mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: curl: Update to 7.41.0. Support CURLOPT_CAPATH on GnuTLS.
Fixes <http://bugs.gnu.org/20121>. * gnu/packages/patches/curl-gss-api-fix.patch: Delete file. * gnu/packages/patches/curl-support-capath-on-gnutls.patch, gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch: New files. * gnu-system.am (dist_patch_DATA): Add new patches and remove old one. * gnu/packages/curl.scm (curl): Update to 7.41.0. Add new patches and remove old one. Disable one unit test. Modified-By: Mark H Weaver <mhw@netris.org>
This commit is contained in:
parent
7dae5ac4b1
commit
a55e2b221c
5 changed files with 130 additions and 42 deletions
|
@ -398,8 +398,9 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/cssc-gets-undeclared.patch \
|
||||
gnu/packages/patches/cssc-missing-include.patch \
|
||||
gnu/packages/patches/clucene-contribs-lib.patch \
|
||||
gnu/packages/patches/curl-gss-api-fix.patch \
|
||||
gnu/packages/patches/cursynth-wave-rand.patch \
|
||||
gnu/packages/patches/curl-support-capath-on-gnutls.patch \
|
||||
gnu/packages/patches/curl-support-capath-on-gnutls-conf.patch \
|
||||
gnu/packages/patches/dbus-localstatedir.patch \
|
||||
gnu/packages/patches/diffutils-gets-undeclared.patch \
|
||||
gnu/packages/patches/dfu-programmer-fix-libusb.patch \
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
|
||||
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -37,15 +38,17 @@ (define-module (gnu packages curl)
|
|||
(define-public curl
|
||||
(package
|
||||
(name "curl")
|
||||
(version "7.40.0")
|
||||
(version "7.41.0")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "http://curl.haxx.se/download/curl-"
|
||||
version ".tar.lzma"))
|
||||
(sha256
|
||||
(base32
|
||||
"1a15fdc26b3vwwmchzzpd3l1hfyhx06dn7b6lkikqd7kgwvg5ps7"))
|
||||
(patches (list (search-patch "curl-gss-api-fix.patch")))))
|
||||
"08n7vrhdfzziy3a7n93r7qjhzk8p26q464hxg8w9irdk3v60pi62"))
|
||||
(patches
|
||||
(list (search-patch "curl-support-capath-on-gnutls.patch")
|
||||
(search-patch "curl-support-capath-on-gnutls-conf.patch")))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs `(("gnutls" ,gnutls)
|
||||
("gss" ,gss)
|
||||
|
@ -68,6 +71,10 @@ (define-public curl
|
|||
(lambda _
|
||||
(substitute* "tests/runtests.pl"
|
||||
(("/bin/sh") (which "sh")))
|
||||
;; Test #1135 requires extern-scan.pl, which is not part of the
|
||||
;; tarball due to a mistake. It has been fixed upstream. We can
|
||||
;; simply disable the test as it is specific to VMS and OS/400.
|
||||
(delete-file "tests/data/test1135")
|
||||
|
||||
;; The top-level "make check" does "make -C tests quiet-test", which
|
||||
;; is too quiet. Use the "test" target instead, which is more
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
Copied from upstream:
|
||||
https://github.com/bagder/curl/commit/5c0e66d63214e0306197c5a3f162441e074f3401.patch
|
||||
|
||||
From 5c0e66d63214e0306197c5a3f162441e074f3401 Mon Sep 17 00:00:00 2001
|
||||
From: Steve Holme <steve_holme@hotmail.com>
|
||||
Date: Thu, 8 Jan 2015 19:23:53 +0000
|
||||
Subject: [PATCH] sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
|
||||
|
||||
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
|
||||
Reported-by: Thomas Klausner
|
||||
---
|
||||
lib/curl_sasl_gssapi.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c
|
||||
index 6dda0e9..a50646a 100644
|
||||
--- a/lib/curl_sasl_gssapi.c
|
||||
+++ b/lib/curl_sasl_gssapi.c
|
||||
@@ -6,6 +6,7 @@
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>.
|
||||
+ * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -126,7 +127,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
|
||||
|
||||
/* Import the SPN */
|
||||
gss_major_status = gss_import_name(&gss_minor_status, &spn_token,
|
||||
- gss_nt_service_name, &krb5->spn);
|
||||
+ GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
|
||||
if(GSS_ERROR(gss_major_status)) {
|
||||
Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: ");
|
||||
|
||||
--
|
||||
2.2.1
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
This patch updates 'configure' as autoreconf would have done after
|
||||
applying curl-support-capath-on-gnutls.patch.
|
||||
|
||||
--- a/configure 2015-03-22 01:11:23.178743705 +0100
|
||||
+++ b/configure 2015-02-25 00:05:37.000000000 +0100
|
||||
@@ -23952,8 +24432,8 @@
|
||||
ca="$want_ca"
|
||||
capath="no"
|
||||
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
||||
- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
||||
- as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5
|
||||
+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
||||
+ as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5
|
||||
fi
|
||||
capath="$want_capath"
|
||||
ca="no"
|
102
gnu/packages/patches/curl-support-capath-on-gnutls.patch
Normal file
102
gnu/packages/patches/curl-support-capath-on-gnutls.patch
Normal file
|
@ -0,0 +1,102 @@
|
|||
This patch adds support for CURLOPT_CAPATH to the GnuTLS backend.
|
||||
|
||||
From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001
|
||||
From: Alessandro Ghedini <alessandro@ghedini.me>
|
||||
Date: Sun, 8 Mar 2015 20:11:06 +0100
|
||||
Subject: [PATCH] gtls: add support for CURLOPT_CAPATH
|
||||
|
||||
---
|
||||
acinclude.m4 | 4 ++--
|
||||
docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++---
|
||||
lib/vtls/gtls.c | 22 ++++++++++++++++++++++
|
||||
lib/vtls/gtls.h | 3 +++
|
||||
4 files changed, 29 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index 6ed7ffb..ca01869 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
|
||||
capath="no"
|
||||
elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
|
||||
dnl --with-ca-path given
|
||||
- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
||||
- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
|
||||
+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
|
||||
+ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
|
||||
fi
|
||||
capath="$want_capath"
|
||||
ca="no"
|
||||
diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3
|
||||
index 642953d..6695f9f 100644
|
||||
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
|
||||
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
|
||||
@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
|
||||
.SH EXAMPLE
|
||||
TODO
|
||||
.SH AVAILABILITY
|
||||
-This option is OpenSSL-specific and does nothing if libcurl is built to use
|
||||
-GnuTLS. NSS-powered libcurl provides the option only for backward
|
||||
-compatibility.
|
||||
+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
|
||||
+backend provides the option only for backward compatibility.
|
||||
.SH RETURN VALUE
|
||||
Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
|
||||
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
|
||||
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
|
||||
index 05aef19..c792540 100644
|
||||
--- a/lib/vtls/gtls.c
|
||||
+++ b/lib/vtls/gtls.c
|
||||
@@ -97,6 +97,10 @@ static bool gtls_inited = FALSE;
|
||||
# if (GNUTLS_VERSION_NUMBER >= 0x03020d)
|
||||
# define HAS_OCSP
|
||||
# endif
|
||||
+
|
||||
+# if (GNUTLS_VERSION_NUMBER >= 0x030306)
|
||||
+# define HAS_CAPATH
|
||||
+# endif
|
||||
#endif
|
||||
|
||||
#ifdef HAS_OCSP
|
||||
@@ -462,6 +466,24 @@ gtls_connect_step1(struct connectdata *conn,
|
||||
rc, data->set.ssl.CAfile);
|
||||
}
|
||||
|
||||
+#ifdef HAS_CAPATH
|
||||
+ if(data->set.ssl.CApath) {
|
||||
+ /* set the trusted CA cert directory */
|
||||
+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
|
||||
+ data->set.ssl.CApath,
|
||||
+ GNUTLS_X509_FMT_PEM);
|
||||
+ if(rc < 0) {
|
||||
+ infof(data, "error reading ca cert file %s (%s)\n",
|
||||
+ data->set.ssl.CAfile, gnutls_strerror(rc));
|
||||
+ if(data->set.ssl.verifypeer)
|
||||
+ return CURLE_SSL_CACERT_BADFILE;
|
||||
+ }
|
||||
+ else
|
||||
+ infof(data, "found %d certificates in %s\n",
|
||||
+ rc, data->set.ssl.CApath);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if(data->set.ssl.CRLfile) {
|
||||
/* set the CRL list file */
|
||||
rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
|
||||
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
|
||||
index c3867e5..af1cb5b 100644
|
||||
--- a/lib/vtls/gtls.h
|
||||
+++ b/lib/vtls/gtls.h
|
||||
@@ -54,6 +54,9 @@ bool Curl_gtls_cert_status_request(void);
|
||||
/* Set the API backend definition to GnuTLS */
|
||||
#define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
|
||||
|
||||
+/* this backend supports the CAPATH option */
|
||||
+#define have_curlssl_ca_path 1
|
||||
+
|
||||
/* API setup for GnuTLS */
|
||||
#define curlssl_init Curl_gtls_init
|
||||
#define curlssl_cleanup Curl_gtls_cleanup
|
||||
--
|
||||
2.2.1
|
||||
|
Loading…
Reference in a new issue