Re: curl security update

2016-08-04 Thread Leo Famulari
On Thu, Aug 04, 2016 at 09:11:39AM -0400, Leo Famulari wrote: > * gnu/packages/curl.scm (curl)[replacement]: New field. > (curl-7.50.1): New variable. Pushed as e686e633a signature.asc Description: PGP signature

Re: curl security update

2016-08-04 Thread Ludovic Courtès
Leo Famulari skribis: > There are some new bugs disclosed in curl: > https://curl.haxx.se/docs/security.html > > Grafting the new version seems like the right approach to me when I > consider libcurl's ABI compatibility policy: > https://curl.haxx.se/libcurl/abi.html Sounds good. > From ef6ae37

Re: curl security update

2016-08-04 Thread Mark H Weaver
Leo Famulari writes: > There are some new bugs disclosed in curl: > https://curl.haxx.se/docs/security.html > > Grafting the new version seems like the right approach to me when I > consider libcurl's ABI compatibility policy: > https://curl.haxx.se/libcurl/abi.html > > Thoughts? Looks good to m

curl security update

2016-08-04 Thread Leo Famulari
There are some new bugs disclosed in curl: https://curl.haxx.se/docs/security.html Grafting the new version seems like the right approach to me when I consider libcurl's ABI compatibility policy: https://curl.haxx.se/libcurl/abi.html Thoughts? From ef6ae3732facb1eba77e82c6a6066832784bca5d Mon Sep

Re: [PATCH 0/1] Curl security update (CVE-2016-0755)

2016-01-28 Thread Andreas Enge
On Wed, Jan 27, 2016 at 05:30:58PM -0500, Leo Famulari wrote: > Civodul and mark_weaver discussed how best to apply it on #guix. I think > the plan is to build it in a branch with tomorrow's OpenSSL security > update. Very well. Some garbage managed to crawl into the commit message: gnu: curl

Re: [PATCH 0/1] Curl security update (CVE-2016-0755)

2016-01-27 Thread Leo Famulari
On Wed, Jan 27, 2016 at 09:03:45PM +0100, Andreas Enge wrote: > On Wed, Jan 27, 2016 at 01:57:22PM -0500, Leo Famulari wrote: > > This patch updates curl to 7.47.0, fixing CVE-2016-0755 [0][1]. > > Ouch! > > guix refresh -l curl > Building the following 318 packages would ensure 772 dependent pac

Re: [PATCH 0/1] Curl security update (CVE-2016-0755)

2016-01-27 Thread Andreas Enge
On Wed, Jan 27, 2016 at 01:57:22PM -0500, Leo Famulari wrote: > This patch updates curl to 7.47.0, fixing CVE-2016-0755 [0][1]. Ouch! guix refresh -l curl Building the following 318 packages would ensure 772 dependent packages are rebuilt This is about a quarter of all packages. > Feel free to

[PATCH 0/1] Curl security update (CVE-2016-0755)

2016-01-27 Thread Leo Famulari
This patch updates curl to 7.47.0, fixing CVE-2016-0755 [0][1]. I built it on the core-updates branch (although it's trivial enough to apply on another branch), and I tested it to download successfully. Feel free to apply the patch where appropriate. [0] http://curl.haxx.se/docs/adv_20160127A.ht