Skip to content

curl: 8.10.1 -> 8.11.0#353968

Merged
vcunat merged 1 commit intoNixOS:stagingfrom
Scrumplex:pkgs/curl/8.11.0
Nov 7, 2024
Merged

curl: 8.10.1 -> 8.11.0#353968
vcunat merged 1 commit intoNixOS:stagingfrom
Scrumplex:pkgs/curl/8.11.0

Conversation

@Scrumplex
Copy link
Member

@Scrumplex Scrumplex commented Nov 6, 2024

https://curl.se/ch/8.11.0.html

Fixes CVE-2024-9681

https://curl.se/docs/CVE-2024-9681.html

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@Scrumplex
curl: 8.10.1 -> 8.11.0
c55530f 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
@Scrumplex Scrumplex added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 6, 2024
@vcunat
Copy link
Member

vcunat commented Nov 6, 2024

"low severity" fortunately, by https://curl.se/docs/vulnerabilities.html

@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 6, 2024

I was able to build most tests so far.

pycurl fails because of a Python segfault during one of its tests. I can reproduce this on HEAD^ of this branch.

@Scrumplex
Copy link
Member Author

Scrumplex commented Nov 6, 2024

I can reproduce this on HEAD^ of this branch.

correction: I can actually not reproduce this segfault on staging.

Build log of curl.tests.pycurl:

https://gist.github.com/Scrumplex/8c14c10bc0d88c6a894e460b3038c429

@ofborg ofborg bot requested a review from lovek323 November 6, 2024 12:59
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Nov 6, 2024
@vcunat vcunat merged commit 8021f83 into NixOS:staging Nov 7, 2024
@vcunat
Copy link
Member

vcunat commented Nov 27, 2024

Test issues were addressed by c3f73ea (I think; checked on staging-next-24.11).

@philiptaron
Copy link
Contributor

philiptaron commented Jan 27, 2025

I have no idea why this is, but it's quite repeatable: c55530f fails to build nixStatic, and ca614aa (its parent) builds it successfully.

The failure mode is:

make: /nix/store/k451in7mfax06rbh8z1mv8734ismkgr1-bash-5.2p37/bin/bash: Argument list too long

This must have tipped something over the line?!

@philiptaron philiptaron mentioned this pull request Jan 27, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Scrumplex @vcunat @philiptaron