From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53564)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfWXT-0005Q1-KV
	for guix-patches@gnu.org; Wed, 09 Aug 2017 15:21:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfWXP-0001dx-Cr
	for guix-patches@gnu.org; Wed, 09 Aug 2017 15:21:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:44959)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dfWXO-0001dj-Qw
	for guix-patches@gnu.org; Wed, 09 Aug 2017 15:21:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfWXO-0002MD-Cj
	for guix-patches@gnu.org; Wed, 09 Aug 2017 15:21:02 -0400
Subject: [bug#28027] curl security update [was Re: bug#28027: gnURL 7.55.0]
Resent-Message-ID: <handler.28027.B28027.15023064138986@debbugs.gnu.org>
Date: Wed, 9 Aug 2017 15:20:08 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <20170809192008.GA31762@jasmine.lan>
References: <20170809160025.2w2theyhhrba4zsd@abyayala>
	<9e3ce4e5-de13-1fbb-5a6f-71d38fa218ce@tobias.gr>
	<20170809174842.GA24193@jasmine.lan>
	<20170809185007.GA1177@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx"
Content-Disposition: inline
In-Reply-To: <20170809185007.GA1177@jasmine.lan>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 28027@debbugs.gnu.org, me@tobias.gr, ng0@infotropique.org


--E39vaYmALEf/7YXx
Content-Type: multipart/mixed; boundary="OXfL5xGRrasGEqWY"
Content-Disposition: inline


--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 09, 2017 at 02:50:07PM -0400, Leo Famulari wrote:
> On Wed, Aug 09, 2017 at 01:48:42PM -0400, Leo Famulari wrote:
> > On Wed, Aug 09, 2017 at 06:25:39PM +0200, Tobias Geerinckx-Rice wrote:
> > > ng0 wrote on 09/08/17 at 18:00:
> > > > From 13129d51ac4dd5ac7f5e7b74997297139a40be12 Mon Sep 17 00:00:00 2=
001
> > > > From: ng0 <ng0@infotropique.org>
> > > > Date: Wed, 9 Aug 2017 15:58:43 +0000
> > > > Subject: [PATCH] gnu: gnurl: Update to 7.55.0.
> > > >=20
> > > > * gnu/packages/gnunet.scm (gnurl): Update to 7.55.0.
> > >=20
> > > Thanks! Pushed as 28e12d6c81cef2aca7f792f3c99037a649faa9b0.
> >=20
> > Great! Can somebody also update the curl replacement?
>=20
> Actually, I'll do it :)

With the attached patch, it fails to build, because the man 3 pages
aren't built and thus can't be copied into the doc output. I'm not sure
what's going on :/

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="0001-gnu-curl-Update-to-7.55.0-fixes-CVE-2017-1000100-100.patch"
Content-Transfer-Encoding: quoted-printable

=46rom 08c84864837fdc6ca44633a05cb2ba166391a063 Mon Sep 17 00:00:00 2001
=46rom: Leo Famulari <leo@famulari.name>
Date: Wed, 9 Aug 2017 14:42:21 -0400
Subject: [PATCH] gnu: curl: Update to 7.55.0 [fixes
 CVE-2017-{1000100,1000101,1000099}].

* gnu/packages/curl.scm (curl)[replacement]: Update to 7.55.0.
(curl-7.54.1): Replace with ...
(curl-7.55): ... new variable.
---
 gnu/packages/curl.scm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index a9f219b62..82e80bf8f 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,7 +40,7 @@
 (define-public curl
   (package
    (name "curl")
-   (replacement curl-7.54.1)
+   (replacement curl-7.55)
    (version "7.53.0")
    (source (origin
             (method url-fetch)
@@ -121,15 +121,15 @@ tunneling, and so on.")
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
=20
-(define curl-7.54.1
+(define curl-7.55
   (package
     (inherit curl)
-    (version "7.54.1")
+    (version "7.55.0")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "https://curl.haxx.se/download/curl-"
-                            version ".tar.lzma"))
+                            version ".tar.xz"))
         (sha256
          (base32
-          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
+          "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))))
--=20
2.14.0


--OXfL5xGRrasGEqWY--

--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlmLYGgACgkQJkb6MLrK
fwjrxQ/9GmxlJrrqOX2kYoN/GJ1MO3gEBPupnko9+QvJasUrfS0Rt//+4nZqXhE6
BjNpyrrpPSZHp48pZ9AQiqVqeMcDDmaP+QOSVe3qfTSsGNDGkTTy7eLEKgDTe+LJ
7vPNn81faVBe28ueJkrAq1yYRggYMK71AfnvipotXOpF92OZFm8Tadk1tvCUgs0n
kUFyAPn51YdNDMxgVkKrrlcmRJJ4wU90zLE2RluGYG47OhB8DsIeSHkFWIQL+6ci
VlofOzmBRW2piwKV4SMC/ZgZ1+mB28TwF2H0AAmGUR6kRl2goZp7WNsN4lGu3HUF
4QdbVfvmElPYIYCCa9Oo4wZWXGg5oa+jXzrzlu+uwv81edQzqTxaaQUaX1r/YiFX
21R1barnAlcgcVJDzGeGa2ISVBBPz5SDqSCkxSrhWFc53cQ/bqtVFzswW7LzzGyY
T6rZJ6e9rMgH2iWfpCyg7w07TrZzH5Bq5m+XNnHYkWMziKBf2ncmGsVFXcGcHS9u
sY6xM1JRwQN7sACxNUCpGt7WZ9AqL5lgdpgzJFexgI1f0YAEscF7vvMGP+E+S0ti
gZHleFbYHWc/ySGpusAVDs2wCs3Y87Q5eNldmHBTJyJZcnA4ftD3FcG9qvDVudOW
4UbC/XrTgIxvwhkIppZWMdAj2kmbR/jTYB8VtBuR5aEKRhv6RrM=
=2PVi
-----END PGP SIGNATURE-----

--E39vaYmALEf/7YXx--