[PATCH] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle

DoneSubmitted by R Veera Kumar.
Details
2 participants
  • Danny Milosavljevic
  • R Veera Kumar
Owner
unassigned
Severity
normal
R
R
R Veera Kumar wrote on 16 Apr 17:19 +0200
(address . guix-patches@gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200416151910.21754-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.* gnu/local.mk (dist_patch_DATA): Add it.* gnu/packages/maths.scm (libqalculate)[source]: Use it.--- gnu/local.mk | 1 + gnu/packages/maths.scm | 4 ++- .../libqalculate-3.8.0-libcurl-ssl-fix.patch | 29 +++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
Toggle diff (64 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex 952fc55df4..ece99b892f 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1144,6 +1144,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmpeg2-global-symbol-test.patch \ %D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \ %D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scmindex 9930f491a2..7db2b31012 100644--- a/gnu/packages/maths.scm+++ b/gnu/packages/maths.scm@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))+ (patches+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config)diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patchnew file mode 100644index 0000000000..d13c9feaf7--- /dev/null+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch@@ -0,0 +1,29 @@+Author: R Veera Kumar 2020 <vkor@vkten.in>+Desc:+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle+ while using libcurl (Since libcurl in guix is compiled without using a+ default CA cert bundle file)+ 2) Like above fix for using https site in another case++diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-16 18:07:26.839310304 +0530+@@ -3610,6 +3610,7 @@+ curl = curl_easy_init();+ if(!curl) {return false;}+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-16 18:06:55.930816131 +0530+@@ -769,6 +769,7 @@+ curl = curl_easy_init();+ if(!curl) {return -1;}+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);-- 2.26.0
D
D
Danny Milosavljevic wrote on 16 Apr 23:47 +0200
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200416234707.2c1628cc@scratchpost.org
Hi Veera,
hmm, what about using getenv("SSL_CERT_FILE") ?
The following environment variables have been set automatically:
SSL_CERT_DIR=/etc/ssl/certsSSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6Y0lsACgkQ5xo1VCwwuqVNUwf+Nkj4Z+42pyY2U1b7pqv6+64HOJ461sCfxTUGuuR2Zm5766mZtKQylm1O2kxmvrRfTE++tA+vgXJYyekQrj/grvnTygJjbf2W2cgbzVuEJwcHIpINRT1fWlA79ssf+G+3urRb7YGE+9JI5PZTJdLOSn/DFLaUvYNDXsoTVyCyhcMHuSTITiJRjIYih8ASwnw6OC+RTfWDnuvkrTY5J6ZVvq0+lrPszmpUZcSXxWD5CJhoO8a5YaUCgfk2XCbHzHNcgi83MyM8ClR6lypSagpIYWkfpumY31HLp5T0k3cgzoB0yA71D0YmEYoB6Egi3Bb3EEMr4pf6LeQUUQXFQUvn9w===2Xiw-----END PGP SIGNATURE-----

R
R
R Veera Kumar wrote on 17 Apr 18:51 +0200
[PATCH v2] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle file
(address . 40663@debbugs.gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200417165101.17565-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.* gnu/local.mk (dist_patch_DATA): Add it.* gnu/packages/maths.scm (libqalculate)[source]: Use it.---Changes in v2: - Use getenv to get path of CA cert bundle file - Include fix for missed exchange urls--- gnu/local.mk | 1 + gnu/packages/maths.scm | 4 +- .../libqalculate-3.8.0-libcurl-ssl-fix.patch | 53 +++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
Toggle diff (88 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex af79f9afed..fb0454fd45 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1144,6 +1144,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmpeg2-global-symbol-test.patch \ %D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \ %D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scmindex 9930f491a2..7db2b31012 100644--- a/gnu/packages/maths.scm+++ b/gnu/packages/maths.scm@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))+ (patches+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config)diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patchnew file mode 100644index 0000000000..b638963874--- /dev/null+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch@@ -0,0 +1,53 @@+Author: R Veera Kumar 2020 <vkor@vkten.in>+Desc:+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle+ file while using libcurl (Since libcurl in guix is compiled without using+ a default CA cert bundle file)+ 2) Like above fix for using https site in another case++diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-17 21:27:36.386039369 +0530+@@ -3610,6 +3610,7 @@+ curl = curl_easy_init();+ if(!curl) {return false;}+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);+@@ -3663,6 +3664,7 @@+ + sbuffer = "";+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(2).c_str());++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);+@@ -3687,6 +3689,7 @@+ + sbuffer = "";+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(3).c_str());++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);+@@ -3710,6 +3713,7 @@+ + sbuffer = "";+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(4).c_str());++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, (timeout > 4 && n <= 0) ? 4 : timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-17 21:12:17.259674572 +0530+@@ -769,6 +769,7 @@+ curl = curl_easy_init();+ if(!curl) {return -1;}+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);-- 2.26.1
D
D
Danny Milosavljevic wrote on 19 Apr 20:30 +0200
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200419203005.74c66469@scratchpost.org
Hi Veera,
thanks!
What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or justfail regularily?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6cmK0ACgkQ5xo1VCwwuqUxPQf/S0Ej0DKMOSiRPbv9l1iX3+nXIFspFVZylwEpX+pWZT9P8uIIA5VZnsgEEYiVzrka7F1F+KniXzpHF1iQk5lyePCiDBR+sr/Zl7KgNYK+jiQH0pnkVRDJZUt83BP5ZbMdkosz+Asvrq77lV9DWfmkmockvTYdndlRxKfSOjnhPQP+cCF+a6FipXkXFsVY5Q1V3bdnMAo5b96M2abJW1Jqz16exNuCok2ncn0Bh8FbFlAJhMZ2wQF1ZPwN+ygukNhA8ZycnExg4GSRTj2RrNv59y9COo1D8Y3xDBWbzELrM4bDpmzOEghexPRZmEJFN+++sQ4BicdFwHVjjaOPn4hBhg===dVyL-----END PGP SIGNATURE-----

R
R
R Veera Kumar wrote on 20 Apr 03:19 +0200
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 40663@debbugs.gnu.org)
20200420011943.GA786@tulip
On Sun, Apr 19, 2020 at 08:30:05PM +0200, Danny Milosavljevic wrote:
Toggle quote (7 lines)> Hi Veera,> > thanks!> > What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or just> fail regularily?
If SSL_CERT_FILE is unset, it does not segfaults. It just fails saying unable to download the urls.
So can the patch be accepted?
Veera
D
D
Danny Milosavljevic wrote on 20 Apr 20:06 +0200
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663-done@debbugs.gnu.org)
20200420200604.393884ac@scratchpost.org
Hi Veera,
thanks!
Pushed to guix master as commit 9b3c231e3c144de11d670dff362be3afdd0f4d27.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6d5IwACgkQ5xo1VCwwuqVaFQgAoZ5VEW7luRlYkUM3pwgP3xXSWtAAlQ/vKHRdQxRvYqkkwNsaP0UB7OP1De1B7ysJU8A5F4BaBDIkEYWWf0cVII+dJmfBAVttJkO7nDbuQkujeLxQukDody9d95stKdegHptDLy3kQ5+7IBVMnAAeEuxZvGBpJCna5ezoy5DxG2XNC48FORuDbPlpMHcSa5V/o+Q2nuzghwo32lh1Gi9znZs77bNGe+U43GBrMY5h/KEqwK3GAcaEZAWpsBZfU7RvNPrK0e27K9EeK8BHq1TX88QLTaEvBWGMqs1tpcPsM2csJtVuejgpaYmpPlZOL6VBO17Qz4AWlJHggpwcHQWiuw===uRJ6-----END PGP SIGNATURE-----

Closed
?