From acbba607472834bc25cdc9da6e940073d1f5d016 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Thu, 27 Aug 2020 11:45:28 -0400 Subject: [PATCH] curl: Bump to 7.72.0 * Removes previous CVE patches. * Uses wolfssl as the default. --- package/network/utils/curl/Config.in | 2 +- package/network/utils/curl/Makefile | 15 ++++--- ...ure-fix-pkg-config-detecting-wolfssl.patch | 31 +++++++++++++ ...Windows-refuse-paths-that-start-with.patch | 44 ------------------- .../curl/patches/101-CVE-2020-8169.patch | 38 ---------------- .../curl/patches/200-no_docs_tests.patch | 14 +++--- 6 files changed, 49 insertions(+), 95 deletions(-) create mode 100644 package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch delete mode 100644 package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch delete mode 100644 package/network/utils/curl/patches/101-CVE-2020-8169.patch diff --git a/package/network/utils/curl/Config.in b/package/network/utils/curl/Config.in index 9afeb00bc7..05effa0e7b 100644 --- a/package/network/utils/curl/Config.in +++ b/package/network/utils/curl/Config.in @@ -4,7 +4,7 @@ comment "SSL support" choice prompt "Selected SSL library" - default LIBCURL_MBEDTLS + default LIBCURL_WOLFSSL config LIBCURL_MBEDTLS bool "mbed TLS" diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index 6c4a299ff9..c70bfdff20 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=curl -PKG_VERSION:=7.66.0 -PKG_RELEASE:=3 +PKG_VERSION:=7.72.0 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \ https://curl.mirror.anstey.ca/ \ https://curl.askapache.com/download/ \ https://curl.haxx.se/download/ -PKG_HASH:=dbb48088193016d079b97c5c3efde8efa56ada2ebf336e8a97d04eb8e2ed98c1 +PKG_HASH:=0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING @@ -64,7 +64,11 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_LIBCURL_TLS_SRP \ CONFIG_LIBCURL_UNIX_SOCKETS \ CONFIG_LIBCURL_VERBOSE \ - CONFIG_LIBCURL_NTLM + CONFIG_LIBCURL_NTLM \ + $(if $(CONFIG_LIBCURL_OPENSSL), \ + CONFIG_OPENSSL_ENGINE \ + CONFIG_OPENSSL_WITH_COMPRESSION \ + CONFIG_OPENSSL_WITH_NPN) include $(INCLUDE_DIR)/package.mk @@ -114,11 +118,12 @@ CONFIGURE_ARGS += \ --without-libidn \ --without-ca-path \ --without-libpsl \ + --without-zstd \ --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ \ $(call autoconf_bool,CONFIG_IPV6,ipv6) \ \ - $(if $(CONFIG_LIBCURL_WOLFSSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \ + $(if $(CONFIG_LIBCURL_WOLFSSL),--with-wolfssl="$(STAGING_DIR)/usr",--without-wolfssl) \ $(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \ $(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \ $(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr",--without-mbedtls) \ diff --git a/package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch b/package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch new file mode 100644 index 0000000000..a77e5c69df --- /dev/null +++ b/package/network/utils/curl/patches/100-configure-fix-pkg-config-detecting-wolfssl.patch @@ -0,0 +1,31 @@ +From 510d98157f21dee5793c4e975fde3317b6139267 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 24 Aug 2020 16:28:34 +0200 +Subject: [PATCH] configure: fix pkg-config detecting wolfssl + +When amending the include path with "/wolfssl", this now properly strips +off all whitespace from the path variable! Previously this would lead to +pkg-config builds creating bad command lines. + +Closes #5848 +--- + configure.ac | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -2474,8 +2474,12 @@ if test -z "$ssl_backends" -o "x$OPT_WOL + AC_DEFINE(HAVE_WOLFSSL_DES_ECB_ENCRYPT, 1, + [if you have wolfSSL_DES_ecb_encrypt]) + if test -n "$addcflags"; then +- CPPFLAGS="$addcflags/wolfssl $CPPFLAGS" +- AC_MSG_NOTICE([Add $addcflags/wolfssl to CPPFLAGS]) ++ dnl use a for loop to strip off whitespace ++ for f in $addcflags; do ++ CPPFLAGS="$f/wolfssl $CPPFLAGS" ++ AC_MSG_NOTICE([Add $f/wolfssl to CPPFLAGS]) ++ break ++ done + else + dnl user didn't give a path, so guess/hope they installed wolfssl + dnl headers to system default location diff --git a/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch deleted file mode 100644 index 254d678269..0000000000 --- a/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 7 Nov 2019 10:13:01 +0100 -Subject: [PATCH] file: on Windows, refuse paths that start with \\ -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... as that might cause an unexpected SMB connection to a given host -name. - -Reported-by: Fernando Muñoz -CVE-2019-15601 -Bug: https://curl.haxx.se/docs/CVE-2019-15601.html - -Signed-off-by: Petr Štetiar ---- - lib/file.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/file.c b/lib/file.c -index d349cd9241cd..166931d7f1ba 100644 ---- a/lib/file.c -+++ b/lib/file.c -@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) - struct Curl_easy *data = conn->data; - char *real_path; - struct FILEPROTO *file = data->req.protop; -- int fd; -+ int fd = -1; - #ifdef DOS_FILESYSTEM - size_t i; - char *actual_path; -@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) - return CURLE_URL_MALFORMAT; - } - -- fd = open_readonly(actual_path, O_RDONLY|O_BINARY); -+ if(strncmp("\\\\", actual_path, 2)) -+ /* refuse to open path that starts with two backslashes */ -+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY); - file->path = actual_path; - #else - if(memchr(real_path, 0, real_path_len)) { diff --git a/package/network/utils/curl/patches/101-CVE-2020-8169.patch b/package/network/utils/curl/patches/101-CVE-2020-8169.patch deleted file mode 100644 index 718621b23b..0000000000 --- a/package/network/utils/curl/patches/101-CVE-2020-8169.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 14 May 2020 14:37:12 +0200 -Subject: [PATCH] url: make the updated credentials URL-encoded in the URL - -Found-by: Gregory Jefferis -Reported-by: Jeroen Ooms -Added test 1168 to verify. Bug spotted when doing a redirect. -Bug: https://github.com/jeroen/curl/issues/224 -Closes #5400 ---- - lib/url.c | 6 ++-- - tests/data/Makefile.inc | 1 + - tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 83 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1168 - -diff --git a/lib/url.c b/lib/url.c -index f250f2ff20a..9b8b2bdde64 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -2788,12 +2788,14 @@ static CURLcode override_login(struct Curl_easy *data, - - /* for updated strings, we update them in the URL */ - if(user_changed) { -- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); -+ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, -+ CURLU_URLENCODE); - if(uc) - return Curl_uc_to_curlcode(uc); - } - if(passwd_changed) { -- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); -+ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, -+ CURLU_URLENCODE); - if(uc) - return Curl_uc_to_curlcode(uc); - } diff --git a/package/network/utils/curl/patches/200-no_docs_tests.patch b/package/network/utils/curl/patches/200-no_docs_tests.patch index e52694e2c9..b5f92b58c8 100644 --- a/package/network/utils/curl/patches/200-no_docs_tests.patch +++ b/package/network/utils/curl/patches/200-no_docs_tests.patch @@ -1,6 +1,6 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -179,7 +179,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) +@@ -192,7 +192,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) bin_SCRIPTS = curl-config SUBDIRS = lib src @@ -9,14 +9,14 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc -@@ -290,8 +290,8 @@ cygwinbin: +@@ -303,8 +303,8 @@ cygwinbin: # We extend the standard install with a custom hook: install-data-hook: - cd include && $(MAKE) install -- cd docs && $(MAKE) install -- cd docs/libcurl && $(MAKE) install -+ #cd docs && $(MAKE) install -+ #cd docs/libcurl && $(MAKE) install + (cd include && $(MAKE) install) +- (cd docs && $(MAKE) install) +- (cd docs/libcurl && $(MAKE) install) ++ #(cd docs && $(MAKE) install) ++ #(cd docs/libcurl && $(MAKE) install) # We extend the standard uninstall with a custom hook: uninstall-hook: -- 2.25.1