New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl: 8.6.0 -> 8.7.1 #299580
curl: 8.6.0 -> 8.7.1 #299580
Conversation
Needs more build testing, as we regularly run into issues with darwin. |
I will try to cover Linux aarch64 during the week-end but I will need a hand for darwin |
Will look into darwin. |
x86_64-darwin passthru tests fail to eval. This is rebased onto master.
|
Successfully built all relevant Also built equivalent for, nixos x86_64, along with |
|
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index fbc430b7afc9..82100c95a4e6 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -196,6 +196,7 @@ stdenv.mkDerivation (finalAttrs: {
# nginx-http3 = useThisCurl nixosTests.nginx-http3;
nginx-http3 = nixosTests.nginx-http3;
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
+ } // lib.optionalAttrs (!stdenv.isDarwin && !stdenv.isx86_64) {
static = pkgsStatic.curl;
} // lib.optionalAttrs (!stdenv.isDarwin) {
fetchpatch = tests.fetchpatch.simple.override { fetchpatch = (fetchpatch.override { fetchurl = useThisCurl fetchurl; }) // { version = 1; }; }; |
Done, thanks! |
Ughhh, their fix for static linking libpsl doesn't actually work, so we have to keep our hack for it. |
Should we add a case to |
Since curl 8.7.0 switched to rustls-ffi 0.12 I think this will break the optional @LeSuisse Do you have any thoughts? Is the best approach to split the rustls-ffi package into two versions? As an upstream maintainer of rustls-ffi I'm interested in trying to pitch in with the downstream packaging but would appreciate input before I start making PRs. Also happy to chat elsewhere if this is too off-topic for the curl update. |
Yeah I need to take a look. It's likely I'm going to propose to have the 2 versions in nixpkgs. Expect something by the end of the week. |
Thanks! 👍 Feel free to CC me. We recently landed pkg-config/.so support using cargo-c to build and I suspect that might be interesting to think about too. |
If you want to ensure we don't break Come to think, it doesn't look like we have any passthru targets for alternative tls implementations. |
There is a passthru test in the |
It currently does not build but the situation is being handled upstream.
Ok given there is also curl/curl#13248 I will deal with the rustls-ffi upgrade once this PR reaches master. It will be less annoying to work on it and given the curl + Rustls backend is not accessible via a direct pkgs attribute it should not bother too many people. |
Not major, but a bug in 8.7 breaks newsboat |
Looks easy enough to cherry-pick a fix patch: #306633 @jpotier Can you test if that fixes |
Description of changes
Fixes CVE-2024-2466, CVE-2024-2398, CVE-2024-2379 and CVE-2024-2004.
Changes:
https://curl.se/changes.html#8_7_1
Things done
curlFull
andcurl.passthru.tests
curlFull
andcurl.passthru.tests
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.