download.lst | 4 ++-- external/curl/ExternalProject_curl.mk | 26 +++++--------------------- external/curl/UnpackedTarball_curl.mk | 12 ------------ external/curl/asan-poison-nsspem.patch.0 | 11 ----------- external/curl/curl-nss.patch.1 | 17 ----------------- 5 files changed, 7 insertions(+), 63 deletions(-)
New commits: commit d97184677471565f3987a5d0fe1ef96503c0b099 Author: Thorsten Behrens <thorsten.behr...@allotropia.de> AuthorDate: Wed Oct 11 10:00:26 2023 +0200 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Wed Oct 11 17:27:10 2023 +0200 curl: upgrade to release 8.4.0 Fixes CVE-2023-38546 and CVE-2023-38545 Minor amount of bugfixes, nothing that immediately affects us. New feature: IPFS protocols via HTTP gateway now supported, with the right URL. Change-Id: I24af4d17b570685081aa031c50a87bb8dcf1833d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157829 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/download.lst b/download.lst index b3ca4fd2e4a4..26012e8b014e 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 -CURL_TARBALL := curl-8.3.0.tar.xz +CURL_SHA256SUM := 16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d +CURL_TARBALL := curl-8.4.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts commit 5a113f2376344062ff1a71debecf7a7b112c8e25 Author: Taichi Haradaguchi <20001...@ymail.ne.jp> AuthorDate: Wed Sep 13 18:25:13 2023 +0900 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Wed Oct 11 17:26:59 2023 +0200 curl: upgrade to release 8.3.0 Fixes CVE-2023-38039 * NSS support was removed in this release, so NSS related patches are not necessary now. * add configure options for curl. Change-Id: I71e09bac3c69ce4b13deee770a32225f39f79c46 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156917 Tested-by: Jenkins Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp> (cherry picked from commit c2930ebff82c4f7ffe8377ab82627131f8544226) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157311 Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit 609d4a6b8d66d02a36c57de99efd36a4b1c2b789) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157313 Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> (cherry picked from commit 5d9a942721ea683b3684e71c470d338599a80eb1) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157828 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Andras Timar <andras.ti...@collabora.com> diff --git a/download.lst b/download.lst index 5e87e03bfa12..b3ca4fd2e4a4 100644 --- a/download.lst +++ b/download.lst @@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -CURL_SHA256SUM := dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894 -CURL_TARBALL := curl-8.2.1.tar.xz +CURL_SHA256SUM := 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 +CURL_TARBALL := curl-8.3.0.tar.xz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 087ea2c44b39..fdc93a46c3cb 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -10,21 +10,10 @@ $(eval $(call gb_ExternalProject_ExternalProject,curl)) $(eval $(call gb_ExternalProject_use_externals,curl,\ + $(if $(ENABLE_OPENSSL),openssl) \ zlib \ )) -ifeq ($(TLS),NSS) -$(eval $(call gb_ExternalProject_use_externals,curl,\ - nss3 \ -)) -else -ifeq ($(TLS),OPENSSL) -$(eval $(call gb_ExternalProject_use_externals,curl,\ - openssl \ -)) -endif -endif - $(eval $(call gb_ExternalProject_register_targets,curl,\ build \ )) @@ -41,18 +30,14 @@ curl_LDFLAGS += -L$(SYSBASE)/usr/lib endif endif -# there are 2 include paths, the other one is passed to --with-nss below -ifeq ($(SYSTEM_NSS),) -curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss -endif - # use --with-secure-transport on macOS >10.5 and iOS to get a native UI for SSL certs for CMIS usage -# use --with-nss/--with-openssl only on platforms other than macOS and iOS +# use --with-openssl only on platforms other than macOS and iOS $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_Trace_StartRange,curl,EXTERNAL) $(call gb_ExternalProject_run,build,\ $(gb_RUN_CONFIGURE) ./configure \ - --without-nss --without-openssl --without-gnutls --without-mbedtls \ + --without-amissl --without-bearssl --without-gnutls \ + --without-mbedtls --without-rustls --without-wolfssl \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-nghttp2 \ @@ -66,8 +51,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): --disable-tftp \ $(if $(filter iOS MACOSX,$(OS)),\ --with-secure-transport,\ - $(if $(filter NSS,$(TLS)),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated)) \ - $(if $(filter OPENSSL,$(TLS)),--with-openssl$(if $(SYSTEM_OPENSSL),,="$(call gb_UnpackedTarball_get_dir,openssl)")) \ + $(if $(ENABLE_OPENSSL),--with-openssl$(if $(SYSTEM_OPENSSL),,="$(call gb_UnpackedTarball_get_dir,openssl)"))) \ $(if $(filter LINUX,$(OS)),--without-ca-bundle --without-ca-path) \ $(gb_CONFIGURE_PLATFORMS) \ $(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \ diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index e78adabb8d07..4412857d36a0 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -27,22 +27,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/configurable-z-option.patch.0 \ )) -ifeq ($(SYSTEM_NSS),) -$(eval $(call gb_UnpackedTarball_add_patches,curl,\ - external/curl/curl-nss.patch.1 \ -)) -endif - ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE) $(eval $(call gb_UnpackedTarball_add_patches,curl, \ external/curl/clang-cl.patch.0 \ )) endif -ifneq ($(filter -fsanitize=%,$(CC)),) -$(eval $(call gb_UnpackedTarball_add_patches,curl, \ - external/curl/asan-poison-nsspem.patch.0 \ -)) -endif - # vim: set noet sw=4 ts=4: diff --git a/external/curl/asan-poison-nsspem.patch.0 b/external/curl/asan-poison-nsspem.patch.0 deleted file mode 100644 index b348d44ee573..000000000000 --- a/external/curl/asan-poison-nsspem.patch.0 +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/vtls/nss.c -+++ lib/vtls/nss.c -@@ -1926,7 +1926,7 @@ - - PK11_SetPasswordFunc(nss_get_password); - -- result = nss_load_module(&pem_module, pem_library, "PEM"); -+ result = CURLE_FAILED_INIT; - PR_Unlock(nss_initlock); - if(result == CURLE_FAILED_INIT) - infof(data, "WARNING: failed to load NSS PEM library %s. Using " diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 deleted file mode 100644 index 2e8766b3d45f..000000000000 --- a/external/curl/curl-nss.patch.1 +++ /dev/null @@ -1,17 +0,0 @@ -diff -ur curl.org/configure curl/configure ---- curl.orig/configure 2023-02-20 16:11:55.000000000 +0900 -+++ curl/configure 2023-02-23 15:40:58.617432471 +0900 -@@ -28675,7 +28675,12 @@ - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 - printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} - addld="-L$OPT_NSS/lib" -- addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" -+ addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" -+ case $host_os in -+ *android*) -+ addlib="${addlib} -llog" -+ ;; -+ esac - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS