| Message ID | 5cadbf4fe10768fae553fd71f8b0edeb384c7fb0.1726759049.git.ashish.is@lostca.se |
|---|---|
| State | New |
| Headers | show |
| Series | [bug#73361] gnu: curl: Update to 8.10.1 [security fixes]. | expand |
Hello, On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote: > * gnu/packages/curl.scm (curl): Update to 8.10.1. > As curl causes a rebuild of just about everything, this will need to done as a graft on master. (And ungrafted with a world rebuild on a branch.) Would you like to take a stab at that? Also, please note what the security fixes are (CVE numbers). Thanks for the patch so far! John > * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1. > > Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8 > --- > gnu/packages/curl.scm | 5 ++- > .../patches/curl-use-ssl-cert-env.patch | 41 +++++++++---------- > 2 files changed, 23 insertions(+), 23 deletions(-) > > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 9f74018205..7ab886f195 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -16,6 +16,7 @@ > ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net> > ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com> > ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com> > +;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se> > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -66,14 +67,14 @@ (define-module (gnu packages curl) > (define-public curl > (package > (name "curl") > - (version "8.6.0") > + (version "8.10.1") > (source (origin > (method url-fetch) > (uri (string-append "https://curl.se/download/curl-" > version ".tar.xz")) > (sha256 > (base32 > - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) > + "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k")) > (patches (search-patches "curl-use-ssl-cert-env.patch")))) > (outputs '("out" > "doc")) ;1.2 MiB of man3 pages > diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch > index c39c1f7e98..2a57f0f8be 100644 > --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch > +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch > @@ -37,28 +37,27 @@ for other future workarounds. > #ifdef _WIN32 > Curl_win32_cleanup(easy_init_flags); > #endif > -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c > ---- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 > -+++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 > -@@ -524,6 +524,21 @@ > - if(result) > - return result; > +--- curl-8.10.0/lib/url.c.orig 2024-09-17 16:57:50.407214691 +0000 > ++++ curl-8.10.0/lib/url.c 2024-09-17 16:59:47.507214691 +0000 > +@@ -455,6 +455,21 @@ > + #endif > #endif > -+ extern char * Curl_ssl_cert_dir; > -+ extern char * Curl_ssl_cert_file; > -+ if(Curl_ssl_cert_dir) { > -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) > -+ return result; > -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) > -+ return result; > -+ } > -+ > -+ if(Curl_ssl_cert_file) { > -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) > -+ return result; > -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) > -+ return result; > -+ } > } > ++ extern char * Curl_ssl_cert_dir; > ++ extern char * Curl_ssl_cert_file; > ++ if(Curl_ssl_cert_dir) { > ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) > ++ return result; > ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) > ++ return result; > ++ } > ++ > ++ if(Curl_ssl_cert_file) { > ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) > ++ return result; > ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) > ++ return result; > ++ } > > + #ifndef CURL_DISABLE_FTP > set->wildcard_enabled = FALSE; > > base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 9f74018205..7ab886f195 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net> ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com> ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com> +;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se> ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,14 +67,14 @@ (define-module (gnu packages curl) (define-public curl (package (name "curl") - (version "8.6.0") + (version "8.10.1") (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) + "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k")) (patches (search-patches "curl-use-ssl-cert-env.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch index c39c1f7e98..2a57f0f8be 100644 --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch @@ -37,28 +37,27 @@ for other future workarounds. #ifdef _WIN32 Curl_win32_cleanup(easy_init_flags); #endif -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c ---- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 -+++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 -@@ -524,6 +524,21 @@ - if(result) - return result; +--- curl-8.10.0/lib/url.c.orig 2024-09-17 16:57:50.407214691 +0000 ++++ curl-8.10.0/lib/url.c 2024-09-17 16:59:47.507214691 +0000 +@@ -455,6 +455,21 @@ + #endif #endif -+ extern char * Curl_ssl_cert_dir; -+ extern char * Curl_ssl_cert_file; -+ if(Curl_ssl_cert_dir) { -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) -+ return result; -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) -+ return result; -+ } -+ -+ if(Curl_ssl_cert_file) { -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) -+ return result; -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) -+ return result; -+ } } ++ extern char * Curl_ssl_cert_dir; ++ extern char * Curl_ssl_cert_file; ++ if(Curl_ssl_cert_dir) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) ++ return result; ++ } ++ ++ if(Curl_ssl_cert_file) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) ++ return result; ++ } + #ifndef CURL_DISABLE_FTP set->wildcard_enabled = FALSE;