summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <Michael.Stahl@cib.de>2019-05-22 11:40:54 +0200
committerThorsten Behrens <Thorsten.Behrens@CIB.de>2019-06-12 17:56:57 +0200
commit838eb4c8915997fed81f106c8f9641e366a9ff82 (patch)
treef9f4d33abc3046bbba6da0b710a0106bf231a048
parent0e82245689b4bd1541e78d7f84f57bc620b94b92 (diff)
curl: upgrade to release 7.65.0feature/cib_contract3197
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit Windows because fortunately we don't use /LARGEADDRESSAWARE flag to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux the user-space VM is 3GB so an exploit might be possible. Apparently there's no code in LO that uses the CURLU_URLENCODE flag. The other one, CVE-2019-5436, doesn't matter because we disable tftp. Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9 Reviewed-on: https://gerrit.libreoffice.org/72732 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de> (cherry picked from commit edb01616ac176401650c35d938c75c6c5558a47e)
-rw-r--r--download.lst4
-rw-r--r--external/curl/zlib.patch.010
2 files changed, 2 insertions, 12 deletions
diff --git a/download.lst b/download.lst
index e84baea4995e..b0f60e13e5bd 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5
-export CURL_TARBALL := curl-7.64.0.tar.gz
+export CURL_SHA256SUM := 7766d263929404f693905b5e5222aa0f2bdf8c66ab4b8758f0c0820a42b966cd
+export CURL_TARBALL := curl-7.65.0.tar.xz
export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index b3e821039740..189e820d1afa 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,15 +1,5 @@
--- configure
+++ configure
-@@ -937,8 +937,8 @@
- ZLIB_LIBS
- HAVE_LIBZ_FALSE
- HAVE_LIBZ_TRUE
--HAVE_LIBZ
- PKGCONFIG
-+HAVE_LIBZ
- CURL_DISABLE_GOPHER
- CURL_DISABLE_SMTP
- CURL_DISABLE_SMB
@@ -20709,7 +20709,6 @@
clean_CPPFLAGS=$CPPFLAGS
clean_LDFLAGS=$LDFLAGS