nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: curl: Update replacement to 7.56.0 [security fixes]. 

Fixes CVE-2017-1000254.
See <https://curl.haxx.se/docs/adv_20171004.html> for details.

* gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0.
(curl-7.55.0): Rename to ...
(curl-7.56.0): ... this.
[arguments]: Remove 'fix-Makefile' phase.
[source]: Remove patch.
* gnu/packages/patches/curl-bounds-check.patch: Delete it.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Kei Kebreau 2017-10-04 10:28:42 -04:00
parent 488d380c82
commit 46cf31868c
No known key found for this signature in database
GPG Key ID: E6A5EE3C19467A0D
3 changed files with 4 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -579,7 +579,6 @@ dist_patch_DATA = \
%D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \
%D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/curl-bounds-check.patch \
%D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cursynth-wave-rand.patch \
%D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cvs-2017-12836.patch \
%D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \

21
gnu/packages/curl.scm
View File

@ -42,7 +42,7 @@
(define-public curl (define-public curl
(package (package
(name "curl") (name "curl")
(replacement curl-7.55.0) (replacement curl-7.56.0)
(version "7.54.1") (version "7.54.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
@ -123,28 +123,15 @@ tunneling, and so on.")
"See COPYING in the distribution.")) "See COPYING in the distribution."))
(home-page "https://curl.haxx.se/"))) (home-page "https://curl.haxx.se/")))
(define-public curl-7.55.0 (define-public curl-7.56.0
(package (package
(inherit curl) (inherit curl)
(version "7.55.0") (version "7.56.0")
(source (source
(origin (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-" (uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz")) version ".tar.xz"))
(patches (search-patches "curl-bounds-check.patch"))
(sha256 (sha256
(base32 (base32
"1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj"))))))
(arguments
`(,@(substitute-keyword-arguments (package-arguments curl)
((#:phases phases)
`(modify-phases ,phases
(add-before 'install 'fix-Makefile
;; Fix a regression in 7.55.0 where docs are not installed.
;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b
(lambda _
(substitute* "Makefile"
(("install-data-hook:\n")
"install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n"))
#t)))))))))

19
gnu/packages/patches/curl-bounds-check.patch
View File

@ -1,19 +0,0 @@
Fix test failure on some 32-bit platforms.
Patch copied from upstream source repository:
https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index b9dedc989e..85c5e79a7e 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
num = strtod(str, &endptr);
if(errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
- if((long)num > max) {
+ if(num > max) {
/* too large */
return PARAM_NUMBER_TOO_LARGE;
}