Leo Famulari <l...@famulari.name> writes: > There are some new bugs disclosed in curl: > https://curl.haxx.se/docs/security.html > > Grafting the new version seems like the right approach to me when I > consider libcurl's ABI compatibility policy: > https://curl.haxx.se/libcurl/abi.html > > Thoughts?
Looks good to me! Please push. Thanks, Mark > From ef6ae3732facb1eba77e82c6a6066832784bca5d Mon Sep 17 00:00:00 2001 > From: Leo Famulari <l...@famulari.name> > Date: Wed, 3 Aug 2016 16:13:09 -0400 > Subject: [PATCH] gnu: curl: Replace with 7.50.1 [fixes > CVE-2016-{3739,4802,5419,5420,5421]. > > * gnu/packages/curl.scm (curl)[replacement]: New field. > (curl-7.50.1): New variable. > --- > gnu/packages/curl.scm | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 222910b..a250bb1 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -40,6 +40,7 @@ > (define-public curl > (package > (name "curl") > + (replacement curl-7.50.1) > (version "7.47.0") > (source (origin > (method url-fetch) > @@ -123,3 +124,16 @@ tunneling, and so on.") > (license (license:non-copyleft "file://COPYING" > "See COPYING in the distribution.")) > (home-page "http://curl.haxx.se/"))) > + > +(define curl-7.50.1 > + (package > + (inherit curl) > + (source > + (let ((version "7.50.1")) > + (origin > + (method url-fetch) > + (uri (string-append "https://curl.haxx.se/download/curl-" > + version ".tar.lzma")) > + (sha256 > + (base32 > + "0qc3qp3h18v24irzw7dgg1jf39v4hnz8irv83v9lbn9rxzrpdcdj")))))))