[PATCH] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle

  • Done
  • quality assurance status badge
Details
2 participants
  • Danny Milosavljevic
  • R Veera Kumar
Owner
unassigned
Submitted by
R Veera Kumar
Severity
normal
R
R
R Veera Kumar wrote on 16 Apr 2020 17:19
(address . guix-patches@gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200416151910.21754-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (libqalculate)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/maths.scm | 4 ++-
.../libqalculate-3.8.0-libcurl-ssl-fix.patch | 29 +++++++++++++++++++
3 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch

Toggle diff (64 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 952fc55df4..ece99b892f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1144,6 +1144,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmpeg2-global-symbol-test.patch \
%D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9930f491a2..7db2b31012 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))
+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))
+ (patches
+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
new file mode 100644
index 0000000000..d13c9feaf7
--- /dev/null
+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
@@ -0,0 +1,29 @@
+Author: R Veera Kumar 2020 <vkor@vkten.in>
+Desc:
+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle
+ while using libcurl (Since libcurl in guix is compiled without using a
+ default CA cert bundle file)
+ 2) Like above fix for using https site in another case
+
+diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc
+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-16 18:07:26.839310304 +0530
+@@ -3610,6 +3610,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return false;}
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc
+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-16 18:06:55.930816131 +0530
+@@ -769,6 +769,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return -1;}
+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");
++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
--
2.26.0
D
D
Danny Milosavljevic wrote on 16 Apr 2020 23:47
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200416234707.2c1628cc@scratchpost.org
Hi Veera,

hmm, what about using getenv("SSL_CERT_FILE") ?

The following environment variables have been set automatically:

SSL_CERT_DIR=/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6Y0lsACgkQ5xo1VCww
uqVNUwf+Nkj4Z+42pyY2U1b7pqv6+64HOJ461sCfxTUGuuR2Zm5766mZtKQylm1O
2kxmvrRfTE++tA+vgXJYyekQrj/grvnTygJjbf2W2cgbzVuEJwcHIpINRT1fWlA7
9ssf+G+3urRb7YGE+9JI5PZTJdLOSn/DFLaUvYNDXsoTVyCyhcMHuSTITiJRjIYi
h8ASwnw6OC+RTfWDnuvkrTY5J6ZVvq0+lrPszmpUZcSXxWD5CJhoO8a5YaUCgfk2
XCbHzHNcgi83MyM8ClR6lypSagpIYWkfpumY31HLp5T0k3cgzoB0yA71D0YmEYoB
6Egi3Bb3EEMr4pf6LeQUUQXFQUvn9w==
=2Xiw
-----END PGP SIGNATURE-----


R
R
R Veera Kumar wrote on 17 Apr 2020 18:51
[PATCH v2] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle file
(address . 40663@debbugs.gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200417165101.17565-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (libqalculate)[source]: Use it.
---
Changes in v2:
- Use getenv to get path of CA cert bundle file
- Include fix for missed exchange urls
---
gnu/local.mk | 1 +
gnu/packages/maths.scm | 4 +-
.../libqalculate-3.8.0-libcurl-ssl-fix.patch | 53 +++++++++++++++++++
3 files changed, 57 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch

Toggle diff (88 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index af79f9afed..fb0454fd45 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1144,6 +1144,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmpeg2-global-symbol-test.patch \
%D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9930f491a2..7db2b31012 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))
+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))
+ (patches
+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
new file mode 100644
index 0000000000..b638963874
--- /dev/null
+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
@@ -0,0 +1,53 @@
+Author: R Veera Kumar 2020 <vkor@vkten.in>
+Desc:
+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle
+ file while using libcurl (Since libcurl in guix is compiled without using
+ a default CA cert bundle file)
+ 2) Like above fix for using https site in another case
+
+diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc
+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-17 21:27:36.386039369 +0530
+@@ -3610,6 +3610,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return false;}
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3663,6 +3664,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(2).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3687,6 +3689,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(3).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3710,6 +3713,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(4).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, (timeout > 4 && n <= 0) ? 4 : timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc
+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-17 21:12:17.259674572 +0530
+@@ -769,6 +769,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return -1;}
+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
--
2.26.1
D
D
Danny Milosavljevic wrote on 19 Apr 2020 20:30
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200419203005.74c66469@scratchpost.org
Hi Veera,

thanks!

What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or just
fail regularily?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6cmK0ACgkQ5xo1VCww
uqUxPQf/S0Ej0DKMOSiRPbv9l1iX3+nXIFspFVZylwEpX+pWZT9P8uIIA5VZnsgE
EYiVzrka7F1F+KniXzpHF1iQk5lyePCiDBR+sr/Zl7KgNYK+jiQH0pnkVRDJZUt8
3BP5ZbMdkosz+Asvrq77lV9DWfmkmockvTYdndlRxKfSOjnhPQP+cCF+a6FipXkX
FsVY5Q1V3bdnMAo5b96M2abJW1Jqz16exNuCok2ncn0Bh8FbFlAJhMZ2wQF1ZPwN
+ygukNhA8ZycnExg4GSRTj2RrNv59y9COo1D8Y3xDBWbzELrM4bDpmzOEghexPRZ
mEJFN+++sQ4BicdFwHVjjaOPn4hBhg==
=dVyL
-----END PGP SIGNATURE-----


R
R
R Veera Kumar wrote on 20 Apr 2020 03:19
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 40663@debbugs.gnu.org)
20200420011943.GA786@tulip
On Sun, Apr 19, 2020 at 08:30:05PM +0200, Danny Milosavljevic wrote:
Toggle quote (7 lines)
> Hi Veera,
>
> thanks!
>
> What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or just
> fail regularily?

If SSL_CERT_FILE is unset, it does not segfaults. It just fails saying unable to download the urls.

So can the patch be accepted?

Veera
D
D
Danny Milosavljevic wrote on 20 Apr 2020 20:06
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663-done@debbugs.gnu.org)
20200420200604.393884ac@scratchpost.org
Hi Veera,

thanks!

Pushed to guix master as commit 9b3c231e3c144de11d670dff362be3afdd0f4d27.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6d5IwACgkQ5xo1VCww
uqVaFQgAoZ5VEW7luRlYkUM3pwgP3xXSWtAAlQ/vKHRdQxRvYqkkwNsaP0UB7OP1
De1B7ysJU8A5F4BaBDIkEYWWf0cVII+dJmfBAVttJkO7nDbuQkujeLxQukDody9d
95stKdegHptDLy3kQ5+7IBVMnAAeEuxZvGBpJCna5ezoy5DxG2XNC48FORuDbPlp
MHcSa5V/o+Q2nuzghwo32lh1Gi9znZs77bNGe+U43GBrMY5h/KEqwK3GAcaEZAWp
sBZfU7RvNPrK0e27K9EeK8BHq1TX88QLTaEvBWGMqs1tpcPsM2csJtVuejgpaYmp
PlZOL6VBO17Qz4AWlJHggpwcHQWiuw==
=uRJ6
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 40663@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 40663
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch