Commit Graph

190 Commits

Author SHA1 Message Date
Robert Scott
6808269554 curl: add patches for CVE-2021-22876, CVE-2021-22890
hand-backported from upstream fixes
2021-04-02 18:13:36 +01:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
John Ericson
5c2965145f treewide: Inline more of the static overlay
Picking up where #107238 left off. I think I'll have gotten all the easy
stuff with this.
2021-01-03 21:46:14 +00:00
Martin Weinelt
5ba727781f
curl: 7.73.0 -> 7.74.0
https://curl.se/docs/CVE-2020-8284.html
https://curl.se/docs/CVE-2020-8285.html
https://curl.se/docs/CVE-2020-8286.html

Fixes: CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
2020-12-09 15:25:33 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
This reverts commit c778945806.

I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Tim Steinbach
4df8aa7b00
curl: 7.72.0 -> 7.73.0 2020-10-17 16:43:01 -04:00
Stig Palmquist
157645ae0f curl: 7.71.1 -> 7.72.0
https://curl.haxx.se/changes.html#7_72_0
https://curl.haxx.se/docs/CVE-2020-8231.html
2020-08-20 09:12:06 +00:00
Matthew Bauer
d0677e6d45 treewide: add warning comment to “boot” packages
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
2020-07-31 08:56:53 +02:00
Daniel Șerbănescu
6ca2afc05a curl: 7.70.0 -> 7.71.1 2020-07-04 18:02:45 +02:00
Peter Hoeg
9efd23e64d curl: 7.69.1 -> 7.70.0 2020-05-11 22:18:10 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM
e4df9d6b54 curl: 7.68.0 -> 7.69.1 2020-04-05 13:30:55 +02:00
zowoq
3cccbaa980 curl: 7.67.0 -> 7.68.0
https://curl.haxx.se/changes.html#7_68_0
2020-01-15 09:40:40 +01:00
Marco A L Barbosa
b2b2330c35 curl: add option to use wolfssl backend 2019-12-10 18:55:41 +01:00
Izorkin
2cef6accb8 curl: 7.66.0 -> 7.67.0 2019-11-12 14:47:47 +01:00
Will Dietz
919a459158 curl: install completions (zsh, fish) 2019-09-18 08:58:25 -04:00
Will Dietz
69ded6f018 curl: 7.65.3 -> 7.66.0 2019-09-18 08:58:25 -04:00
R. RyanTM
69b233e704 curl: 7.65.0 -> 7.65.3 2019-07-20 09:43:44 +02:00
Will Dietz
55bcfed30c
curl: 7.64.0 -> 7.65.0
https://curl.haxx.se/changes.html#7_65_0
2019-05-22 20:38:11 -05:00
R. RyanTM
9cb107d3db curl: 7.64.0 -> 7.64.1 (#58659)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/curl/versions
2019-04-07 20:13:39 +00:00
Dylan Simon
1c3a4ef287 fetchurl: use fetchurlBoot for zlib deps 2019-03-25 15:04:55 -04:00
Will Dietz
5a4e8a410f curl: 7.63.0 -> 7.64.0
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823

https://curl.haxx.se/changes.html#7_64_0
2019-02-06 06:18:42 -06:00
Vladimír Čunát
51ac3db79c
Revert "nix: point at curl 7.59.0 (#41452)"
This reverts commit 5574df3549.
I also can't reproduce the problem anymore; discussion: #41312.
Fixes #53569, fixes #53948.  (Vulnerabilities in old curl.)
2019-01-19 17:14:02 +01:00
Will Dietz
5a8660bd29 curl: 7.62.0 -> 7.63.0
https://curl.haxx.se/mail/lib-2018-12/0036.html
https://curl.haxx.se/changes.html
2018-12-19 09:19:12 +01:00
Pierre Bourdon
90720d0139 curl: cherry-pick upstream patch for ipv6 url parsing
Upstream bug: curl/curl#3218.

This causes nixos/tests/ipv6.nix to fix since the last staging merge.
2018-11-22 09:58:34 +01:00
Frederik Rietdijk
e343a85cfb Merge master into staging-next 2018-11-19 09:55:32 +01:00
Jan Malakhovski
50aef6015f curl: move option defaults from all-packages.nix to the derivation itself 2018-11-18 07:59:40 +00:00
Will Dietz
e9d6475e68 curl: 7.61.1 -> 7.62.0
See
https://github.com/NixOS/nixpkgs/issues/49463#issuecomment-434617623
2018-10-31 07:12:00 -05:00
Matthew Bauer
1660098d84 curl: build statically on windows 2018-10-17 14:44:35 -05:00
Tim Steinbach
16650af8c3
curl: 7.61.0 -> 7.61.1 2018-09-08 10:44:02 -04:00
Markus Kowalewski
17702d0416
curl: add license 2018-08-16 21:38:59 +02:00
John Ericson
c99de14e60 curl: Get rid of crossAttrs 2018-07-24 18:36:59 -04:00
Frederik Rietdijk
099c13da1b Merge staging-next into master (#44009)
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes #43650.

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
Vladimír Čunát
c1ffc65d1a
Merge branch 'master' into staging
This apparently fixes some broken src fetches (gnuradio, twisted).
2018-07-02 11:10:26 +02:00
Will Dietz
81c9f7125f curl: fix configure flag for random device.
Fixes #42778.

Thanks for reporting, @dingxiangfei2009!
2018-07-01 12:47:24 -05:00
Daiderd Jordan
288939ce22
curl: disable default CA bundle
Without this curl might detect /etc/ssl/cert.pem at build time on macOS,
causing curl to ignore NIX_SSL_CERT_FILE.

Fixes #42317
2018-06-23 12:16:42 +02:00
Tim Steinbach
5574df3549 nix: point at curl 7.59.0 (#41452) 2018-06-04 22:25:23 +00:00
Tim Steinbach
44101ee9d6
curl: 7.59.0 -> 7.60.0 2018-05-16 07:27:35 -04:00
Ben Gamari
d23f71deaa curl: Enable cross-compilation
By fixing toolchain paths
2018-05-03 17:06:00 -04:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Tim Steinbach
837ecc2f6a
curl: 7.58.0 -> 7.59.0 2018-03-15 19:08:12 -04:00
SLNOS
40bceae84e curl: fetchurl more securely 2018-02-10 00:25:37 +00:00
Franz Pletz
60331e6e90
curl: 7.57.0 -> 7.58.0 (security)
Fixes: CVE-2018-1000005, CVE-2018-1000007
2018-01-29 14:15:56 +01:00
Vladimír Čunát
9b54a00160
Merge #29785: curl: enable kerberos 2017-12-19 15:18:24 +01:00
Vladimír Čunát
13e6a5c561
kerberos: split headers into $dev 2017-12-19 15:18:01 +01:00
adisbladis
8d479c0397
curl: Add brotli support 2017-11-29 19:47:41 +08:00