download.lst | 4 ++-- external/curl/ExternalProject_curl.mk | 26 +++++--------------------- external/curl/UnpackedTarball_curl.mk | 12 ------------ external/curl/asan-poison-nsspem.patch.0 | 11 ----------- external/curl/curl-nss.patch.1 | 17 ----------------- 5 files changed, 7 insertions(+), 63 deletions(-)
New commits: commit c2930ebff82c4f7ffe8377ab82627131f8544226 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Wed Sep 13 18:25:13 2023 +0900 Commit: Taichi Haradaguchi <20001...@ymail.ne.jp> CommitDate: Wed Sep 27 06:08:20 2023 +0200 curl: upgrade to release 8.3.0 Fixes CVE-2023-38039 * NSS support was removed in this release, so NSS related patches are not necessary now. * add configure options for curl. Change-Id: I71e09bac3c69ce4b13deee770a32225f39f79c46 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156917 Tested-by: Jenkins Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp> diff --git a/download.lst b/download.lst index 20b9e5d754aa..7ded51ff5450 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894 -CURL_TARBALL := curl-8.2.1.tar.xz +CURL_SHA256SUM := 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 +CURL_TARBALL := curl-8.3.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index a4029c2fc4b2..5f72e4807394 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -10,21 +10,10 @@ $(eval $(call gb_ExternalProject_ExternalProject,curl)) $(eval $(call gb_ExternalProject_use_externals,curl,\ + $(if $(ENABLE_OPENSSL),openssl) \ zlib \ )) -ifeq ($(TLS),NSS) -$(eval $(call gb_ExternalProject_use_externals,curl,\ - nss3 \ -)) -else -ifeq ($(TLS),OPENSSL) -$(eval $(call gb_ExternalProject_use_externals,curl,\ - openssl \ -)) -endif -endif - $(eval $(call gb_ExternalProject_register_targets,curl,\ build \ )) @@ -41,18 +30,14 @@ curl_LDFLAGS += -L$(SYSBASE)/usr/lib endif endif -# there are 2 include paths, the other one is passed to --with-nss below -ifeq ($(SYSTEM_NSS),) -curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss -endif - # use --with-secure-transport on macOS >10.5 and iOS to get a native UI for SSL certs for CMIS usage -# use --with-nss/--with-openssl only on platforms other than macOS and iOS +# use --with-openssl only on platforms other than macOS and iOS $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_Trace_StartRange,curl,EXTERNAL) $(call gb_ExternalProject_run,build,\ $(gb_RUN_CONFIGURE) ./configure \ - --without-nss --without-openssl --without-gnutls --without-mbedtls \ + --without-amissl --without-bearssl --without-gnutls \ + --without-mbedtls --without-rustls --without-wolfssl \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-nghttp2 \ @@ -66,8 +51,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): --disable-tftp \ $(if $(filter iOS MACOSX,$(OS)),\ --with-secure-transport,\ - $(if $(filter NSS,$(TLS)),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated)) \ - $(if $(filter OPENSSL,$(TLS)),--with-openssl$(if $(SYSTEM_OPENSSL),,="$(call gb_UnpackedTarball_get_dir,openssl)")) \ + $(if $(ENABLE_OPENSSL),--with-openssl$(if $(SYSTEM_OPENSSL),,="$(call gb_UnpackedTarball_get_dir,openssl)"))) \ $(if $(filter LINUX,$(OS)),--without-ca-bundle --without-ca-path) \ $(gb_CONFIGURE_PLATFORMS) \ $(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \ diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index e78adabb8d07..4412857d36a0 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -27,22 +27,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/configurable-z-option.patch.0 \ )) -ifeq ($(SYSTEM_NSS),) -$(eval $(call gb_UnpackedTarball_add_patches,curl,\ - external/curl/curl-nss.patch.1 \ -)) -endif - ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE) $(eval $(call gb_UnpackedTarball_add_patches,curl, \ external/curl/clang-cl.patch.0 \ )) endif -ifneq ($(filter -fsanitize=%,$(CC)),) -$(eval $(call gb_UnpackedTarball_add_patches,curl, \ - external/curl/asan-poison-nsspem.patch.0 \ -)) -endif - # vim: set noet sw=4 ts=4: diff --git a/external/curl/asan-poison-nsspem.patch.0 b/external/curl/asan-poison-nsspem.patch.0 deleted file mode 100644 index b348d44ee573..000000000000 --- a/external/curl/asan-poison-nsspem.patch.0 +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/vtls/nss.c -+++ lib/vtls/nss.c -@@ -1926,7 +1926,7 @@ - - PK11_SetPasswordFunc(nss_get_password); - -- result = nss_load_module(&pem_module, pem_library, "PEM"); -+ result = CURLE_FAILED_INIT; - PR_Unlock(nss_initlock); - if(result == CURLE_FAILED_INIT) - infof(data, "WARNING: failed to load NSS PEM library %s. Using " diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 deleted file mode 100644 index 2e8766b3d45f..000000000000 --- a/external/curl/curl-nss.patch.1 +++ /dev/null @@ -1,17 +0,0 @@ -diff -ur curl.org/configure curl/configure ---- curl.orig/configure 2023-02-20 16:11:55.000000000 +0900 -+++ curl/configure 2023-02-23 15:40:58.617432471 +0900 -@@ -28675,7 +28675,12 @@ - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 - printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} - addld="-L$OPT_NSS/lib" -- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" -+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" -+ case $host_os in -+ *android*) -+ addlib="${addlib} -llog" -+ ;; -+ esac - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS