From d06de25cd2647f85205d4d8ed4e26a6dd67ad400 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 Jun 2022 22:04:14 +0200 Subject: gnu: cURL: Update source URI. * gnu/packages/curl.scm (curl)[source](uri): Follow redirect. --- gnu/packages/curl.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 7fa0261147..91f9ca5c50 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -65,7 +65,7 @@ (version "7.79.1") (source (origin (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" + (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 -- cgit v1.2.3 From 3fc6709d4285f44d1e861c7b09951adf3073e898 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 Jun 2022 22:06:13 +0200 Subject: gnu: cURL: Replace with 7.84.0 [security fixes]. This fixes CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, and CVE-2022-27782. * gnu/packages/curl.scm (curl)[replacement]: New field. (curl-7.84.0): New private variable. --- gnu/packages/curl.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 91f9ca5c50..e1aa0bd086 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Tomáš Čech ;;; Copyright © 2015, 2020, 2021 Ludovic Courtès ;;; Copyright © 2016, 2017, 2019 Leo Famulari -;;; Copyright © 2017, 2019, 2020 Marius Bakke +;;; Copyright © 2017, 2019, 2020, 2022 Marius Bakke ;;; Copyright © 2017 Efraim Flashner ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Roel Janssen @@ -63,6 +63,7 @@ (package (name "curl") (version "7.79.1") + (replacement curl-7.84.0) (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" @@ -139,6 +140,20 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) +;; Replacement package with fixes for multiple vulnerabilities. +;; See . +(define curl-7.84.0 + (package + (inherit curl) + (version "7.84.0") + (source (origin + (inherit (package-source curl)) + (uri (string-append "https://curl.se/download/curl-" + version ".tar.xz")) + (sha256 + (base32 + "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")))))) + (define-public curl-minimal (deprecated-package "curl-minimal" curl)) -- cgit v1.2.3 From aeb8c4fbea8197f5c568efab800a45aba53d4dd6 Mon Sep 17 00:00:00 2001 From: Liliana Marie Prikler Date: Sat, 2 Jul 2022 11:07:34 +0200 Subject: gnu: curl: Skip failing test on x86-32. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/curl.scm (curl-7.84.0)[arguments]<#:phases>: When running on x86-32, add a phase to skip test 3026 “curl_global_init thread-safety”. --- gnu/packages/curl.scm | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index e1aa0bd086..ebc36eead2 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -33,6 +33,7 @@ (define-module (gnu packages curl) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) + #:use-module (guix gexp) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix utils) @@ -152,7 +153,22 @@ tunneling, and so on.") version ".tar.xz")) (sha256 (base32 - "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")))))) + "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")))) + (arguments (substitute-keyword-arguments (package-arguments curl) + ((#:phases phases) + (cond + ((target-x86-32?) + #~(modify-phases #$phases + (add-after 'unpack 'skip-failing-tests + (lambda _ + (with-output-to-port + (open-file "tests/data/DISABLED" "a") + (lambda () + (display "# curl_global_init thread-safety") + (newline) + (display 3026) + (newline))))))) + (else phases))))))) (define-public curl-minimal (deprecated-package "curl-minimal" curl)) -- cgit v1.2.3 From 89fe091bb4f70c7f929c770ed5ca8e8ad52f8e09 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 1 Jul 2022 18:53:35 +0300 Subject: gnu: curl: Fix build on some systems. * gnu/packages/curl.scm (curl-7.84.0)[source]: Add patch to work around implicit function declaration. * gnu/packages/patches/curl-easy-lock.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/curl.scm | 4 +++- gnu/packages/patches/curl-easy-lock.patch | 31 +++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/curl-easy-lock.patch (limited to 'gnu/packages/curl.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 3a56ad371d..060470cfea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -977,6 +977,7 @@ dist_patch_DATA = \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ + %D%/packages/patches/curl-easy-lock.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-CVE-2017-12836.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index ebc36eead2..bb56227804 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -153,7 +153,9 @@ tunneling, and so on.") version ".tar.xz")) (sha256 (base32 - "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")))) + "1f2xgj0wvys9xw50h7vcbaraavjr9rxx9n06x2xfbgs7ym1qn49d")) + (patches (append (origin-patches (package-source curl)) + (search-patches "curl-easy-lock.patch"))))) (arguments (substitute-keyword-arguments (package-arguments curl) ((#:phases phases) (cond diff --git a/gnu/packages/patches/curl-easy-lock.patch b/gnu/packages/patches/curl-easy-lock.patch new file mode 100644 index 0000000000..137106f57c --- /dev/null +++ b/gnu/packages/patches/curl-easy-lock.patch @@ -0,0 +1,31 @@ +This patch is taken from upstream master, and should probably be dropped +with the next release. + +ihttps://github.com/curl/curl/commit/e2e7f54b7bea521fa8373095d0f43261a720cda0.patch + +From e2e7f54b7bea521fa8373095d0f43261a720cda0 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 27 Jun 2022 08:46:21 +0200 +Subject: [PATCH] easy_lock.h: include sched.h if available to fix build + +Patched-by: Harry Sintonen + +Closes #9054 +--- + lib/easy_lock.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/easy_lock.h b/lib/easy_lock.h +index 819f50ce815b8..1f54289ceb2d3 100644 +--- a/lib/easy_lock.h ++++ b/lib/easy_lock.h +@@ -36,6 +36,9 @@ + + #elif defined (HAVE_ATOMIC) + #include ++#if defined(HAVE_SCHED_YIELD) ++#include ++#endif + + #define curl_simple_lock atomic_bool + #define CURL_SIMPLE_LOCK_INIT false -- cgit v1.2.3 From c145e51844bf52eb77cdc969a0fe30a48755b29e Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 3 Jul 2022 10:06:48 +0300 Subject: gnu: curl: Skip failing test on 32-bit architectures. * gnu/packages/curl.scm (curl-7.84.0)[arguments]: Use custom 'skip-failing-tests phase on all 32-bit architectures. --- gnu/packages/curl.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index bb56227804..6d1cc9a572 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -159,7 +159,7 @@ tunneling, and so on.") (arguments (substitute-keyword-arguments (package-arguments curl) ((#:phases phases) (cond - ((target-x86-32?) + ((not (target-64bit?)) #~(modify-phases #$phases (add-after 'unpack 'skip-failing-tests (lambda _ -- cgit v1.2.3 From 3759b71dc8b175ba02bc2f87e4f426ceed342d42 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 6 Jul 2022 18:00:13 +0200 Subject: gnu: curl@7.84.0: Reduce lib3026 resource use on 32-bit platforms. This is a followup to c145e51844bf52eb77cdc969a0fe30a48755b29e. See discussion at . * gnu/packages/curl.scm (curl-7.84.0)[arguments]: Remove 'skip-failing-tests' and add 'tweak-lib3026-test'. --- gnu/packages/curl.scm | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'gnu/packages/curl.scm') diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 6d1cc9a572..d82d94abff 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2014, 2015 Andreas Enge ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2015 Tomáš Čech -;;; Copyright © 2015, 2020, 2021 Ludovic Courtès +;;; Copyright © 2015, 2020, 2021, 2022 Ludovic Courtès ;;; Copyright © 2016, 2017, 2019 Leo Famulari ;;; Copyright © 2017, 2019, 2020, 2022 Marius Bakke ;;; Copyright © 2017 Efraim Flashner @@ -161,15 +161,13 @@ tunneling, and so on.") (cond ((not (target-64bit?)) #~(modify-phases #$phases - (add-after 'unpack 'skip-failing-tests + (add-after 'unpack 'tweak-lib3026-test (lambda _ - (with-output-to-port - (open-file "tests/data/DISABLED" "a") - (lambda () - (display "# curl_global_init thread-safety") - (newline) - (display 3026) - (newline))))))) + ;; Have that test create a hundred threads, not a + ;; thousand. + (substitute* "tests/libtest/lib3026.c" + (("NUM_THREADS .*$") + "NUM_THREADS 100\n")))))) (else phases))))))) (define-public curl-minimal -- cgit v1.2.3