From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40634)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfXF2-00021O-Fg
	for guix-patches@gnu.org; Wed, 09 Aug 2017 16:06:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfXEy-0006l8-2B
	for guix-patches@gnu.org; Wed, 09 Aug 2017 16:06:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:45010)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dfXEx-0006kz-U5
	for guix-patches@gnu.org; Wed, 09 Aug 2017 16:06:04 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dfXEw-0003V7-2D
	for guix-patches@gnu.org; Wed, 09 Aug 2017 16:06:03 -0400
Subject: [bug#28027] curl security update [was Re: bug#28027: gnURL 7.55.0]
Resent-Message-ID: <handler.28027.B28027.150230914313428@debbugs.gnu.org>
Date: Wed, 9 Aug 2017 20:05:23 +0000
From: ng0 <ng0@infotropique.org>
Message-ID: <20170809200523.i5k5p23ebdcxvouc@abyayala>
References: <20170809160025.2w2theyhhrba4zsd@abyayala>
	<9e3ce4e5-de13-1fbb-5a6f-71d38fa218ce@tobias.gr>
	<20170809174842.GA24193@jasmine.lan>
	<20170809185007.GA1177@jasmine.lan>
	<20170809192008.GA31762@jasmine.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="3z6tikotma6fx6rp"
Content-Disposition: inline
In-Reply-To: <20170809192008.GA31762@jasmine.lan>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: 28027@debbugs.gnu.org


--3z6tikotma6fx6rp
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Leo Famulari transcribed 3.7K bytes:
> On Wed, Aug 09, 2017 at 02:50:07PM -0400, Leo Famulari wrote:
> > On Wed, Aug 09, 2017 at 01:48:42PM -0400, Leo Famulari wrote:
> > > On Wed, Aug 09, 2017 at 06:25:39PM +0200, Tobias Geerinckx-Rice wrote:
> > > > ng0 wrote on 09/08/17 at 18:00:
> > > > > From 13129d51ac4dd5ac7f5e7b74997297139a40be12 Mon Sep 17 00:00:00=
 2001
> > > > > From: ng0 <ng0@infotropique.org>
> > > > > Date: Wed, 9 Aug 2017 15:58:43 +0000
> > > > > Subject: [PATCH] gnu: gnurl: Update to 7.55.0.
> > > > >=20
> > > > > * gnu/packages/gnunet.scm (gnurl): Update to 7.55.0.
> > > >=20
> > > > Thanks! Pushed as 28e12d6c81cef2aca7f792f3c99037a649faa9b0.
> > >=20
> > > Great! Can somebody also update the curl replacement?
> >=20
> > Actually, I'll do it :)
>=20
> With the attached patch, it fails to build, because the man 3 pages
> aren't built and thus can't be copied into the doc output. I'm not sure
> what's going on :/

As written on IRC: Take a look at the 2 commits after tagged 7.55.0,
if you apply both you will have a successful build. I did this manually
(by hand, not taking the commits) for gnURL release.

> From 08c84864837fdc6ca44633a05cb2ba166391a063 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Wed, 9 Aug 2017 14:42:21 -0400
> Subject: [PATCH] gnu: curl: Update to 7.55.0 [fixes
>  CVE-2017-{1000100,1000101,1000099}].
>=20
> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.55.0.
> (curl-7.54.1): Replace with ...
> (curl-7.55): ... new variable.
> ---
>  gnu/packages/curl.scm | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>=20
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index a9f219b62..82e80bf8f 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -40,7 +40,7 @@
>  (define-public curl
>    (package
>     (name "curl")
> -   (replacement curl-7.54.1)
> +   (replacement curl-7.55)
>     (version "7.53.0")
>     (source (origin
>              (method url-fetch)
> @@ -121,15 +121,15 @@ tunneling, and so on.")
>                                    "See COPYING in the distribution."))
>     (home-page "https://curl.haxx.se/")))
> =20
> -(define curl-7.54.1
> +(define curl-7.55
>    (package
>      (inherit curl)
> -    (version "7.54.1")
> +    (version "7.55.0")
>      (source
>        (origin
>          (method url-fetch)
>          (uri (string-append "https://curl.haxx.se/download/curl-"
> -                            version ".tar.lzma"))
> +                            version ".tar.xz"))
>          (sha256
>           (base32
> -          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
> +          "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))))
> --=20
> 2.14.0
>=20




--=20
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

--3z6tikotma6fx6rp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlmLawMACgkQ4i+bv+40
hYhFxA//RD0kVwC0IoWBucg66FD0hGS+4hEzPERKhij5LydhLYL/KE05QPfsnv1V
xRh3B5SuQkDzTILNS6WJiACjhuCIunuUfC6OX8kzOiTAuAdwA9MVZN49J9SHRtlb
mN8togbjUp7SBMOKAdUXjWni7E+FcjDAbKzhhDNX60KulsuhIvsjNJ6yZNtrlFDI
Kh+iYGVLcXeH+DwrsmO9rKJrvIFQRuteI4B9MOfcEu8p52ViE1bTYwlduNmQ/BQ7
NXrpIIWuKD9RLZpYets2kG74/drE5QP9xZd8oaYk+/o0XfjYFR5NcSSIpV0miiMi
LjOlMiklIe2b9kPpkSPFb+omAYFGOmh1fmx9bJ7UrJNsF93wmLCAF8r29CS9YKXO
/l1vN8M16F80VEM3ioOh5jNjWPtq6uGiHxIRPxcM3v9SVQFv2klgd96h1J/vmgvn
eA5QyTqC5q/ElqypOenIFLejIMAfJ1e4jQ8tqgFZzLqn3grRQHb67JGNOo+5s+pY
8L6BYFmkZ67HGML1pd5LNwLQsmxjH1mOYR8/E+fcmPbc2GPiz01IWM4GcXa5MtAq
WCpYCS/M88zhsRN+Z5s5blzFAtVWrAnG60fMKJpkPU26TtAjmuU6kY2fh0zmmDJz
dDUSBBet20dQHpJ6h4h0w7ALXjMIzTrAkSjeHpCPieCcNXiQbeI=
=cS4s
-----END PGP SIGNATURE-----

--3z6tikotma6fx6rp--