From e0afc09de484e7c6fdf111257e9c250bd608ee54 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 21 Sep 2017 20:53:15 +0200 Subject: gnu: curl: Update to 7.55.1. * gnu/packages/patches/curl-bounds-check.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/curl.scm (curl): Update to 7.55.1. [replacement]: Remove field. [source]: Use '.xz' tarball. (curl-7.55.0): Remove variable. --- gnu/packages/curl.scm | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b4810..9408af70cc 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,15 +42,14 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) - (version "7.54.1") + (version "7.55.1") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.lzma")) + version ".tar.xz")) (sha256 (base32 - "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib")))) + "1dvbcwcar3dv488h9378hy145ma3ws2fwpbr6mgszd7chipcmbry")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -122,29 +121,3 @@ tunneling, and so on.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) - -(define-public curl-7.55.0 - (package - (inherit curl) - (version "7.55.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) - (sha256 - (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) -- cgit 1.4.1 From 46cf31868c1b12eec50bc9b8dda64604dd81f986 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Wed, 4 Oct 2017 10:28:42 -0400 Subject: gnu: curl: Update replacement to 7.56.0 [security fixes]. Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. [source]: Remove patch. * gnu/packages/patches/curl-bounds-check.patch: Delete it. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/curl.scm | 21 ++++----------------- gnu/packages/patches/curl-bounds-check.patch | 19 ------------------- 3 files changed, 4 insertions(+), 37 deletions(-) delete mode 100644 gnu/packages/patches/curl-bounds-check.patch (limited to 'gnu/packages/curl.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 6db176b767..f3baadd8ab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -579,7 +579,6 @@ dist_patch_DATA = \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ - %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b4810..ef1b6c74ba 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,7 +42,7 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) + (replacement curl-7.56.0) (version "7.54.1") (source (origin (method url-fetch) @@ -123,28 +123,15 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.55.0 +(define-public curl-7.56.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch deleted file mode 100644 index 4b8ff65304..0000000000 --- a/gnu/packages/patches/curl-bounds-check.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix test failure on some 32-bit platforms. - -Patch copied from upstream source repository: - -https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } -- cgit 1.4.1