about summary refs log tree commit diff
path: root/pkgs/tools/networking/curl-impersonate/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/networking/curl-impersonate/default.nix')
-rw-r--r--pkgs/tools/networking/curl-impersonate/default.nix55
1 files changed, 33 insertions, 22 deletions
diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix
index be9f3f61df1c0..8f7b659d19b58 100644
--- a/pkgs/tools/networking/curl-impersonate/default.nix
+++ b/pkgs/tools/networking/curl-impersonate/default.nix
@@ -1,20 +1,19 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , callPackage
 , buildGoModule
 , installShellFiles
 , symlinkJoin
+, buildPackages
 , zlib
 , sqlite
 , cmake
 , python3
 , ninja
 , perl
-# autoconf-2.71 fails on problematic configure:
-#   checking curl version... 7.84.0
-#   ./configure: line 6713: syntax error near unexpected token `;;'
-, autoconf269
+, autoconf
 , automake
 , libtool
 , darwin
@@ -30,6 +29,8 @@ let
     pname = "curl-impersonate-${name}";
     version = "0.6.1";
 
+    outputs = [ "out" "dev" ];
+
     src = fetchFromGitHub {
       owner = "lwthiker";
       repo = "curl-impersonate";
@@ -38,9 +39,16 @@ let
     };
 
     patches = [
-      # Fix shebangs in the NSS build script
-      # (can't just patchShebangs since makefile unpacks it)
-      ./curl-impersonate-0.5.2-fix-shebangs.patch
+      # Fix shebangs and commands in the NSS build scripts
+      # (can't just patchShebangs or substituteInPlace since makefile unpacks it)
+      ./curl-impersonate-0.6.1-fix-command-paths.patch
+
+      # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
+      (fetchpatch {
+        name = "curl-impersonate-patch-cve-2023-38545.patch";
+        url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.diff";
+        hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k=";
+      })
     ];
 
     # Disable blanket -Werror to fix build on `gcc-13` related to minor
@@ -49,6 +57,10 @@ let
 
     strictDeps = true;
 
+    depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+      buildPackages.stdenv.cc
+    ];
+
     nativeBuildInputs = lib.optionals stdenv.isDarwin [
       # Must come first so that it shadows the 'libtool' command but leaves 'libtoolize'
       darwin.cctools
@@ -56,10 +68,10 @@ let
       installShellFiles
       cmake
       python3
-      python3.pkgs.gyp
+      python3.pythonOnBuildForHost.pkgs.gyp
       ninja
       perl
-      autoconf269
+      autoconf
       automake
       libtool
       unzip
@@ -106,18 +118,21 @@ let
       # Patch all shebangs of installed scripts
       patchShebangs $out/bin
 
+      # Install headers
+      make -C curl-*/include install
+    '' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
       # Build and install completions for each curl binary
 
       # Patch in correct binary name and alias it to all scripts
       perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell zsh >$TMPDIR/curl-impersonate-${name}.zsh
       substituteInPlace $TMPDIR/curl-impersonate-${name}.zsh \
-        --replace \
+        --replace-fail \
           '#compdef curl' \
           "#compdef curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' %f=curl-impersonate-${name}')"
 
       perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell fish >$TMPDIR/curl-impersonate-${name}.fish
       substituteInPlace $TMPDIR/curl-impersonate-${name}.fish \
-        --replace \
+        --replace-fail \
           '--command curl' \
           "--command curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' --command %f')"
 
@@ -130,9 +145,10 @@ let
     in ''
       # If libnssckbi.so is needed, link libnssckbi.so without needing nss in closure
       if grep -F nssckbi $out/lib/libcurl-impersonate-*${libext} &>/dev/null; then
-        # NOTE: "p11-kit-trust" always ends in ".so" even when on darwin
-        ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi${libext}
-        ${lib.optionalString stdenv.isLinux "patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext}"}
+        ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust${libext} $out/lib/libnssckbi${libext}
+        ${lib.optionalString stdenv.hostPlatform.isElf ''
+          patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext}
+        ''}
       fi
     '';
 
@@ -159,19 +175,14 @@ let
       license = with licenses; [ curl mit ];
       maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ];
       platforms = platforms.unix;
-      knownVulnerabilities = [
-        "CVE-2023-38545"  # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
-        "CVE-2023-32001"  # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html
-        "CVE-2022-43551"  # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html
-        "CVE-2022-42916"  # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html
-      ];
+      mainProgram = "curl-impersonate-${name}";
     };
   };
 in
 
 symlinkJoin rec {
   pname = "curl-impersonate";
-  inherit (passthru.curl-impersonate-ff) version meta;
+  inherit (passthru.curl-impersonate-chrome) version meta;
 
   name = "${pname}-${version}";
 
@@ -186,7 +197,7 @@ symlinkJoin rec {
 
     updateScript = ./update.sh;
 
-    inherit (passthru.curl-impersonate-ff) src;
+    inherit (passthru.curl-impersonate-chrome) src;
 
     tests = { inherit (nixosTests) curl-impersonate; };
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 08:00:35 +0000