curl: Bump to 7.72.0
authorRISCi_ATOM <bob@bobcall.me>
Thu, 27 Aug 2020 15:45:28 +0000 (11:45 -0400)
committerRISCi_ATOM <bob@bobcall.me>
Thu, 27 Aug 2020 15:45:28 +0000 (11:45 -0400)
* Removes previous CVE patches.

* Uses wolfssl as the default.

package/network/utils/curl/Config.in
package/network/utils/curl/Makefile
package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch [new file with mode: 0644]
package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch [deleted file]
package/network/utils/curl/patches/101-CVE-2020-8169.patch [deleted file]
package/network/utils/curl/patches/200-no_docs_tests.patch

index 9afeb00bc778e7210947fc7961ec5561d31cca31..05effa0e7b66a1b6d29f50d2dd68ac5a9b9ede2a 100644 (file)
@@ -4,7 +4,7 @@ comment "SSL support"
 
 choice
        prompt "Selected SSL library"
-       default LIBCURL_MBEDTLS
+       default LIBCURL_WOLFSSL
 
        config LIBCURL_MBEDTLS
                bool "mbed TLS"
index 6c4a299ff9137359bb6abcdcef8fa8acbf3989c6..c70bfdff20fc285b576a61d51ed2ef659576848a 100644 (file)
@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=curl
-PKG_VERSION:=7.66.0
-PKG_RELEASE:=3
+PKG_VERSION:=7.72.0
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
        https://curl.mirror.anstey.ca/ \
        https://curl.askapache.com/download/ \
        https://curl.haxx.se/download/
-PKG_HASH:=dbb48088193016d079b97c5c3efde8efa56ada2ebf336e8a97d04eb8e2ed98c1
+PKG_HASH:=0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
@@ -64,7 +64,11 @@ PKG_CONFIG_DEPENDS:= \
   CONFIG_LIBCURL_TLS_SRP \
   CONFIG_LIBCURL_UNIX_SOCKETS \
   CONFIG_LIBCURL_VERBOSE \
-  CONFIG_LIBCURL_NTLM
+  CONFIG_LIBCURL_NTLM \
+  $(if $(CONFIG_LIBCURL_OPENSSL), \
+       CONFIG_OPENSSL_ENGINE \
+       CONFIG_OPENSSL_WITH_COMPRESSION \
+       CONFIG_OPENSSL_WITH_NPN)
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -114,11 +118,12 @@ CONFIGURE_ARGS += \
        --without-libidn \
        --without-ca-path \
        --without-libpsl \
+       --without-zstd \
        --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
        \
        $(call autoconf_bool,CONFIG_IPV6,ipv6) \
        \
-       $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
+       $(if $(CONFIG_LIBCURL_WOLFSSL),--with-wolfssl="$(STAGING_DIR)/usr",--without-wolfssl) \
        $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
        $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
        $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \
diff --git a/package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch b/package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch
new file mode 100644 (file)
index 0000000..a77e5c6
--- /dev/null
@@ -0,0 +1,31 @@
+From 510d98157f21dee5793c4e975fde3317b6139267 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Aug 2020 16:28:34 +0200
+Subject: [PATCH] configure: fix pkg-config detecting wolfssl
+
+When amending the include path with "/wolfssl", this now properly strips
+off all whitespace from the path variable! Previously this would lead to
+pkg-config builds creating bad command lines.
+
+Closes #5848
+---
+ configure.ac | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -2474,8 +2474,12 @@ if test -z "$ssl_backends" -o "x$OPT_WOL
+             AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1,
+                       [if you have wolfSSL_DES_ecb_encrypt])
+             if test -n "$addcflags"; then
+-              CPPFLAGS="$addcflags/wolfssl $CPPFLAGS"
+-              AC_MSG_NOTICE([Add $addcflags/wolfssl to CPPFLAGS])
++              dnl use a for loop to strip off whitespace
++              for f in $addcflags; do
++                CPPFLAGS="$f/wolfssl $CPPFLAGS"
++                AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS])
++                break
++              done
+             else
+               dnl user didn't give a path, so guess/hope they installed wolfssl
+               dnl headers to system default location
diff --git a/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch
deleted file mode 100644 (file)
index 254d678..0000000
+++ /dev/null
@@ -1,44 +0,0 @@
-From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 7 Nov 2019 10:13:01 +0100
-Subject: [PATCH] file: on Windows, refuse paths that start with \\
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... as that might cause an unexpected SMB connection to a given host
-name.
-
-Reported-by: Fernando Muñoz
-CVE-2019-15601
-Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
-
-Signed-off-by: Petr Štetiar <ynezz@true.cz>
----
- lib/file.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/file.c b/lib/file.c
-index d349cd9241cd..166931d7f1ba 100644
---- a/lib/file.c
-+++ b/lib/file.c
-@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
-   struct Curl_easy *data = conn->data;
-   char *real_path;
-   struct FILEPROTO *file = data->req.protop;
--  int fd;
-+  int fd = -1;
- #ifdef DOS_FILESYSTEM
-   size_t i;
-   char *actual_path;
-@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
-       return CURLE_URL_MALFORMAT;
-     }
--  fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
-+  if(strncmp("\\\\", actual_path, 2))
-+    /* refuse to open path that starts with two backslashes */
-+    fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
-   file->path = actual_path;
- #else
-   if(memchr(real_path, 0, real_path_len)) {
diff --git a/package/network/utils/curl/patches/101-CVE-2020-8169.patch b/package/network/utils/curl/patches/101-CVE-2020-8169.patch
deleted file mode 100644 (file)
index 718621b..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 14 May 2020 14:37:12 +0200
-Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
-
-Found-by: Gregory Jefferis
-Reported-by: Jeroen Ooms
-Added test 1168 to verify. Bug spotted when doing a redirect.
-Bug: https://github.com/jeroen/curl/issues/224
-Closes #5400
----
- lib/url.c               |  6 ++--
- tests/data/Makefile.inc |  1 +
- tests/data/test1168     | 78 +++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 83 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test1168
-
-diff --git a/lib/url.c b/lib/url.c
-index f250f2ff20a..9b8b2bdde64 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -2788,12 +2788,14 @@ static CURLcode override_login(struct Curl_easy *data,
-   /* for updated strings, we update them in the URL */
-   if(user_changed) {
--    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
-+    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
-+                      CURLU_URLENCODE);
-     if(uc)
-       return Curl_uc_to_curlcode(uc);
-   }
-   if(passwd_changed) {
--    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
-+    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
-+                      CURLU_URLENCODE);
-     if(uc)
-       return Curl_uc_to_curlcode(uc);
-   }
index e52694e2c91d261143a456bd56dbd8425eaf8d99..b5f92b58c8e219a83fd025c2079a28d4270ecbf8 100644 (file)
@@ -1,6 +1,6 @@
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -179,7 +179,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
+@@ -192,7 +192,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
  bin_SCRIPTS = curl-config
  
  SUBDIRS = lib src
@@ -9,14 +9,14 @@
  
  pkgconfigdir = $(libdir)/pkgconfig
  pkgconfig_DATA = libcurl.pc
-@@ -290,8 +290,8 @@ cygwinbin:
+@@ -303,8 +303,8 @@ cygwinbin:
  # We extend the standard install with a custom hook:
  install-data-hook:
-       cd include && $(MAKE) install
--      cd docs && $(MAKE) install
--      cd docs/libcurl && $(MAKE) install
-+      #cd docs && $(MAKE) install
-+      #cd docs/libcurl && $(MAKE) install
+       (cd include && $(MAKE) install)
+-      (cd docs && $(MAKE) install)
+-      (cd docs/libcurl && $(MAKE) install)
++      #(cd docs && $(MAKE) install)
++      #(cd docs/libcurl && $(MAKE) install)
  
  # We extend the standard uninstall with a custom hook:
  uninstall-hook: