pyrox.dev / nixpkgs
lol
fork atom

curl: 7.45 -> 7.47 and enable HTTP/2 (close #12723)

This fixes CVE-2016-0755:
https://curl.haxx.se/docs/adv_20160127A.html

vcunat removed *propagation* of pkgconfig and perl.

Robin Gloster 0876a441 e4ab8aee

options
unified split
Changed files
+7 -3
pkgs
tools
networking
curl
default.nix
+7 -3
pkgs/tools/networking/curl/default.nix 
···

       
1

       
-

       
{ stdenv, fetchurl


     

       
2

       
 

       
, idnSupport ? false, libidn ? null


     

       
3

       
 

       
, ldapSupport ? false, openldap ? null


     

       
4

       
 

       
, zlibSupport ? false, zlib ? null


     
···

       
16

       
 

       
assert c-aresSupport -> c-ares != null;


     

       
17

       
 

       



     

       
18

       
 

       
stdenv.mkDerivation rec {


     

       
19

       
-

       
  name = "curl-7.45.0";


     

       
20

       
 

       



     

       
21

       
 

       
  src = fetchurl {


     

       
22

       
 

       
    url = "http://curl.haxx.se/download/${name}.tar.bz2";


     

       
23

       
-

       
    sha256 = "1slq5c0v9wa8hajgimhkxhvsrd07jmih8sa3gjsl597qp5k4w5b5";


     

       
24

       
 

       
  };


     

       

       

       
     

       

       

       
     

       
25

       
 

       



     

       
26

       
 

       
  # Zlib and OpenSSL must be propagated because `libcurl.la' contains


     

       
27

       
 

       
  # "-lz -lssl", which aren't necessary direct build inputs of


     

       
28

       
 

       
  # applications that use Curl.


     

       
29

       
 

       
  propagatedBuildInputs = with stdenv.lib;


     

       

       

       
     

       
30

       
 

       
    optional idnSupport libidn ++


     

       
31

       
 

       
    optional ldapSupport openldap ++


     

       
32

       
 

       
    optional zlibSupport zlib ++


     
···

       
48

       
 

       



     

       
49

       
 

       
  configureFlags = [


     

       
50

       
 

       
      "--disable-manual"


     

       

       

       
     

       
51

       
 

       
      ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )


     

       
52

       
 

       
      ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )


     

       
53

       
 

       
      ( if ldapSupport then "--enable-ldap" else "--disable-ldap" )


     
···

       
1

       
+

       
{ stdenv, fetchurl, libnghttp2, pkgconfig, perl


     

       
2

       
 

       
, idnSupport ? false, libidn ? null


     

       
3

       
 

       
, ldapSupport ? false, openldap ? null


     

       
4

       
 

       
, zlibSupport ? false, zlib ? null


     
···

       
16

       
 

       
assert c-aresSupport -> c-ares != null;


     

       
17

       
 

       



     

       
18

       
 

       
stdenv.mkDerivation rec {


     

       
19

       
+

       
  name = "curl-7.47.0";


     

       
20

       
 

       



     

       
21

       
 

       
  src = fetchurl {


     

       
22

       
 

       
    url = "http://curl.haxx.se/download/${name}.tar.bz2";


     

       
23

       
+

       
    sha256 = "0riz70pjg82gbcfi2ndvsksb2dv55g31ir8piph2p6zvhy9ny29b";


     

       
24

       
 

       
  };


     

       
25

       
+

       



     

       
26

       
+

       
  nativeBuildInputs = [ pkgconfig perl ];


     

       
27

       
 

       



     

       
28

       
 

       
  # Zlib and OpenSSL must be propagated because `libcurl.la' contains


     

       
29

       
 

       
  # "-lz -lssl", which aren't necessary direct build inputs of


     

       
30

       
 

       
  # applications that use Curl.


     

       
31

       
 

       
  propagatedBuildInputs = with stdenv.lib;


     

       
32

       
+

       
    [ libnghttp2 ] ++


     

       
33

       
 

       
    optional idnSupport libidn ++


     

       
34

       
 

       
    optional ldapSupport openldap ++


     

       
35

       
 

       
    optional zlibSupport zlib ++


     
···

       
51

       
 

       



     

       
52

       
 

       
  configureFlags = [


     

       
53

       
 

       
      "--disable-manual"


     

       
54

       
+

       
      "--with-nghttp2=${libnghttp2}"


     

       
55

       
 

       
      ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )


     

       
56

       
 

       
      ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )


     

       
57

       
 

       
      ( if ldapSupport then "--enable-ldap" else "--disable-ldap" )