summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2021-07-21 11:57:51 +0200
committerAndras Timar <andras.timar@collabora.com>2021-10-19 13:57:43 +0200
commitfd9b1d0682a545c99eb58263b073ce8c51206204 (patch)
treebb28ad6cc2050fc95c177205878b75324c5fce73
parentBump version to 6.2-32 (diff)
downloadcore-fd9b1d0682a545c99eb58263b073ce8c51206204.tar.gz
core-fd9b1d0682a545c99eb58263b073ce8c51206204.zip
curl: upgrade to release 7.78.0
* Fixes CVE-2020-8284 CVE-2021-22924 * Also fixes these which don't look relevant to LO: CVE-2020-8231 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22897 CVE-2021-22898 CVE-2021-22901 CVE-2021-22922 CVE-2021-22923 CVE-2021-22925 CVE-2021-22926 * disable some new protocols and dependencies * remove curl-ios.patch.1 as the code no longer exists upstream Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119313 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 946f457c885bd10ff1a7281c351f3981f035f5a7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119262 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 020eb3b363a5c9444c97075a2e15b63ccbe7bf2d) Change-Id: I12d5f87f4d503a5f9859226a05cfe2a07e46d993 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119427 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
-rw-r--r--RepositoryExternal.mk2
-rw-r--r--download.lst4
-rw-r--r--external/curl/ExternalPackage_curl.mk4
-rw-r--r--external/curl/ExternalProject_curl.mk9
-rw-r--r--external/curl/UnpackedTarball_curl.mk3
-rw-r--r--external/curl/curl-7.26.0_win-proxy.patch2
-rw-r--r--external/curl/curl-ios.patch.117
-rw-r--r--external/curl/curl-msvc-disable-protocols.patch.17
-rw-r--r--external/curl/zlib.patch.04
9 files changed, 17 insertions, 35 deletions
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 5db8ff9b9f06..323c48777422 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -2753,7 +2753,7 @@ $(call gb_LinkTarget_set_include,$(1),\
ifeq ($(COM),MSC)
$(call gb_LinkTarget_add_libs,$(1),\
- $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
+ $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
)
else
$(call gb_LinkTarget_add_libs,$(1),\
diff --git a/download.lst b/download.lst
index 1a449fb21dc0..e48ae7d321cb 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := cdf18794393d8bead915312708a9e5d819c6e9919de14b20d5c8e7987abd9772
-export CURL_TARBALL := curl-7.71.0.tar.xz
+export CURL_SHA256SUM := be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
+export CURL_TARBALL := curl-7.78.0.tar.xz
export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk
index 8da569e3e0cf..1fb360c85ca9 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -14,13 +14,13 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl))
ifneq ($(DISABLE_DYNLOADING),TRUE)
ifeq ($(COM),MSC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
else ifeq ($(OS),MACOSX)
$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib))
else ifeq ($(OS),AIX)
$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.6.0))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index b1029ea779e3..81886b36fbc5 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -35,13 +35,13 @@ ifeq ($(SYSTEM_NSS),)
curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss
endif
-# use --with-darwinssl on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage
+# use --with-secure-transport on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage
# use --with-nss only on platforms other than Mac OS X and iOS
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
./configure \
- $(if $(filter iOS MACOSX,$(OS)),\
- --with-darwinssl,\
+ $(if $(filter IOS MACOSX,$(OS)),\
+ --with-secure-transport,\
$(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
--without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
@@ -49,7 +49,8 @@ $(call gb_ExternalProject_get_state_target,curl,build):
--without-libssh2 --without-metalink --without-nghttp2 \
--without-libssh --without-brotli \
--without-ngtcp2 --without-quiche \
- --disable-ares \
+ --without-zstd --without-hyper --without-gsasl --without-gssapi \
+ --disable-mqtt --disable-ares \
--disable-dict --disable-file --disable-gopher --disable-imap \
--disable-ldap --disable-ldaps --disable-manual --disable-pop3 \
--disable-rtsp --disable-smb --disable-smtp --disable-telnet \
diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk
index 6171f17cba48..1cdb64c0bca2 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -11,8 +11,6 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,curl))
$(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl))
-$(eval $(call gb_UnpackedTarball_update_autoconf_configs,curl))
-
$(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1))
$(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\
@@ -24,7 +22,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\
external/curl/curl-msvc-disable-protocols.patch.1 \
external/curl/curl-7.26.0_win-proxy.patch \
external/curl/zlib.patch.0 \
- external/curl/curl-ios.patch.1 \
))
ifeq ($(SYSTEM_NSS),)
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index 5361433a917b..5bb98fa04741 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -114,7 +114,7 @@
@@ -4663,6 +4739,7 @@
}
if(proxy)
- infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
+ infof(data, "Uses proxy env variable %s == '%s'", envp, proxy);
+#endif /* WIN32 */
return proxy;
diff --git a/external/curl/curl-ios.patch.1 b/external/curl/curl-ios.patch.1
deleted file mode 100644
index 1c8fd8f70566..000000000000
--- a/external/curl/curl-ios.patch.1
+++ /dev/null
@@ -1,17 +0,0 @@
-# -*- Mode: Diff -*-
-#
-# We don't want curl's configure script to add a -mmacosx-version-min
-# option when it is for iOS we are building. In that case already $CC
-# contains a -miphoneos-version-min option.
-
---- curl/configure
-+++ curl/configure
-@@ -18976,7 +18976,7 @@
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for *version-min in CFLAGS" >&5
- $as_echo_n "checking for *version-min in CFLAGS... " >&6; }
- min=""
-- if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then
-+ if test -z "$(echo $CC $CFLAGS | grep m.*os.*-version-min)"; then
- min="-mmacosx-version-min=10.8"
- CFLAGS="$CFLAGS $min"
- fi
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1
index c8747a5fcc1d..a6d06c69b004 100644
--- a/external/curl/curl-msvc-disable-protocols.patch.1
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -2,18 +2,19 @@ disable protocols nobody needs in MSVC build
--- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200
+++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200
-@@ -733,4 +733,19 @@
+@@ -733,4 +733,20 @@
# define ENABLE_IPV6 1
#endif
+#define CURL_DISABLE_DICT 1
+#define CURL_DISABLE_FILE 1
-+//#undef CURL_DISABLE_FTP
++#undef CURL_DISABLE_FTP
+#define CURL_DISABLE_GOPHER 1
-+//#undef CURL_DISABLE_HTTP
++#undef CURL_DISABLE_HTTP
+#define CURL_DISABLE_IMAP 1
+#define CURL_DISABLE_LDAP 1
+#define CURL_DISABLE_LDAPS 1
++#define CURL_DISABLE_MQTT 1
+#define CURL_DISABLE_POP3 1
+#define CURL_DISABLE_RTSP 1
+#define CURL_DISABLE_SMB 1
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index 189e820d1afa..f4a0ad4b152f 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -54,8 +54,8 @@
clean_LIBS=$LIBS
-ZLIB_LIBS=""
AC_ARG_WITH(zlib,
- AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
- AC_HELP_STRING([--without-zlib],[disable use of zlib]),
+ AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
+ AS_HELP_STRING([--without-zlib],[disable use of zlib]),
[OPT_ZLIB="$withval"])
if test "$OPT_ZLIB" = "no" ; then