This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch branch-1.17.x
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/branch-1.17.x by this push:
new 9e227790d [thirdparty] bump curl version up to 8.4.0
9e227790d is described below
commit 9e227790de63c85c7fd910bfaec0dd3ee64a2399
Author: Yingchun Lai <[email protected]>
AuthorDate: Fri Oct 13 16:02:33 2023 +0800
[thirdparty] bump curl version up to 8.4.0
Change-Id: I7ba976899bb23d95bff1c5386f417d36f0b4b504
Reviewed-on: http://gerrit.cloudera.org:8080/20575
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>
(cherry picked from commit 28c9218172d366832b1f9881cfbc7f159afd3029)
Reviewed-on: http://gerrit.cloudera.org:8080/20586
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Yingchun Lai <[email protected]>
---
thirdparty/build-definitions.sh | 5 +-
thirdparty/download-thirdparty.sh | 3 +-
.../patches/curl-custom-openssl-library.patch | 8 +-
.../patches/curl-handle-openssl-errors.patch | 109 +++++++++++----------
thirdparty/vars.sh | 2 +-
5 files changed, 65 insertions(+), 62 deletions(-)
diff --git a/thirdparty/build-definitions.sh b/thirdparty/build-definitions.sh
index 5f16d00ee..a94759d94 100644
--- a/thirdparty/build-definitions.sh
+++ b/thirdparty/build-definitions.sh
@@ -767,7 +767,6 @@ build_curl() {
--disable-manual \
--disable-mime \
--disable-netrc \
- --disable-parsedate \
--disable-pop3 \
--disable-progress-meter \
--disable-rtsp \
@@ -781,7 +780,9 @@ build_curl() {
--without-librtmp \
--without-libssh2 \
--without-nghttp2 \
- --with-gssapi
+ --without-zstd \
+ --with-gssapi \
+ --with-openssl
unset KRB5CONFIG
make -j$PARALLEL $EXTRA_MAKEFLAGS install
popd
diff --git a/thirdparty/download-thirdparty.sh
b/thirdparty/download-thirdparty.sh
index 331a3fef8..eb258367f 100755
--- a/thirdparty/download-thirdparty.sh
+++ b/thirdparty/download-thirdparty.sh
@@ -303,12 +303,11 @@ fetch_and_patch \
$GCOVR_SOURCE \
$GCOVR_PATCHLEVEL
-CURL_PATCHLEVEL=2
+CURL_PATCHLEVEL=1
fetch_and_patch \
curl-${CURL_VERSION}.tar.gz \
$CURL_SOURCE \
$CURL_PATCHLEVEL \
- "patch -p1 < $TP_DIR/patches/curl-custom-openssl-library.patch" \
"patch -p1 < $TP_DIR/patches/curl-handle-openssl-errors.patch" \
"autoreconf -fvi"
diff --git a/thirdparty/patches/curl-custom-openssl-library.patch
b/thirdparty/patches/curl-custom-openssl-library.patch
index af7117be3..082b8680f 100644
--- a/thirdparty/patches/curl-custom-openssl-library.patch
+++ b/thirdparty/patches/curl-custom-openssl-library.patch
@@ -1,6 +1,8 @@
---- a/configure.ac 2021-04-14 12:03:20.819257209 -0700
-+++ b/configure.ac 2021-04-14 12:27:51.050220736 -0700
-@@ -1715,9 +1715,13 @@
+diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
+index a4811d2a3..a465ffacb 100644
+--- a/m4/curl-openssl.m4
++++ b/m4/curl-openssl.m4
+@@ -136,9 +136,13 @@ if test "x$OPT_OPENSSL" != xno; then
fi
fi
diff --git a/thirdparty/patches/curl-handle-openssl-errors.patch
b/thirdparty/patches/curl-handle-openssl-errors.patch
index 73626dc71..9d9e4aed2 100644
--- a/thirdparty/patches/curl-handle-openssl-errors.patch
+++ b/thirdparty/patches/curl-handle-openssl-errors.patch
@@ -1,10 +1,13 @@
---- a/lib/vtls/openssl.c 2023-05-03 19:15:43.000000000 -0700
-+++ b/lib/vtls/openssl.c 2023-05-04 20:58:10.000000000 -0700
-@@ -405,6 +405,18 @@
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 9f9c8d136..446d54bcd 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -954,6 +954,19 @@ static char *ossl_strerror(unsigned long error, char
*buf, size_t size)
return buf;
}
-+static void ossl_error_details(struct Curl_easy *data, const char *err_msg) {
++static void ossl_error_details(struct Curl_easy *data, const char *err_msg)
++{
+ char err_buf[256];
+ while(true) {
+ unsigned long ssl_err = ERR_get_error();
@@ -16,10 +19,10 @@
+ }
+}
+
- /* Return an extra data index for the connection data.
- * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
- */
-@@ -796,14 +808,17 @@
+ static int passwd_callback(char *buf, int num, int encrypting,
+ void *global_passwd)
+ {
+@@ -1456,14 +1469,17 @@ int cert_stuff(struct Curl_easy *data,
}
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
@@ -35,18 +38,18 @@
+ if(SSL_CTX_check_private_key(ctx) != 1) {
failf(data, "private key from PKCS12 file '%s' "
- "does not match certificate in same file", cert_file);
-+ "does not match certificate in same file: %s", cert_file,
++ "does not match certificate in same file: %s", cert_file,
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)));
goto fail;
}
/* Set Certificate Verification chain */
-@@ -860,8 +875,10 @@
- /* FALLTHROUGH */
- case SSL_FILETYPE_ASN1:
- if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
+@@ -1521,8 +1537,10 @@ fail:
+ SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) :
+ SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
+ if(cert_use_result != 1) {
- failf(data, "unable to set private key file: '%s' type %s",
-- key_file, key_type?key_type:"PEM");
+- key_file?key_file:"(memory blob)", key_type?key_type:"PEM");
+ failf(data, "unable to set private key file: '%s' type %s: %s",
+ key_file, key_type ? key_type : "PEM",
+ ossl_strerror(ERR_get_error(), error_buffer,
@@ -54,18 +57,18 @@
return 0;
}
break;
-@@ -903,7 +920,9 @@
- return 0;
- }
- if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
-- failf(data, "unable to set private key");
-+ failf(data, "unable to set private key: %s",
-+ ossl_strerror(ERR_get_error(), error_buffer,
-+ sizeof(error_buffer)));
- EVP_PKEY_free(priv_key);
- return 0;
- }
-@@ -975,7 +994,9 @@
+@@ -1562,7 +1580,9 @@ fail:
+ return 0;
+ }
+ if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
+- failf(data, "unable to set private key");
++ failf(data, "unable to set private key: %s",
++ ossl_strerror(ERR_get_error(), error_buffer,
++ sizeof(error_buffer)));
+ EVP_PKEY_free(priv_key);
+ return 0;
+ }
+@@ -1635,7 +1655,9 @@ fail:
/* Now we know that a key and cert have been set against
* the SSL context */
if(!SSL_CTX_check_private_key(ctx)) {
@@ -76,34 +79,32 @@
return 0;
}
}
-@@ -2724,18 +2745,21 @@
- /* tell SSL where to find CA certificates that are used to verify
- the servers certificate. */
- if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
-+
-+ static const char * const err_msg =
-+ "error setting certificate verify locations";
- if(verifypeer) {
- /* Fail if we insist on successfully verifying the server. */
-- failf(data, "error setting certificate verify locations:\n"
-- " CAfile: %s\n CApath: %s",
-+ failf(data, "%s:\n CAfile: %s\n CApath: %s",
-+ err_msg,
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
-+ ossl_error_details(data, err_msg);
- return CURLE_SSL_CACERT_BADFILE;
+@@ -3234,17 +3256,19 @@ static CURLcode populate_x509_store(struct
Curl_cfilter *cf,
+ /* tell OpenSSL where to find CA certificates that are used to verify
the
+ server's certificate. */
+ if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
++ static const char * const err_msg =
++ "error setting certificate verify locations";
+ if(!imported_native_ca && !imported_ca_info_blob) {
+ /* Fail if we insist on successfully verifying the server. */
+- failf(data, "error setting certificate verify locations:"
+- " CAfile: %s CApath: %s",
++ failf(data, "%s:\n CAfile: %s\n CApath: %s",
++ err_msg,
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
++ ossl_error_details(data, err_msg);
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+- infof(data, "error setting certificate verify locations,"
+- " continuing anyway");
++ infof(data, "%s, continuing anyway:\n", err_msg);
+ }
}
- /* Just continue with a warning if no strict certificate verification
- is required. */
-- infof(data, "error setting certificate verify locations,"
-- " continuing anyway:\n");
-+ infof(data, "%s, continuing anyway:\n", err_msg);
- }
- else {
- /* Everything is fine. */
-@@ -2762,7 +2786,9 @@
- X509_LOOKUP_file());
+ #endif
+@@ -3268,7 +3292,9 @@ static CURLcode populate_x509_store(struct Curl_cfilter
*cf,
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if(!lookup ||
(!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
- failf(data, "error loading CRL file: %s", ssl_crlfile);
@@ -113,7 +114,7 @@
return CURLE_SSL_CRL_BADFILE;
}
/* Everything is fine. */
-@@ -2994,6 +3020,8 @@
+@@ -3960,6 +3986,8 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter
*cf,
result = CURLE_SSL_CONNECT_ERROR;
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
}
diff --git a/thirdparty/vars.sh b/thirdparty/vars.sh
index 4312c042a..fd7aa7236 100644
--- a/thirdparty/vars.sh
+++ b/thirdparty/vars.sh
@@ -122,7 +122,7 @@ GCOVR_VERSION=3.0
GCOVR_NAME=gcovr-$GCOVR_VERSION
GCOVR_SOURCE=$TP_SOURCE_DIR/$GCOVR_NAME
-CURL_VERSION=7.68.0
+CURL_VERSION=8.4.0
CURL_NAME=curl-$CURL_VERSION
CURL_SOURCE=$TP_SOURCE_DIR/$CURL_NAME
