* [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl. @ 2024-12-22 15:52 Maxim Cournoyer 2024-12-22 16:00 ` [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8 Maxim Cournoyer ` (7 more replies) 0 siblings, 8 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 15:52 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer Maxim Cournoyer (7): gnu: gnutls: Update to 3.8.8. gnu: gnutls: Enable zstd compression. gnu: gnutls: Streamline mips64el conditionals. gnu: brotli: Update to 1.1.0. gnu: libidn: Update to 1.42. gnu: curl: Update to 8.11.1 and ungraft. gnu: curl: Enable zstd support. gnu/local.mk | 2 - gnu/packages/compression.scm | 47 ++-- gnu/packages/curl.scm | 59 +++--- gnu/packages/libidn.scm | 4 +- gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ------------------ .../gnutls-skip-trust-store-test.patch | 15 -- gnu/packages/tls.scm | 50 ++--- 7 files changed, 74 insertions(+), 303 deletions(-) delete mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch delete mode 100644 gnu/packages/patches/gnutls-skip-trust-store-test.patch base-commit: 42ba1aa8b3090f3a4957d36be14e93c5e36f1825 -- 2.46.0 ^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer @ 2024-12-22 16:00 ` Maxim Cournoyer 2024-12-24 14:50 ` Ludovic Courtès 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 2/7] gnu: gnutls: Enable zstd compression Maxim Cournoyer ` (6 subsequent siblings) 7 siblings, 1 reply; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:00 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/tls.scm (gnutls): Update to 3.8.8. [source]: Delete patches. [arguments]: Mark failing tests via XFAIL_TESTS make flag. * gnu/packages/patches/gnutls-skip-trust-store-test.patch: Delete file. * gnu/local.mk (dist_patch_DATA): De-register it. Change-Id: I6519b789896dba00de6a1af7a6f772906ce660c1 --- gnu/local.mk | 1 - .../gnutls-skip-trust-store-test.patch | 15 ----------- gnu/packages/tls.scm | 25 ++++++++++--------- 3 files changed, 13 insertions(+), 28 deletions(-) delete mode 100644 gnu/packages/patches/gnutls-skip-trust-store-test.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8155a5ae34..a4f2e71134 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1477,7 +1477,6 @@ dist_patch_DATA = \ %D%/packages/patches/gnumach-version.patch \ %D%/packages/patches/gnupg-default-pinentry.patch \ %D%/packages/patches/gnupg-1-build-with-gcc10.patch \ - %D%/packages/patches/gnutls-skip-trust-store-test.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path-1.72.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ diff --git a/gnu/packages/patches/gnutls-skip-trust-store-test.patch b/gnu/packages/patches/gnutls-skip-trust-store-test.patch deleted file mode 100644 index e0536712a5..0000000000 --- a/gnu/packages/patches/gnutls-skip-trust-store-test.patch +++ /dev/null @@ -1,15 +0,0 @@ -Version 3.5.11 added a test to check that the default trust store is readable. -It does not exist in the build environment, so pretend everything is fine. - -diff a/tests/trust-store.c b/tests/trust-store.c ---- a/tests/trust-store.c -+++ b/tests/trust-store.c -@@ -61,7 +61,7 @@ - } else if (ret < 0) { - fail("error loading system trust store: %s\n", gnutls_strerror(ret)); - } else if (ret == 0) { -- fail("no certificates were found in system trust store!\n"); -+ success("no trust store in the Guix build environment!\n"); - } - - gnutls_certificate_free_credentials(x509_cred); diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 5f3bc72f6e..ecdfb5c0e5 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -201,7 +201,7 @@ (define-public p11-kit (define-public gnutls (package (name "gnutls") - (version "3.8.3") + (version "3.8.8") (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -209,10 +209,9 @@ (define-public gnutls (uri (string-append "mirror://gnupg/gnutls/v" (version-major+minor version) "/gnutls-" version ".tar.xz")) - (patches (search-patches "gnutls-skip-trust-store-test.patch")) (sha256 (base32 - "0ghpyhhfa3nsraph6dws50jb3dc8g2cfl7dizdnyrm179fawakzp")))) + "1yyq74lzlnkgwbr269mddi9vqi1j0dcnw8pdh09vb01qb0704kxc")))) (build-system gnu-build-system) (arguments (list #:tests? (not (or (%current-target-system) @@ -242,17 +241,19 @@ (define-public gnutls ;; not working on mips64el. "--without-p11-kit") '()))) - + #:make-flags + #~(list (string-append + "XFAIL_TESTS=" + ;; This test checks that the default trust store is + ;; readable; expect it to fail since the trust store + ;; doesn't exist in the build environment. + "trust-store " + ;; This one fails only inside the build environment, for + ;; reasons unknown (see: + ;; <https://gitlab.com/gnutls/gnutls/-/issues/1634>). + "tls13/compress-cert-neg2 ")) #:phases #~(modify-phases %standard-phases - ;; fastopen.sh fails to connect to the server in the builder - ;; environment (see: - ;; https://gitlab.com/gnutls/gnutls/-/issues/1095). - (add-after 'unpack 'disable-failing-tests - (lambda _ - (substitute* "tests/fastopen.sh" - (("^unset RETCODE") - "exit 77\n")))) ;skip #$@(if (target-ppc32?) ;; https://gitlab.com/gnutls/gnutls/-/issues/1354 ;; Extend the test timeout from the default of 20 * 1000 -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8. 2024-12-22 16:00 ` [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8 Maxim Cournoyer @ 2024-12-24 14:50 ` Ludovic Courtès 0 siblings, 0 replies; 12+ messages in thread From: Ludovic Courtès @ 2024-12-24 14:50 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 75026 Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > * gnu/packages/tls.scm (gnutls): Update to 3.8.8. > [source]: Delete patches. > [arguments]: Mark failing tests via XFAIL_TESTS make flag. > * gnu/packages/patches/gnutls-skip-trust-store-test.patch: Delete file. > * gnu/local.mk (dist_patch_DATA): De-register it. > > Change-Id: I6519b789896dba00de6a1af7a6f772906ce660c1 [...] > --- a/gnu/packages/patches/gnutls-skip-trust-store-test.patch > +++ /dev/null > @@ -1,15 +0,0 @@ > -Version 3.5.11 added a test to check that the default trust store is readable. > -It does not exist in the build environment, so pretend everything is fine. > - > -diff a/tests/trust-store.c b/tests/trust-store.c > ---- a/tests/trust-store.c > -+++ b/tests/trust-store.c > -@@ -61,7 +61,7 @@ > - } else if (ret < 0) { > - fail("error loading system trust store: %s\n", gnutls_strerror(ret)); > - } else if (ret == 0) { > -- fail("no certificates were found in system trust store!\n"); > -+ success("no trust store in the Guix build environment!\n"); [...] > + #~(list (string-append > + "XFAIL_TESTS=" > + ;; This test checks that the default trust store is > + ;; readable; expect it to fail since the trust store > + ;; doesn't exist in the build environment. > + "trust-store " This suggests that the patch above was still useful, after all? (The patch still applies apparently: <https://ci.guix.gnu.org/build/6753571/log>.) Also, lack of the patch might trigger failures in the test suites of dependents. What does ‘guix build -P1 gnutls’ say? > + ;; This one fails only inside the build environment, for > + ;; reasons unknown (see: > + ;; <https://gitlab.com/gnutls/gnutls/-/issues/1634>). > + "tls13/compress-cert-neg2 ")) This is weird, would be interesting to investigate, maybe stracing the test to see why it would fail in the build environment and not outside of it? Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 2/7] gnu: gnutls: Enable zstd compression. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer 2024-12-22 16:00 ` [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8 Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 3/7] gnu: gnutls: Streamline mips64el conditionals Maxim Cournoyer ` (5 subsequent siblings) 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/tls.scm [inputs]: Add zstd:lib. Change-Id: I7cfce764181eebe12a32019107061c88edaa877a --- gnu/packages/tls.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index ecdfb5c0e5..c0efb66d96 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -283,7 +283,7 @@ (define-public gnutls iproute ;for 'ss' socat ;several tests rely on it datefudge)))) ;tests rely on 'datefudge' - (inputs (list libunistring)) + (inputs (list libunistring `(,zstd "lib"))) (propagated-inputs ;; These are all in the 'Requires.private' field of gnutls.pc. (append (list libtasn1 libidn2 nettle zlib) -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 3/7] gnu: gnutls: Streamline mips64el conditionals. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer 2024-12-22 16:00 ` [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8 Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 2/7] gnu: gnutls: Enable zstd compression Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 4/7] gnu: brotli: Update to 1.1.0 Maxim Cournoyer ` (4 subsequent siblings) 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/tls.scm (gnutls) [arguments]: Use target-mips64el? procedure in #:configure-flags. [propagated-inputs]: Likewise. Change-Id: Ia4b603ef57cebe78df1d3e40222fe9c49d9ee8cc --- gnu/packages/tls.scm | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index c0efb66d96..90d6ad5c95 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -232,15 +232,12 @@ (define-public gnutls ;; fallback, and users have to configure each program ;; independently. This seems suboptimal. "--with-default-trust-store-dir=/etc/ssl/certs" - - (let ((system #$(or (%current-target-system) - (%current-system)))) - (if (string-prefix? "mips64el" system) - (list - ;; FIXME: Temporarily disable p11-kit support since it is - ;; not working on mips64el. - "--without-p11-kit") - '()))) + (if #$(target-mips64el?) + (list + ;; FIXME: Temporarily disable p11-kit support since it is + ;; not working on mips64el. + "--without-p11-kit") + '())) #:make-flags #~(list (string-append "XFAIL_TESTS=" @@ -287,11 +284,9 @@ (define-public gnutls (propagated-inputs ;; These are all in the 'Requires.private' field of gnutls.pc. (append (list libtasn1 libidn2 nettle zlib) - (let ((system (or (%current-target-system) - (%current-system)))) - (if (string-prefix? "mips64el" system) - '() - (list p11-kit))))) + (if (target-mips64el?) + '() + (list p11-kit)))) (home-page "https://gnutls.org") (synopsis "Transport layer security library") (description -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 4/7] gnu: brotli: Update to 1.1.0. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer ` (2 preceding siblings ...) 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 3/7] gnu: gnutls: Streamline mips64el conditionals Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 5/7] gnu: libidn: Update to 1.42 Maxim Cournoyer ` (3 subsequent siblings) 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/compression.scm (brotli): Update to 1.1.0. [source]: Delete obsolete snippet. [arguments]: Use gexps. Change-Id: I4fe13683ff33f528ef897bb65bbb239d4d4985c6 --- gnu/packages/compression.scm | 47 +++++++++++++++--------------------- 1 file changed, 19 insertions(+), 28 deletions(-) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 44461bb87c..93b6cd070b 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -2351,7 +2351,7 @@ (define-public isa-l (define-public brotli (package (name "brotli") - (version "1.0.9") + (version "1.1.0") (source (origin (method git-fetch) @@ -2360,35 +2360,26 @@ (define-public brotli (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "1fikasxf7r2dwlk8mv8w7nmjkn0jw5ic31ky3mvpkdzwgd4xfndl")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Cherry-picked from upstream since the latest release - ;; https://github.com/google/brotli/commit/09b0992b6acb7faa6fd3b23f9bc036ea117230fc - (substitute* (find-files "scripts" "^lib.*pc\\.in") - (("-R\\$\\{libdir\\} ") "")) - #t)))) + (base32 "0cvcq302wpjpd1a2cmxcp9a01lwvc2kkir8vsdb3x11djnxc0nsk")))) (build-system cmake-build-system) (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'install 'rename-static-libraries - ;; The build tools put a 'static' suffix on the static libraries, but - ;; other applications don't know how to find these. - (lambda* (#:key outputs #:allow-other-keys) - (let ((lib (string-append (assoc-ref %outputs "out") "/lib/"))) - (rename-file (string-append lib "libbrotlicommon-static.a") - (string-append lib "libbrotlicommon.a")) - (rename-file (string-append lib "libbrotlidec-static.a") - (string-append lib "libbrotlidec.a")) - (rename-file (string-append lib "libbrotlienc-static.a") - (string-append lib "libbrotlienc.a")) - #t)))) - #:configure-flags - (list ;; Defaults to "lib64" on 64-bit archs. - (string-append "-DCMAKE_INSTALL_LIBDIR=" - (assoc-ref %outputs "out") "/lib")))) + (list + #:phases + #~(modify-phases %standard-phases + (add-after 'install 'rename-static-libraries + ;; The build tools put a 'static' suffix on the static libraries, but + ;; other applications don't know how to find these. + (lambda _ + (let ((lib (string-append #$output "/lib/"))) + (rename-file (string-append lib "libbrotlicommon-static.a") + (string-append lib "libbrotlicommon.a")) + (rename-file (string-append lib "libbrotlidec-static.a") + (string-append lib "libbrotlidec.a")) + (rename-file (string-append lib "libbrotlienc-static.a") + (string-append lib "libbrotlienc.a")))))) + #:configure-flags + #~(list ;; Defaults to "lib64" on 64-bit archs. + (string-append "-DCMAKE_INSTALL_LIBDIR=" #$output "/lib")))) (home-page "https://github.com/google/brotli") (synopsis "General-purpose lossless compression") (description "This package provides the reference implementation of Brotli, -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 5/7] gnu: libidn: Update to 1.42. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer ` (3 preceding siblings ...) 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 4/7] gnu: brotli: Update to 1.1.0 Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 6/7] gnu: curl: Update to 8.11.1 and ungraft Maxim Cournoyer ` (2 subsequent siblings) 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/libidn.scm (libidn): Update to 1.42. Change-Id: I7f65377334d6de889ee0fa08ae941a03c6c4e4ca --- gnu/packages/libidn.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index 80350db495..8b12fa87d8 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -34,14 +34,14 @@ (define-module (gnu packages libidn) (define-public libidn (package (name "libidn") - (version "1.41") + (version "1.42") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/libidn-" version ".tar.gz")) (sha256 (base32 - "0ic9zlqqppwaqr3i0r8lb8f47rrazzc8d5pfgg8vs6mqciip0kc8")))) + "08s7rgg8rnmdrk8zyj6m1rb3j3cs6h44pjv0jckzxr06v3f9khfn")))) (build-system gnu-build-system) ;; FIXME: No Java and C# libraries are currently built. (arguments -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 6/7] gnu: curl: Update to 8.11.1 and ungraft. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer ` (4 preceding siblings ...) 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 5/7] gnu: libidn: Update to 1.42 Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 7/7] gnu: curl: Enable zstd support Maxim Cournoyer 2024-12-23 19:45 ` [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Ludovic Courtès 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/curl.scm (curl): Update to 8.11.1. [replacement]: Delete field. [arguments] <#:configure-flags>: Add --with-libssh2. <#:phases>: Simplify check phase override, and newly skip the 165, 962, 963, 964, 965, 966, 967, 1448, 2046 and 2047 test cases. [native-inputs]: Add libssh2. (curl/fixed): Delete variable. * gnu/packages/patches/curl-CVE-2024-8096.patch: Delete file. * gnu/local.mk (dist_patch_DATA): De-register it. Change-Id: I8e1a8516e78370645e4148d33e57114f98a26404 --- gnu/local.mk | 1 - gnu/packages/curl.scm | 47 ++-- gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ------------------ 3 files changed, 19 insertions(+), 229 deletions(-) delete mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch diff --git a/gnu/local.mk b/gnu/local.mk index a4f2e71134..4ffaf89ba4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1128,7 +1128,6 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cups-minimal-Address-PPD-injection-issues.patch \ - %D%/packages/patches/curl-CVE-2024-8096.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ %D%/packages/patches/curlftpfs-fix-error-closing-file.patch \ %D%/packages/patches/curlftpfs-fix-file-names.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index e5e3342b6d..8645ce73f8 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -17,6 +17,7 @@ ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com> ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com> ;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se> +;;; Copyright © 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -67,15 +68,14 @@ (define-module (gnu packages curl) (define-public curl (package (name "curl") - (version "8.6.0") - (replacement curl/fixed) + (version "8.11.1") (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) + "0mmb6sal02gi0dkdvkhx9wfwd6y10bd50hpkmqz78289ifs7vjn7")) (patches (search-patches "curl-use-ssl-cert-env.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -89,6 +89,7 @@ (define-public curl (dirname (dirname (search-input-file %build-inputs "lib/libgssrpc.so")))) + "--with-libssh2" "--disable-static") #:test-target "test-nonflaky" ;avoid tests marked as "flaky" #:phases @@ -115,20 +116,20 @@ (define-public curl (if parallel-tests? (number->string (parallel-job-count)) "1"))) - ;; Ignore test 1477 due to a missing file in the 8.5.0 - ;; release. See - ;; <https://github.com/curl/curl/issues/12462>. - (arguments `("-C" "tests" "test" - ,@make-flags - ,(if #$(or (system-hurd?) - (target-arm32?) - (target-aarch64?)) - ;; protocol FAIL - (string-append "TFLAGS=~1474 " - "!1477 " - job-count) - (string-append "TFLAGS=\"~1477 " - job-count "\""))))) + (arguments + `("-C" "tests" "test" + ,@make-flags + ,(string-append "TFLAGS=" + job-count " " + (if #$(or (system-hurd?) + (target-arm32?) + (target-aarch64?)) + "~1474 " ;protocol FAIL + "") + ;; protocol FAIL + "~962 ~963 ~964 ~965 ~966 ~967 " + ;; These fail for unknown reasons. + "~165 ~1448 ~2046 ~2047")))) ;; The top-level "make check" does "make -C tests quiet-test", which ;; is too quiet. Use the "test" target instead, which is more ;; verbose. @@ -152,7 +153,7 @@ (define-public curl (native-inputs (list nghttp2 perl pkg-config python-minimal-wrapper)) (inputs - (list gnutls libidn libpsl mit-krb5 `(,nghttp2 "lib") zlib)) + (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib)) (native-search-paths ;; These variables are introduced by curl-use-ssl-cert-env.patch. (list $SSL_CERT_DIR @@ -178,16 +179,6 @@ (define-public curl (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")))) -(define-public curl/fixed - (hidden-package - (package - (inherit curl) - (replacement curl/fixed) - (source (origin - (inherit (package-source curl)) - (patches (append (origin-patches (package-source curl)) - (search-patches "curl-CVE-2024-8096.patch")))))))) - (define-public gnurl (deprecated-package "gnurl" curl)) (define-public curl-ssh diff --git a/gnu/packages/patches/curl-CVE-2024-8096.patch b/gnu/packages/patches/curl-CVE-2024-8096.patch deleted file mode 100644 index 0f780f08c3..0000000000 --- a/gnu/packages/patches/curl-CVE-2024-8096.patch +++ /dev/null @@ -1,200 +0,0 @@ -From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 20 Aug 2024 16:14:39 +0200 -Subject: [PATCH] gtls: fix OCSP stapling management - -Reported-by: Hiroki Kurosawa -Closes #14642 ---- - lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------ - 1 file changed, 73 insertions(+), 73 deletions(-) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 03d6fcc038aac3..c7589d9d39bc81 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -850,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, - init_flags |= GNUTLS_NO_TICKETS; - #endif - -+#if defined(GNUTLS_NO_STATUS_REQUEST) -+ if(!config->verifystatus) -+ /* Disable the "status_request" TLS extension, enabled by default since -+ GnuTLS 3.8.0. */ -+ init_flags |= GNUTLS_NO_STATUS_REQUEST; -+#endif -+ - rc = gnutls_init(>ls->session, init_flags); - if(rc != GNUTLS_E_SUCCESS) { - failf(data, "gnutls_init() failed: %d", rc); -@@ -1321,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, - infof(data, " server certificate verification SKIPPED"); - - if(config->verifystatus) { -- if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { -- gnutls_datum_t status_request; -- gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_datum_t status_request; -+ gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_ocsp_cert_status_t status; -+ gnutls_x509_crl_reason_t reason; - -- gnutls_ocsp_cert_status_t status; -- gnutls_x509_crl_reason_t reason; -+ rc = gnutls_ocsp_status_request_get(session, &status_request); - -- rc = gnutls_ocsp_status_request_get(session, &status_request); -+ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -+ failf(data, "No OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- infof(data, " server certificate status verification FAILED"); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -- failf(data, "No OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ gnutls_ocsp_resp_init(&ocsp_resp); - -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- gnutls_ocsp_resp_init(&ocsp_resp); -+ (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -+ &status, NULL, NULL, NULL, &reason); - -- rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ switch(status) { -+ case GNUTLS_OCSP_CERT_GOOD: -+ break; - -- (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -- &status, NULL, NULL, NULL, &reason); -+ case GNUTLS_OCSP_CERT_REVOKED: { -+ const char *crl_reason; - -- switch(status) { -- case GNUTLS_OCSP_CERT_GOOD: -+ switch(reason) { -+ default: -+ case GNUTLS_X509_CRLREASON_UNSPECIFIED: -+ crl_reason = "unspecified reason"; - break; - -- case GNUTLS_OCSP_CERT_REVOKED: { -- const char *crl_reason; -- -- switch(reason) { -- default: -- case GNUTLS_X509_CRLREASON_UNSPECIFIED: -- crl_reason = "unspecified reason"; -- break; -- -- case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -- crl_reason = "private key compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_CACOMPROMISE: -- crl_reason = "CA compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -- crl_reason = "affiliation has changed"; -- break; -+ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -+ crl_reason = "private key compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_SUPERSEDED: -- crl_reason = "certificate superseded"; -- break; -+ case GNUTLS_X509_CRLREASON_CACOMPROMISE: -+ crl_reason = "CA compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -- crl_reason = "operation has ceased"; -- break; -+ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -+ crl_reason = "affiliation has changed"; -+ break; - -- case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -- crl_reason = "certificate is on hold"; -- break; -+ case GNUTLS_X509_CRLREASON_SUPERSEDED: -+ crl_reason = "certificate superseded"; -+ break; - -- case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -- crl_reason = "will be removed from delta CRL"; -- break; -+ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -+ crl_reason = "operation has ceased"; -+ break; - -- case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -- crl_reason = "privilege withdrawn"; -- break; -+ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -+ crl_reason = "certificate is on hold"; -+ break; - -- case GNUTLS_X509_CRLREASON_AACOMPROMISE: -- crl_reason = "AA compromised"; -- break; -- } -+ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -+ crl_reason = "will be removed from delta CRL"; -+ break; - -- failf(data, "Server certificate was revoked: %s", crl_reason); -+ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -+ crl_reason = "privilege withdrawn"; - break; -- } - -- default: -- case GNUTLS_OCSP_CERT_UNKNOWN: -- failf(data, "Server certificate status is unknown"); -+ case GNUTLS_X509_CRLREASON_AACOMPROMISE: -+ crl_reason = "AA compromised"; - break; - } - -- gnutls_ocsp_resp_deinit(ocsp_resp); -+ failf(data, "Server certificate was revoked: %s", crl_reason); -+ break; -+ } - -- return CURLE_SSL_INVALIDCERTSTATUS; -+ default: -+ case GNUTLS_OCSP_CERT_UNKNOWN: -+ failf(data, "Server certificate status is unknown"); -+ break; - } -- else -- infof(data, " server certificate status verification OK"); -+ -+ gnutls_ocsp_resp_deinit(ocsp_resp); -+ if(status != GNUTLS_OCSP_CERT_GOOD) -+ return CURLE_SSL_INVALIDCERTSTATUS; - } - else - infof(data, " server certificate status verification SKIPPED"); -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 7/7] gnu: curl: Enable zstd support. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer ` (5 preceding siblings ...) 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 6/7] gnu: curl: Update to 8.11.1 and ungraft Maxim Cournoyer @ 2024-12-22 16:01 ` Maxim Cournoyer 2024-12-23 19:45 ` [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Ludovic Courtès 7 siblings, 0 replies; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-22 16:01 UTC (permalink / raw) To: 75026; +Cc: Maxim Cournoyer * gnu/packages/curl.scm [inputs]: Add zstd:lib. Change-Id: I48e1099c3a445bcbdeaf16c5a79d956bd1b51307 --- gnu/packages/curl.scm | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 8645ce73f8..d0c8c5c2a6 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -151,9 +151,19 @@ (define-public curl (close port))))) #~())))) (native-inputs - (list nghttp2 perl pkg-config python-minimal-wrapper)) + (list nghttp2 + perl + pkg-config + python-minimal-wrapper)) (inputs - (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib)) + (list gnutls + libidn + libpsl + libssh2 + mit-krb5 + `(,nghttp2 "lib") + zlib + `(,zstd "lib"))) (native-search-paths ;; These variables are introduced by curl-use-ssl-cert-env.patch. (list $SSL_CERT_DIR -- 2.46.0 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl. 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer ` (6 preceding siblings ...) 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 7/7] gnu: curl: Enable zstd support Maxim Cournoyer @ 2024-12-23 19:45 ` Ludovic Courtès 2024-12-24 2:15 ` Maxim Cournoyer 7 siblings, 1 reply; 12+ messages in thread From: Ludovic Courtès @ 2024-12-23 19:45 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 75026 Hi Maxim, Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > gnu: gnutls: Update to 3.8.8. > gnu: gnutls: Enable zstd compression. > gnu: gnutls: Streamline mips64el conditionals. > gnu: brotli: Update to 1.1.0. > gnu: libidn: Update to 1.42. > gnu: curl: Update to 8.11.1 and ungraft. > gnu: curl: Enable zstd support. ‘core-updates’ is now gone: https://lists.gnu.org/archive/html/guix-devel/2024-08/msg00195.html Instead, this should go on a dedicated branch, with a “request to merge” and a jobset on ci.guix (ideally qa.guix would pick it up but it’s currently out of order). Thanks, Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl. 2024-12-23 19:45 ` [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Ludovic Courtès @ 2024-12-24 2:15 ` Maxim Cournoyer 2024-12-24 14:52 ` Ludovic Courtès 0 siblings, 1 reply; 12+ messages in thread From: Maxim Cournoyer @ 2024-12-24 2:15 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 75026 Hi Ludovic, Ludovic Courtès <ludo@gnu.org> writes: > Hi Maxim, > > Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > >> gnu: gnutls: Update to 3.8.8. >> gnu: gnutls: Enable zstd compression. >> gnu: gnutls: Streamline mips64el conditionals. >> gnu: brotli: Update to 1.1.0. >> gnu: libidn: Update to 1.42. >> gnu: curl: Update to 8.11.1 and ungraft. >> gnu: curl: Enable zstd support. > > ‘core-updates’ is now gone: > > https://lists.gnu.org/archive/html/guix-devel/2024-08/msg00195.html I'm (finally) aware of this :-). But it seemed like useful, when submitting to the trackr for review to have a subject prefix anyway to communicate that this causes a mass rebuild, hopefully avoiding the situation of another committer picking these up and pushing them to the master. > Instead, this should go on a dedicated branch, with a “request to merge” > and a jobset on ci.guix (ideally qa.guix would pick it up but it’s > currently out of order). Understood; do the patches LGTY? -- Thanks, Maxim ^ permalink raw reply [flat|nested] 12+ messages in thread
* [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl. 2024-12-24 2:15 ` Maxim Cournoyer @ 2024-12-24 14:52 ` Ludovic Courtès 0 siblings, 0 replies; 12+ messages in thread From: Ludovic Courtès @ 2024-12-24 14:52 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 75026 Hello, Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: >> ‘core-updates’ is now gone: >> >> https://lists.gnu.org/archive/html/guix-devel/2024-08/msg00195.html > > I'm (finally) aware of this :-). But it seemed like useful, when > submitting to the trackr for review to have a subject prefix anyway to > communicate that this causes a mass rebuild, hopefully avoiding the > situation of another committer picking these up and pushing them to the > master. Makes sense. :-) >> Instead, this should go on a dedicated branch, with a “request to merge” >> and a jobset on ci.guix (ideally qa.guix would pick it up but it’s >> currently out of order). > > Understood; do the patches LGTY? Except for the questions I posted about GnuTLS, it LGTM. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-12-24 15:08 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-12-22 15:52 [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Maxim Cournoyer 2024-12-22 16:00 ` [bug#75026] [PATCH core-updates 1/7] gnu: gnutls: Update to 3.8.8 Maxim Cournoyer 2024-12-24 14:50 ` Ludovic Courtès 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 2/7] gnu: gnutls: Enable zstd compression Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 3/7] gnu: gnutls: Streamline mips64el conditionals Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 4/7] gnu: brotli: Update to 1.1.0 Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 5/7] gnu: libidn: Update to 1.42 Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 6/7] gnu: curl: Update to 8.11.1 and ungraft Maxim Cournoyer 2024-12-22 16:01 ` [bug#75026] [PATCH core-updates 7/7] gnu: curl: Enable zstd support Maxim Cournoyer 2024-12-23 19:45 ` [bug#75026] [PATCH core-updates 0/7] Update gnutls and curl Ludovic Courtès 2024-12-24 2:15 ` Maxim Cournoyer 2024-12-24 14:52 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).