From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id EOPCEpljHmU+awAAG6o9tA:P1 (envelope-from ) for ; Thu, 05 Oct 2023 09:19:53 +0200 Received: from aspmx1.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id EOPCEpljHmU+awAAG6o9tA (envelope-from ) for ; Thu, 05 Oct 2023 09:19:53 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E3DF94197B for ; Thu, 5 Oct 2023 09:19:52 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=ZvgD0KiU; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1696490393; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=E2DH9PTvs5H2Yb3WJEbBYxw+klwJxjqSxLKAtN97bok=; b=SdgfTorJuMPMy1rZA0KXgHrD91wE4SJCo3lPq4qgQjo69Xq4x/5w1SPA+8ukkGaozskqAE Ia0KZ4J+8+uRhH3/cGLi54q8g5LJdJku3bsJSikAUSFYmMEbXoRylNSzGXyfK4h5+iyu9U +SdpzxS/z7dq18eppObMS3XnYPWpGg9c6fWfFRsj5Cq7gMc1+eB9Hi9SJE3PanjET13QZz CjLpLOgZ3vJLmnD7iupGKV1BVRpFAjAz9okD0u72JBJoHU/m5Nn7Xj14cIFKI0jrawmL3M 3jGsZQ4SpgrTXHfekDdi+n/YRLNxvbmZNXxB7QocHsKABo/59KH8sBHuILUR/A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=ZvgD0KiU; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1696490393; a=rsa-sha256; cv=none; b=apw9d/E+yQPOEulez64zDrrdgwF4MU7MItWqOq7RrdfRxzYxMRUSDoyWRYg71QpO6HlY0A Z15jsUqpi/uzTG429Z8Dq8cFEHsiLU8QnFKF4uXAd37j2rOMtlkeOz1YCR3n5WYoU5icoM yEnKvt/TpNeoH9iz7o7elwQ2epszeQ5yPOLsN4kwXhtGEYAp10d9UUl4wXSmzzV8kKS5jY /2p/FufUcMiDhfie0x3aeVuQ3SWVWEyZOcEcZY+eD4zCRdG1HZPOfYK+mPkKZpncrtIGb3 mk/LQnocfAYIA6WH2rWq7NxhARA1FwocN+6t1hDIzysjtrmgnw8qoDqFmXGr4A== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qoIeA-0003UA-NB; Thu, 05 Oct 2023 03:19:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qoIe8-0003Th-BY for guix-patches@gnu.org; Thu, 05 Oct 2023 03:19:44 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qoIe8-0004NO-2G for guix-patches@gnu.org; Thu, 05 Oct 2023 03:19:44 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qoIeQ-0004y9-48 for guix-patches@gnu.org; Thu, 05 Oct 2023 03:20:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66359] [PATCH] gnu: curl: Update to 8.3.0. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 05 Oct 2023 07:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66359 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: 66359@debbugs.gnu.org Received: via spool by 66359-submit@debbugs.gnu.org id=B66359.169649038519073 (code B ref 66359); Thu, 05 Oct 2023 07:20:02 +0000 Received: (at 66359) by debbugs.gnu.org; 5 Oct 2023 07:19:45 +0000 Received: from localhost ([127.0.0.1]:45911 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qoIe8-0004xZ-Mt for submit@debbugs.gnu.org; Thu, 05 Oct 2023 03:19:45 -0400 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]:51528) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qoIe6-0004xH-Re for 66359@debbugs.gnu.org; Thu, 05 Oct 2023 03:19:43 -0400 Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5344d996bedso1018616a12.3 for <66359@debbugs.gnu.org>; Thu, 05 Oct 2023 00:19:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696490358; x=1697095158; darn=debbugs.gnu.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=E2DH9PTvs5H2Yb3WJEbBYxw+klwJxjqSxLKAtN97bok=; b=ZvgD0KiU/+MJ+YNb7sQXop5SDkRhe9YnArK9TaroVagDFPSNGhg2QqLb1ooxzJmK2/ VlxAKF7yOKa36cbJx1jtzVYu1SJbdMgjMCmOAUU52Y39AROCAtOLPEl3wl19tRjChtJz VN72FumcQcCOBKsoZpdoa/BN0Bs2LFgWm9Y99pSRNKCF7V7g1hU0NSU7dJDpkLu10JLs mDfzuUgAhZ7evARvXCdY9NfAyG5ctv0gTF+84qhrTtzWm8IvfddGh7m/HihQXsBESsFt EhTIIwCot2CtNwJx4HN7eew+hsb1TzCR0NyJKsokzS8vowO83Jwk59gHK/Wbi4a4vXfW KtzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696490358; x=1697095158; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=E2DH9PTvs5H2Yb3WJEbBYxw+klwJxjqSxLKAtN97bok=; b=AYLltF3onIYIAzFIwsgnSAQCewiGjGXgQlXmwafqFzDnhrobhemqIdHlM9WhFy77DN XZOvFUdsP8twunT6B4/hxxgDnA0r7Kv845KvBwwYBnISO1j3YM8eAUHz9JoRhzNSbMkc tqLKSGXPST04AcHw+uYTbsFT6JjZmt6rumxPs81QaLtzNzPg9RWNjxtmgTtQa1Mbanrv Z4K0P3fD5l/cvse2f9DtSTkU7zaoaJ4O02QQlIWfRVN2Voecmg0aJ1UbZ3OmMC6sia6e sl9+y6xxpzkjRytk1AVTpJJdyrEPm9L3ucvcxyJzIzw9sRFQYVXe+PGuuLUfWayAFgWc qnug== X-Gm-Message-State: AOJu0YxN9kSIfT1PlPVXAnx8q+ddR0HG7o9H0g6PFwsB2GgzpSW4RJ5l q8jv96hAC04fzz3//UgFXkRkgp0ZDLdDfA== X-Google-Smtp-Source: AGHT+IFstypigUG7XYkTFcVeh1nOvdkgXEmf7XEtIod4b+0VEOouvxbK9CajUl+ila+lvO5Ilqa/BA== X-Received: by 2002:a05:6402:1641:b0:533:87c9:4a81 with SMTP id s1-20020a056402164100b0053387c94a81mr3679735edx.29.1696490358118; Thu, 05 Oct 2023 00:19:18 -0700 (PDT) Received: from localhost ([2a02:ed3:916:6300:c3db:b80e:a694:a54f]) by smtp.gmail.com with ESMTPSA id n24-20020aa7d058000000b0053331f9094dsm602972edo.52.2023.10.05.00.19.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 00:19:17 -0700 (PDT) Date: Thu, 5 Oct 2023 10:19:16 +0300 From: Efraim Flashner Message-ID: Mail-Followup-To: Efraim Flashner , Liliana Marie Prikler , 66359@debbugs.gnu.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Nk+VPYh1u8TY95W/" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.79 X-Migadu-Scanner: mx2.migadu.com X-Migadu-Queue-Id: E3DF94197B X-Spam-Score: -6.79 X-TUID: E11rY9sewuoa --Nk+VPYh1u8TY95W/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 05, 2023 at 08:11:34AM +0200, Liliana Marie Prikler wrote: > According to upstream, the current version has 19 security issues. > See also . >=20 > * gnu/packages/curl.scm (curl/fixed): New variable. > (curl): Use it as replacement. > --- > gnu/packages/curl.scm | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) >=20 > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 4e3c563570..dd612ce356 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -65,6 +65,7 @@ (define-public curl > (package > (name "curl") > (version "7.85.0") > + (replacement curl/fixed) > (source (origin > (method url-fetch) > (uri (string-append "https://curl.se/download/curl-" > @@ -154,6 +155,20 @@ (define-public curl > "See COPYING in the distribution.")) > (home-page "https://curl.haxx.se/"))) > =20 > +(define curl/fixed > + (let ((%version "8.3.0")) > + (package > + (inherit curl) > + (version "8.3.0-0") ; add -0 for grafting '7.85.0' is 6 characters, bit '8.3.0-0' is 7 characters. I think I'd go with '8.3.0A' to keep with previous (tribal knowledge) version mangling schemes. > + (source (origin > + (method url-fetch) > + (uri (string-append "https://curl.se/download/curl-" > + %version ".tar.xz")) > + (sha256 > + (base32 > + "0qza6yf20y2l4aaxkn8dfw8p3fls1mxljvdb0m8z1i6ncxvn4v9p"= )) > + (patches (search-patches "curl-use-ssl-cert-env.patch"))= ))))) > + > (define-public curl-ssh > (package/inherit curl > (arguments >=20 > base-commit: e71864793021051cff35597abd59bb2d5649977d > --=20 > 2.41.0 Once the version string is the same length (your choice how!) then LGTM! --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --Nk+VPYh1u8TY95W/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmUeY3MACgkQQarn3Mo9 g1EJmRAAkfTVD5cm1u50Hbfk6YnR0L13F9qONmasItRpIeORYACzX8qYTWFlKrfB d2ApDS91hLSBpGdPidowMv0jExgin42P75DK3ROdI5N2BAjQacfBgTvmwuQg8lRw cZ1Lvn1GrUaGlo+CAq2nwDqNanjMv2Vn6Mgx9w+L+IhkpYmWybRmVOeET2IZMAXz 3PJQJ0NIX8oQqsQTNr0kJxGftGjXpfuCJvpSbCi+YrUWsnVCOx14dNB9u6tTSNfO jPTruEAhxXXh42NNQqf+Qz6AvIBS0CZnKZKvoTsTFbsQY9tLIR/ibMkGAQ1/APWq SSNyEaSyQ4/gDwnQy65Fb2SsVR2UN5cuYoa7yq31WI6ptd+89YtRd9G8IUuGK6Cf 8d9nemh+jaxyvN0UhnqZUGD8ROLF6tFYh4tpTtobDG3CBnU+6lpejoCCfoL6shi6 cK6kQaD8krrvQ841yjTOYdTQ+JQkusJAmQPk4GKMaEglIB767BEfmPEof0+Xo0G6 6CzC+k94UVj8UkFm6lRs5eYtqkJmbPmzM/WmnpxQ8KyGeD1L5D53UMGGklbZMAtG r9J2+wZm9PZZX5uwUFoTBCBqzewN4FWtznKQTKcAkdzUNGQnWQ+iHJktPIusaeS0 gFm3xUcKbfnMQ+wvaxF/qt22OrPPtxQlrXvNnHR4Wf83JC+fu+Y= =9kXj -----END PGP SIGNATURE----- --Nk+VPYh1u8TY95W/--