download.lst | 8
external/curl/CVE-2017-1000254.patch | 50 ---
external/curl/CVE-2017-8816.patch | 67 -----
external/curl/CVE-2018-1000005.patch | 36 --
external/curl/CVE-2018-1000007.patch | 110 --------
external/curl/CVE-2018-1000120.patch | 67 -----
external/curl/CVE-2018-14618.patch | 66 -----
external/curl/CVE-2018-16890.patch | 39 ---
external/curl/CVE-2019-3822.patch | 35 --
external/curl/ExternalPackage_curl.mk | 4
external/curl/ExternalProject_curl.mk | 30 +-
external/curl/UnpackedTarball_curl.mk | 21 -
external/curl/clang-cl.patch.0 | 11
external/curl/curl-7.26.0_win-proxy.patch | 49 +--
external/curl/curl-msvc-disable-protocols.patch.1 | 11
external/curl/curl-msvc-schannel.patch.1 | 22 -
external/curl/curl-msvc.patch.1 | 48 +--
external/curl/curl-osx.patch.1 | 285 ----------------------
external/curl/curl-xp.patch.1 | 12
external/curl/zlib.patch.0 | 100 +++++++
external/expat/expat-winapi.patch | 14 +
21 files changed, 213 insertions(+), 872 deletions(-)
New commits:
commit 3c59e06756cb78c1cba5dfd64c2416c05606a919
Author: Andras Timar <andras.ti...@collabora.com>
AuthorDate: Wed May 23 14:10:08 2018 +0200
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Tue Apr 5 22:52:48 2022 +0200
curl: upgrade to release 7.60.0
Revert also these commits:
aa0f44de5b260b2b2a39bdd2de9445d72ab14265
ed497921314ebd41fce3483c92ca433b502628ca
06697501dff33996426f1ebb5ba42039193a632f
860ff5ee216d80211bc19b3879d20d7981923c1a
5793da78b48fee31a929c3c81709f3bab526d79b
Change-Id: Ic8510b424f52c059f979e26441e67ec15b332933
diff --git a/download.lst b/download.lst
index e14c0ecef12f..cbb383504ed8 100644
--- a/download.lst
+++ b/download.lst
@@ -30,8 +30,8 @@ export CPPUNIT_SHA256SUM :=
3d569869d27b48860210c758c4f313082103a5e58219a7669b52
export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
export CT2N_SHA256SUM :=
71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
export CT2N_TARBALL :=
1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM :=
a8984e8b20880b621f61a62d95ff3c0763a3152093a9f9ce4287cfd614add6ae
-export CURL_TARBALL := curl-7.52.1.tar.gz
+export CURL_SHA256SUM :=
e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5
+export CURL_TARBALL := curl-7.60.0.tar.gz
export EBOOK_SHA256SUM :=
b710a57c633205b933015474d0ac0862253d1c52114d535dd09b20939a0d1850
export EBOOK_TARBALL := libe-book-0.1.2.tar.bz2
export EPOXY_SHA256SUM :=
1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64
diff --git a/external/curl/CVE-2017-1000254.patch
b/external/curl/CVE-2017-1000254.patch
deleted file mode 100644
index 2e2af20f7258..000000000000
--- a/external/curl/CVE-2017-1000254.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 29b251362e1839d7094993edbed8f9467069773f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Mon, 25 Sep 2017 00:35:22 +0200
-Subject: [PATCH] FTP: zero terminate the entry path even on bad input
-
-... a single double quote could leave the entry path buffer without a zero
-terminating byte. CVE-2017-1000254
-
-Test 1152 added to verify.
-
-Reported-by: Max Dymond
-Bug: https://curl.haxx.se/docs/adv_20171004.html
----
- lib/ftp.c | 7 ++++--
- tests/data/Makefile.inc | 1 +
- tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 67 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test1152
-
-diff -urN curl.org/lib/ftp.c curl/lib/ftp.c
---- curl.org/lib/ftp.c 2016-12-19 09:15:11.000000000 +0100
-+++ curl/lib/ftp.c 2018-09-10 05:52:32.148633155 +0200
-@@ -2825,6 +2825,7 @@
- char *ptr=&data->state.buffer[4]; /* start on the first letter */
- char *dir;
- char *store;
-+ bool entry_extracted = FALSE;
-
- dir = malloc(nread + 1);
- if(!dir)
-@@ -2856,7 +2857,7 @@
- }
- else {
- /* end of path */
-- *store = '\0'; /* zero terminate */
-+ entry_extracted = TRUE;
- break; /* get out of this loop */
- }
- }
-@@ -2865,7 +2866,9 @@
- store++;
- ptr++;
- }
--
-+ *store = '\0'; /* zero terminate */
-+ }
-+ if(entry_extracted) {
- /* If the path name does not look like an absolute path (i.e.: it
- does not start with a '/'), we probably need some
server-dependent
- adjustments. For example, this is the case when connecting to
diff --git a/external/curl/CVE-2017-8816.patch
b/external/curl/CVE-2017-8816.patch
deleted file mode 100644
index dd4fa677e03f..000000000000
--- a/external/curl/CVE-2017-8816.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 7947c50bcd09cf471c95511739bc66d2cb506ee2 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Mon, 6 Nov 2017 23:51:52 +0100
-Subject: [PATCH] ntlm: avoid integer overflow for malloc size
-
-Reported-by: Alex Nichols
-Assisted-by: Kamil Dudka and Max Dymond
-
-CVE-2017-8816
-
-Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
----
- lib/curl_ntlm_core.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
-index 1309bf0d9..e8962769c 100644
---- a/lib/curl_ntlm_core.c
-+++ b/lib/curl_ntlm_core.c
-@@ -644,23 +644,42 @@ CURLcode Curl_hmac_md5(const unsigned char *key,
unsigned int keylen,
- Curl_HMAC_final(ctxt, output);
-
- return CURLE_OK;
- }
-
-+#ifndef SIZE_T_MAX
-+/* some limits.h headers have this defined, some don't */
-+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
-+#define SIZE_T_MAX 18446744073709551615U
-+#else
-+#define SIZE_T_MAX 4294967295U
-+#endif
-+#endif
-+
- /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
- * (uppercase UserName + Domain) as the data
- */
- CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
- const char *domain, size_t domlen,
- unsigned char *ntlmhash,
- unsigned char *ntlmv2hash)
- {
- /* Unicode representation */
-- size_t identity_len = (userlen + domlen) * 2;
-- unsigned char *identity = malloc(identity_len);
-+ size_t identity_len;
-+ unsigned char *identity;
- CURLcode result = CURLE_OK;
-
-+ /* we do the length checks below separately to avoid integer overflow risk
-+ on extreme data lengths */
-+ if((userlen > SIZE_T_MAX/2) ||
-+ (domlen > SIZE_T_MAX/2) ||
-+ ((userlen + domlen) > SIZE_T_MAX/2))
-+ return CURLE_OUT_OF_MEMORY;
-+
-+ identity_len = (userlen + domlen) * 2;
-+ identity = malloc(identity_len);
-+
- if(!identity)
- return CURLE_OUT_OF_MEMORY;
-
- ascii_uppercase_to_unicode_le(identity, user, userlen);
- ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
---
-2.15.0
-
diff --git a/external/curl/CVE-2018-1000005.patch
b/external/curl/CVE-2018-1000005.patch
deleted file mode 100644
index 7b5578b1aacc..000000000000
--- a/external/curl/CVE-2018-1000005.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From fa3dbb9a147488a2943bda809c66fc497efe06cb Mon Sep 17 00:00:00 2001
-From: Zhouyihai Ding <ddyi...@ddyihai.svl.corp.google.com>
-Date: Wed, 10 Jan 2018 10:12:18 -0800
-Subject: [PATCH] http2: fix incorrect trailer buffer size
-
-Prior to this change the stored byte count of each trailer was
-miscalculated and 1 less than required. It appears any trailer
-after the first that was passed to Curl_client_write would be truncated
-or corrupted as well as the size. Potentially the size of some
-subsequent trailer could be erroneously extracted from the contents of
-that trailer, and since that size is used by client write an
-out-of-bounds read could occur and cause a crash or be otherwise
-processed by client write.
-
-The bug appears to have been born in 0761a51 (precedes 7.49.0).
-
-Closes https://github.com/curl/curl/pull/2231
----
- lib/http2.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/http2.c b/lib/http2.c
-index 8e2fc71996..699287940e 100644
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -925,8 +925,8 @@ static int on_header(nghttp2_session *session, const
nghttp2_frame *frame,
-
- if(stream->bodystarted) {
- /* This is trailer fields. */
-- /* 3 is for ":" and "\r\n". */
-- uint32_t n = (uint32_t)(namelen + valuelen + 3);
-+ /* 4 is for ": " and "\r\n". */
-+ uint32_t n = (uint32_t)(namelen + valuelen + 4);
-
- DEBUGF(infof(data_s, "h2 trailer: %.*s: %.*s\n", namelen, name, valuelen,
- value));
diff --git a/external/curl/CVE-2018-1000007.patch
b/external/curl/CVE-2018-1000007.patch
deleted file mode 100644
index c474370c78ad..000000000000
--- a/external/curl/CVE-2018-1000007.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From af32cd3859336ab963591ca0df9b1e33a7ee066b Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Fri, 19 Jan 2018 13:19:25 +0100
-Subject: [PATCH] http: prevent custom Authorization headers in redirects
-
-... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
-curl already handles Authorization headers created internally.
-
-Note: this changes behavior slightly, for the sake of reducing mistakes.
-
-Added test 317 and 318 to verify.
-
-Reported-by: Craig de Stigter
-Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
----
- docs/libcurl/opts/CURLOPT_HTTPHEADER.3 | 12 ++++-
- lib/http.c | 10 +++-
- lib/setopt.c | 2 +-
- lib/urldata.h | 2 +-
- tests/data/Makefile.inc | 2 +-
- tests/data/test317 | 94 +++++++++++++++++++++++++++++++++
- tests/data/test318 | 95 ++++++++++++++++++++++++++++++++++
- 7 files changed, 212 insertions(+), 5 deletions(-)
- create mode 100644 tests/data/test317
- create mode 100644 tests/data/test318
-
-diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
-index c5ccb1a53d..c9f29e393e 100644
---- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
-+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
-@@ -5,7 +5,7 @@
- .\" * | (__| |_| | _ <| |___
- .\" * \___|\___/|_| \_\_____|
- .\" *
--.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <dan...@haxx.se>, et al.
-+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <dan...@haxx.se>, et al.
- .\" *
- .\" * This software is licensed as described in the file COPYING, which
- .\" * you should have received as part of this distribution. The terms
-@@ -77,6 +77,16 @@ the headers. They may be private or otherwise sensitive to
leak.
-
- Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you
- intend them to get sent.
-+
-+Custom headers are sent in all requests done by the easy handles, which
-+implies that if you tell libcurl to follow redirects
-+(\fBCURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers will be sent
-+in the subsequent request. Redirects can of course go to other hosts and thus
-+those servers will get all the contents of your custom headers too.
-+
-+Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
-+from being sent to other hosts than the first used one, unless specifically
-+permitted with the \fBCURLOPT_UNRESTRICTED_AUTH(3)\fP option.
- .SH DEFAULT
- NULL
- .SH PROTOCOLS
-diff --git a/lib/http.c b/lib/http.c
-index c1cdf2da02..a5007670d7 100644
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -714,7 +714,7 @@ Curl_http_output_auth(struct connectdata *conn,
- if(!data->state.this_is_a_follow ||
- conn->bits.netrc ||
- !data->state.first_host ||
-- data->set.http_disable_hostname_check_before_authentication ||
-+ data->set.allow_auth_to_other_hosts ||
- strcasecompare(data->state.first_host, conn->host.name)) {
- result = output_auth_headers(conn, authhost, request, path, FALSE);
- }
-@@ -1636,6 +1636,14 @@ CURLcode Curl_add_custom_headers(struct connectdata
*conn,
- checkprefix("Transfer-Encoding:", headers->data))
- /* HTTP/2 doesn't support chunked requests */
- ;
-+ else if(checkprefix("Authorization:", headers->data) &&
-+ /* be careful of sending this potentially sensitive header
to
-+ other hosts */
-+ (data->state.this_is_a_follow &&
-+ data->state.first_host &&
-+ !data->set.allow_auth_to_other_hosts &&
-+ !strcasecompare(data->state.first_host, conn->host.name)))
-+ ;
- else {
- CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
- headers->data);
-diff --git a/lib/setopt.c b/lib/setopt.c
-index 66f30ea653..a5ef75c722 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -976,7 +976,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
- * Send authentication (user+password) when following locations, even when
- * hostname changed.
- */
-- data->set.http_disable_hostname_check_before_authentication =
-+ data->set.allow_auth_to_other_hosts =
- (0 != va_arg(param, long)) ? TRUE : FALSE;
- break;
-
-diff --git a/lib/urldata.h b/lib/urldata.h
-index 4dcd1a322c..5c04ad1720 100644
---- a/lib/urldata.h
-+++ b/lib/urldata.h
-@@ -1599,7 +1599,7 @@ struct UserDefined {
- bool http_keep_sending_on_error; /* for HTTP status codes >= 300 */
- bool http_follow_location; /* follow HTTP redirects */
- bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
-- bool http_disable_hostname_check_before_authentication;
-+ bool allow_auth_to_other_hosts;
- bool include_header; /* include received protocol headers in data output
*/
- bool http_set_referer; /* is a custom referer used */
- bool http_auto_referer; /* set "correct" referer when following location: */
diff --git a/external/curl/CVE-2018-1000120.patch
b/external/curl/CVE-2018-1000120.patch
deleted file mode 100644
index 6da1b1b3dcce..000000000000
--- a/external/curl/CVE-2018-1000120.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From a6ae0fbe9c50733e0f645f5bd16e1db38c592c3d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Wed, 31 Jan 2018 08:40:11 +0100
-Subject: [PATCH] FTP: reject path components with control codes
-
-Refuse to operate when given path components featuring byte values lower
-than 32.
-
-Previously, inserting a %00 sequence early in the directory part when
-using the 'singlecwd' ftp method could make curl write a zero byte
-outside of the allocated buffer.
-
-Test case 340 verifies.
-
-CVE-2018-1000120
-Reported-by: Duy Phan Thanh
-Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
----
- lib/ftp.c | 8 ++++----
- tests/data/Makefile.inc | 3 +++
- tests/data/test340 | 40 ++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 47 insertions(+), 4 deletions(-)
- create mode 100644 tests/data/test340
-
-diff --git a/lib/ftp.c b/lib/ftp.c
-index fec591918..e2cc38b62 100644
---- a/lib/ftp.c
-+++ b/lib/ftp.c
-@@ -3192,11 +3192,11 @@ static CURLcode ftp_done(struct connectdata *conn,
CURLcode status,
- ftpc->known_filesize = -1;
- }
-
- if(!result)
- /* get the "raw" path */
-- result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
-+ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, TRUE);
- if(result) {
- /* We can limp along anyway (and should try to since we may already be in
- * the error path) */
- ftpc->ctl_valid = FALSE; /* mark control connection as bad */
- connclose(conn, "FTP: out of memory!"); /* mark for connection closure */
-@@ -4153,11 +4153,11 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
- dirlen++;
-
- result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
- slash_pos ? dirlen : 1,
- &ftpc->dirs[0], NULL,
-- FALSE);
-+ TRUE);
- if(result) {
- freedirs(ftpc);
- return result;
- }
- ftpc->dirdepth = 1; /* we consider it to be a single dir */
-@@ -4260,11 +4260,11 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
- /* prevpath is "raw" so we convert the input path before we compare the
- strings */
- size_t dlen;
- char *path;
- CURLcode result =
-- Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
-+ Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, TRUE);
- if(result) {
- freedirs(ftpc);
- return result;
- }
-
diff --git a/external/curl/CVE-2018-14618.patch
b/external/curl/CVE-2018-14618.patch
deleted file mode 100644
index 40f08e7305c1..000000000000
--- a/external/curl/CVE-2018-14618.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Mon, 13 Aug 2018 10:35:52 +0200
-Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password
-
-... since it would cause an integer overflow if longer than (max size_t
-/ 2).
-
-This is CVE-2018-14618
-
-Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
-Closes #2756
-Reported-by: Zhaoyang Wu
----
- lib/curl_ntlm_core.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
-index e27cab353c..922e85a926 100644
---- a/lib/curl_ntlm_core.c
-+++ b/lib/curl_ntlm_core.c
-@@ -526,6 +526,15 @@
-
- #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
-
-+#ifndef SIZE_T_MAX
-+/* some limits.h headers have this defined, some don't */
-+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
-+#define SIZE_T_MAX 18446744073709551615U
-+#else
-+#define SIZE_T_MAX 4294967295U
-+#endif
-+#endif
-+
- /*
- * Set up nt hashed passwords
- * @unittest: 1600
-@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
- unsigned char *ntbuffer /* 21 bytes */)
- {
- size_t len = strlen(password);
-- unsigned char *pw = malloc(len * 2);
-+ unsigned char *pw;
- CURLcode result;
-+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */
-+ return CURLE_OUT_OF_MEMORY;
-+ pw = len ? malloc(len * 2) : strdup("");
- if(!pw)
- return CURLE_OUT_OF_MEMORY;
-
-@@ -621,15 +630,6 @@
- return CURLE_OK;
- }
-
--#ifndef SIZE_T_MAX
--/* some limits.h headers have this defined, some don't */
--#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
--#define SIZE_T_MAX 18446744073709551615U
--#else
--#define SIZE_T_MAX 4294967295U
--#endif
--#endif
--
- /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
- * (uppercase UserName + Domain) as the data
- */
diff --git a/external/curl/CVE-2018-16890.patch
b/external/curl/CVE-2018-16890.patch
deleted file mode 100644
index dabb229c2e6f..000000000000
--- a/external/curl/CVE-2018-16890.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Wed, 2 Jan 2019 20:33:08 +0100
-Subject: [PATCH] NTLM: fix size check condition for type2 received data
-
-Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
-Reported-by: Wenxiang Qian
-CVE-2018-16890
----
- lib/vauth/ntlm.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
-index c3d55ed251..0ad4d972e3 100644
---- a/lib/vauth/ntlm.c
-+++ b/lib/vauth/ntlm.c
-@@ -5,7 +5,7 @@
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
-- * Copyright (C) 1998 - 2016, Daniel Stenberg, <dan...@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <dan...@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
-@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct
Curl_easy *data,
- target_info_len = Curl_read16_le(&buffer[40]);
- target_info_offset = Curl_read32_le(&buffer[44]);
- if(target_info_len > 0) {
-- if(((target_info_offset + target_info_len) > size) ||
-+ if((target_info_offset >= size) ||
-+ ((target_info_offset + target_info_len) > size) ||
- (target_info_offset < 48)) {
- infof(data, "NTLM handshake failure (bad type-2 message). "
-- "Target Info Offset Len is set incorrect by the peer\n");
-+ "Target Info Offset Len is set incorrect by the peer\n");
- return CURLE_BAD_CONTENT_ENCODING;
- }
-
diff --git a/external/curl/CVE-2019-3822.patch
b/external/curl/CVE-2019-3822.patch
deleted file mode 100644
index deb3edb3bccf..000000000000
--- a/external/curl/CVE-2019-3822.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <dan...@haxx.se>
-Date: Thu, 3 Jan 2019 12:59:28 +0100
-Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow
-
-Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
-Reported-by: Wenxiang Qian
-CVE-2019-3822
----
- lib/vauth/ntlm.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
-index 0ad4d972e3..6a8fc5ab3d 100644
---- a/lib/vauth/ntlm.c
-+++ b/lib/vauth/ntlm.c
-@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct
Curl_easy *data,
- });
-
- #if USE_NTRESPONSES
-- if(size < (NTLM_BUFSIZE - ntresplen)) {
-- DEBUGASSERT(size == (size_t)ntrespoff);
-- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
-- size += ntresplen;
-+ /* ntresplen + size should not be risking an integer overflow here */
-+ if(ntresplen + size > sizeof(ntlmbuf)) {
-+ failf(data, "incoming NTLM message too big");
-+ return CURLE_OUT_OF_MEMORY;
- }
-+ DEBUGASSERT(size == (size_t)ntrespoff);
-+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
-+ size += ntresplen;
-
- DEBUG_OUT({
- fprintf(stderr, "\n ntresp=");
diff --git a/external/curl/ExternalPackage_curl.mk
b/external/curl/ExternalPackage_curl.mk
index 18907f4e5a54..56c418b6ef0c 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -14,13 +14,13 @@ $(eval $(call
gb_ExternalPackage_use_external_project,curl,curl))
ifneq ($(DISABLE_DYNLOADING),TRUE)
ifeq ($(COM),MSC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),d).dll,lib/$(if
$(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll)/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),d).dll))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter
X86_64,$(CPUNAME)),x64,x86)-$(if
$(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if
$(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
else ifeq ($(OS),MACOSX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib))
else ifeq ($(OS),AIX)
$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.4.0))
+$(eval $(call
gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk
b/external/curl/ExternalProject_curl.mk
index 155ad3c31834..136e50f3a81c 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -21,7 +21,7 @@ $(eval $(call gb_ExternalProject_register_targets,curl,\
ifneq ($(OS),WNT)
curl_CPPFLAGS :=
-curl_LDFLAGS := $(if $(filter LINUX
FREEBSD,$(OS)),"-Wl$(COMMA)-z$(COMMA)origin
-Wl$(COMMA)-rpath$(COMMA)\\"\$$\$$ORIGIN)
+curl_LDFLAGS := $(if $(filter LINUX FREEBSD,$(OS)),-Wl$(COMMA)-z$(COMMA)origin
-Wl$(COMMA)-rpath$(COMMA)\$$$$ORIGIN)
ifneq ($(OS),ANDROID)
ifneq ($(SYSBASE),)
@@ -39,17 +39,15 @@ endif
# use --with-nss only on platforms other than Mac OS X and iOS
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
- CPPFLAGS="$(curl_CPPFLAGS)" \
- LDFLAGS=$(curl_LDFLAGS) \
./configure \
$(if $(filter IOS MACOSX,$(OS)),\
--with-darwinssl,\
$(if $(ENABLE_NSS),--with-nss$(if
$(SYSTEM_NSS),,="$(call
gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
- --without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls \
+ --without-ssl --without-gnutls --without-polarssl
--without-cyassl --without-axtls --without-mbedtls \
--enable-ftp --enable-http --enable-ipv6 \
- --without-libidn \
--without-libidn2 --without-libpsl --without-librtmp \
--without-libssh2 --without-metalink --without-nghttp2 \
+ --without-libssh --without-brotli \
--disable-ares \
--disable-dict --disable-file --disable-gopher
--disable-imap \
--disable-ldap --disable-ldaps --disable-manual
--disable-pop3 \
@@ -59,19 +57,33 @@ $(call gb_ExternalProject_get_state_target,curl,build):
$(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM)
--host=$(HOST_PLATFORM)) \
$(if $(filter
TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \
$(if $(ENABLE_DEBUG),--enable-debug) \
+ $(if
$(verbose),--disable-silent-rules,--enable-silent-rules) \
$(if $(filter
MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO)
\
+ $(if $(filter MACOSX,$(OS)),CFLAGS='$(CFLAGS) \
+
-mmacosx-version-min=$(MAC_OS_X_VERSION_MIN_REQUIRED_DOTS)') \
+ CPPFLAGS='$(curl_CPPFLAGS)' \
+ LDFLAGS='$(curl_LDFLAGS)' \
+ ZLIB_CFLAGS='$(ZLIB_CFLAGS)' ZLIB_LIBS='$(ZLIB_LIBS)' \
&& cd lib \
&& $(MAKE) \
)
else ifeq ($(COM),MSC)
+$(eval $(call gb_ExternalProject_use_nmake,curl,build))
+
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
- MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \
- cfg=$(if
$(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \
- EXCFLAGS="/EHs /D_CRT_SECURE_NO_DEPRECATE
/DUSE_WINDOWS_SSPI /D_USING_V110_SDK71_ $(SOLARINC)" $(if $(filter
X86_64,$(CPUNAME)),MACHINE=X64) \
- ,lib)
+ nmake -f Makefile.vc \
+ mode=dll \
+ VC=12 \
+ $(if $(filter
X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \
+ GEN_PDB=$(if $(gb_SYMBOL),yes,no) \
+ DEBUG=$(if $(MSVC_USE_DEBUG_RUNTIME),yes,no) \
+ ENABLE_IPV6=yes \
+ ENABLE_SSPI=yes \
+ ENABLE_WINSSL=yes \
+ ,winbuild)
endif
diff --git a/external/curl/UnpackedTarball_curl.mk
b/external/curl/UnpackedTarball_curl.mk
index 9e6dbac0fa28..1cdb64c0bca2 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -14,23 +14,14 @@ $(eval $(call
gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl))
$(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1))
$(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\
- lib/Makefile.vc12 \
+ winbuild/MakefileBuild.vc \
))
$(eval $(call gb_UnpackedTarball_add_patches,curl,\
external/curl/curl-msvc.patch.1 \
external/curl/curl-msvc-disable-protocols.patch.1 \
- external/curl/curl-msvc-schannel.patch.1 \
external/curl/curl-7.26.0_win-proxy.patch \
- external/curl/curl-xp.patch.1 \
- external/curl/CVE-2017-8816.patch \
- external/curl/CVE-2018-1000005.patch \
- external/curl/CVE-2018-1000007.patch \
- external/curl/CVE-2018-14618.patch \
- external/curl/CVE-2017-1000254.patch \
- external/curl/CVE-2018-1000120.patch \
- external/curl/CVE-2018-16890.patch \
- external/curl/CVE-2019-3822.patch \
+ external/curl/zlib.patch.0 \
))
ifeq ($(SYSTEM_NSS),)
@@ -39,12 +30,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\
))
endif
-ifeq ($(OS),MACOSX)
-ifneq ($(filter 1090 101000,$(MAC_OS_X_VERSION_MIN_REQUIRED)),)
-$(eval $(call gb_UnpackedTarball_add_patches,curl,\
- external/curl/curl-osx.patch.1 \
+ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE)
+$(eval $(call gb_UnpackedTarball_add_patches,curl, \
+ external/curl/clang-cl.patch.0 \
))
endif
-endif
# vim: set noet sw=4 ts=4:
diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0
new file mode 100644
index 000000000000..2f7fe567460c
--- /dev/null
+++ b/external/curl/clang-cl.patch.0
@@ -0,0 +1,11 @@
+--- winbuild/MakefileBuild.vc
++++ winbuild/MakefileBuild.vc
+@@ -60,7 +60,7 @@
+ !ELSE
+ CC_NODEBUG = $(CC) /O2 /DNDEBUG
+ CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
+-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32
/FD /c /DBUILDING_LIBCURL $(SOLARINC)
++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c
/DBUILDING_LIBCURL $(SOLARINC)
+ !ENDIF
+
+ LFLAGS = /nologo /machine:$(MACHINE)
diff --git a/external/curl/curl-7.26.0_win-proxy.patch
b/external/curl/curl-7.26.0_win-proxy.patch
index 1c478868d7d2..5361433a917b 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -1,14 +1,14 @@
---- curl-7.26.0/lib/Makefile.vc12
-+++ misc/build/curl-7.26.0/lib/Makefile.vc12
-@@ -118,7 +118,7 @@
- WINSSLLIBS = crypt32.lib
- ZLIBLIBSDLL = zdll.lib
- ZLIBLIBS = zlib.lib
--WINLIBS = ws2_32.lib wldap32.lib advapi32.lib
-+WINLIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib crypt32.lib
- CFLAGS = $(CFLAGS) $(EXCFLAGS)
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 17:15:22.969492548
+0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 17:16:38.491490679 +0200
+@@ -72,7 +72,7 @@
- CFGSET = FALSE
+ CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB
+
+-WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib
++WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib winhttp.lib
+
+ BASE_NAME = libcurl
+ BASE_NAME_DEBUG = $(BASE_NAME)_debug
--- curl-7.26.0/lib/url.c
+++ misc/build/curl-7.26.0/lib/url.c
@@ -78,6 +78,10 @@
@@ -23,9 +23,9 @@
#include "netrc.h"
@@ -4586,6 +4590,21 @@
- return FALSE;
}
+ #ifndef CURL_DISABLE_HTTP
+#ifdef _WIN32
+static char *wstrToCstr(LPWSTR wStr)
+{
@@ -44,20 +44,12 @@
/****************************************************************
* Detect what (if any) proxy to use. Remember that this selects a host
* name and is not limited to HTTP proxies only.
-@@ -4594,6 +4613,7 @@
- static char *detect_proxy(struct connectdata *conn)
- {
- char *proxy = NULL;
-+ char *no_proxy=NULL;
-
- #ifndef CURL_DISABLE_HTTP
- /* If proxy was not specified, we check for default proxy environment
-@@ -4613,7 +4633,64 @@
+@@ -4613,6 +4633,66 @@
* For compatibility, the all-uppercase versions of these variables are
* checked if the lowercase versions don't exist.
*/
-- char *no_proxy=NULL;
+#ifdef _WIN32
++ char *no_proxy = NULL;
+ WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig;
+ ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *)
+ malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG));
@@ -114,15 +106,16 @@
+ GlobalFree(ieProxyConfig->lpszProxy);
+ GlobalFree(ieProxyConfig->lpszProxyBypass);
+ }
++ free(no_proxy);
+#else /* !WIN32 */
char proxy_env[128];
-
- no_proxy=curl_getenv("no_proxy");
+ const char *protop = conn->handler->scheme;
+ char *envp = proxy_env;
@@ -4663,6 +4739,7 @@
- }
- } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
- non-proxy */
+ }
+ if(proxy)
+ infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
+#endif /* WIN32 */
- free(no_proxy);
- #else /* !CURL_DISABLE_HTTP */
+ return proxy;
+ }
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1
b/external/curl/curl-msvc-disable-protocols.patch.1
index 38ff5ccb5ac0..c8747a5fcc1d 100644
--- a/external/curl/curl-msvc-disable-protocols.patch.1
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -22,3 +22,14 @@ disable protocols nobody needs in MSVC build
+#define CURL_DISABLE_TFTP 1
+
#endif /* HEADER_CURL_CONFIG_WIN32_H */
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 23:41:21.393200000
+0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 23:34:16.028000000 +0200
+@@ -431,7 +431,7 @@
+
+ EXE_OBJS = $(CURL_OBJS) $(CURL_DIROBJ)\curl.res
+
+-all : $(TARGET) $(PROGRAM_NAME)
++all : $(TARGET)
+
+ package: $(TARGET)
+ @cd $(DIRDIST)
diff --git a/external/curl/curl-msvc-schannel.patch.1
b/external/curl/curl-msvc-schannel.patch.1
deleted file mode 100644
index 96768aa3f92c..000000000000
--- a/external/curl/curl-msvc-schannel.patch.1
+++ /dev/null
@@ -1,22 +0,0 @@
-MSVC: use WNT native Schannel SSL/TLS implementation
-
---- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100
-+++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100
-@@ -260,7 +260,7 @@
- TARGET = $(LIBCURL_DYN_LIB_REL)
- DIROBJ = $(CFG)
- LNK = $(LNKDLL) $(WINLIBS) /out:$(DIROBJ)\$(TARGET)
/IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_REL)
--CC = $(CCNODBG) $(RTLIB)
-+CC = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL)
- CFGSET = TRUE
- RESOURCE = $(DIROBJ)\libcurl.res
- !ENDIF
-@@ -427,7 +427,7 @@
- TARGET = $(LIBCURL_DYN_LIB_DBG)
- DIROBJ = $(CFG)
- LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET)
/IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB)
--CC = $(CCDEBUG) $(RTLIBD)
-+CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL)
- CFGSET = TRUE
- RESOURCE = $(DIROBJ)\libcurl.res
- !ENDIF
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 57a292bb69a3..80160958c99d 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -1,27 +1,27 @@
-MSVC: using SOLARINC and EXCFLAGS
+MSVC: using SOLARINC
---- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400
-+++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400
-@@ -117,7 +117,7 @@
- ZLIBLIBSDLL = zdll.lib
- ZLIBLIBS = zlib.lib
- WINLIBS = ws2_32.lib wldap32.lib advapi32.lib
--CFLAGS = $(CFLAGS)
-+CFLAGS = $(CFLAGS) $(EXCFLAGS)
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 16:36:07.713550851
+0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 16:38:19.301547594 +0200
+@@ -60,7 +60,7 @@
+ !ELSE
+ CC_NODEBUG = $(CC) /O2 /DNDEBUG
+ CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
+-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32
/FD /c /DBUILDING_LIBCURL
++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32
/FD /c /DBUILDING_LIBCURL $(SOLARINC)
+ !ENDIF
- CFGSET = FALSE
+ LFLAGS = /nologo /machine:$(MACHINE)
+@@ -300,11 +300,11 @@
+ # CURL_XX macros are for the curl.exe command
-@@ -620,11 +620,11 @@
- debug-dll-ssl-dll\libcurl.res \
- debug-dll-zlib-dll\libcurl.res \
- debug-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc
-- rc /dDEBUGBUILD=1 /Fo $@ libcurl.rc
-+ rc $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ libcurl.rc
-
- release-dll\libcurl.res \
- release-dll-ssl-dll\libcurl.res \
- release-dll-zlib-dll\libcurl.res \
- release-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc
-- rc /dDEBUGBUILD=0 /Fo $@ libcurl.rc
-+ rc $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ libcurl.rc
- !ENDIF # End of case where a config was provided.
+ !IF "$(DEBUG)"=="yes"
+-RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+ CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG)
+ CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ !ELSE
+-RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+ CURL_CC = $(CC_NODEBUG) $(RTLIB)
+ CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ !ENDIF
diff --git a/external/curl/curl-osx.patch.1 b/external/curl/curl-osx.patch.1
deleted file mode 100644
index 7694a1dcda2c..000000000000
--- a/external/curl/curl-osx.patch.1
+++ /dev/null
@@ -1,285 +0,0 @@
-From efebf4d4f882a57a98a0653d21d543cd4132d23d Mon Sep 17 00:00:00 2001
-From: Palo Markovic <pavol.marko...@kompiler.info>
-Date: Sat, 18 Mar 2017 16:37:02 +1300
-Subject: [PATCH] macOS: Fixed crash on 10.8 caused by missing connectx()
- function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The connectx() function call appeared in Darwin 15.0.0
-That covers OS X 10.11, iOS 9 and tvOS 9.
-
-Because connectx is not declared with weak_import attribute it’s not possible
-to build libcurl on OS X 10.11 and later and target systems which don’t have
-_connectx symbol declared in libsystem_kernel.dylib (i.e. OS 10.8 and earlier).
-
-Solution is to use connectx only on platforms that officially support it
-i.e. by defining CFLAGS="-mmacosx-version-min=10.11" in configure step.
-
-Note: It is possible to conditionally use connectx() in libcurl targeting
-range of systems based on availability determined during runtime using dlsym().
-
-[Bug: https://github.com/curl/curl/issues/1330]
----
- lib/connect.c | 2 +-
- lib/curl_setup.h | 16 ++++++++++++++++
- lib/url.c | 2 +-
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/lib/connect.c b/lib/connect.c
-index 197eff242f..33251914b8 100644
---- a/lib/connect.c
-+++ b/lib/connect.c
-@@ -1075,7 +1075,7 @@ static CURLcode singleipconnect(struct connectdata *conn,
- /* Connect TCP sockets, bind UDP */
- if(!isconnected && (conn->socktype == SOCK_STREAM)) {
- if(conn->bits.tcp_fastopen) {
--#if defined(CONNECT_DATA_IDEMPOTENT) /* OS X */
-+#if defined(HAVE_DARWIN_CONNECTX) /* Darwin */
- sa_endpoints_t endpoints;
- endpoints.sae_srcif = 0;
- endpoints.sae_srcaddr = NULL;
-diff --git a/lib/curl_setup.h b/lib/curl_setup.h
-index 0fe3633ec7..8643e1fd28 100644
---- a/lib/curl_setup.h
-+++ b/lib/curl_setup.h
-@@ -762,4 +762,20 @@ endings either CRLF or LF so 't' is appropriate.
- # endif
- # endif
-
-+/* Detect Darwin connectx() function availability.
-+ * The connectx() function call appeared in Darwin 15.0.0
-+ * but it's not declared using availability attribute.
-+ */
-+#if defined(__MAC_OS_X_VERSION_MIN_REQUIRED)
-+# if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101100)
-+# define HAVE_DARWIN_CONNECTX 1
-+# endif
-+#elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
-+# if (__IPHONE_OS_VERSION_MIN_REQUIRED >= 90000)
-+# define HAVE_DARWIN_CONNECTX 1
-+# endif
-+#elif defined(CONNECT_DATA_IDEMPOTENT) /* Fallback for other Darwin OS */
-+# define HAVE_DARWIN_CONNECTX 1
-+#endif
-+
- #endif /* HEADER_CURL_SETUP_H */
-diff --git a/lib/url.c b/lib/url.c
-index 03feaa20f7..08fbe5132b 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -2834,7 +2834,7 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption
option,
- data->set.tcp_keepintvl = va_arg(param, long);
- break;
- case CURLOPT_TCP_FASTOPEN:
--#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN)
-+#if defined(HAVE_DARWIN_CONNECTX) || defined(MSG_FASTOPEN)
- data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE;
- #else
- result = CURLE_NOT_BUILT_IN;
-From 45756a8a23967570da1390f9b1475c1db38a52d1 Mon Sep 17 00:00:00 2001
-From: Palo Markovic <pavol.marko...@kompiler.info>
-Date: Sat, 25 Mar 2017 13:20:51 +1300
-Subject: [PATCH] macOS: moved connectx check to configuration phase
-
----
- acinclude.m4 | 40 ++++++++++++++++++++++++++++++++++++++++
- configure.ac | 1 +
- lib/connect.c | 2 +-
- lib/curl_setup.h | 16 ----------------
- lib/url.c | 2 +-
- 5 files changed, 43 insertions(+), 18 deletions(-)
-
-diff --git a/acinclude.m4 b/acinclude.m4
-index 2abae8d8ad..769e67c510 100644
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -3243,3 +3243,43 @@ AC_DEFUN([CURL_MAC_CFLAGS], [
- fi
-
- ])
-+
-+
-+dnl CURL_CHECK_FUNC_CONNECTX
-+dnl
-+dnl Check if connectx() function is present.
-+dnl The connectx() function call appeared in Darwin 15.0.0
-+dnl but it's not declared using availability attribute.
-+dnl Additionally _connectx symbol is part of OS X 10.9/10.10
-+dnl system lib but does not have specified functionality.
-+dnl
-+
-+AC_DEFUN([CURL_CHECK_FUNC_CONNECTX], [
-+ AC_REQUIRE([CURL_MAC_CFLAGS])dnl
-+ AC_CHECK_FUNCS([connectx])
-+ AC_MSG_CHECKING([if connectx is available in deployment target])
-+ AC_COMPILE_IFELSE(
-+ [AC_LANG_PROGRAM([[
-+#if defined(HAVE_CONNECTX)
-+# include <Availability.h>
-+# if defined(__MAC_OS_X_VERSION_MIN_REQUIRED)
-+# if (__MAC_OS_X_VERSION_MIN_REQUIRED < 101100)
-+# error Function requires deployment target OS X 10.11 or later
-+# endif
-+# elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
-+# if (__IPHONE_OS_VERSION_MIN_REQUIRED < 90000)
-+# error Function requires deployment target iOS 9.0 or later
-+# endif
-+# endif
-+#else
-+# error Function not present in the headers
-+#endif
-+ ]])],
-+ [
-+ AC_DEFINE(HAVE_VALID_CONNECTX, 1,
-+ [Set to 1 if connectx() function have specified functionality.])
-+ AC_MSG_RESULT([yes])
-+ ],
-+ [AC_MSG_RESULT([no])]
-+ )
-+])
-diff --git a/configure.ac b/configure.ac
-index abd0def369..a3930447c3 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3226,6 +3226,7 @@ CURL_CHECK_FUNC_BASENAME
- CURL_CHECK_FUNC_CLOSESOCKET
- CURL_CHECK_FUNC_CLOSESOCKET_CAMEL
- CURL_CHECK_FUNC_CONNECT
-+CURL_CHECK_FUNC_CONNECTX
- CURL_CHECK_FUNC_FCNTL
- CURL_CHECK_FUNC_FDOPEN
- CURL_CHECK_FUNC_FREEADDRINFO
-diff --git a/lib/connect.c b/lib/connect.c
-index 33251914b8..8c5e45aea5 100644
---- a/lib/connect.c
-+++ b/lib/connect.c
-@@ -1075,7 +1075,7 @@ static CURLcode singleipconnect(struct connectdata *conn,
- /* Connect TCP sockets, bind UDP */
- if(!isconnected && (conn->socktype == SOCK_STREAM)) {
- if(conn->bits.tcp_fastopen) {
--#if defined(HAVE_DARWIN_CONNECTX) /* Darwin */
-+#if defined(HAVE_VALID_CONNECTX) /* Darwin */
- sa_endpoints_t endpoints;
- endpoints.sae_srcif = 0;
- endpoints.sae_srcaddr = NULL;
-diff --git a/lib/curl_setup.h b/lib/curl_setup.h
-index 8643e1fd28..0fe3633ec7 100644
---- a/lib/curl_setup.h
-+++ b/lib/curl_setup.h
-@@ -762,20 +762,4 @@ endings either CRLF or LF so 't' is appropriate.
- # endif
- # endif
-
--/* Detect Darwin connectx() function availability.
-- * The connectx() function call appeared in Darwin 15.0.0
-- * but it's not declared using availability attribute.
-- */
--#if defined(__MAC_OS_X_VERSION_MIN_REQUIRED)
--# if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101100)
--# define HAVE_DARWIN_CONNECTX 1
--# endif
--#elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
--# if (__IPHONE_OS_VERSION_MIN_REQUIRED >= 90000)
--# define HAVE_DARWIN_CONNECTX 1
--# endif
--#elif defined(CONNECT_DATA_IDEMPOTENT) /* Fallback for other Darwin OS */
--# define HAVE_DARWIN_CONNECTX 1
--#endif
--
- #endif /* HEADER_CURL_SETUP_H */
-diff --git a/lib/url.c b/lib/url.c
-index 08fbe5132b..7160ae041d 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -2834,7 +2834,7 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption
option,
- data->set.tcp_keepintvl = va_arg(param, long);
- break;
- case CURLOPT_TCP_FASTOPEN:
--#if defined(HAVE_DARWIN_CONNECTX) || defined(MSG_FASTOPEN)
-+#if defined(HAVE_VALID_CONNECTX) || defined(MSG_FASTOPEN)
- data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE;
- #else
- result = CURLE_NOT_BUILT_IN;
-From 113088ac81edbb9d51582a114d006bf60e3e6a87 Mon Sep 17 00:00:00 2001
-From: Palo Markovic <pavol.marko...@kompiler.info>
-Date: Wed, 5 Apr 2017 06:04:42 +1200
-Subject: [PATCH] macOS: added connectx check for cmake
-
----
- CMake/CurlTests.c | 18 ++++++++++++++++++
- CMakeLists.txt | 9 +++++++++
- lib/curl_config.h.cmake | 6 ++++++
- 3 files changed, 33 insertions(+)
-
-diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c
-index bc36c8ef7d..7077059f9c 100644
---- a/CMake/CurlTests.c
-+++ b/CMake/CurlTests.c
-@@ -533,3 +533,21 @@ main() {
- return 0;
- }
- #endif
-+#ifdef HAVE_VALID_CONNECTX
-+# include <Availability.h>
-+# include <sys/socket.h>
-+# if defined(__MAC_OS_X_VERSION_MIN_REQUIRED)
-+# if (__MAC_OS_X_VERSION_MIN_REQUIRED < 101100)
-+# error Function requires deployment target OS X 10.11 or later
-+# endif
-+# elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
-+# if (__IPHONE_OS_VERSION_MIN_REQUIRED < 90000)
-+# error Function requires deployment target iOS 9.0 or later
-+# endif
-+# endif
-+
-+main() {
-+ connectx(0, 0, 0, 0, 0, 0, 0, 0);
-+ return 0;
-+}
-+#endif
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 8390c38c99..ab8be51ebc 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -849,6 +849,15 @@ check_symbol_exists(fcntl "${CURL_INCLUDES}"
HAVE_FCNTL)
- check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL)
- check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT)
-
-+# The connectx() function call appeared in Darwin 15.0.0
-+# but it's not declared using availability attribute.
-+# Additionally _connectx symbol is part of OS X 10.9/10.10
-+# system lib but does not have specified functionality.
-+check_symbol_exists(connectx "${CURL_INCLUDES}" HAVE_CONNECTX)
-+if(HAVE_CONNECTX)
-+ curl_internal_test_run(HAVE_VALID_CONNECTX)
-+endif(HAVE_CONNECTX)
-+
- # symbol exists in win32, but function does not.
- check_function_exists(inet_pton HAVE_INET_PTON)
-
-diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
-index 9fcdd97f98..6fc4415a8d 100644
---- a/lib/curl_config.h.cmake
-+++ b/lib/curl_config.h.cmake
-@@ -130,6 +130,9 @@
- /* Define to 1 if bool is an available type. */
- #cmakedefine HAVE_BOOL_T 1
-
-+/* Define to 1 if you have the connectx function. */
-+#cmakedefine HAVE_CONNECTX 1
-+
- /* Define to 1 if you have the clock_gettime function and monotonic timer. */
- #cmakedefine HAVE_CLOCK_GETTIME_MONOTONIC 1
-
-@@ -719,6 +722,9 @@
- /* Define to 1 if you have the <utime.h> header file. */
- #cmakedefine HAVE_UTIME_H 1
-
-+/* Define to 1 if you have valid connectx function. */
-+#cmakedefine HAVE_VALID_CONNECTX 1
-+
- /* Define to 1 if compiler supports C99 variadic macro style. */
- #cmakedefine HAVE_VARIADIC_MACROS_C99 1
-
diff --git a/external/curl/curl-xp.patch.1 b/external/curl/curl-xp.patch.1
deleted file mode 100644
index 9e4163e3eab1..000000000000
--- a/external/curl/curl-xp.patch.1
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur curl.org/src/Makefile.vc10 curl/src/Makefile.vc10
---- curl.org/src/Makefile.vc10 2016-07-04 03:45:24.102995951 +0200
-+++ curl/src/Makefile.vc10 2016-07-04 03:48:00.547835559 +0200
-@@ -127,7 +127,7 @@
- LINKD = link.exe /incremental:yes /debug /libpath:"../lib"
- RCD = rc.exe /dDEBUGBUILD=1
-
--CFLAGS = /I../lib /I../include /nologo /W3 /EHsc /DWIN32 /FD /c
/D_BIND_TO_CURRENT_VCLIBS_VERSION=1
-+CFLAGS = /I../lib /I../include /nologo /W3 /EHsc /DWIN32 /FD /c
/D_BIND_TO_CURRENT_VCLIBS_VERSION=1 /D_WIN32_WINNT=0x0502
- LFLAGS = /nologo /out:$(PROGRAM_NAME) /subsystem:console /machine:$(MACHINE)
- RESFLAGS = /i../include
-
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
new file mode 100644
index 000000000000..b3e821039740
--- /dev/null
+++ b/external/curl/zlib.patch.0
@@ -0,0 +1,100 @@
+--- configure
++++ configure
+@@ -937,8 +937,8 @@
+ ZLIB_LIBS
+ HAVE_LIBZ_FALSE
+ HAVE_LIBZ_TRUE
+-HAVE_LIBZ
+ PKGCONFIG
++HAVE_LIBZ
+ CURL_DISABLE_GOPHER
+ CURL_DISABLE_SMTP
+ CURL_DISABLE_SMB
+@@ -20709,7 +20709,6 @@
+ clean_CPPFLAGS=$CPPFLAGS
+ clean_LDFLAGS=$LDFLAGS
+ clean_LIBS=$LIBS
+-ZLIB_LIBS=""
+
+ # Check whether --with-zlib was given.
+ if test "${with_zlib+set}" = set; then :
+@@ -20718,6 +20719,7 @@
+
+
+ if test "$OPT_ZLIB" = "no" ; then
++ ZLIB_LIBS=""
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5
+ $as_echo "$as_me: WARNING: zlib disabled" >&2;}
+ else
+@@ -20725,6 +20725,21 @@
+ OPT_ZLIB=""
+ fi
+
++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then
++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS"
++ LIBS="$ZLIB_LIBS $LIBS"
++ HAVE_LIBZ="1"
++
++
++$as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
++
++
++$as_echo "#define HAVE_LIBZ 1" >>confdefs.h
++
++ AMFIXLIB="1"
++ else
++ ZLIB_LIBS=""
++
+ if test -z "$OPT_ZLIB" ; then
+
+ if test -n "$PKG_CONFIG"; then
+@@ -21005,6 +21020,7 @@
+ $as_echo "$as_me: found both libz and libz.h header" >&6;}
+ curl_zlib_msg="enabled"
+ fi
++ fi
+ fi
+
+ if test x"$AMFIXLIB" = x1; then
+--- configure.ac
++++ configure.ac
+@@ -880,19 +880,30 @@
+ clean_CPPFLAGS=$CPPFLAGS
+ clean_LDFLAGS=$LDFLAGS
+ clean_LIBS=$LIBS
+-ZLIB_LIBS=""
+ AC_ARG_WITH(zlib,
+ AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
+ AC_HELP_STRING([--without-zlib],[disable use of zlib]),
+ [OPT_ZLIB="$withval"])
+
+ if test "$OPT_ZLIB" = "no" ; then
++ ZLIB_LIBS=""
+ AC_MSG_WARN([zlib disabled])
+ else
+ if test "$OPT_ZLIB" = "yes" ; then
+ OPT_ZLIB=""
+ fi
+
++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then
++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS"
++ LIBS="$ZLIB_LIBS $LIBS"
++ HAVE_LIBZ="1"
++ AC_SUBST(HAVE_LIBZ)
++ AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file])
++ AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available])
++ AMFIXLIB="1"
++ else
++ ZLIB_LIBS=""
++
+ if test -z "$OPT_ZLIB" ; then
+ CURL_CHECK_PKGCONFIG(zlib)
+
+@@ -975,6 +986,7 @@
+ AC_MSG_NOTICE([found both libz and libz.h header])
+ curl_zlib_msg="enabled"
+ fi
++ fi
+ fi
+
+ dnl set variable for use in automakefile(s)
commit 84e7cf27300fd98101c92af976eaf44c69b4c102
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 25 10:44:13 2021 +0100
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Tue Apr 5 14:48:24 2022 +0200
upgrade to Expat 2.4.1
drop ubsan patch in favour of fix applied as
https://github.com/libexpat/libexpat/pull/398
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116102
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 740d12d8a8294d4bfd28e6c3e4cf1e0ed560b198)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119422
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Change-Id: I59eb9e24206b9a4cf323b7f7d48d8df0792a1c46
diff --git a/download.lst b/download.lst
index 57bcc496f3de..e14c0ecef12f 100644
--- a/download.lst
+++ b/download.lst
@@ -41,8 +41,8 @@ export EPM_TARBALL :=
3ade8cfe7e59ca8e65052644fed9fca4-epm-3.7.tar.gz
export ETONYEK_SHA256SUM :=
032f53e8d7691e48a73ddbe74fa84c906ff6ff32a33e6ee2a935b6fdb6aecb78
export ETONYEK_VERSION_MICRO := 6
export ETONYEK_TARBALL := libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.bz2
-export EXPAT_SHA256SUM :=
9a130948b05a82da34e4171d5f5ae5d321d9630277af02c8fa51e431f6475102
-export EXPAT_TARBALL := expat-2.2.8.tar.bz2
+export EXPAT_SHA256SUM :=
2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40
+export EXPAT_TARBALL := expat-2.4.1.tar.bz2
export FIREBIRD_SHA256SUM :=
6994be3555e23226630c587444be19d309b25b0fcf1f87df3b4e3f88943e5860
export FIREBIRD_TARBALL := Firebird-3.0.0.32483-0.tar.bz2
export FONTCONFIG_SHA256SUM :=
b449a3e10c47e1d1c7a6ec6e2016cca73d3bd68fbbd4f0ae5cc6b573f7d6c7f3
diff --git a/external/expat/expat-winapi.patch
b/external/expat/expat-winapi.patch
index b33c12b83b4c..bd4da1472fc8 100644
--- a/external/expat/expat-winapi.patch
+++ b/external/expat/expat-winapi.patch
@@ -11,3 +11,17 @@
# endif
#endif /* not defined XML_STATIC */
+--- misc/expat-2.1.0/lib/xmlparse.c 2021-05-23 16:56:25.000000000 +0100
++++ misc/build/expat-2.1.0/lib/xmlparse.c 2021-05-25 12:42:11.997173600
+0100
+@@ -92,6 +92,11 @@
+
+ #include <expat_config.h>
+
++#ifdef _WIN32
++# undef HAVE_GETRANDOM
++# undef HAVE_SYSCALL_GETRANDOM
++#endif
++
+ #include "ascii.h"
+ #include "expat.h"
+ #include "siphash.h"
