GNU bug report logs -
#28702
[PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes]
Previous Next
Reported by: Kei Kebreau <kkebreau <at> posteo.net>
Date: Wed, 4 Oct 2017 15:03:01 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kkebreau <at> posteo.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Wed, 04 Oct 2017 19:38:34 -0400
with message-id <87vajuxz45.fsf <at> posteo.net>
and subject line Re: [bug#28702] [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes]
has caused the debbugs.gnu.org bug report #28702,
regarding [PATCH] gnu: curl: Update replacement to 7.56.0. [security fixes]
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
28702: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28702
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Fixes CVE-2017-1000254.
See <https://curl.haxx.se/docs/adv_20171004.html> for details.
* gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
(curl-7.55.0): Rename to ...
(curl-7.56.0): ... this.
[arguments]: Remove 'fix-Makefile' phase.
---
gnu/packages/curl.scm | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 23606b481..552df5dc3 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -126,25 +126,12 @@ tunneling, and so on.")
(define-public curl-7.55.0
(package
(inherit curl)
- (version "7.55.0")
+ (version "7.56.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
- (patches (search-patches "curl-bounds-check.patch"))
(sha256
(base32
- "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
- (arguments
- `(,@(substitute-keyword-arguments (package-arguments curl)
- ((#:phases phases)
- `(modify-phases ,phases
- (add-before 'install 'fix-Makefile
- ;; Fix a regression in 7.55.0 where docs are not installed.
- ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
- (lambda _
- (substitute* "Makefile"
- (("install-data-hook:\n")
- "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
- #t)))))))))
+ "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj"))))))
--
2.14.2
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes:
> Kei Kebreau <kkebreau <at> posteo.net> writes:
>
>> Fixes CVE-2017-1000254.
>> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>>
>> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
>> (curl-7.55.0): Rename to ...
>> (curl-7.56.0): ... this.
>> [arguments]: Remove 'fix-Makefile' phase.
>> ---
>> gnu/packages/curl.scm | 17 ++---------------
>> 1 file changed, 2 insertions(+), 15 deletions(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 23606b481..552df5dc3 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -126,25 +126,12 @@ tunneling, and so on.")
>> (define-public curl-7.55.0
>> (package
>> (inherit curl)
>> - (version "7.55.0")
>> + (version "7.56.0")
>> (source
>> (origin
>> (method url-fetch)
>> (uri (string-append "https://curl.haxx.se/download/curl-"
>> version ".tar.xz"))
>> - (patches (search-patches "curl-bounds-check.patch"))
>
> Please also delete this file and update gnu/local.mk.
>
> LGTM otherwise, thanks!
Thanks for reviewing this.
Pushed to master as 46cf31868c1b12eec50bc9b8dda64604dd81f986.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.