define-public curl-7.55.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) -- 2.14.2 From unknown Tue Jun 24 05:11:08 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] References: <20171004150145.13595-1-kkebreau@posteo.net> In-Reply-To: <20171004150145.13595-1-kkebreau@posteo.net> Resent-From: Kei Kebreau Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 04 Oct 2017 15:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28702 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 28702@debbugs.gnu.org Cc: Kei Kebreau X-Debbugs-Original-To: guix-patches@gnu.org, 28702@debbugs.gnu.org Received: via spool by 28702-submit@debbugs.gnu.org id=B28702.150713070019041 (code B ref 28702); Wed, 04 Oct 2017 15:25:01 +0000 Received: (at 28702) by debbugs.gnu.org; 4 Oct 2017 15:25:00 +0000 Received: from localhost ([127.0.0.1]:49074 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlXg-0004x3-BO for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:25:00 -0400 Received: from mout02.posteo.de ([185.67.36.66]:49911) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlXe-0004wh-QU for 28702@debbugs.gnu.org; Wed, 04 Oct 2017 11:24:59 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 9ECE220AE9 for <28702@debbugs.gnu.org>; Wed, 4 Oct 2017 17:24:51 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3y6fpT2tJXz10HY; Wed, 4 Oct 2017 17:24:49 +0200 (CEST) From: Kei Kebreau Date: Wed, 4 Oct 2017 11:24:27 -0400 Message-Id: <20171004152427.14012-1-kkebreau@posteo.net> X-Mailer: git-send-email 2.14.2 X-Spam-Score: -5.1 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. --- gnu/packages/curl.scm | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b481..ef1b6c74b 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,7 +42,7 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) + (replacement curl-7.56.0) (version "7.54.1") (source (origin (method url-fetch) @@ -123,28 +123,15 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.55.0 +(define-public curl-7.56.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) -- 2.14.2 From unknown Tue Jun 24 05:11:08 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 04 Oct 2017 21:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28702 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Kei Kebreau , 28702@debbugs.gnu.org Cc: Kei Kebreau Received: via spool by 28702-submit@debbugs.gnu.org id=B28702.150715281028922 (code B ref 28702); Wed, 04 Oct 2017 21:34:02 +0000 Received: (at 28702) by debbugs.gnu.org; 4 Oct 2017 21:33:30 +0000 Received: from localhost ([127.0.0.1]:49410 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzrII-0007WQ-6o for submit@debbugs.gnu.org; Wed, 04 Oct 2017 17:33:30 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:51905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzrID-0007WD-Rp for 28702@debbugs.gnu.org; Wed, 04 Oct 2017 17:33:28 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B72E320B11; Wed, 4 Oct 2017 17:33:25 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Wed, 04 Oct 2017 17:33:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=rbkRwjgyB0AlLQXStDE53icbVYgDD84oOYsqQ4Scl fM=; b=FvmBTYsmmadBE3FNWR7k8lgrqAca3zzsVCkDR73BHNTicP8azPo958CND DjSycKRp2MgZ878iYVVxxWSG16dnXVxzXZTcfPqk0y7cdKiS/sPJ3XcC30m9OeIa jHbbxsV623EFHRibA9i08FQjQNN8750GYNuoTcIC9dJJuaPnolgDYTyM1kg+B685 +VlIYZF/HiLO2mWpstVGBcnxu8+mICiJacgJqq9pQFOEIKFxO1ngmoVXP1Kgr7Zu moOzeBCWScGCd2mUYU+x0v+N00b4o2ysVbLUZ1BInkZIdHvu6p7KR70VTX4ZItri ee6fckQo5jBG/pUTU16bIJIHnnTmg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=rbkRwjgyB0AlLQXStD E53icbVYgDD84oOYsqQ4SclfM=; b=kQP29vIgCqbVE+B9+GiYGfpDpXOurvP0nA bnhu41qyxU/i9vrhojIHlF4i5fFpbiwRDkQy9fG2XL4usTGgcHw8thFF0AshtWgy pdOMFs3A3MnGhpy3daFxeGo6B2+eH8bMVEBFhS85R3o2mBeRtazgrBUIxkf6iuKM xp0SlM0hQUj3AL2pn8vY0D99OnMfkbfGuhi4G0tgBNPjx89klru1XNwYl+Zkuzg4 pKh/WtD5H8Aa8Ed6IEh8YD9Th0zA7yZCwRkXJmnvVHHDpWgXWFGmxZd0XkVWUmpP Kj55mHA+z0gmoG2h8EOEtf/mcT7NRWOG8KmKCOr6YMkzHw2966Bw== X-ME-Sender: X-Sasl-enc: +LEucko6odGAmLJfA+JH2qAC5kGxiQFAccThsgoN/YWv 1507152805 Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id 46C0A7FA82; Wed, 4 Oct 2017 17:33:25 -0400 (EDT) From: Marius Bakke In-Reply-To: <20171004150145.13595-1-kkebreau@posteo.net> References: <20171004150145.13595-1-kkebreau@posteo.net> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Wed, 04 Oct 2017 23:33:23 +0200 Message-ID: <87sheyd2e4.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Kei Kebreau writes: > Fixes CVE-2017-1000254. > See for details. > > * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. > (curl-7.55.0): Rename to ... > (curl-7.56.0): ... this. > [arguments]: Remove 'fix-Makefile' phase. > --- > gnu/packages/curl.scm | 17 ++--------------- > 1 file changed, 2 insertions(+), 15 deletions(-) > > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 23606b481..552df5dc3 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -126,25 +126,12 @@ tunneling, and so on.") > (define-public curl-7.55.0 > (package > (inherit curl) > - (version "7.55.0") > + (version "7.56.0") > (source > (origin > (method url-fetch) > (uri (string-append "https://curl.haxx.se/download/curl-" > version ".tar.xz")) > - (patches (search-patches "curl-bounds-check.patch")) Please also delete this file and update gnu/local.mk. LGTM otherwise, thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlnVU6MACgkQoqBt8qM6 VPovcgf/de9ZfKcg7hZW4MkYmRzoIBQn0aqnMa2aK0cSHP17Q/zoyqY1HAjBf+3M YKlAzklR1jf6BzakYOdpiUc5KeJo0oh9xbOgjh/t9iZ4JRtNV7tcDhR6TtPNVlcf wJT4euKODs8O7AqPzJ0uYUvFbNXv4A6LpqsbSI5Tbcu6vhfESAsz/uB06QZfNtD1 Dtw9auVkFlPBVsxQ/bjKpyRbJ0jTEu7RbYNrMkpcxoxVSjaeZbi1A7eLHcJGIogf ttt4TqVGbeNywHOHZ9gxvkCvWO8Oi8WN3jAA6971lHbyvaiVeQ/CKsAUl2Xzdy/V 4eGJ2vait6X/OS++tqFkBSili5OJyw== =bHLp -----END PGP SIGNATURE----- --=-=-=-- From unknown Tue Jun 24 05:11:08 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Kei Kebreau Subject: bug#28702: closed (Re: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes]) Message-ID: References: <87vajuxz45.fsf@posteo.net> <20171004150145.13595-1-kkebreau@posteo.net> X-Gnu-PR-Message: they-closed 28702 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 28702@debbugs.gnu.org Date: Wed, 04 Oct 2017 23:39:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1507160342-8190-1" This is a multi-part message in MIME format... ------------=_1507160342-8190-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #28702: [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 28702@debbugs.gnu.org. --=20 28702: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28702 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1507160342-8190-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 28702-done) by debbugs.gnu.org; 4 Oct 2017 23:38:50 +0000 Received: from localhost ([127.0.0.1]:49474 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dztFZ-00027i-Rx for submit@debbugs.gnu.org; Wed, 04 Oct 2017 19:38:50 -0400 Received: from mout02.posteo.de ([185.67.36.66]:55411) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dztFV-00027O-Fl for 28702-done@debbugs.gnu.org; Wed, 04 Oct 2017 19:38:47 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 58F4020C05 for <28702-done@debbugs.gnu.org>; Thu, 5 Oct 2017 01:38:38 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3y6smD5SNPz107j; Thu, 5 Oct 2017 01:38:36 +0200 (CEST) From: Kei Kebreau To: Marius Bakke Subject: Re: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] References: <20171004150145.13595-1-kkebreau@posteo.net> <87sheyd2e4.fsf@fastmail.com> Date: Wed, 04 Oct 2017 19:38:34 -0400 In-Reply-To: <87sheyd2e4.fsf@fastmail.com> (Marius Bakke's message of "Wed, 04 Oct 2017 23:33:23 +0200") Message-ID: <87vajuxz45.fsf@posteo.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -5.1 (-----) X-Debbugs-Envelope-To: 28702-done Cc: 28702-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) --=-=-= Content-Type: text/plain Marius Bakke writes: > Kei Kebreau writes: > >> Fixes CVE-2017-1000254. >> See for details. >> >> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. >> (curl-7.55.0): Rename to ... >> (curl-7.56.0): ... this. >> [arguments]: Remove 'fix-Makefile' phase. >> --- >> gnu/packages/curl.scm | 17 ++--------------- >> 1 file changed, 2 insertions(+), 15 deletions(-) >> >> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >> index 23606b481..552df5dc3 100644 >> --- a/gnu/packages/curl.scm >> +++ b/gnu/packages/curl.scm >> @@ -126,25 +126,12 @@ tunneling, and so on.") >> (define-public curl-7.55.0 >> (package >> (inherit curl) >> - (version "7.55.0") >> + (version "7.56.0") >> (source >> (origin >> (method url-fetch) >> (uri (string-append "https://curl.haxx.se/download/curl-" >> version ".tar.xz")) >> - (patches (search-patches "curl-bounds-check.patch")) > > Please also delete this file and update gnu/local.mk. > > LGTM otherwise, thanks! Thanks for reviewing this. Pushed to master as 46cf31868c1b12eec50bc9b8dda64604dd81f986. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlnVcPoACgkQ5qXuPBlG eg28Ew//QUuJxkUmcUsHXLbP0j6aU4xjJI1VBWCN/kWX0ulaZ0bVUhd9nwI84LTW 87onB2BClRc+iAyIj88oQubstTIMCsTXs5Gx0XQ6r6qxwhWalUmI3MkMRSfV3Up4 GzD9lBZz8bumEK8pT3t8hQtXTKUlWgrO4C/ADllFRjXUjSTff+SvgZBUm3Ieb3dB ooEcZSCtEP3cfQjoAgE4thrK91nHlD/jf9FyuYSNGUaMzDN88E5wmzxZkR3cNIiD fdCGnAqQWdL52Z7PIW4Sz8y4MRjFot3tCz5m6G240AaNWMUEhjwR0o1QNpmMQVxh 3FQV5K8zUk8R5jTIAXoJCScehjxnbjqQUOLdQTSSKDvDpoBtVYtMk0xsLL/MF9G0 VaD0b7PbA7Qv8TA8hgDvQEgzbD7YzGX6zKiMEZHitwRhUt0TQfXxP64amKnIyLMZ GcsWUDpWABV0U5oxmluuas8yezPbiYOQaLQToHvBpdBsKFblhpM4Ocy+XhBXcDMg +ZuyqgibryoDuD1hboGgWeuYmz2vBZZRGEJgOCMNAmdMfA1LryBrj1R8NZM4FTxq QYoyfaDcOy10wO5BPEkwTzMZEDPgtUCXp2t3ws4S2Q747wFcrEK2/Gu60w9NBYAt VIE9hj+aCsQ6ekKlkZhgf8tfOMXwt7oF6KjCdeeJwXN6qrinWnw= =wbR/ -----END PGP SIGNATURE----- --=-=-=-- ------------=_1507160342-8190-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 4 Oct 2017 15:02:34 +0000 Received: from localhost ([127.0.0.1]:49045 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlBy-0004OC-Do for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:34 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33890) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dzlBw-0004Nx-P7 for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dzlBm-0004Fl-OR for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58469) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dzlBm-0004Fh-L3 for submit@debbugs.gnu.org; Wed, 04 Oct 2017 11:02:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53092) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dzlBl-0003Yo-4a for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dzlBf-00049u-2G for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:21 -0400 Received: from mout02.posteo.de ([185.67.36.66]:50922) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dzlBe-00049O-S7 for guix-patches@gnu.org; Wed, 04 Oct 2017 11:02:14 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 001B820D50 for ; Wed, 4 Oct 2017 17:02:12 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3y6fJL6F1rz10Ht; Wed, 4 Oct 2017 17:02:08 +0200 (CEST) From: Kei Kebreau To: guix-patches@gnu.org Subject: [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes] Date: Wed, 4 Oct 2017 11:01:45 -0400 Message-Id: <20171004150145.13595-1-kkebreau@posteo.net> X-Mailer: git-send-email 2.14.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. --- gnu/packages/curl.scm | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b481..552df5dc3 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -126,25 +126,12 @@ tunneling, and so on.") (define-public curl-7.55.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) -- 2.14.2 ------------=_1507160342-8190-1--