-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl: 7.74.0 -> 7.76.1 #118128
curl: 7.74.0 -> 7.76.1 #118128
Conversation
aad6a71
to
0fd16d1
Compare
Eval fails a test in nix, I'll check if I can repro this.
|
Nix tests already fail with curl 7.75.0. |
@ofborg eval |
Recent changes to nix do not fix the error:
|
The actual error is at the end of the log and happens during the |
@mweinelt sent you mweinelt#5 to add a curl patch which fixes the behaviour nix relies upon; I'm preparing an upstream PR as well. |
5ad5afc
to
5b8adde
Compare
Waiting for the result of curl/curl#6846, before we continue here. The security issues have been addressed in #118343 and #118469 for now. |
Probably for the best; we can pull the final version of the commit once it's landed. |
Updated the patch as it was merged upstream. |
Since we've already patched against the security vulnerability, it might be worth waiting for 7.76.1, which landing on the 14th; it fixes some HTTP/2 regressions in 7.76.0: https://curl.se/dev/release-notes.html |
This is a semi-automatic executed nixpkgs-review with nixpkgs-review-checks extension. It is checked by a human on Result of 1 package built:
|
7.76.1 is here: https://curl.se/changes.html |
Updated. |
Well, I built b101b0b and that worked, so LG. |
I built, specifically, tests.simple.x86_64-linux, tests.nixos-generate-config.x86_64-linux; and nix/nixUnstable |
Built 61c9c78, that worked too. |
Thanks! |
Motivation for this change
https://curl.se/changes.html
https://curl.se/docs/CVE-2021-22876.html
https://curl.se/docs/CVE-2021-22890.html
Fixes: CVE-2021-22876, CVE-22890
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)