[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/05: gnu: curl: Update to 8.5.0 [security fixes].
From: |
guix-commits |
Subject: |
04/05: gnu: curl: Update to 8.5.0 [security fixes]. |
Date: |
Sun, 17 Dec 2023 01:27:51 -0500 (EST) |
podiki pushed a commit to branch mesa-updates
in repository guix.
commit bc7713fa8878ab8a2158c8660d9b2bbb8fb2f77e
Author: John Kehayias <john.kehayias@protonmail.com>
AuthorDate: Sun Dec 17 01:11:32 2023 -0500
gnu: curl: Update to 8.5.0 [security fixes].
Fixes CVE-2023-46218 and CVE-2023-46219. See
<https://curl.se/docs/CVE-2023-46218.html> and
<https://curl.se/docs/CVE-2023-46219.html> respectively.
* gnu/packages/curl.scm (curl): Update to 8.5.0.
* gnu/packages/patches/curl-use-ssl-cert-env.patch: Update patch.
Change-Id: Iaa6aa5de0f45576dc06bf5eca1eec502e5c83332
---
gnu/packages/curl.scm | 11 +++++++---
gnu/packages/patches/curl-use-ssl-cert-env.patch | 26 ++++++++++++------------
2 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index b33f4d36d4..0bf6d996e6 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -65,14 +65,14 @@
(define-public curl
(package
(name "curl")
- (version "8.4.0")
+ (version "8.5.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
- "0bd8y8v66biyqvg70ka1sdd0aixs6yzpnvfsig907xzh9af2mihn"))
+ "1sqfflilf7mcz1g03lazyr6v6pf1rsrzprrknsir10hdwawqvas2"))
(patches (search-patches "curl-use-ssl-cert-env.patch"))))
(build-system gnu-build-system)
(outputs '("out"
@@ -127,6 +127,9 @@
(if parallel-tests?
(number->string (parallel-job-count))
"1")))
+ ;; Ignore test 1477 due to a missing file in the 8.5.0
+ ;; release. See
+ ;; <https://github.com/curl/curl/issues/12462>.
(arguments `("-C" "tests" "test"
,@make-flags
,(if #$(or (system-hurd?)
@@ -134,8 +137,10 @@
(target-aarch64?))
;; protocol FAIL
(string-append "TFLAGS=\"~1474 "
+ "~1477 "
job-count "\"")
- (string-append "TFLAGS="
job-count)))))
+ (string-append "TFLAGS=\"~1477 "
+ job-count "\"")))))
;; The top-level "make check" does "make -C tests
quiet-test", which
;; is too quiet. Use the "test" target instead, which is
more
;; verbose.
diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch
b/gnu/packages/patches/curl-use-ssl-cert-env.patch
index 24be6e31d9..c39c1f7e98 100644
--- a/gnu/packages/patches/curl-use-ssl-cert-env.patch
+++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch
@@ -5,37 +5,37 @@ must be called when no other threads exist).
This fixes network functionality in rust:cargo, and probably removes the need
for other future workarounds.
===================================================================
---- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100
-+++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100
-@@ -134,6 +134,9 @@
- # pragma warning(default:4232) /* MSVC extension, dllimport identity */
+--- curl-8.5.0.orig/lib/easy.c 2023-12-17 00:36:32.400468561 -0500
++++ curl-8.5.0/lib/easy.c 2023-12-17 00:39:08.898612331 -0500
+@@ -137,6 +137,9 @@
+ static char *leakpointer;
#endif
-
+
+char * Curl_ssl_cert_dir = NULL;
+char * Curl_ssl_cert_file = NULL;
+
/**
* curl_global_init() globally initializes curl given a bitwise set of the
* different features of what to initialize.
-@@ -155,6 +158,9 @@
- #endif
+@@ -163,6 +166,9 @@
+ goto fail;
}
-
+
+ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR");
+ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE");
+
if(!Curl_ssl_init()) {
DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
- return CURLE_FAILED_INIT;
-@@ -260,6 +266,9 @@
+ goto fail;
+@@ -287,6 +293,9 @@
Curl_ssl_cleanup();
Curl_resolver_global_cleanup();
-
+
+ free(Curl_ssl_cert_dir);
+ free(Curl_ssl_cert_file);
+
- #ifdef WIN32
- Curl_win32_cleanup(init_flags);
+ #ifdef _WIN32
+ Curl_win32_cleanup(easy_init_flags);
#endif
diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100