diff options
author | John Kehayias <john.kehayias@protonmail.com> | 2023-12-17 01:11:32 -0500 |
---|---|---|
committer | John Kehayias <john.kehayias@protonmail.com> | 2023-12-17 01:27:00 -0500 |
commit | bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e (patch) | |
tree | ca0ec15c5835a2a2647510206ae1b2d9cb550b3f /gnu/packages | |
parent | 158502e40d800407f1bd697dd5dd0437086730bf (diff) | |
download | guix-bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e.tar.gz guix-bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e.zip |
gnu: curl: Update to 8.5.0 [security fixes].
Fixes CVE-2023-46218 and CVE-2023-46219. See
<https://curl.se/docs/CVE-2023-46218.html> and
<https://curl.se/docs/CVE-2023-46219.html> respectively.
* gnu/packages/curl.scm (curl): Update to 8.5.0.
* gnu/packages/patches/curl-use-ssl-cert-env.patch: Update patch.
Change-Id: Iaa6aa5de0f45576dc06bf5eca1eec502e5c83332
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/curl.scm | 11 | ||||
-rw-r--r-- | gnu/packages/patches/curl-use-ssl-cert-env.patch | 26 |
2 files changed, 21 insertions, 16 deletions
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index b33f4d36d4..0bf6d996e6 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -65,14 +65,14 @@ (define-public curl (package (name "curl") - (version "8.4.0") + (version "8.5.0") (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "0bd8y8v66biyqvg70ka1sdd0aixs6yzpnvfsig907xzh9af2mihn")) + "1sqfflilf7mcz1g03lazyr6v6pf1rsrzprrknsir10hdwawqvas2")) (patches (search-patches "curl-use-ssl-cert-env.patch")))) (build-system gnu-build-system) (outputs '("out" @@ -127,6 +127,9 @@ (if parallel-tests? (number->string (parallel-job-count)) "1"))) + ;; Ignore test 1477 due to a missing file in the 8.5.0 + ;; release. See + ;; <https://github.com/curl/curl/issues/12462>. (arguments `("-C" "tests" "test" ,@make-flags ,(if #$(or (system-hurd?) @@ -134,8 +137,10 @@ (target-aarch64?)) ;; protocol FAIL (string-append "TFLAGS=\"~1474 " + "~1477 " job-count "\"") - (string-append "TFLAGS=" job-count))))) + (string-append "TFLAGS=\"~1477 " + job-count "\""))))) ;; The top-level "make check" does "make -C tests quiet-test", which ;; is too quiet. Use the "test" target instead, which is more ;; verbose. diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch index 24be6e31d9..c39c1f7e98 100644 --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch @@ -5,37 +5,37 @@ must be called when no other threads exist). This fixes network functionality in rust:cargo, and probably removes the need for other future workarounds. =================================================================== ---- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100 -+++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100 -@@ -134,6 +134,9 @@ - # pragma warning(default:4232) /* MSVC extension, dllimport identity */ +--- curl-8.5.0.orig/lib/easy.c 2023-12-17 00:36:32.400468561 -0500 ++++ curl-8.5.0/lib/easy.c 2023-12-17 00:39:08.898612331 -0500 +@@ -137,6 +137,9 @@ + static char *leakpointer; #endif - + +char * Curl_ssl_cert_dir = NULL; +char * Curl_ssl_cert_file = NULL; + /** * curl_global_init() globally initializes curl given a bitwise set of the * different features of what to initialize. -@@ -155,6 +158,9 @@ - #endif +@@ -163,6 +166,9 @@ + goto fail; } - + + Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR"); + Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE"); + if(!Curl_ssl_init()) { DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); - return CURLE_FAILED_INIT; -@@ -260,6 +266,9 @@ + goto fail; +@@ -287,6 +293,9 @@ Curl_ssl_cleanup(); Curl_resolver_global_cleanup(); - + + free(Curl_ssl_cert_dir); + free(Curl_ssl_cert_file); + - #ifdef WIN32 - Curl_win32_cleanup(init_flags); + #ifdef _WIN32 + Curl_win32_cleanup(easy_init_flags); #endif diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c --- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 |