Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: 7.54.1 -> 7.55.0 #28073

Closed
wants to merge 1 commit into from
Closed

curl: 7.54.1 -> 7.55.0 #28073

wants to merge 1 commit into from

Conversation

NeQuissimus
Copy link
Member

Motivation for this change

Update

Things done

Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers.

  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@NeQuissimus, thanks for your PR! By analyzing the history of the files in this pull request, we identified @vcunat, @edolstra and @ikervagyok to be potential reviewers.

@adisbladis
Copy link
Member

This fixes three security holes so should have security label.
https://curl.haxx.se/docs/adv_20170809A.html (CVE-2017-1000101)
https://curl.haxx.se/docs/adv_20170809B.html (CVE-2017-1000100)
https://curl.haxx.se/docs/adv_20170809C.html (CVE-2017-1000099)

Should also have mass-rebuild label.

@NeQuissimus
Copy link
Member Author

Maybe @globin or @fpletz want to cherry-pick this through staging first? I'll let you guys deal with it. If you rather have a staging PR, I can do that, too.

@fpletz fpletz self-assigned this Aug 9, 2017
@fpletz
Copy link
Member

fpletz commented Aug 9, 2017

Please don't merge yet. I will test and merge to master because staging will probably not be merged into master soon.

@fpletz fpletz self-requested a review August 9, 2017 16:45
@NeQuissimus
Copy link
Member Author

NeQuissimus commented Aug 9, 2017
edited

Sounds good!
This baby is all yours :D

@FRidh
Copy link
Member

FRidh commented Aug 10, 2017

@fpletz staging is looking good right now, at least for x86_64-linux. https://hydra.nixos.org/jobset/nixpkgs/staging

fpletz added a commit that referenced this pull request Aug 10, 2017
@fpletz
curl: 7.54.1 -> 7.55.0
b44bed5 
Fixes #28073.

Fixes CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099.
@fpletz
Copy link
Member

fpletz commented Aug 10, 2017

Ok, pushed to staging.

@NeQuissimus Curl didn't build with your commit here because the devdoc output wasn't created. Fixed. ;)

@fpletz fpletz closed this Aug 10, 2017
fpletz added a commit that referenced this pull request Aug 10, 2017
@fpletz
curl: 7.54.1 -> 7.55.0
a9c4ad1 
Fixes #28073.

Fixes CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099.

(cherry picked from commit b44bed5)
@NeQuissimus NeQuissimus deleted the curl_7_55_0 branch August 10, 2017 14:44
@NeQuissimus
Copy link
Member Author

@fpletz Ah, my bad! Thx for fixing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz Awaiting requested review from fpletz

Assignees

@fpletz fpletz

Labels
1.severity: mass-rebuild 1.severity: security 8.has: package (update)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@NeQuissimus @mention-bot @adisbladis @fpletz @FRidh