diff options
Diffstat (limited to 'pkgs/tools/networking/curl-impersonate/default.nix')
-rw-r--r-- | pkgs/tools/networking/curl-impersonate/default.nix | 57 |
1 files changed, 34 insertions, 23 deletions
diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index be9f3f61df1c0..f8ec8253c6daa 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -1,20 +1,19 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , callPackage , buildGoModule , installShellFiles , symlinkJoin +, buildPackages , zlib , sqlite , cmake , python3 , ninja , perl -# autoconf-2.71 fails on problematic configure: -# checking curl version... 7.84.0 -# ./configure: line 6713: syntax error near unexpected token `;;' -, autoconf269 +, autoconf , automake , libtool , darwin @@ -30,6 +29,8 @@ let pname = "curl-impersonate-${name}"; version = "0.6.1"; + outputs = [ "out" "dev" ]; + src = fetchFromGitHub { owner = "lwthiker"; repo = "curl-impersonate"; @@ -38,9 +39,16 @@ let }; patches = [ - # Fix shebangs in the NSS build script - # (can't just patchShebangs since makefile unpacks it) - ./curl-impersonate-0.5.2-fix-shebangs.patch + # Fix shebangs and commands in the NSS build scripts + # (can't just patchShebangs or substituteInPlace since makefile unpacks it) + ./curl-impersonate-0.6.1-fix-command-paths.patch + + # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html + (fetchpatch { + name = "curl-impersonate-patch-cve-2023-38545.patch"; + url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.diff"; + hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k="; + }) ]; # Disable blanket -Werror to fix build on `gcc-13` related to minor @@ -49,6 +57,10 @@ let strictDeps = true; + depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + buildPackages.stdenv.cc + ]; + nativeBuildInputs = lib.optionals stdenv.isDarwin [ # Must come first so that it shadows the 'libtool' command but leaves 'libtoolize' darwin.cctools @@ -56,10 +68,10 @@ let installShellFiles cmake python3 - python3.pkgs.gyp + python3.pythonOnBuildForHost.pkgs.gyp ninja perl - autoconf269 + autoconf automake libtool unzip @@ -106,18 +118,21 @@ let # Patch all shebangs of installed scripts patchShebangs $out/bin + # Install headers + make -C curl-*/include install + '' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' # Build and install completions for each curl binary # Patch in correct binary name and alias it to all scripts perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell zsh >$TMPDIR/curl-impersonate-${name}.zsh substituteInPlace $TMPDIR/curl-impersonate-${name}.zsh \ - --replace \ + --replace-fail \ '#compdef curl' \ "#compdef curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' %f=curl-impersonate-${name}')" perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell fish >$TMPDIR/curl-impersonate-${name}.fish substituteInPlace $TMPDIR/curl-impersonate-${name}.fish \ - --replace \ + --replace-fail \ '--command curl' \ "--command curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' --command %f')" @@ -130,9 +145,10 @@ let in '' # If libnssckbi.so is needed, link libnssckbi.so without needing nss in closure if grep -F nssckbi $out/lib/libcurl-impersonate-*${libext} &>/dev/null; then - # NOTE: "p11-kit-trust" always ends in ".so" even when on darwin - ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi${libext} - ${lib.optionalString stdenv.isLinux "patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext}"} + ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust${libext} $out/lib/libnssckbi${libext} + ${lib.optionalString stdenv.hostPlatform.isElf '' + patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext} + ''} fi ''; @@ -154,24 +170,19 @@ let }; meta = with lib; { - description = "A special build of curl that can impersonate Chrome & Firefox"; + description = "Special build of curl that can impersonate Chrome & Firefox"; homepage = "https://github.com/lwthiker/curl-impersonate"; license = with licenses; [ curl mit ]; maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ]; platforms = platforms.unix; - knownVulnerabilities = [ - "CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html - "CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html - "CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html - "CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html - ]; + mainProgram = "curl-impersonate-${name}"; }; }; in symlinkJoin rec { pname = "curl-impersonate"; - inherit (passthru.curl-impersonate-ff) version meta; + inherit (passthru.curl-impersonate-chrome) version meta; name = "${pname}-${version}"; @@ -186,7 +197,7 @@ symlinkJoin rec { updateScript = ./update.sh; - inherit (passthru.curl-impersonate-ff) src; + inherit (passthru.curl-impersonate-chrome) src; tests = { inherit (nixosTests) curl-impersonate; }; }; |