The previous attempt to patch libcurl used
getenv("CURL_CA_BUNDLE") || getenv("SSL_CERT_FILE")
to get the second environment variable if the first is unset.
Unfortunately, this broke libcurl because the (||) operator is C returns
only 0 or 1, so it is inappropriate for pointer comparisons! Now we use
getenv("CURL_CA_BUNDLE") ? getenv("CURL_CA_BUNDLE") : getenv("SSL_CERT_FILE")
instead. This has one downside: it always calls getenv twice! But,
that's a small price to pay for actually being correct.
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cherry-picked into master, this won't change stdenv.
Signed-off-by: Shea Levy <shea@shealevy.com>
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is for consistency with terminology in stdenv (and the terms
"hostDrv" and "buildDrv" are not very intuitive, even if they're
consistent with GNU terminology).
Solves a hideous bug which affects lots of things including nix-env.
The question now is, how to rebuild everything that depends directly or indirectly on curl?
More about the underlying bug and its resolution here:
http://comments.gmane.org/gmane.comp.web.curl.library/33285
Bug looks like this:
curl google.com
curl: (7) Failed to connect to 74.125.224.35: Invalid argument
Allowing 'curl' build without some dependencies, if it is told not to build
with them.
Updating the make-bootstrap-tools for the latest gcc/glibc, removing the
dependency on klibc, and updating unpack-boostrap-tools for the latest
boostrap-tools to work.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23305
This comes from:
svn diff ^/nixpkgs/trunk/@18255 ^/nixpkgs/branches/stdenv-updates/ > diff
patch -p0 < diff
and then adding into svn all files new from the patch.
trunk@18255 comes from the last time I updated stdenv-updates from trunk.
svn path=/nixpkgs/stdenv-updates2/; revision=18272
* Some fetchurl-related refactoring. The `realCurl' attribute is
gone, `curl' is the real thing. To prevent an infinite recursion in
`fetchurl' (because it depends on curl and building curl needs
fetchurl), curl and its dependencies (openssl, zlib, perl) use
`fetchurlBoot', which is the fetchurl used by the previous bootstrap
phase (e.g. the statically linked version of curl for
stdenv-linux). So as a result you can use https:// urls almost
everywhere.
There's also some hackery to prevent a different curl from being
built in every stdenv-linux bootstrap phase (namely the
stdenv.fetchurl attribute which allows fetchurl to be overriden
everywhere).
svn path=/nixpkgs/trunk/; revision=11905
* Added a patch to fix --retry in case of connection timeouts when
--connect-timeout is used. (--retry is still broken when
--connect-timeout isn't used.)
svn path=/nixpkgs/trunk/; revision=9956
dietlibc to produce small, statically linked binaries. This stdenv
also passes `-Os' to GCC automatically to optimise for size. It
also tries to prevent builders from linking against dynamic
libraries (which dietlibc doesn't support).
* A function `addAttrsToDerivation' that returns a modified stdenv
that always adds the specified attributes to the derivations that it
produces. Example (from curl):
curlDiet = import ../tools/networking/curl {
inherit fetchurl zlib;
stdenv = addAttrsToDerivation {
CFLAGS = "-DHAVE_INET_NTOA_R_2_ARGS=1";
} (useDietLibC stdenv);
};
(This is needed to get curl to build with dietlibc. Also note the
stacking of stdenv-modifying functions.)
* curl-diet: no longer necessary.
svn path=/nixpkgs/trunk/; revision=6761
* GCC 3.4.5.
* Updated several other stdenv packages.
* Modified the builders of several packages to use the generic
builder.
svn path=/nixpkgs/trunk/; revision=4336
- disable tiger, strategoxt, they don't work and give errors
- ftp.nl.kernel.org seems to have some problems, replaced with ftp.de.kernel.org
should be put back eventually
svn path=/nixpkgs/trunk/; revision=1215
* Make builders unexecutable by removing the hash-bang line and
execute permission.
* Convert calls to `derivation' to `mkDerivation'.
* Remove `system' and `stdenv' attributes from calls to
`mkDerivation'. These transformations were all done automatically,
so it is quite possible I broke stuff.
* Put the `mkDerivation' function in stdenv/generic.
svn path=/nixpkgs/trunk/; revision=874
builders for typical Autoconf-style to be much shorten, e.g.,
. $stdenv/setup
genericBuild
The generic builder does lots of stuff automatically:
- Unpacks source archives specified by $src or $srcs (it knows about
gzip, bzip2, tar, zip, and unpacked source trees).
- Determines the source tree.
- Applies patches specified by $patches.
- Fixes libtool not to search for libraries in /lib etc.
- Runs `configure'.
- Runs `make'.
- Runs `make install'.
- Strips debug information from static libraries.
- Writes nested log information (in the format accepted by
`log2xml').
There are also lots of hooks and variables to customise the generic
builder. See `stdenv/generic/docs.txt'.
* Adapted the base packages (i.e., the ones used by stdenv) to use the
generic builder.
* We now use `curl' instead of `wget' to download files in `fetchurl'.
* Neither `curl' nor `wget' are part of stdenv. We shouldn't
encourage people to download stuff in builders (impure!).
* Updated some packages.
* `buildinputs' is now `buildInputs' (but the old name also works).
* `findInputs' in the setup script now prevents inputs from being
processed multiple times (which could happen, e.g., if an input was
a propagated input of several other inputs; this caused the size
variables like $PATH to blow up exponentially in the worst case).
* Patched GNU Make to write nested log information in the format
accepted by `log2xml'. Also, prior to writing the build command,
Make now writes a line `building X' to indicate what is being
built. This is unfortunately often obscured by the gigantic tool
invocations in many Makefiles. The actual build commands are marked
`unimportant' so that they don't clutter pages generated by
`log2html'.
svn path=/nixpkgs/trunk/; revision=845