The previous attempt to patch libcurl used
getenv("CURL_CA_BUNDLE") || getenv("SSL_CERT_FILE")
to get the second environment variable if the first is unset.
Unfortunately, this broke libcurl because the (||) operator is C returns
only 0 or 1, so it is inappropriate for pointer comparisons! Now we use
getenv("CURL_CA_BUNDLE") ? getenv("CURL_CA_BUNDLE") : getenv("SSL_CERT_FILE")
instead. This has one downside: it always calls getenv twice! But,
that's a small price to pay for actually being correct.
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cherry-picked into master, this won't change stdenv.
Signed-off-by: Shea Levy <shea@shealevy.com>
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is for consistency with terminology in stdenv (and the terms
"hostDrv" and "buildDrv" are not very intuitive, even if they're
consistent with GNU terminology).
Solves a hideous bug which affects lots of things including nix-env.
The question now is, how to rebuild everything that depends directly or indirectly on curl?
More about the underlying bug and its resolution here:
http://comments.gmane.org/gmane.comp.web.curl.library/33285
Bug looks like this:
curl google.com
curl: (7) Failed to connect to 74.125.224.35: Invalid argument
Allowing 'curl' build without some dependencies, if it is told not to build
with them.
Updating the make-bootstrap-tools for the latest gcc/glibc, removing the
dependency on klibc, and updating unpack-boostrap-tools for the latest
boostrap-tools to work.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23305
This comes from:
svn diff ^/nixpkgs/trunk/@18255 ^/nixpkgs/branches/stdenv-updates/ > diff
patch -p0 < diff
and then adding into svn all files new from the patch.
trunk@18255 comes from the last time I updated stdenv-updates from trunk.
svn path=/nixpkgs/stdenv-updates2/; revision=18272
* Some fetchurl-related refactoring. The `realCurl' attribute is
gone, `curl' is the real thing. To prevent an infinite recursion in
`fetchurl' (because it depends on curl and building curl needs
fetchurl), curl and its dependencies (openssl, zlib, perl) use
`fetchurlBoot', which is the fetchurl used by the previous bootstrap
phase (e.g. the statically linked version of curl for
stdenv-linux). So as a result you can use https:// urls almost
everywhere.
There's also some hackery to prevent a different curl from being
built in every stdenv-linux bootstrap phase (namely the
stdenv.fetchurl attribute which allows fetchurl to be overriden
everywhere).
svn path=/nixpkgs/trunk/; revision=11905
![](https://secure.gravatar.com/avatar/2f93d08a773b27d6548598c5f45aa3a9?d=identicon&s=56 "Jason \\"Don\\" O'Conal"){kind=small}
