curl: 7.45 -> 7.47 and enable HTTP/2 (close #12723)
This fixes CVE-2016-0755: https://curl.haxx.se/docs/adv_20160127A.html vcunat removed *propagation* of pkgconfig and perl.
This commit is contained in:
parent
e4ab8aee62
commit
0876a44169
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl
|
||||
{ stdenv, fetchurl, libnghttp2, pkgconfig, perl
|
||||
, idnSupport ? false, libidn ? null
|
||||
, ldapSupport ? false, openldap ? null
|
||||
, zlibSupport ? false, zlib ? null
|
||||
@ -16,17 +16,20 @@ assert scpSupport -> libssh2 != null;
|
||||
assert c-aresSupport -> c-ares != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "curl-7.45.0";
|
||||
name = "curl-7.47.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://curl.haxx.se/download/${name}.tar.bz2";
|
||||
sha256 = "1slq5c0v9wa8hajgimhkxhvsrd07jmih8sa3gjsl597qp5k4w5b5";
|
||||
sha256 = "0riz70pjg82gbcfi2ndvsksb2dv55g31ir8piph2p6zvhy9ny29b";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig perl ];
|
||||
|
||||
# Zlib and OpenSSL must be propagated because `libcurl.la' contains
|
||||
# "-lz -lssl", which aren't necessary direct build inputs of
|
||||
# applications that use Curl.
|
||||
propagatedBuildInputs = with stdenv.lib;
|
||||
[ libnghttp2 ] ++
|
||||
optional idnSupport libidn ++
|
||||
optional ldapSupport openldap ++
|
||||
optional zlibSupport zlib ++
|
||||
@ -48,6 +51,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
configureFlags = [
|
||||
"--disable-manual"
|
||||
"--with-nghttp2=${libnghttp2}"
|
||||
( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )
|
||||
( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )
|
||||
( if ldapSupport then "--enable-ldap" else "--disable-ldap" )
|
||||
|
Loading…
Reference in New Issue
Block a user