download.lst | 4 ++-- external/curl/curl-7.26.0_win-proxy.patch | 9 +++++---- external/curl/curl-msvc-disable-protocols.patch.1 | 2 +- external/curl/curl-nss.patch.1 | 6 +++--- external/curl/zlib.patch.0 | 12 ++++++------ 5 files changed, 17 insertions(+), 16 deletions(-)
New commits: commit daa8aacabf48262525a335ef689816d229db5748 Author: Taichi Haradaguchi <[email protected]> AuthorDate: Thu Feb 23 15:31:02 2023 +0900 Commit: Michael Stahl <[email protected]> CommitDate: Wed Mar 1 15:51:19 2023 +0100 curl: upgrade to release 7.88.1 Fixes CVE-2023-23916, 2 CVEs that probably don't affect LO. Reference: https://curl.se/docs/security.html Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147977 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 6074d16b8c631e679a67364837d4ca9799731152) Change-Id: If9b3fc7c5ce66bfe1027caff39ea2c1cf55df7ad diff --git a/download.lst b/download.lst index 941edf53d12d..730746106712 100644 --- a/download.lst +++ b/download.lst @@ -66,8 +66,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff -CURL_TARBALL := curl-7.87.0.tar.xz +CURL_SHA256SUM := 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f +CURL_TARBALL := curl-7.88.1.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 909ca38315a6..62016a70e8a0 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -44,7 +44,7 @@ /**************************************************************** * Detect what (if any) proxy to use. Remember that this selects a host * name and is not limited to HTTP proxies only. -@@ -4613,6 +4633,66 @@ +@@ -4613,6 +4633,67 @@ * For compatibility, the all-uppercase versions of these variables are * checked if the lowercase versions don't exist. */ @@ -58,6 +58,7 @@ + char *ieProxy; + char *ieNoProxy; + char *pos; ++ bool spacesp; + + ieProxy = wstrToCstr(ieProxyConfig->lpszProxy); + ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass); @@ -72,7 +73,7 @@ + } + } + -+ if(!Curl_check_noproxy(conn->host.name, no_proxy)) { ++ if(!Curl_check_noproxy(conn->host.name, no_proxy, &spacesp)) { + /* Look for the http proxy setting */ + char *tok; + char *saveptr; diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 2128849369e7..2e8766b3d45f 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,7 +1,7 @@ diff -ur curl.org/configure curl/configure ---- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 -+++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -28230,7 +28230,12 @@ +--- curl.orig/configure 2023-02-20 16:11:55.000000000 +0900 ++++ curl/configure 2023-02-23 15:40:58.617432471 +0900 +@@ -28675,7 +28675,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" commit f324abaa4149e7338aa25ff7304d0b5f90abc090 Author: Taichi Haradaguchi <[email protected]> AuthorDate: Fri Dec 30 21:29:58 2022 +0900 Commit: Michael Stahl <[email protected]> CommitDate: Wed Mar 1 15:51:19 2023 +0100 curl: upgrade to release 7.87.0 Fixes CVE-2022-43551 and CVE-2022-43552. https://curl.se/docs/CVE-2022-43551.html https://curl.se/docs/CVE-2022-43552.html Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145116 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 181806115a694ade32c7bba1abd9aa931b1a93b9) Change-Id: I979ed11c212aef226ad9f26420462e5f9dbe15e5 diff --git a/download.lst b/download.lst index 2811bfbccdfd..941edf53d12d 100644 --- a/download.lst +++ b/download.lst @@ -66,8 +66,8 @@ CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b -CURL_TARBALL := curl-7.86.0.tar.xz +CURL_SHA256SUM := ee5f1a1955b0ed413435ef79db28b834ea5f0fb7c8cfb1ce47175cc3bee08fff +CURL_TARBALL := curl-7.87.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 6fb20533e097..909ca38315a6 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -12,8 +12,8 @@ --- curl-7.26.0/lib/url.c +++ misc/build/curl-7.26.0/lib/url.c @@ -78,6 +78,10 @@ - bool Curl_win32_idn_to_ascii(const char *in, char **out); - #endif /* USE_LIBIDN2 */ + + #include <limits.h> +#ifdef _WIN32 +#include <WinHttp.h> diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index 89c4ff576f85..71ff0c01a028 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,7 +2,7 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -616,4 +616,20 @@ +@@ -654,4 +654,20 @@ # define ENABLE_IPV6 1 #endif diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 5ef25748d7eb..2128849369e7 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,7 +1,7 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -27985,7 +27985,12 @@ +@@ -28230,7 +28230,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b8e242a3aaea..b4442ba262d1 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,6 +1,6 @@ --- configure +++ configure -@@ -22808,7 +22808,6 @@ +@@ -23035,7 +23035,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -8,7 +8,7 @@ # Check whether --with-zlib was given. if test ${with_zlib+y} -@@ -22818,6 +22818,7 @@ +@@ -23045,6 +23044,7 @@ if test "$OPT_ZLIB" = "no" ; then @@ -16,7 +16,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 printf "%s\n" "$as_me: WARNING: zlib disabled" >&2;} else -@@ -22825,6 +825,21 @@ +@@ -23052,6 +23052,21 @@ OPT_ZLIB="" fi @@ -38,7 +38,7 @@ if test -z "$OPT_ZLIB" ; then if test -n "$PKG_CONFIG"; then -@@ -23120,6 +23120,7 @@ +@@ -23344,6 +23359,7 @@ printf "%s\n" "$as_me: found both libz and libz.h header" >&6;} curl_zlib_msg="enabled" fi @@ -48,7 +48,7 @@ if test x"$AMFIXLIB" = x1; then --- configure.ac +++ configure.ac -@@ -1222,19 +1222,30 @@ +@@ -1243,19 +1243,30 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS clean_LIBS=$LIBS @@ -80,7 +80,7 @@ if test -z "$OPT_ZLIB" ; then CURL_CHECK_PKGCONFIG(zlib) -@@ -1316,6 +1316,7 @@ +@@ -1336,6 +1347,7 @@ AC_MSG_NOTICE([found both libz and libz.h header]) curl_zlib_msg="enabled" fi
