aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
authorJohn Kehayias <john.kehayias@protonmail.com>2023-12-17 01:11:32 -0500
committerJohn Kehayias <john.kehayias@protonmail.com>2023-12-17 01:27:00 -0500
commitbc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e (patch)
treeca0ec15c5835a2a2647510206ae1b2d9cb550b3f /gnu/packages
parent158502e40d800407f1bd697dd5dd0437086730bf (diff)
downloadguix-bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e.tar.gz
guix-bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e.zip
gnu: curl: Update to 8.5.0 [security fixes].
Fixes CVE-2023-46218 and CVE-2023-46219. See <https://curl.se/docs/CVE-2023-46218.html> and <https://curl.se/docs/CVE-2023-46219.html> respectively. * gnu/packages/curl.scm (curl): Update to 8.5.0. * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update patch. Change-Id: Iaa6aa5de0f45576dc06bf5eca1eec502e5c83332
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/curl.scm11
-rw-r--r--gnu/packages/patches/curl-use-ssl-cert-env.patch26
2 files changed, 21 insertions, 16 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index b33f4d36d4..0bf6d996e6 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -65,14 +65,14 @@
(define-public curl
(package
(name "curl")
- (version "8.4.0")
+ (version "8.5.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
- "0bd8y8v66biyqvg70ka1sdd0aixs6yzpnvfsig907xzh9af2mihn"))
+ "1sqfflilf7mcz1g03lazyr6v6pf1rsrzprrknsir10hdwawqvas2"))
(patches (search-patches "curl-use-ssl-cert-env.patch"))))
(build-system gnu-build-system)
(outputs '("out"
@@ -127,6 +127,9 @@
(if parallel-tests?
(number->string (parallel-job-count))
"1")))
+ ;; Ignore test 1477 due to a missing file in the 8.5.0
+ ;; release. See
+ ;; <https://github.com/curl/curl/issues/12462>.
(arguments `("-C" "tests" "test"
,@make-flags
,(if #$(or (system-hurd?)
@@ -134,8 +137,10 @@
(target-aarch64?))
;; protocol FAIL
(string-append "TFLAGS=\"~1474 "
+ "~1477 "
job-count "\"")
- (string-append "TFLAGS=" job-count)))))
+ (string-append "TFLAGS=\"~1477 "
+ job-count "\"")))))
;; The top-level "make check" does "make -C tests quiet-test", which
;; is too quiet. Use the "test" target instead, which is more
;; verbose.
diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch
index 24be6e31d9..c39c1f7e98 100644
--- a/gnu/packages/patches/curl-use-ssl-cert-env.patch
+++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch
@@ -5,37 +5,37 @@ must be called when no other threads exist).
This fixes network functionality in rust:cargo, and probably removes the need
for other future workarounds.
===================================================================
---- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100
-+++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100
-@@ -134,6 +134,9 @@
- # pragma warning(default:4232) /* MSVC extension, dllimport identity */
+--- curl-8.5.0.orig/lib/easy.c 2023-12-17 00:36:32.400468561 -0500
++++ curl-8.5.0/lib/easy.c 2023-12-17 00:39:08.898612331 -0500
+@@ -137,6 +137,9 @@
+ static char *leakpointer;
#endif
-
+
+char * Curl_ssl_cert_dir = NULL;
+char * Curl_ssl_cert_file = NULL;
+
/**
* curl_global_init() globally initializes curl given a bitwise set of the
* different features of what to initialize.
-@@ -155,6 +158,9 @@
- #endif
+@@ -163,6 +166,9 @@
+ goto fail;
}
-
+
+ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
+ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
+
if(!Curl_ssl_init()) {
DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
- return CURLE_FAILED_INIT;
-@@ -260,6 +266,9 @@
+ goto fail;
+@@ -287,6 +293,9 @@
Curl_ssl_cleanup();
Curl_resolver_global_cleanup();
-
+
+ free(Curl_ssl_cert_dir);
+ free(Curl_ssl_cert_file);
+
- #ifdef WIN32
- Curl_win32_cleanup(init_flags);
+ #ifdef _WIN32
+ Curl_win32_cleanup(easy_init_flags);
#endif
diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100