download.lst | 4 ++--
external/curl/ExternalProject_curl.mk | 26 +++++---------------------
external/curl/UnpackedTarball_curl.mk | 12 ------------
external/curl/asan-poison-nsspem.patch.0 | 11 -----------
external/curl/curl-nss.patch.1 | 17 -----------------
5 files changed, 7 insertions(+), 63 deletions(-)
New commits:
commit c2930ebff82c4f7ffe8377ab82627131f8544226
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Wed Sep 13 18:25:13 2023 +0900
Commit: Taichi Haradaguchi <20001...@ymail.ne.jp>
CommitDate: Wed Sep 27 06:08:20 2023 +0200
curl: upgrade to release 8.3.0
Fixes CVE-2023-38039
* NSS support was removed in this release, so NSS related patches are not
necessary now.
* add configure options for curl.
Change-Id: I71e09bac3c69ce4b13deee770a32225f39f79c46
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156917
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
diff --git a/download.lst b/download.lst
index 20b9e5d754aa..7ded51ff5450 100644
--- a/download.lst
+++ b/download.lst
@@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-CURL_SHA256SUM :=
dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894
-CURL_TARBALL := curl-8.2.1.tar.xz
+CURL_SHA256SUM :=
376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63
+CURL_TARBALL := curl-8.3.0.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index a4029c2fc4b2..5f72e4807394 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -10,21 +10,10 @@
$(eval $(call gb_ExternalProject_ExternalProject,curl))
$(eval $(call gb_ExternalProject_use_externals,curl,\
+ $(if $(ENABLE_OPENSSL),openssl) \
zlib \
))
-ifeq ($(TLS),NSS)
-$(eval $(call gb_ExternalProject_use_externals,curl,\
- nss3 \
-))
-else
-ifeq ($(TLS),OPENSSL)
-$(eval $(call gb_ExternalProject_use_externals,curl,\
- openssl \
-))
-endif
-endif
-
$(eval $(call gb_ExternalProject_register_targets,curl,\
build \
))
@@ -41,18 +30,14 @@ curl_LDFLAGS += -L$(SYSBASE)/usr/lib
endif
endif
-# there are 2 include paths, the other one is passed to --with-nss below
-ifeq ($(SYSTEM_NSS),)
-curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss
-endif
-
# use --with-secure-transport on macOS >10.5 and iOS to get a native UI for
SSL certs for CMIS usage
-# use --with-nss/--with-openssl only on platforms other than macOS and iOS
+# use --with-openssl only on platforms other than macOS and iOS
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_Trace_StartRange,curl,EXTERNAL)
$(call gb_ExternalProject_run,build,\
$(gb_RUN_CONFIGURE) ./configure \
- --without-nss --without-openssl --without-gnutls
--without-mbedtls \
+ --without-amissl --without-bearssl --without-gnutls \
+ --without-mbedtls --without-rustls --without-wolfssl \
--enable-ftp --enable-http --enable-ipv6 \
--without-libidn2 --without-libpsl --without-librtmp \
--without-libssh2 --without-nghttp2 \
@@ -66,8 +51,7 @@ $(call gb_ExternalProject_get_state_target,curl,build):
--disable-tftp \
$(if $(filter iOS MACOSX,$(OS)),\
--with-secure-transport,\
- $(if $(filter NSS,$(TLS)),--with-nss$(if
$(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")
--with-nss-deprecated)) \
- $(if $(filter
OPENSSL,$(TLS)),--with-openssl$(if $(SYSTEM_OPENSSL),,="$(call
gb_UnpackedTarball_get_dir,openssl)")) \
+ $(if $(ENABLE_OPENSSL),--with-openssl$(if
$(SYSTEM_OPENSSL),,="$(call gb_UnpackedTarball_get_dir,openssl)"))) \
$(if $(filter LINUX,$(OS)),--without-ca-bundle
--without-ca-path) \
$(gb_CONFIGURE_PLATFORMS) \
$(if $(filter
TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \
diff --git a/external/curl/UnpackedTarball_curl.mk
b/external/curl/UnpackedTarball_curl.mk
index e78adabb8d07..4412857d36a0 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -27,22 +27,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\
external/curl/configurable-z-option.patch.0 \
))
-ifeq ($(SYSTEM_NSS),)
-$(eval $(call gb_UnpackedTarball_add_patches,curl,\
- external/curl/curl-nss.patch.1 \
-))
-endif
-
ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE)
$(eval $(call gb_UnpackedTarball_add_patches,curl, \
external/curl/clang-cl.patch.0 \
))
endif
-ifneq ($(filter -fsanitize=%,$(CC)),)
-$(eval $(call gb_UnpackedTarball_add_patches,curl, \
- external/curl/asan-poison-nsspem.patch.0 \
-))
-endif
-
# vim: set noet sw=4 ts=4:
diff --git a/external/curl/asan-poison-nsspem.patch.0
b/external/curl/asan-poison-nsspem.patch.0
deleted file mode 100644
index b348d44ee573..000000000000
--- a/external/curl/asan-poison-nsspem.patch.0
+++ /dev/null
@@ -1,11 +0,0 @@
---- lib/vtls/nss.c
-+++ lib/vtls/nss.c
-@@ -1926,7 +1926,7 @@
-
- PK11_SetPasswordFunc(nss_get_password);
-
-- result = nss_load_module(&pem_module, pem_library, "PEM");
-+ result = CURLE_FAILED_INIT;
- PR_Unlock(nss_initlock);
- if(result == CURLE_FAILED_INIT)
- infof(data, "WARNING: failed to load NSS PEM library %s. Using "
diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1
deleted file mode 100644
index 2e8766b3d45f..000000000000
--- a/external/curl/curl-nss.patch.1
+++ /dev/null
@@ -1,17 +0,0 @@
-diff -ur curl.org/configure curl/configure
---- curl.orig/configure 2023-02-20 16:11:55.000000000 +0900
-+++ curl/configure 2023-02-23 15:40:58.617432471 +0900
-@@ -28675,7 +28675,12 @@
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired
libraries and compilation flags for NSS." >&5
- printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation
flags for NSS." >&2;}
- addld="-L$OPT_NSS/lib"
-- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
-+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3"
-+ case $host_os in
-+ *android*)
-+ addlib="${addlib} -llog"
-+ ;;
-+ esac
- addcflags="-I$OPT_NSS/include"
- version="unknown"
- nssprefix=$OPT_NSS
