On Thu, Oct 05, 2023 at 08:11:34AM +0200, Liliana Marie Prikler wrote: > According to upstream, the current version has 19 security issues. > See also . > > * gnu/packages/curl.scm (curl/fixed): New variable. > (curl): Use it as replacement. > --- > gnu/packages/curl.scm | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 4e3c563570..dd612ce356 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -65,6 +65,7 @@ (define-public curl > (package > (name "curl") > (version "7.85.0") > + (replacement curl/fixed) > (source (origin > (method url-fetch) > (uri (string-append "https://curl.se/download/curl-" > @@ -154,6 +155,20 @@ (define-public curl > "See COPYING in the distribution.")) > (home-page "https://curl.haxx.se/"))) > > +(define curl/fixed > + (let ((%version "8.3.0")) > + (package > + (inherit curl) > + (version "8.3.0-0") ; add -0 for grafting '7.85.0' is 6 characters, bit '8.3.0-0' is 7 characters. I think I'd go with '8.3.0A' to keep with previous (tribal knowledge) version mangling schemes. > + (source (origin > + (method url-fetch) > + (uri (string-append "https://curl.se/download/curl-" > + %version ".tar.xz")) > + (sha256 > + (base32 > + "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p")) > + (patches (search-patches "curl-use-ssl-cert-env.patch"))))))) > + > (define-public curl-ssh > (package/inherit curl > (arguments > > base-commit: e71864793021051cff35597abd59bb2d5649977d > -- > 2.41.0 Once the version string is the same length (your choice how!) then LGTM! -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted