From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 02 10:09:52 2021 Received: (at 47563) by debbugs.gnu.org; 2 Apr 2021 14:09:52 +0000 Received: from localhost ([127.0.0.1]:60812 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lSKUi-0006EN-0E for submit@debbugs.gnu.org; Fri, 02 Apr 2021 10:09:52 -0400 Received: from mail.zaclys.net ([178.33.93.72]:59381) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lSKUf-0006E6-Sa for 47563@debbugs.gnu.org; Fri, 02 Apr 2021 10:09:50 -0400 Received: from localhost.localdomain (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 132E9gmX038303 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 2 Apr 2021 16:09:43 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 132E9gmX038303 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617372583; bh=FbRdcoQmEHeiPUhIDhJzvfuDckXd1R9nvp66tsUL5/M=; h=From:To:Cc:Subject:Date:From; b=HYgmeiGxKnIQ1B6RP8dtpD3M0q2xf+Kci7iH345UKyFTeL2UiUaKbGG/I2Eisr5R7 bs65ohIIgAKnBsQZDkhPjoNp+SmjKY0EBsUkJcv36+IjNw+wCFI0jmClqvwuTMAbQ0 qejMXPKpzWGqDQWFtCjpeCKfJn37qbCG/Z16vi50= From: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= To: 47563@debbugs.gnu.org Subject: [PATCH 0/1] gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890. Date: Fri, 2 Apr 2021 16:09:39 +0200 Message-Id: <20210402140940.28300-1-lle-bout@zaclys.net> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47563 Cc: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) curl-CVE-2021-22876.patch was rebased onto 7.74.0, but curl-CVE-2021-22890.patch does not apply and please I need help rebasing it, it looks quite complex. I pushed an upgrade of curl to 7.76.0 which has been much much easier to core-updates already as https://git.savannah.gnu.org/cgit/guix.git/commit/?h=core-updates&id=2e0b1b62e94b926041ca9af70537dd9b3ab64edf but unfortunately since curl requires so many rebuilds it seems we can't use such commit on master for now. Léo Le Bouter (1): gnu: curl: Fix CVE-2021-22876 and CVE-2021-22890. gnu/local.mk | 2 + gnu/packages/curl.scm | 4 +- .../patches/curl-CVE-2021-22876.patch | 147 ++++++ .../patches/curl-CVE-2021-22890.patch | 499 ++++++++++++++++++ 4 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/curl-CVE-2021-22876.patch create mode 100644 gnu/packages/patches/curl-CVE-2021-22890.patch -- 2.31.1