From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57355)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzrIr-0002wL-Lh
	for guix-patches@gnu.org; Wed, 04 Oct 2017 17:34:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzrIo-00060v-G3
	for guix-patches@gnu.org; Wed, 04 Oct 2017 17:34:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:40730)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dzrIo-00060O-Bc
	for guix-patches@gnu.org; Wed, 04 Oct 2017 17:34:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzrIo-0007XA-4d
	for guix-patches@gnu.org; Wed, 04 Oct 2017 17:34:02 -0400
Subject: [bug#28702] [PATCH] gnu: curl: Update replacement to
	7.56.0.	[security fixes]
Resent-Message-ID: <handler.28702.B28702.150715281028922@debbugs.gnu.org>
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <20171004150145.13595-1-kkebreau@posteo.net>
References: <20171004150145.13595-1-kkebreau@posteo.net>
Date: Wed, 04 Oct 2017 23:33:23 +0200
Message-ID: <87sheyd2e4.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Kei Kebreau <kkebreau@posteo.net>, 28702@debbugs.gnu.org

--=-=-=
Content-Type: text/plain

Kei Kebreau <kkebreau@posteo.net> writes:

> Fixes CVE-2017-1000254.
> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>
> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
> (curl-7.55.0): Rename to ...
> (curl-7.56.0): ... this.
> [arguments]: Remove 'fix-Makefile' phase.
> ---
>  gnu/packages/curl.scm | 17 ++---------------
>  1 file changed, 2 insertions(+), 15 deletions(-)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 23606b481..552df5dc3 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -126,25 +126,12 @@ tunneling, and so on.")
>  (define-public curl-7.55.0
>    (package
>      (inherit curl)
> -    (version "7.55.0")
> +    (version "7.56.0")
>      (source
>        (origin
>          (method url-fetch)
>          (uri (string-append "https://curl.haxx.se/download/curl-"
>                              version ".tar.xz"))
> -        (patches (search-patches "curl-bounds-check.patch"))

Please also delete this file and update gnu/local.mk.

LGTM otherwise, thanks!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlnVU6MACgkQoqBt8qM6
VPovcgf/de9ZfKcg7hZW4MkYmRzoIBQn0aqnMa2aK0cSHP17Q/zoyqY1HAjBf+3M
YKlAzklR1jf6BzakYOdpiUc5KeJo0oh9xbOgjh/t9iZ4JRtNV7tcDhR6TtPNVlcf
wJT4euKODs8O7AqPzJ0uYUvFbNXv4A6LpqsbSI5Tbcu6vhfESAsz/uB06QZfNtD1
Dtw9auVkFlPBVsxQ/bjKpyRbJ0jTEu7RbYNrMkpcxoxVSjaeZbi1A7eLHcJGIogf
ttt4TqVGbeNywHOHZ9gxvkCvWO8Oi8WN3jAA6971lHbyvaiVeQ/CKsAUl2Xzdy/V
4eGJ2vait6X/OS++tqFkBSili5OJyw==
=bHLp
-----END PGP SIGNATURE-----
--=-=-=--