From: John Kehayias via Guix-patches via <guix-patches@gnu.org>
To: Ashish SHUKLA <ashish.is@lostca.se>
Cc: 73361@debbugs.gnu.org
Subject: [bug#73361] [PATCH] gnu: curl: Update to 8.10.1 [security fixes].
Date: Fri, 27 Sep 2024 18:52:21 +0000 [thread overview]
Message-ID: <87tte13p5q.fsf@protonmail.com> (raw)
In-Reply-To: <5cadbf4fe10768fae553fd71f8b0edeb384c7fb0.1726759049.git.ashish.is@lostca.se>
Hello,
On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote:
> * gnu/packages/curl.scm (curl): Update to 8.10.1.
>
As curl causes a rebuild of just about everything, this will need to
done as a graft on master. (And ungrafted with a world rebuild on a
branch.) Would you like to take a stab at that?
Also, please note what the security fixes are (CVE numbers).
Thanks for the patch so far!
John
> * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1.
>
> Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8
> ---
> gnu/packages/curl.scm | 5 ++-
> .../patches/curl-use-ssl-cert-env.patch | 41 +++++++++----------
> 2 files changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index 9f74018205..7ab886f195 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -16,6 +16,7 @@
> ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
> ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
> ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
> +;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -66,14 +67,14 @@ (define-module (gnu packages curl)
> (define-public curl
> (package
> (name "curl")
> - (version "8.6.0")
> + (version "8.10.1")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://curl.se/download/curl-"
> version ".tar.xz"))
> (sha256
> (base32
> - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
> + "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k"))
> (patches (search-patches "curl-use-ssl-cert-env.patch"))))
> (outputs '("out"
> "doc")) ;1.2 MiB of man3 pages
> diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch
> index c39c1f7e98..2a57f0f8be 100644
> --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch
> +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch
> @@ -37,28 +37,27 @@ for other future workarounds.
> #ifdef _WIN32
> Curl_win32_cleanup(easy_init_flags);
> #endif
> -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c
> ---- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100
> -+++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100
> -@@ -524,6 +524,21 @@
> - if(result)
> - return result;
> +--- curl-8.10.0/lib/url.c.orig 2024-09-17 16:57:50.407214691 +0000
> ++++ curl-8.10.0/lib/url.c 2024-09-17 16:59:47.507214691 +0000
> +@@ -455,6 +455,21 @@
> + #endif
> #endif
> -+ extern char * Curl_ssl_cert_dir;
> -+ extern char * Curl_ssl_cert_file;
> -+ if(Curl_ssl_cert_dir) {
> -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
> -+ return result;
> -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
> -+ return result;
> -+ }
> -+
> -+ if(Curl_ssl_cert_file) {
> -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
> -+ return result;
> -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
> -+ return result;
> -+ }
> }
> ++ extern char * Curl_ssl_cert_dir;
> ++ extern char * Curl_ssl_cert_file;
> ++ if(Curl_ssl_cert_dir) {
> ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir))
> ++ return result;
> ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir))
> ++ return result;
> ++ }
> ++
> ++ if(Curl_ssl_cert_file) {
> ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file))
> ++ return result;
> ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file))
> ++ return result;
> ++ }
>
> + #ifndef CURL_DISABLE_FTP
> set->wildcard_enabled = FALSE;
>
> base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9
next prev parent reply other threads:[~2024-09-27 18:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-19 15:17 [bug#73361] [PATCH] gnu: curl: Update to 8.10.1 [security fixes] Ashish SHUKLA via Guix-patches via
2024-09-27 18:52 ` John Kehayias via Guix-patches via [this message]
2024-09-28 1:24 ` Ashish SHUKLA via Guix-patches via
2024-11-12 12:07 ` bug#73361: [PATCH v2] gnu: curl: Fix security vulnerability Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tte13p5q.fsf@protonmail.com \
--to=guix-patches@gnu.org \
--cc=73361@debbugs.gnu.org \
--cc=ashish.is@lostca.se \
--cc=john.kehayias@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).