diff options
author | Taichi Haradaguchi <20001722@ymail.ne.jp> | 2022-12-30 21:29:58 +0900 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2023-01-29 15:56:33 +0100 |
commit | 1ed1d7dd00af5c7210df395820baa590416ed25b (patch) | |
tree | 9ee417d1decc3ebe10d9e487f738c2c86a494aa2 | |
parent | 9dc962e8464e9ccc7650ebb5b6fd1107db09105d (diff) |
curl: upgrade to release 7.87.0
Fixes CVE-2022-43551 and CVE-2022-43552.
https://curl.se/docs/CVE-2022-43551.html
https://curl.se/docs/CVE-2022-43552.html
Change-Id: I979ed11c212aef226ad9f26420462e5f9dbe15e5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145116
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | download.lst | 4 | ||||
-rw-r--r-- | external/curl/UnpackedTarball_curl.mk | 6 | ||||
-rw-r--r-- | external/curl/asan-poison-nsspem.patch.0 | 11 | ||||
-rw-r--r-- | external/curl/curl-msvc-disable-protocols.patch.1 | 2 | ||||
-rw-r--r-- | external/curl/curl-nss.patch.1 | 2 | ||||
-rw-r--r-- | external/curl/zlib.patch.0 | 12 |
6 files changed, 27 insertions, 10 deletions
diff --git a/download.lst b/download.lst index 959113797754..06c67ec28196 100644 --- a/download.lst +++ b/download.lst @@ -37,8 +37,8 @@ export CPPUNIT_SHA256SUM := 89c5c6665337f56fd2db36bc3805a5619709d51fb136e5193707 export CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b -export CURL_TARBALL := curl-7.86.0.tar.xz +export CURL_SHA256SUM := ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff +export CURL_TARBALL := curl-7.87.0.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := a7ced37f4102b745ac86d6a70a9da399cc139ff168ba6b8002b4d8d43c900c15 diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 004ae5c69850..e78adabb8d07 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -39,4 +39,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl, \ )) endif +ifneq ($(filter -fsanitize=%,$(CC)),) +$(eval $(call gb_UnpackedTarball_add_patches,curl, \ + external/curl/asan-poison-nsspem.patch.0 \ +)) +endif + # vim: set noet sw=4 ts=4: diff --git a/external/curl/asan-poison-nsspem.patch.0 b/external/curl/asan-poison-nsspem.patch.0 new file mode 100644 index 000000000000..1f490bd6bf86 --- /dev/null +++ b/external/curl/asan-poison-nsspem.patch.0 @@ -0,0 +1,11 @@ +--- lib/vtls/nss.c ++++ lib/vtls/nss.c +@@ -1945,7 +1945,7 @@ + + PK11_SetPasswordFunc(nss_get_password); + +- result = nss_load_module(&pem_module, pem_library, "PEM"); ++ result = CURLE_FAILED_INIT; + PR_Unlock(nss_initlock); + if(result == CURLE_FAILED_INIT) + infof(data, "WARNING: failed to load NSS PEM library %s. Using " diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index 89c4ff576f85..71ff0c01a028 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,7 +2,7 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -616,4 +616,20 @@ +@@ -654,4 +654,20 @@ # define ENABLE_IPV6 1 #endif diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 5ef25748d7eb..2128849369e7 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,7 +1,7 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -27985,7 +27985,12 @@ +@@ -28230,7 +28230,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b8e242a3aaea..b4442ba262d1 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,6 +1,6 @@ --- configure +++ configure -@@ -22808,7 +22808,6 @@ +@@ -23035,7 +23035,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -8,7 +8,7 @@ # Check whether --with-zlib was given. if test ${with_zlib+y} -@@ -22818,6 +22818,7 @@ +@@ -23045,6 +23044,7 @@ if test "$OPT_ZLIB" = "no" ; then @@ -16,7 +16,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;} else -@@ -22825,6 +825,21 @@ +@@ -23052,6 +23052,21 @@ OPT_ZLIB="" fi @@ -38,7 +38,7 @@ if test -z "$OPT_ZLIB" ; then if test -n "$PKG_CONFIG"; then -@@ -23120,6 +23120,7 @@ +@@ -23344,6 +23359,7 @@ printf "%s\n" "$as_me: found both libz and libz.h header" >&6;} curl_zlib_msg="enabled" fi @@ -48,7 +48,7 @@ if test x"$AMFIXLIB" = x1; then --- configure.ac +++ configure.ac -@@ -1222,19 +1222,30 @@ +@@ -1243,19 +1243,30 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -80,7 +80,7 @@ if test -z "$OPT_ZLIB" ; then CURL_CHECK_PKGCONFIG(zlib) -@@ -1316,6 +1316,7 @@ +@@ -1336,6 +1347,7 @@ AC_MSG_NOTICE([found both libz and libz.h header]) curl_zlib_msg="enabled" fi |