diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2022-10-26 11:07:49 +0200 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-10-26 18:21:32 +0200 |
commit | 6e0dcc3f8a34c8ec55cb8090b6fe9c8b1faa84ad (patch) | |
tree | bc95e6a8c01460a76f2f4367fa5eb84b012fc90c | |
parent | 76c5185c0aa18a9bf4c76a6fcb22f3b67ccc4f33 (diff) |
curl: upgrade to release 7.86.0
Fixes CVE-2022-32221 which could affect libcmis, CVE-2022-42915,
and 2 more CVEs that probably don't affect LO.
* remove --without-ssl:
On the one hand, on GNU/Linux this now results in:
configure: error: --without-ssl has been set together with an explicit option to use an ssl library
On the other hand, using the more obvious --without-openssl yields a link
failure on Android on the nss check in configure:
configure:28220: checking for SSL_VersionRangeSet in -lnss
/home/cl/Android/Sdk/ndk/20.1.5948944/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/aarch64-linux-android/4.9.x/../../../../aarch64-linux-android/bin/ld: warning: liblog.so, needed by /home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnss3.so, not found (try using -rpath or -rpath-link)
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_write'
/home/cl/rpmbuild/BUILD/lo-android2/workdir/UnpackedTarball/nss/dist/out/lib/libnspr4.so: undefined reference to `__android_log_assert'
... so add the -llog for android in curl-nss.patch.1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141866
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit a76a88203d8508f38b10d9bbb94c3bba2485fcaf)
Change-Id: I3931a1eec2d681c2ce0e5695039492772e9fcc81
-rw-r--r-- | download.lst | 4 | ||||
-rw-r--r-- | external/curl/ExternalProject_curl.mk | 2 | ||||
-rw-r--r-- | external/curl/curl-7.26.0_win-proxy.patch | 8 | ||||
-rw-r--r-- | external/curl/curl-nss.patch.1 | 7 |
4 files changed, 13 insertions, 8 deletions
diff --git a/download.lst b/download.lst index 01ac4215ec20..42dcf2002246 100644 --- a/download.lst +++ b/download.lst @@ -27,8 +27,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := 88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6 -export CURL_TARBALL := curl-7.85.0.tar.xz +export CURL_SHA256SUM := 2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b +export CURL_TARBALL := curl-7.86.0.tar.xz export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64 diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 2bf98e2b2e3e..5ef2cd66ac5d 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -43,7 +43,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): $(if $(filter IOS MACOSX,$(OS)),\ --with-secure-transport,\ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out") --with-nss-deprecated,--without-nss)) \ - --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ + --without-openssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index c5498c3fdebb..f58736f2b46f 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -12,18 +12,18 @@ --- curl-7.26.0/lib/url.c +++ misc/build/curl-7.26.0/lib/url.c @@ -78,6 +78,10 @@ - bool curl_win32_idn_to_ascii(const char *in, char **out); + bool Curl_win32_idn_to_ascii(const char *in, char **out); #endif /* USE_LIBIDN2 */ +#ifdef _WIN32 +#include <WinHttp.h> +#endif + + #include "doh.h" #include "urldata.h" #include "netrc.h" - @@ -4586,6 +4590,21 @@ - } + #ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_HTTP +#ifdef _WIN32 @@ -72,7 +72,7 @@ + } + } + -+ if(!check_noproxy(conn->host.name, no_proxy)) { ++ if(!Curl_check_noproxy(conn->host.name, no_proxy)) { + /* Look for the http proxy setting */ + char *tok; + char *saveptr; diff --git a/external/curl/curl-nss.patch.1 b/external/curl/curl-nss.patch.1 index 016cd109c7a2..5ef25748d7eb 100644 --- a/external/curl/curl-nss.patch.1 +++ b/external/curl/curl-nss.patch.1 @@ -1,12 +1,17 @@ diff -ur curl.org/configure curl/configure --- curl.org/configure 2016-03-13 15:14:07.177000076 +0100 +++ curl/configure 2016-03-13 15:16:44.132000076 +0100 -@@ -27985,7 +27985,7 @@ +@@ -27985,7 +27985,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 printf "%s\n" "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lnssutil3" ++ case $host_os in ++ *android*) ++ addlib="${addlib} -llog" ++ ;; ++ esac addcflags="-I$OPT_NSS/include" version="unknown" nssprefix=$OPT_NSS |