GNU bug report logs -
#66359
[PATCH] gnu: curl: Update to 8.3.0.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66359 in the body.
You can then email your comments to 66359 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Thu, 05 Oct 2023 06:16:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Liliana Marie Prikler <liliana.prikler <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 05 Oct 2023 06:16:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
According to upstream, the current version has 19 security issues.
See also <https://curl.se/docs/vuln-7.85.0.html>.
* gnu/packages/curl.scm (curl/fixed): New variable.
(curl): Use it as replacement.
---
gnu/packages/curl.scm | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 4e3c563570..dd612ce356 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -65,6 +65,7 @@ (define-public curl
(package
(name "curl")
(version "7.85.0")
+ (replacement curl/fixed)
(source (origin
(method url-fetch)
(uri (string-append "https://curl.se/download/curl-"
@@ -154,6 +155,20 @@ (define-public curl
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
+(define curl/fixed
+ (let ((%version "8.3.0"))
+ (package
+ (inherit curl)
+ (version "8.3.0-0") ; add -0 for grafting
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://curl.se/download/curl-"
+ %version ".tar.xz"))
+ (sha256
+ (base32
+ "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p"))
+ (patches (search-patches "curl-use-ssl-cert-env.patch")))))))
+
(define-public curl-ssh
(package/inherit curl
(arguments
base-commit: e71864793021051cff35597abd59bb2d5649977d
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Thu, 05 Oct 2023 07:20:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 66359 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Oct 05, 2023 at 08:11:34AM +0200, Liliana Marie Prikler wrote:
> According to upstream, the current version has 19 security issues.
> See also <https://curl.se/docs/vuln-7.85.0.html>.
>
> * gnu/packages/curl.scm (curl/fixed): New variable.
> (curl): Use it as replacement.
> ---
> gnu/packages/curl.scm | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 4e3c563570..dd612ce356 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -65,6 +65,7 @@ (define-public curl
> (package
> (name "curl")
> (version "7.85.0")
> + (replacement curl/fixed)
> (source (origin
> (method url-fetch)
> (uri (string-append "https://curl.se/download/curl-"
> @@ -154,6 +155,20 @@ (define-public curl
> "See COPYING in the distribution."))
> (home-page "https://curl.haxx.se/")))
>
> +(define curl/fixed
> + (let ((%version "8.3.0"))
> + (package
> + (inherit curl)
> + (version "8.3.0-0") ; add -0 for grafting
'7.85.0' is 6 characters, bit '8.3.0-0' is 7 characters. I think I'd go
with '8.3.0A' to keep with previous (tribal knowledge) version mangling
schemes.
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://curl.se/download/curl-"
> + %version ".tar.xz"))
> + (sha256
> + (base32
> + "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p"))
> + (patches (search-patches "curl-use-ssl-cert-env.patch")))))))
> +
> (define-public curl-ssh
> (package/inherit curl
> (arguments
>
> base-commit: e71864793021051cff35597abd59bb2d5649977d
> --
> 2.41.0
Once the version string is the same length (your choice how!) then LGTM!
--
Efraim Flashner <efraim <at> flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Liliana Marie Prikler <liliana.prikler <at> gmail.com>:
You have taken responsibility.
(Thu, 05 Oct 2023 07:45:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Liliana Marie Prikler <liliana.prikler <at> gmail.com>:
bug acknowledged by developer.
(Thu, 05 Oct 2023 07:45:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 66359-done <at> debbugs.gnu.org (full text, mbox):
Am Donnerstag, dem 05.10.2023 um 10:19 +0300 schrieb Efraim Flashner:
> On Thu, Oct 05, 2023 at 08:11:34AM +0200, Liliana Marie Prikler
> wrote:
> > +(define curl/fixed
> > + (let ((%version "8.3.0"))
> > + (package
> > + (inherit curl)
> > + (version "8.3.0-0") ; add -0 for grafting
>
> '7.85.0' is 6 characters, bit '8.3.0-0' is 7 characters. I think I'd
> go with '8.3.0A' to keep with previous (tribal knowledge) version
> mangling schemes.
D'oh.
> > + (source (origin
> > + (method url-fetch)
> > + (uri (string-append
> > "https://curl.se/download/curl-"
> > + %version ".tar.xz"))
> > + (sha256
> > + (base32
> > +
> > "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p"))
> > + (patches (search-patches "curl-use-ssl-cert-
> > env.patch")))))))
> > +
> > (define-public curl-ssh
> > (package/inherit curl
> > (arguments
> >
> > base-commit: e71864793021051cff35597abd59bb2d5649977d
> > --
> > 2.41.0
>
> Once the version string is the same length (your choice how!) then
> LGTM!
I used lowercase 'a' and pushed it.
Chers
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Fri, 06 Oct 2023 08:19:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Thu, 05 Oct 2023 at 08:11, Liliana Marie Prikler <liliana.prikler <at> gmail.com> wrote:
> +(define curl/fixed
> + (let ((%version "8.3.0"))
Naive question, why %version and not version?
> + (package
> + (inherit curl)
> + (version "8.3.0-0") ; add -0 for grafting
> + (source (origin
> + (method url-fetch)
> + (uri (string-append "https://curl.se/download/curl-"
> + %version ".tar.xz"))
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Fri, 06 Oct 2023 08:56:01 GMT)
Full text and
rfc822 format available.
Message #19 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Am Donnerstag, dem 05.10.2023 um 18:26 +0200 schrieb Simon Tournier:
> Hi,
>
> On Thu, 05 Oct 2023 at 08:11, Liliana Marie Prikler
> <liliana.prikler <at> gmail.com> wrote:
>
> > +(define curl/fixed
> > + (let ((%version "8.3.0"))
>
> Naive question, why %version and not version?
Because version gets shadowed by (package …). I could reorder the
fields in a non-standard way, but that'd be even less readable,
therefore the extra variable.
>
Cheers,
Liliana
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Fri, 06 Oct 2023 09:11:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Hi Liliana,
On Fri, 6 Oct 2023 at 10:54, Liliana Marie Prikler
<liliana.prikler <at> gmail.com> wrote:
> > Naive question, why %version and not version?
>
> Because version gets shadowed by (package …). I could reorder the
> fields in a non-standard way, but that'd be even less readable,
> therefore the extra variable.
Ah, I see. Thanks for explaining.
Well, %something is usually for "global" parameters. At least, that
the convention with Guix. Therefore, I would suggest to not use it in
order to avoid confusion.
Why not "this-version"?
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Fri, 06 Oct 2023 09:56:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Am Freitag, dem 06.10.2023 um 11:09 +0200 schrieb Simon Tournier:
> Hi Liliana,
>
> On Fri, 6 Oct 2023 at 10:54, Liliana Marie Prikler
> <liliana.prikler <at> gmail.com> wrote:
>
> > > Naive question, why %version and not version?
> >
> > Because version gets shadowed by (package …). I could reorder the
> > fields in a non-standard way, but that'd be even less readable,
> > therefore the extra variable.
>
> Ah, I see. Thanks for explaining.
>
> Well, %something is usually for "global" parameters. At least, that
> the convention with Guix. Therefore, I would suggest to not use it
> in order to avoid confusion.
As far as I understand %something means "implementation detail" and
*something* means global, important something, but I might be mistaken
about that.
> Why not "this-version"?
Ain't nobody got time to type that.
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Fri, 06 Oct 2023 10:17:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Re,
On Fri, 6 Oct 2023 at 11:55, Liliana Marie Prikler
<liliana.prikler <at> gmail.com> wrote:
> > Well, %something is usually for "global" parameters. At least, that
> > the convention with Guix. Therefore, I would suggest to not use it
> > in order to avoid confusion.
>
> As far as I understand %something means "implementation detail" and
> *something* means global, important something, but I might be mistaken
> about that.
It is not my understanding. I mean, %something is not for symbol in
'let' binding.
Can we ask on #guix? :-)
> > Why not "this-version"?
>
> Ain't nobody got time to type that.
So pick the single letter 'v' ;-)
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Mon, 09 Oct 2023 13:02:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Hi Liliana,
On Fri, 06 Oct 2023 at 11:55, Liliana Marie Prikler <liliana.prikler <at> gmail.com> wrote:
>> Well, %something is usually for "global" parameters. At least, that
>> the convention with Guix. Therefore, I would suggest to not use it
>> in order to avoid confusion.
>
> As far as I understand %something means "implementation detail" and
> *something* means global, important something, but I might be mistaken
> about that.
For your information, what the Cookbook says about %something:
The percentage % is typically used for read-only global
variables in the build stage. Note that it is merely a
convention, like _ in C. Scheme treats % exactly the same as any
other letter.
https://guix.gnu.org/cookbook/en/guix-cookbook.html#A-Scheme-Crash-Course
I think your change using ’%version’ in some let-binding is not
consistent with the rest.
Well, I have seen you already pushed this change. Not an issue at all,
I can easily live with it. :-)
My aim with this message is only to communicate on some practises.
Maybe something should be raised on guix-devel. Well, if you and I,
both spending some time working on Guix do not have the same
understanding for %something, then it means something is poorly
documented somewhere. :-)
WDYT about adding a paragraph about %something under,
https://guix.gnu.org/manual/devel/en/guix.html#Coding-Style
?
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org:
bug#66359; Package
guix-patches.
(Mon, 09 Oct 2023 16:58:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 66359 <at> debbugs.gnu.org (full text, mbox):
Am Montag, dem 09.10.2023 um 14:33 +0200 schrieb Simon Tournier:
> Hi Liliana,
>
> On Fri, 06 Oct 2023 at 11:55, Liliana Marie Prikler
> <liliana.prikler <at> gmail.com> wrote:
>
> > > Well, %something is usually for "global" parameters. At least,
> > > that the convention with Guix. Therefore, I would suggest to not
> > > use it in order to avoid confusion.
> >
> > As far as I understand %something means "implementation detail" and
> > *something* means global, important something, but I might be
> > mistaken about that.
>
> For your information, what the Cookbook says about %something:
>
> The percentage % is typically used for read-only global
> variables in the build stage. Note that it is merely a
> convention, like _ in C. Scheme treats % exactly the same as
> any
> other letter.
>
>
> https://guix.gnu.org/cookbook/en/guix-cookbook.html#A-Scheme-Crash-Course
>
> I think your change using ’%version’ in some let-binding is not
> consistent with the rest.
I don't think my usage of the percent style changes the meaning of
"typically". Our implementation details are typically, but not
exclusively, global variables in the build stage.
> My aim with this message is only to communicate on some practises.
> Maybe something should be raised on guix-devel. Well, if you and I,
> both spending some time working on Guix do not have the same
> understanding for %something, then it means something is poorly
> documented somewhere. :-)
>
> WDYT about adding a paragraph about %something under,
>
> https://guix.gnu.org/manual/devel/en/guix.html#Coding-Style
>
> ?
I'll consider it, but perhaps explaining this within the same cookbook
entry might be a better idea. Regardless of the outcome in Guix Devel,
I don't think that constraining variable names *too* hard is helpful,
though.
Cheers
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 07 Nov 2023 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 227 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.