curl: 7.82.0 -> 7.83.0

https://curl.se/changes.html#7_83_0 https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html Fixes: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
2022-04-27 19:56:47 +02:00 · 2022-04-27 19:56:47 +02:00 · 85f5539c4b
parent 9611466e74
commit 85f5539c4b
2 changed files with 2 additions and 33 deletions
--- a/pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
+++ b/pkgs/tools/networking/curl/7.82.0-openssl-fix-CN-check.patch
@ -1,30 +0,0 @@
-From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 8 Mar 2022 13:38:13 +0100
-Subject: [PATCH] openssl: fix CN check error code
-
-Due to a missing 'else' this returns error too easily.
-
-Regressed in: d15692ebb
-
-Reported-by: Kristoffer Gleditsch
-Fixes #8559
-Closes #8560
---
- lib/vtls/openssl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 0b79fc50a9c5..4618beeb3867 100644
--- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
-               memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
-               peer_CN[peerlen] = '\0';
-             }
-            result = CURLE_OUT_OF_MEMORY;
-+            else
-+              result = CURLE_OUT_OF_MEMORY;
-           }
-         }
-         else /* not a UTF8 name */
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@ -54,19 +54,18 @@ assert zstdSupport -> zstd != null;

 stdenv.mkDerivation rec {
  pname = "curl";
-  version = "7.82.0";
+  version = "7.83.0";

  src = fetchurl {
    urls = [
      "https://curl.haxx.se/download/${pname}-${version}.tar.bz2"
      "https://github.com/curl/curl/releases/download/${lib.replaceStrings ["."] ["_"] pname}-${version}/${pname}-${version}.tar.bz2"
    ];
-    sha256 = "sha256-RtmgQAozQI/ZkncLBKRKdDSzA28ugImsKLV1c9WdNx8=";
+    sha256 = "sha256-JHx+x1IcQljmVjTlKScNIU/jKWmXHMy3KEXnqkaDH5Y=";
  };

  patches = [
    ./7.79.1-darwin-no-systemconfiguration.patch
-    ./7.82.0-openssl-fix-CN-check.patch
  ];

  outputs = [ "bin" "dev" "out" "man" "devdoc" ];