From 6f9bbbafd4cc857c2b093f3cced6df2e45f56aab Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 9 Aug 2017 21:04:04 +0200
Subject: [PATCH] gnu: curl: Replace with 7.55.0 [security fixes].

Fixes CVE-2017-1000099, CVE-2017-1000100, and CVE-2017-100101.
See <https://curl.haxx.se/docs/security.html> for details.

* gnu/packages/curl.scm (curl)[replacement]: New field.
(curl-7.55.0): New variable.
---
 gnu/packages/curl.scm | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index a9f219b62..d6e32e438 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
@@ -40,7 +42,7 @@
 (define-public curl
   (package
    (name "curl")
-   (replacement curl-7.54.1)
+   (replacement curl-7.55.0)
    (version "7.53.0")
    (source (origin
             (method url-fetch)
@@ -121,15 +123,27 @@ tunneling, and so on.")
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
 
-(define curl-7.54.1
+(define-public curl-7.55.0
   (package
     (inherit curl)
-    (version "7.54.1")
+    (version "7.55.0")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "https://curl.haxx.se/download/curl-"
-                            version ".tar.lzma"))
+                            version ".tar.xz"))
         (sha256
          (base32
-          "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib"))))))
+          "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
+    (arguments
+     `(,@(substitute-keyword-arguments (package-arguments curl)
+           ((#:phases phases)
+            `(modify-phases ,phases
+               (add-before 'install 'fix-Makefile
+                 ;; Fix a regression in 7.55.0 where docs are not installed.
+                 ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
+                 (lambda _
+                   (substitute* "Makefile"
+                     (("install-data-hook:\n")
+                      "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
+                   #t)))))))))
-- 
2.14.0