curlMinimal: 8.14.1 -> 8.16.0

[Scrumplex]

https://daniel.haxx.se/blog/2025/07/16/curl-8-15-0/
https://curl.se/ch/8.15.0.html
https://github.com/curl/curl/releases/tag/curl-8_15_0

https://daniel.haxx.se/blog/2025/07/16/curl-8-16-0/
https://curl.se/ch/8.16.0.html
https://github.com/curl/curl/releases/tag/curl-8_16_0

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• Nixpkgs 25.11 Release Notes (or backporting 25.05 Nixpkgs Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
• NixOS 25.11 Release Notes (or backporting 25.05 NixOS Release notes)
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other contributing documentation in corresponding paths.

---

Add a 👍 reaction to pull requests you find important.

[Scrumplex]

All tests passed on x86_64-linux.

[bouk]

Curl 8.16.0 has been released in the mean time https://daniel.haxx.se/blog/2025/09/10/curl-8-16-0/

[Scrumplex]

Fixes low severity CVE-2025-9086 CVE-2025-10148

[vcunat]

This breaks cmake build, so you can't even build curl.

In file included from /build/cmake-3.31.7/Utilities/cm3p/curl/curl.h:8,
                 from /build/cmake-3.31.7/Source/CTest/cmCTestCurl.h:12,
                 from /build/cmake-3.31.7/Source/CTest/cmCTestCurl.cxx:3:
/build/cmake-3.31.7/Source/CTest/cmCTestCurl.cxx: In member function 'void cmCTestCurl::SetProxyType()':
/build/cmake-3.31.7/Source/CTest/cmCTestCurl.cxx:267:25: error: invalid conversion from 'long int' to 'curl_proxytype' [-fpermissive]
  267 |   this->HTTPProxyType = CURLPROXY_HTTP;
      |                         ^~~~~~~~~~~~~~
      |                         |
      |                         long int

[Scrumplex]

I had only built curlMinimal because I didn't have access to my workstation for a while. I'll take a look!

[alyssais]

This seems to have broken curlWithGnuTls.

[Scrumplex]

Fixed in #444638