guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#28027] curl security update [was Re: bug#28027: gnURL 7.55.0]

From: ng0
Subject: [bug#28027] curl security update [was Re: bug#28027: gnURL 7.55.0]
Date: Wed, 9 Aug 2017 20:05:23 +0000 
Leo Famulari transcribed 3.7K bytes:
> On Wed, Aug 09, 2017 at 02:50:07PM -0400, Leo Famulari wrote:
> > On Wed, Aug 09, 2017 at 01:48:42PM -0400, Leo Famulari wrote:
> > > On Wed, Aug 09, 2017 at 06:25:39PM +0200, Tobias Geerinckx-Rice wrote:
> > > > ng0 wrote on 09/08/17 at 18:00:
> > > > > From 13129d51ac4dd5ac7f5e7b74997297139a40be12 Mon Sep 17 00:00:00 2001
> > > > > From: ng0 <address@hidden>
> > > > > Date: Wed, 9 Aug 2017 15:58:43 +0000
> > > > > Subject: [PATCH] gnu: gnurl: Update to 7.55.0.
> > > > > 
> > > > > * gnu/packages/gnunet.scm (gnurl): Update to 7.55.0.
> > > > 
> > > > Thanks! Pushed as 28e12d6c81cef2aca7f792f3c99037a649faa9b0.
> > > 
> > > Great! Can somebody also update the curl replacement?
> > 
> > Actually, I'll do it :)
> 
> With the attached patch, it fails to build, because the man 3 pages
> aren't built and thus can't be copied into the doc output. I'm not sure
> what's going on :/

As written on IRC: Take a look at the 2 commits after tagged 7.55.0,
if you apply both you will have a successful build. I did this manually
(by hand, not taking the commits) for gnURL release.

> From 08c84864837fdc6ca44633a05cb2ba166391a063 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Wed, 9 Aug 2017 14:42:21 -0400
> Subject: [PATCH] gnu: curl: Update to 7.55.0 [fixes
>  CVE-2017-{1000100,1000101,1000099}].
> 
> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.55.0.
> (curl-7.54.1): Replace with ...
> (curl-7.55): ... new variable.
> ---
>  gnu/packages/curl.scm | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index a9f219b62..82e80bf8f 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -40,7 +40,7 @@
>  (define-public curl
>    (package
>     (name "curl")
> -   (replacement curl-7.54.1)
> +   (replacement curl-7.55)
>     (version "7.53.0")
>     (source (origin
>              (method url-fetch)
> @@ -121,15 +121,15 @@ tunneling, and so on.")
>                                    "See COPYING in the distribution."))
>     (home-page "https://curl.haxx.se/";)))
>  
> -(define curl-7.54.1
> +(define curl-7.55
>    (package
>      (inherit curl)
> -    (version "7.54.1")
> +    (version "7.55.0")
>      (source
>        (origin
>          (method url-fetch)
>          (uri (string-append "https://curl.haxx.se/download/curl-";
> -                            version ".tar.lzma"))
> +                            version ".tar.xz"))
>          (sha256
>           (base32
> -          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
> +          "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))))
> -- 
> 2.14.0
> 




-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]