GNU bug report logs - #66359
[PATCH] gnu: curl: Update to 8.3.0.

Previous Next

Package: guix-patches;

Reported by: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Date: Thu, 5 Oct 2023 06:16:02 UTC

Severity: normal

Tags: patch

Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 66359 <at> debbugs.gnu.org (full text, mbox):

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Cc: 66359 <at> debbugs.gnu.org
Subject: Re: [bug#66359] [PATCH] gnu: curl: Update to 8.3.0.
Date: Thu, 5 Oct 2023 10:19:16 +0300

[Message part 1 (text/plain, inline)]
On Thu, Oct 05, 2023 at 08:11:34AM +0200, Liliana Marie Prikler wrote:
> According to upstream, the current version has 19 security issues.
> See also <https://curl.se/docs/vuln-7.85.0.html>.
> 
> * gnu/packages/curl.scm (curl/fixed): New variable.
> (curl): Use it as replacement.
> ---
>  gnu/packages/curl.scm | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 4e3c563570..dd612ce356 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -65,6 +65,7 @@ (define-public curl
>    (package
>      (name "curl")
>      (version "7.85.0")
> +    (replacement curl/fixed)
>      (source (origin
>                (method url-fetch)
>                (uri (string-append "https://curl.se/download/curl-"
> @@ -154,6 +155,20 @@ (define-public curl
>                                     "See COPYING in the distribution."))
>      (home-page "https://curl.haxx.se/")))
>  
> +(define curl/fixed
> +  (let ((%version "8.3.0"))
> +    (package
> +      (inherit curl)
> +      (version "8.3.0-0")               ; add -0 for grafting

'7.85.0' is 6 characters, bit '8.3.0-0' is 7 characters. I think I'd go
with '8.3.0A' to keep with previous (tribal knowledge) version mangling
schemes.

> +      (source (origin
> +                (method url-fetch)
> +                (uri (string-append "https://curl.se/download/curl-"
> +                                    %version ".tar.xz"))
> +                (sha256
> +                 (base32
> +                  "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p"))
> +                (patches (search-patches "curl-use-ssl-cert-env.patch")))))))
> +
>  (define-public curl-ssh
>    (package/inherit curl
>      (arguments
> 
> base-commit: e71864793021051cff35597abd59bb2d5649977d
> -- 
> 2.41.0

Once the version string is the same length (your choice how!) then LGTM!

-- 
Efraim Flashner   <efraim <at> flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 284 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.