diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2022-10-26 11:07:49 +0200 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2022-11-01 19:37:46 +0100 |
commit | e1f254d1cd19dd8081a00692ae1f7827dc8ceb64 (patch) | |
tree | ee887357e0af18470b4a83650d544aa5164b6f40 | |
parent | ucb: FTP UCP: report CURLE_URL_MALFORMAT as IllegalIdentifierException (diff) | |
download | core-e1f254d1cd19dd8081a00692ae1f7827dc8ceb64.tar.gz core-e1f254d1cd19dd8081a00692ae1f7827dc8ceb64.zip |
curl: upgrade to release 7.86.0
Fixes CVE-2022-32221 which could affect libcmis, CVE-2022-42915,
and 2 more CVEs that probably don't affect LO.
* remove --without-ssl:
On the one hand, on GNU/Linux this now results in:
configure: error: --without-ssl has been set together with an explicit option to use an ssl library
On the other hand, using the more obvious --without-openssl yields a link
failure on Android on the nss check in configure:
configure:28220: checking for SSL_VersionRangeSet in -lnss
/home/cl/Android/Sdk/ndk/20.1.5948944/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9.x/../../../../aarch64-linux-android/bin/ld: warning: liblog.so, needed by /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so, not found (try using -rpath or -rpath-link)
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_write'
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_assert'
... so add the -llog for android in curl-nss.patch.1
Change-Id: I3931a1eec2d681c2ce0e5695039492772e9fcc81
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141866
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a76a88203d8508f38b10d9bbb94c3bba2485fcaf)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141879
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141896
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
-rw-r--r-- | download.lst | 4 | ||||
-rw-r--r-- | external/curl/ExternalProject_curl.mk | 2 | ||||
-rw-r--r-- | external/curl/curl-nss.patch.1 | 7 |
3 files changed, 9 insertions, 4 deletions
diff --git a/download.lst b/download.lst index 71323519bac0..02e5833487a8 100644 --- a/download.lst +++ b/download.lst @@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := 88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6 -export CURL_TARBALL := curl-7.85.0.tar.xz +export CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b +export CURL_TARBALL := curl-7.86.0.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := a7ced37f4102b745ac86d6a70a9da399cc139ff168ba6b8002b4d8d43c900c15 diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index eac5cf211224..5a516651c608 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -44,7 +44,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): $(if $(filter iOS MACOSX,$(OS)),\ --with-secure-transport,\ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated,--without-nss)) \ - --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ + --without-openssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 016cd109c7a2..5ef25748d7eb 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,12 +1,17 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -27985,7 +27985,7 @@ +@@ -27985,7 +27985,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" ++ case $host_os in ++ *android*) ++ addlib="${addlib} -llog" ++ ;; ++ esac addcflags="-I$OPT_NSS/include" version="unknown" nssprefix=$OPT_NSS |