2
0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-17 02:14:08 +00:00
Commit Graph

269 Commits

Author SHA1 Message Date
Sandro
d59a6c1264
Merge pull request from risicle/ris-curl-passthru-tests
curl: add some key reverse-dependencies to passthru.tests
2022-05-09 16:04:44 +02:00
Robert Scott
924ebf6556 curl: add some key reverse-dependencies to passthru.tests 2022-05-07 15:54:47 +01:00
Martin Weinelt
85f5539c4b
curl: 7.82.0 -> 7.83.0
https://curl.se/changes.html#7_83_0
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html

Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
2022-04-27 19:56:47 +02:00
Sandro Jäckel
febceef078
curl: gate darwin workarounds behind stdenv.isDarwin to make life on linux easier
Closes 
2022-04-19 15:20:41 +02:00
Izorkin
a6a8731dc7
curl: enable ca-bundle if activated http3 protocol 2022-04-17 20:12:06 +03:00
Paul Grandperrin
0fad2b34c4 Patch curl certificate CN verification
From 911714d617
Fixes https://github.com/NixOS/nixpkgs/issues/167971
2022-04-09 14:50:18 +02:00
R. Ryantm
a4bb1d210d curl: 7.81.0 -> 7.82.0 2022-03-16 20:00:30 +10:00
Bernardo Meurer
336b2c85c0
Merge pull request from Izorkin/update-curl
curl: update build configuration
2022-01-10 16:22:03 +00:00
zowoq
20b0e16c32 curl: 7.80.0 -> 7.81.0
https://curl.se/changes.html#7_81_0
2022-01-06 09:03:18 +10:00
Izorkin
507301b357
curl: add support http3 protocol 2021-12-03 23:26:44 +03:00
Izorkin
851b12b691
curl: cleanup build configuration 2021-12-03 23:26:44 +03:00
Izorkin
1e4864e295
curl: add psl support 2021-12-03 23:26:43 +03:00
Izorkin
da30a0cfb8
curl: add support rtmp protocol 2021-12-03 23:26:43 +03:00
Izorkin
bc721b462b
curl: add support sasl authentication 2021-12-03 23:26:43 +03:00
Izorkin
7497778795
curl: add support zstd compression 2021-12-03 23:26:42 +03:00
Izorkin
29526bc2eb
curl: IDN support requires libidn2 package 2021-12-03 23:26:42 +03:00
Izorkin
0bac59f8e8 curl: 7.79.1 -> 7.80.0 2021-12-02 18:11:22 +10:00
Ivan Babrou
0b91881457 curl: use lib.getDev to allow building with boringssl
As suggested here: https://github.com/NixOS/nixpkgs/pull/143477#issuecomment-974180167
2021-11-24 13:51:03 -08:00
Martin Weinelt
f651d617a6 curl: use --with/without-openssl instead of --with/without-ssl
This also migrates sslSupport to opensslSupport, which affects packages
overriding the curl package in that regard.
2021-10-16 11:35:18 +01:00
Robert Scott
106e944e19 curl: 7.76.1 -> 7.79.1
patching out SystemConfiguration requirement on darwin as we
can't use it from within the curl bootstrap loop
2021-10-16 11:35:18 +01:00
Robert Scott
13f8720032 curl: add patch for CVE-2021-22945
included as all curl patches need to be in-repo due to
bootstrapping issues
2021-09-28 18:23:01 +01:00
Ryan Burns
42155910a0 pkgsStatic.curl: fix build
904625852d removed the overlay which
disables gss and brotli for static curl. Although we can now build them
statically, attempting to build curl against them results in 'undefined
reference' linker errors.
2021-09-07 16:48:03 +09:00
Luke Granger-Brown
4e1b102af6 curl: reenable ca-fallback when not using wolfsslSupport
904625852d accidentally swapped the
behaviour, and enabled ca-fallback when using wolfssl and disabled it
without. This effectively disables curl's ability to use the built in CA
stack.
2021-09-07 01:10:33 +00:00
John Ericson
904625852d pkgsStatic: Inline more of static overlay 2021-08-19 21:55:06 +00:00
Guillaume Girol
81d185ad5d curl: add strictDeps = true 2021-08-19 09:30:47 +02:00
Guillaume Girol
cd97a3d62e curl: fix static build by disabling gssSupport 2021-08-19 09:30:46 +02:00
Robert Scott
742c60f6f8 curl: add patches for CVE-2021-22897, CVE-2021-22898 & CVE-2021-22901 2021-05-30 18:19:19 +01:00
Andrew Childs
314c92c542 curl: disable gssSupport for Apple Silicon 2021-05-17 00:27:00 +09:00
Martin Weinelt
61c9c7888f curl: 7.74.0 -> 7.76.1 2021-04-14 17:06:07 +02:00
Robert Scott
6808269554 curl: add patches for CVE-2021-22876, CVE-2021-22890
hand-backported from upstream fixes
2021-04-02 18:13:36 +01:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of 

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
John Ericson
5c2965145f treewide: Inline more of the static overlay
Picking up where  left off. I think I'll have gotten all the easy
stuff with this.
2021-01-03 21:46:14 +00:00
Martin Weinelt
5ba727781f
curl: 7.73.0 -> 7.74.0
https://curl.se/docs/CVE-2020-8284.html
https://curl.se/docs/CVE-2020-8285.html
https://curl.se/docs/CVE-2020-8286.html

Fixes: CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
2020-12-09 15:25:33 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge : libraw: 0.20.0 -> 0.20.2"
This reverts commit c778945806.

I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge : libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Tim Steinbach
4df8aa7b00
curl: 7.72.0 -> 7.73.0 2020-10-17 16:43:01 -04:00
Stig Palmquist
157645ae0f curl: 7.71.1 -> 7.72.0
https://curl.haxx.se/changes.html#7_72_0
https://curl.haxx.se/docs/CVE-2020-8231.html
2020-08-20 09:12:06 +00:00
Matthew Bauer
d0677e6d45 treewide: add warning comment to “boot” packages
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
2020-07-31 08:56:53 +02:00
Daniel Șerbănescu
6ca2afc05a curl: 7.70.0 -> 7.71.1 2020-07-04 18:02:45 +02:00
Peter Hoeg
9efd23e64d curl: 7.69.1 -> 7.70.0 2020-05-11 22:18:10 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM
e4df9d6b54 curl: 7.68.0 -> 7.69.1 2020-04-05 13:30:55 +02:00
zowoq
3cccbaa980 curl: 7.67.0 -> 7.68.0
https://curl.haxx.se/changes.html#7_68_0
2020-01-15 09:40:40 +01:00
Marco A L Barbosa
b2b2330c35 curl: add option to use wolfssl backend 2019-12-10 18:55:41 +01:00
Izorkin
2cef6accb8 curl: 7.66.0 -> 7.67.0 2019-11-12 14:47:47 +01:00
Will Dietz
919a459158 curl: install completions (zsh, fish) 2019-09-18 08:58:25 -04:00
Will Dietz
69ded6f018 curl: 7.65.3 -> 7.66.0 2019-09-18 08:58:25 -04:00
R. RyanTM
69b233e704 curl: 7.65.0 -> 7.65.3 2019-07-20 09:43:44 +02:00
Will Dietz
55bcfed30c
curl: 7.64.0 -> 7.65.0
https://curl.haxx.se/changes.html#7_65_0
2019-05-22 20:38:11 -05:00
R. RyanTM
9cb107d3db curl: 7.64.0 -> 7.64.1 ()
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/curl/versions
2019-04-07 20:13:39 +00:00
Dylan Simon
1c3a4ef287 fetchurl: use fetchurlBoot for zlib deps 2019-03-25 15:04:55 -04:00
Will Dietz
5a4e8a410f curl: 7.63.0 -> 7.64.0
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823

https://curl.haxx.se/changes.html#7_64_0
2019-02-06 06:18:42 -06:00
Vladimír Čunát
51ac3db79c
Revert "nix: point at curl 7.59.0 ()"
This reverts commit 5574df3549.
I also can't reproduce the problem anymore; discussion: .
Fixes , fixes .  (Vulnerabilities in old curl.)
2019-01-19 17:14:02 +01:00
Will Dietz
5a8660bd29 curl: 7.62.0 -> 7.63.0
https://curl.haxx.se/mail/lib-2018-12/0036.html
https://curl.haxx.se/changes.html
2018-12-19 09:19:12 +01:00
Pierre Bourdon
90720d0139 curl: cherry-pick upstream patch for ipv6 url parsing
Upstream bug: .

This causes nixos/tests/ipv6.nix to fix since the last staging merge.
2018-11-22 09:58:34 +01:00
Frederik Rietdijk
e343a85cfb Merge master into staging-next 2018-11-19 09:55:32 +01:00
Jan Malakhovski
50aef6015f curl: move option defaults from all-packages.nix to the derivation itself 2018-11-18 07:59:40 +00:00
Will Dietz
e9d6475e68 curl: 7.61.1 -> 7.62.0
See
https://github.com/NixOS/nixpkgs/issues/49463#issuecomment-434617623
2018-10-31 07:12:00 -05:00
Matthew Bauer
1660098d84 curl: build statically on windows 2018-10-17 14:44:35 -05:00
Tim Steinbach
16650af8c3
curl: 7.61.0 -> 7.61.1 2018-09-08 10:44:02 -04:00
Markus Kowalewski
17702d0416
curl: add license 2018-08-16 21:38:59 +02:00
John Ericson
c99de14e60 curl: Get rid of crossAttrs 2018-07-24 18:36:59 -04:00
Frederik Rietdijk
099c13da1b Merge staging-next into master ()
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes 

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes .

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
Vladimír Čunát
c1ffc65d1a
Merge branch 'master' into staging
This apparently fixes some broken src fetches (gnuradio, twisted).
2018-07-02 11:10:26 +02:00
Will Dietz
81c9f7125f curl: fix configure flag for random device.
Fixes .

Thanks for reporting, @dingxiangfei2009!
2018-07-01 12:47:24 -05:00
Daiderd Jordan
288939ce22
curl: disable default CA bundle
Without this curl might detect /etc/ssl/cert.pem at build time on macOS,
causing curl to ignore NIX_SSL_CERT_FILE.

Fixes 
2018-06-23 12:16:42 +02:00
Tim Steinbach
5574df3549 nix: point at curl 7.59.0 () 2018-06-04 22:25:23 +00:00
Tim Steinbach
44101ee9d6
curl: 7.59.0 -> 7.60.0 2018-05-16 07:27:35 -04:00
Ben Gamari
d23f71deaa curl: Enable cross-compilation
By fixing toolchain paths
2018-05-03 17:06:00 -04:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Tim Steinbach
837ecc2f6a
curl: 7.58.0 -> 7.59.0 2018-03-15 19:08:12 -04:00
SLNOS
40bceae84e curl: fetchurl more securely 2018-02-10 00:25:37 +00:00
Franz Pletz
60331e6e90
curl: 7.57.0 -> 7.58.0 (security)
Fixes: CVE-2018-1000005, CVE-2018-1000007
2018-01-29 14:15:56 +01:00
Vladimír Čunát
9b54a00160
Merge : curl: enable kerberos 2017-12-19 15:18:24 +01:00
Vladimír Čunát
13e6a5c561
kerberos: split headers into $dev 2017-12-19 15:18:01 +01:00
adisbladis
8d479c0397
curl: Add brotli support 2017-11-29 19:47:41 +08:00
adisbladis
b7e6fd3b3a curl: 7.56.1 -> 7.57.0
Fixes CVEs:
CVE-2017-8816
CVE-2017-8817
CVE-2017-8818
2017-11-29 11:19:37 +00:00
Tim Steinbach
9bd9305602
curl: 7.56.0 -> 7.56.1 2017-10-23 08:33:11 -04:00
Spencer Baugh
75353853fc curl: use the "kerberos" package rather than specifically GNU gss
This allows a policy decision about which Kerberos to use.
2017-10-08 20:45:58 +00:00
Daiderd Jordan
514593ea31
curl: fix clang build 2017-10-04 23:08:30 +02:00
Franz Pletz
a98b96824d
curl: 7.55.1 -> 7.56.0 for CVE-2017-1000254
https://curl.haxx.se/docs/adv_20171004.html
2017-10-04 08:17:46 +02:00
Tim Steinbach
135a841d91
curl: 7.55.0 -> 7.55.1 2017-08-14 19:21:47 +02:00
Frederik Rietdijk
13bbaee21d Merge pull request from mimadrid/fix/http-https
Update homepage attributes: http -> https
2017-08-13 21:53:20 +02:00
Franz Pletz
b44bed5568
curl: 7.54.1 -> 7.55.0
Fixes .

Fixes CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099.
2017-08-10 16:22:56 +02:00
mimadrid
09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Eelco Dolstra
c23dcd72a0
Enable some more debug info 2017-07-05 16:04:54 +02:00
Tim Steinbach
9560fcbadf
curl: 7.54.0 -> 7.54.1 2017-06-16 08:16:30 -04:00
Tim Steinbach
55e334e62a
curl: 7.53.1 -> 7.54.0 2017-04-19 11:31:09 -04:00
Guillaume Maudoux
8ecb94bb97 curl: Use default trust store of TLS backend
Having curl fall back to openssl's CA means that we need not patch curl
to respect NIX_SSL_CERT_FILE. It will work in all the cases.

This reverts commit fb4c43dd8a "curl: Use CA bundle in nix default profile by default"
If we want to reintroduce that feature, this needs to go inside openssl
2017-03-22 11:54:20 +01:00
Guillaume Maudoux
525a663174 curl, git: Fix curl default CA, let git use it
Improve patching of curl to use NIX_SSL_CERT_FILE as default CA
Remove patches from git, as git uses curl and passes its environment
variables to curl.
2017-03-22 11:22:53 +01:00
Domen Kožar
c3c9412c7d
git, openssl, curl: Respect $NIX_SSL_CERT_FILE
Slightly modified version of 942dbf89c6
2017-03-20 14:11:20 +01:00
Shea Levy
fb4c43dd8a curl: Use CA bundle in nix default profile by default 2017-03-10 14:56:22 -05:00
Tim Steinbach
6988d2d456
curl: 7.53.0 -> 7.53.1 2017-02-25 09:03:22 -05:00
Tim Steinbach
b1c6a9bfcc
curl: 7.52.1 -> 7.53.0 2017-02-21 18:47:33 -05:00
Lengyel Balázs
372cb3760e
Merge : curl: add gnutlsSupport ? false
(incl. a nitpick change from vcunat)
2017-02-05 13:37:16 +01:00
Eelco Dolstra
7bc801e282
curl: Apply upstream patch to fix https hangs
https://github.com/curl/curl/issues/1174

Fixes https://github.com/NixOS/nix/issues/1181.
2017-01-24 13:51:30 +01:00
Tim Steinbach
125fa1520d
curl: 7.51.1 -> 7.52.1 2017-01-03 08:42:59 -05:00