diff mbox series

[bug#73361] gnu: curl: Update to 8.10.1 [security fixes].

Message ID 5cadbf4fe10768fae553fd71f8b0edeb384c7fb0.1726759049.git.ashish.is@lostca.se
State New
Headers
Series [bug#73361] gnu: curl: Update to 8.10.1 [security fixes]. |

Commit Message

Ashish SHUKLA Sept. 19, 2024, 3:17 p.m. UTC 
* gnu/packages/curl.scm (curl): Update to 8.10.1.

* gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1.

Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8
---
 gnu/packages/curl.scm                         |  5 ++-
 .../patches/curl-use-ssl-cert-env.patch       | 41 +++++++++----------
 2 files changed, 23 insertions(+), 23 deletions(-)


base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9

Comments

John Kehayias Sept. 27, 2024, 6:52 p.m. UTC | #1 
Hello,

On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote:

> * gnu/packages/curl.scm (curl): Update to 8.10.1.
>

As curl causes a rebuild of just about everything, this will need to
done as a graft on master. (And ungrafted with a world rebuild on a
branch.) Would you like to take a stab at that?

Also, please note what the security fixes are (CVE numbers).

Thanks for the patch so far!
John

> * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1.
>
> Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8
> ---
>  gnu/packages/curl.scm                         |  5 ++-
>  .../patches/curl-use-ssl-cert-env.patch       | 41 +++++++++----------
>  2 files changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 9f74018205..7ab886f195 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -16,6 +16,7 @@
>  ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
>  ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
>  ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
> +;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -66,14 +67,14 @@ (define-module (gnu packages curl)
>  (define-public curl
>    (package
>      (name "curl")
> -    (version "8.6.0")
> +    (version "8.10.1")
>      (source (origin
>                (method url-fetch)
>                (uri (string-append "https://curl.se/download/curl-"
>                                    version ".tar.xz"))
>                (sha256
>                 (base32
> -                "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
> +                "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k"))
>                (patches (search-patches "curl-use-ssl-cert-env.patch"))))
>      (outputs '("out"
>                 "doc"))                  ;1.2 MiB of man3 pages
> diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch
> index c39c1f7e98..2a57f0f8be 100644
> --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch
> +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch
> @@ -37,28 +37,27 @@ for other future workarounds.
>   #ifdef _WIN32
>     Curl_win32_cleanup(easy_init_flags);
>   #endif
> -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
> ---- curl-7.66.0.orig/lib/url.c	2020-01-02 15:43:11.883921171 +0100
> -+++ curl-7.66.0/lib/url.c	2020-01-02 16:21:11.563880346 +0100
> -@@ -524,6 +524,21 @@
> -     if(result)
> -       return result;
> +--- curl-8.10.0/lib/url.c.orig	2024-09-17 16:57:50.407214691 +0000
> ++++ curl-8.10.0/lib/url.c	2024-09-17 16:59:47.507214691 +0000
> +@@ -455,6 +455,21 @@
> + #endif
>   #endif
> -+    extern char * Curl_ssl_cert_dir;
> -+    extern char * Curl_ssl_cert_file;
> -+    if(Curl_ssl_cert_dir) {
> -+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
> -+            return result;
> -+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
> -+            return result;
> -+    }
> -+
> -+    if(Curl_ssl_cert_file) {
> -+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
> -+            return result;
> -+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
> -+            return result;
> -+    }
>     }
> ++  extern char * Curl_ssl_cert_dir;
> ++  extern char * Curl_ssl_cert_file;
> ++  if(Curl_ssl_cert_dir) {
> ++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
> ++          return result;
> ++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
> ++          return result;
> ++  }
> ++
> ++  if(Curl_ssl_cert_file) {
> ++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
> ++          return result;
> ++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
> ++          return result;
> ++  }
>
> + #ifndef CURL_DISABLE_FTP
>     set->wildcard_enabled = FALSE;
>
> base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9
diff mbox series

Patch

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 9f74018205..7ab886f195 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -16,6 +16,7 @@ 
 ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
 ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
 ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -66,14 +67,14 @@  (define-module (gnu packages curl)
 (define-public curl
   (package
     (name "curl")
-    (version "8.6.0")
+    (version "8.10.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://curl.se/download/curl-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
+                "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k"))
               (patches (search-patches "curl-use-ssl-cert-env.patch"))))
     (outputs '("out"
                "doc"))                  ;1.2 MiB of man3 pages
diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch
index c39c1f7e98..2a57f0f8be 100644
--- a/gnu/packages/patches/curl-use-ssl-cert-env.patch
+++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch
@@ -37,28 +37,27 @@  for other future workarounds.
  #ifdef _WIN32
    Curl_win32_cleanup(easy_init_flags);
  #endif
-diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
---- curl-7.66.0.orig/lib/url.c	2020-01-02 15:43:11.883921171 +0100
-+++ curl-7.66.0/lib/url.c	2020-01-02 16:21:11.563880346 +0100
-@@ -524,6 +524,21 @@
-     if(result)
-       return result;
+--- curl-8.10.0/lib/url.c.orig	2024-09-17 16:57:50.407214691 +0000
++++ curl-8.10.0/lib/url.c	2024-09-17 16:59:47.507214691 +0000
+@@ -455,6 +455,21 @@
+ #endif
  #endif
-+    extern char * Curl_ssl_cert_dir;
-+    extern char * Curl_ssl_cert_file;
-+    if(Curl_ssl_cert_dir) {
-+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
-+            return result;
-+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
-+            return result;
-+    }
-+
-+    if(Curl_ssl_cert_file) {
-+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
-+            return result;
-+        if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
-+            return result;
-+    }
    }
++  extern char * Curl_ssl_cert_dir;
++  extern char * Curl_ssl_cert_file;
++  if(Curl_ssl_cert_dir) {
++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
++          return result;
++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
++          return result;
++  }
++
++  if(Curl_ssl_cert_file) {
++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
++          return result;
++      if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
++          return result;
++  }
  
+ #ifndef CURL_DISABLE_FTP
    set->wildcard_enabled = FALSE;