From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57978)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dztFr-0005fu-GP
	for guix-patches@gnu.org; Wed, 04 Oct 2017 19:39:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dztFm-0003WL-MJ
	for guix-patches@gnu.org; Wed, 04 Oct 2017 19:39:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:40793)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dztFm-0003W2-HL
	for guix-patches@gnu.org; Wed, 04 Oct 2017 19:39:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dztFm-00028B-6v
	for guix-patches@gnu.org; Wed, 04 Oct 2017 19:39:02 -0400
Subject: bug#28702: [PATCH] gnu: curl: Update replacement to 7.56.0.	[security
	fixes]
Resent-To: guix-patches@gnu.org
Resent-Message-ID: <handler.28702.D28702.15071603308171.done@debbugs.gnu.org>
From: Kei Kebreau <kkebreau@posteo.net>
References: <20171004150145.13595-1-kkebreau@posteo.net>
	<87sheyd2e4.fsf@fastmail.com>
Date: Wed, 04 Oct 2017 19:38:34 -0400
In-Reply-To: <87sheyd2e4.fsf@fastmail.com> (Marius Bakke's message of "Wed, 04
	Oct 2017 23:33:23 +0200")
Message-ID: <87vajuxz45.fsf@posteo.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 28702-done@debbugs.gnu.org

--=-=-=
Content-Type: text/plain

Marius Bakke <mbakke@fastmail.com> writes:

> Kei Kebreau <kkebreau@posteo.net> writes:
>
>> Fixes CVE-2017-1000254.
>> See <https://curl.haxx.se/docs/adv_20171004.html> for details.
>>
>> * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
>> (curl-7.55.0): Rename to ...
>> (curl-7.56.0): ... this.
>> [arguments]: Remove 'fix-Makefile' phase.
>> ---
>>  gnu/packages/curl.scm | 17 ++---------------
>>  1 file changed, 2 insertions(+), 15 deletions(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 23606b481..552df5dc3 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -126,25 +126,12 @@ tunneling, and so on.")
>>  (define-public curl-7.55.0
>>    (package
>>      (inherit curl)
>> -    (version "7.55.0")
>> +    (version "7.56.0")
>>      (source
>>        (origin
>>          (method url-fetch)
>>          (uri (string-append "https://curl.haxx.se/download/curl-"
>>                              version ".tar.xz"))
>> -        (patches (search-patches "curl-bounds-check.patch"))
>
> Please also delete this file and update gnu/local.mk.
>
> LGTM otherwise, thanks!

Thanks for reviewing this.
Pushed to master as 46cf31868c1b12eec50bc9b8dda64604dd81f986.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlnVcPoACgkQ5qXuPBlG
eg28Ew//QUuJxkUmcUsHXLbP0j6aU4xjJI1VBWCN/kWX0ulaZ0bVUhd9nwI84LTW
87onB2BClRc+iAyIj88oQubstTIMCsTXs5Gx0XQ6r6qxwhWalUmI3MkMRSfV3Up4
GzD9lBZz8bumEK8pT3t8hQtXTKUlWgrO4C/ADllFRjXUjSTff+SvgZBUm3Ieb3dB
ooEcZSCtEP3cfQjoAgE4thrK91nHlD/jf9FyuYSNGUaMzDN88E5wmzxZkR3cNIiD
fdCGnAqQWdL52Z7PIW4Sz8y4MRjFot3tCz5m6G240AaNWMUEhjwR0o1QNpmMQVxh
3FQV5K8zUk8R5jTIAXoJCScehjxnbjqQUOLdQTSSKDvDpoBtVYtMk0xsLL/MF9G0
VaD0b7PbA7Qv8TA8hgDvQEgzbD7YzGX6zKiMEZHitwRhUt0TQfXxP64amKnIyLMZ
GcsWUDpWABV0U5oxmluuas8yezPbiYOQaLQToHvBpdBsKFblhpM4Ocy+XhBXcDMg
+ZuyqgibryoDuD1hboGgWeuYmz2vBZZRGEJgOCMNAmdMfA1LryBrj1R8NZM4FTxq
QYoyfaDcOy10wO5BPEkwTzMZEDPgtUCXp2t3ws4S2Q747wFcrEK2/Gu60w9NBYAt
VIE9hj+aCsQ6ekKlkZhgf8tfOMXwt7oF6KjCdeeJwXN6qrinWnw=
=wbR/
-----END PGP SIGNATURE-----
--=-=-=--