curl-CVE-2021-22876.patch was rebased onto 7.74.0, but curl-CVE-2021-22890.patch does not apply and please I need help rebasing it, it looks quite complex. I pushed an upgrade of curl to 7.76.0 which has been much much easier to core-updates already as https://git.savannah.gnu.org/cgit/guix.git/commit/?h=core-updates&id=2e0b1b62e94b926041ca9af70537dd9b3ab64edf but unfortunately since curl requires so many rebuilds it seems we can't use such commit on master for now. Léo Le Bouter (1): gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890. gnu/local.mk | 2 + gnu/packages/curl.scm | 4 +- .../patches/curl-CVE-2021-22876.patch | 147 ++++++ .../patches/curl-CVE-2021-22890.patch | 499 ++++++++++++++++++ 4 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/curl-CVE-2021-22876.patch create mode 100644 gnu/packages/patches/curl-CVE-2021-22890.patch -- 2.31.1