[PATCH] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle

  • Done
  • quality assurance status badge
Details
2 participants
  • Danny Milosavljevic
  • R Veera Kumar
Owner
unassigned
Submitted by
R Veera Kumar
Severity
normal
R
R
R Veera Kumar wrote on 16 Apr 2020 17:19
(address . guix-patches@gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200416151910.21754-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (libqalculate)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/maths.scm | 4 ++-
.../libqalculate-3.8.0-libcurl-ssl-fix.patch | 29 +++++++++++++++++++
3 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch

Toggle diff (64 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 952fc55df4..ece99b892f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1144,6 +1144,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmpeg2-global-symbol-test.patch \
%D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9930f491a2..7db2b31012 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))
+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))
+ (patches
+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
new file mode 100644
index 0000000000..d13c9feaf7
--- /dev/null
+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
@@ -0,0 +1,29 @@
+Author: R Veera Kumar 2020 <vkor@vkten.in>
+Desc:
+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle
+ while using libcurl (Since libcurl in guix is compiled without using a
+ default CA cert bundle file)
+ 2) Like above fix for using https site in another case
+
+diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc
+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-16 18:07:26.839310304 +0530
+@@ -3610,6 +3610,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return false;}
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc
+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-16 18:06:55.930816131 +0530
+@@ -769,6 +769,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return -1;}
+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");
++ curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-certificates.crt");
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
--
2.26.0
D
D
Danny Milosavljevic wrote on 16 Apr 2020 23:47
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200416234707.2c1628cc@scratchpost.org
Hi Veera,

hmm, what about using getenv("SSL_CERT_FILE") ?

The following environment variables have been set automatically:

SSL_CERT_DIR=/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6Y0lsACgkQ5xo1VCww
uqVNUwf+Nkj4Z+42pyY2U1b7pqv6+64HOJ461sCfxTUGuuR2Zm5766mZtKQylm1O
2kxmvrRfTE++tA+vgXJYyekQrj/grvnTygJjbf2W2cgbzVuEJwcHIpINRT1fWlA7
9ssf+G+3urRb7YGE+9JI5PZTJdLOSn/DFLaUvYNDXsoTVyCyhcMHuSTITiJRjIYi
h8ASwnw6OC+RTfWDnuvkrTY5J6ZVvq0+lrPszmpUZcSXxWD5CJhoO8a5YaUCgfk2
XCbHzHNcgi83MyM8ClR6lypSagpIYWkfpumY31HLp5T0k3cgzoB0yA71D0YmEYoB
6Egi3Bb3EEMr4pf6LeQUUQXFQUvn9w==
=2Xiw
-----END PGP SIGNATURE-----


R
R
R Veera Kumar wrote on 17 Apr 2020 18:51
[PATCH v2] gnu: libqalculate: Fixes for libcurl gnutls CA cert bundle file
(address . 40663@debbugs.gnu.org)(name . R Veera Kumar)(address . vkor@vkten.in)
20200417165101.17565-1-vkor@vkten.in
* gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/maths.scm (libqalculate)[source]: Use it.
---
Changes in v2:
- Use getenv to get path of CA cert bundle file
- Include fix for missed exchange urls
---
gnu/local.mk | 1 +
gnu/packages/maths.scm | 4 +-
.../libqalculate-3.8.0-libcurl-ssl-fix.patch | 53 +++++++++++++++++++
3 files changed, 57 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch

Toggle diff (88 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index af79f9afed..fb0454fd45 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1144,6 +1144,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmpeg2-global-symbol-test.patch \
%D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
+ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9930f491a2..7db2b31012 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -5416,7 +5416,9 @@ researchers and developers alike to get started on SAT.")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))))
+ (base32 "1vbaza9c7159xf2ym90l0xkyj2mp6c3hbghhsqn29yvz08fda9df"))
+ (patches
+ (search-patches "libqalculate-3.8.0-libcurl-ssl-fix.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
new file mode 100644
index 0000000000..b638963874
--- /dev/null
+++ b/gnu/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch
@@ -0,0 +1,53 @@
+Author: R Veera Kumar 2020 <vkor@vkten.in>
+Desc:
+ 1) Fixes download of exchange rates by specifying SSL CA certificates bundle
+ file while using libcurl (Since libcurl in guix is compiled without using
+ a default CA cert bundle file)
+ 2) Like above fix for using https site in another case
+
+diff -uNr libqalculate-3.8.0/libqalculate/Calculator-definitions.cc libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc
+--- libqalculate-3.8.0/libqalculate/Calculator-definitions.cc 2020-02-16 15:08:29.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/Calculator-definitions.cc 2020-04-17 21:27:36.386039369 +0530
+@@ -3610,6 +3610,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return false;}
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(1).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3663,6 +3664,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(2).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3687,6 +3689,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(3).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+@@ -3710,6 +3713,7 @@
+
+ sbuffer = "";
+ curl_easy_setopt(curl, CURLOPT_URL, getExchangeRatesUrl(4).c_str());
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, (timeout > 4 && n <= 0) ? 4 : timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
+diff -uNr libqalculate-3.8.0/libqalculate/util.cc libqalculate-3.8.0.new/libqalculate/util.cc
+--- libqalculate-3.8.0/libqalculate/util.cc 2019-12-14 22:56:45.000000000 +0530
++++ libqalculate-3.8.0.new/libqalculate/util.cc 2020-04-17 21:12:17.259674572 +0530
+@@ -769,6 +769,7 @@
+ curl = curl_easy_init();
+ if(!curl) {return -1;}
+ curl_easy_setopt(curl, CURLOPT_URL, "https://qalculate.github.io/CURRENT_VERSIONS");
++ curl_easy_setopt(curl, CURLOPT_CAINFO, getenv("SSL_CERT_FILE"));
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sbuffer);
--
2.26.1
D
D
Danny Milosavljevic wrote on 19 Apr 2020 20:30
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663@debbugs.gnu.org)
20200419203005.74c66469@scratchpost.org
Hi Veera,

thanks!

What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or just
fail regularily?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6cmK0ACgkQ5xo1VCww
uqUxPQf/S0Ej0DKMOSiRPbv9l1iX3+nXIFspFVZylwEpX+pWZT9P8uIIA5VZnsgE
EYiVzrka7F1F+KniXzpHF1iQk5lyePCiDBR+sr/Zl7KgNYK+jiQH0pnkVRDJZUt8
3BP5ZbMdkosz+Asvrq77lV9DWfmkmockvTYdndlRxKfSOjnhPQP+cCF+a6FipXkX
FsVY5Q1V3bdnMAo5b96M2abJW1Jqz16exNuCok2ncn0Bh8FbFlAJhMZ2wQF1ZPwN
+ygukNhA8ZycnExg4GSRTj2RrNv59y9COo1D8Y3xDBWbzELrM4bDpmzOEghexPRZ
mEJFN+++sQ4BicdFwHVjjaOPn4hBhg==
=dVyL
-----END PGP SIGNATURE-----


R
R
R Veera Kumar wrote on 20 Apr 2020 03:19
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 40663@debbugs.gnu.org)
20200420011943.GA786@tulip
On Sun, Apr 19, 2020 at 08:30:05PM +0200, Danny Milosavljevic wrote:
Toggle quote (7 lines)
> Hi Veera,
>
> thanks!
>
> What happens if SSL_CERT_FILE is unset? Does it crash with a segfault or just
> fail regularily?

If SSL_CERT_FILE is unset, it does not segfaults. It just fails saying unable to download the urls.

So can the patch be accepted?

Veera
D
D
Danny Milosavljevic wrote on 20 Apr 2020 20:06
(name . R Veera Kumar)(address . vkor@vkten.in)(address . 40663-done@debbugs.gnu.org)
20200420200604.393884ac@scratchpost.org
Hi Veera,

thanks!

Pushed to guix master as commit 9b3c231e3c144de11d670dff362be3afdd0f4d27.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6d5IwACgkQ5xo1VCww
uqVaFQgAoZ5VEW7luRlYkUM3pwgP3xXSWtAAlQ/vKHRdQxRvYqkkwNsaP0UB7OP1
De1B7ysJU8A5F4BaBDIkEYWWf0cVII+dJmfBAVttJkO7nDbuQkujeLxQukDody9d
95stKdegHptDLy3kQ5+7IBVMnAAeEuxZvGBpJCna5ezoy5DxG2XNC48FORuDbPlp
MHcSa5V/o+Q2nuzghwo32lh1Gi9znZs77bNGe+U43GBrMY5h/KEqwK3GAcaEZAWp
sBZfU7RvNPrK0e27K9EeK8BHq1TX88QLTaEvBWGMqs1tpcPsM2csJtVuejgpaYmp
PlZOL6VBO17Qz4AWlJHggpwcHQWiuw==
=uRJ6
-----END PGP SIGNATURE-----


Closed
?