[Libreoffice-commits] core.git: Branch 'aoo/trunk' - curl/curl-7.19.7.patch curl/curl-7.19.7_win.patch curl/curl-7.49.1_win.patch curl/makefile.mk curl/prj external_deps.lst LICENSE
Don Lewis
truckman at apache.org
Thu Jul 28 22:10:06 UTC 2016
LICENSE | 11 +--
curl/curl-7.19.7.patch | 148 ---------------------------------------------
curl/curl-7.19.7_win.patch | 19 -----
curl/curl-7.49.1_win.patch | 35 ++++++++++
curl/makefile.mk | 16 ++--
curl/prj/d.lst | 4 -
external_deps.lst | 6 -
7 files changed, 54 insertions(+), 185 deletions(-)
New commits:
commit 67579b01b47d10f5b835dcb7f8bcce415ff9e221
Author: Don Lewis <truckman at apache.org>
Date: Thu Jul 28 21:29:05 2016 +0000
#i126896#: bundled curl version 7.19.7 has many vulnerabilities
Upgrade bundled curl to version 7.49.1.
Delete most of the curl patches since they are no longer necessary.
The only needed patch is to produce a library with the expected name
when building on Windows.
Update the curl copyright info in LICENSE.
These curl CVEs have been fixed since 7.19.7:
CVE-2010-0734
CVE-2011-2192
CVE-2013-2174
CVE-2014-3143
CVE-2014-3144
CVE-2014-3145
CVE-2014-3148
CVE-2014-8150
CVE-2015-3153
CVE-2016-0755
Whether any of these affect the OpenOffice usage of curl is not known.
OpenOffice only uses curl to access ftp:// URLs, which is likely to be
only rarely done.
diff --git a/LICENSE b/LICENSE
index 939a109..011304e 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1003,14 +1003,15 @@ ____
For integration of the library curl - built in main/curl/
- license like MIT license
-Copyright (c) 1996 - 2011, Daniel Stenberg, <daniel at haxx.se>.
-
+Copyright (c) 1996 - 2016, Daniel Stenberg, <daniel at haxx.se>, and many
+contributors, see the THANKS file.
+
All rights reserved.
-
+
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
-
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
@@ -1018,7 +1019,7 @@ NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
OR OTHER DEALINGS IN THE SOFTWARE.
-
+
Except as contained in this notice, the name of a copyright holder shall not
be used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization of the copyright holder.
diff --git a/curl/curl-7.19.7.patch b/curl/curl-7.19.7.patch
deleted file mode 100644
index fc8a38e..0000000
--- a/curl/curl-7.19.7.patch
+++ /dev/null
@@ -1,148 +0,0 @@
---- misc/curl-7.19.7/configure 2009-11-04 13:26:02.000000000 +0100
-+++ misc/build/curl-7.19.7/configure 2015-09-04 11:58:00.331210000 +0100
-@@ -2735,8 +2735,8 @@
-
- ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-+ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-@@ -3783,8 +3783,8 @@
- ac_save_CPPFLAGS="$CPPFLAGS"
- ac_ext=c
- ac_cpp='$CPP $CPPFLAGS'
--ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
--ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-+ac_compile='$CC -c $ADDCFLAGS $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-+ac_link='$CC -o conftest$ac_exeext $ADDCFLAGS $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
- ac_compiler_gnu=$ac_cv_c_compiler_gnu
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-@@ -4434,15 +4434,15 @@
- CFLAGS=$ac_save_CFLAGS
- elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
-- CFLAGS="-g -O2"
-+ CFLAGS="$ADDCFLAGS -g -O2"
- else
-- CFLAGS="-g"
-+ CFLAGS="$ADDCFLAGS -g"
- fi
- else
- if test "$GCC" = yes; then
-- CFLAGS="-O2"
-+ CFLAGS="$ADDCFLAGS -O2"
- else
-- CFLAGS=
-+ CFLAGS="$ADDCFLAGS"
- fi
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-@@ -11276,7 +11276,7 @@
- hardcode_shlibpath_var=no
- ;;
-
-- freebsd1*)
-+ freebsd1.*)
- ld_shlibs=no
- ;;
-
-@@ -11292,7 +11292,7 @@
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-- freebsd2*)
-+ freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
-@@ -12151,7 +12151,7 @@
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
--freebsd1*)
-+freebsd1.*)
- dynamic_linker=no
- ;;
-
-@@ -12162,7 +12162,7 @@
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
-- freebsd[123]*) objformat=aout ;;
-+ freebsd[123].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
-@@ -12180,7 +12180,7 @@
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
-- freebsd2*)
-+ freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
---- misc/curl-7.19.7/lib/setup.h 2009-10-28 21:21:58.000000000 +0100
-+++ misc/build/curl-7.19.7/lib/setup.h 2009-11-18 13:30:42.375000000 +0100
-@@ -193,6 +193,7 @@
- # include <winsock2.h>
- # ifdef HAVE_WS2TCPIP_H
- # include <ws2tcpip.h>
-+# include <wspiapi.h>
- # endif
- # else
- # ifdef HAVE_WINSOCK_H
---- misc/curl-7.19.7/ltmain.sh 2009-11-04 13:25:51.000000000 +0100
-+++ misc/build/curl-7.19.7/ltmain.sh 2009-11-18 14:37:08.046875000 +0100
-@@ -6188,13 +6188,13 @@
- # which has an extra 1 added just for fun
- #
- case $version_type in
-- darwin|linux|osf|windows|none)
-+ darwin|linux|osf|windows|freebsd-aout|freebsd-elf|none)
- func_arith $number_major + $number_minor
- current=$func_arith_result
- age="$number_minor"
- revision="$number_revision"
- ;;
-- freebsd-aout|freebsd-elf|sunos)
-+ sunos)
- current="$number_major"
- revision="$number_minor"
- age="0"
-@@ -6271,8 +6271,8 @@
- ;;
-
- freebsd-elf)
-- major=".$current"
-- versuffix=".$current"
-+ major=.`expr $current - $age`
-+ versuffix="$major"
- ;;
-
- irix | nonstopux)
---- misc/curl-7.19.7/lib/ssh.c 2009-10-30 23:28:56 +0100
-+++ misc/build/curl-7.19.7/lib/ssh.c 2009-10-31 11:33:05 +0100
-@@ -119,7 +119,7 @@
- static const char *sftp_libssh2_strerror(unsigned long err);
- static LIBSSH2_ALLOC_FUNC(libssh2_malloc);
- static LIBSSH2_REALLOC_FUNC(libssh2_realloc);
--static LIBSSH2_FREE_FUNC(libssh2_free);
-+static LIBSSH2_FREE_FUNC(my_libssh2_free);
-
- static CURLcode get_pathname(const char **cpp, char **path);
-
-@@ -286,7 +286,7 @@
- return realloc(ptr, count);
- }
-
--static LIBSSH2_FREE_FUNC(libssh2_free)
-+static LIBSSH2_FREE_FUNC(my_libssh2_free)
- {
- (void)abstract; /* arg not used */
- free(ptr);
diff --git a/curl/curl-7.19.7_win.patch b/curl/curl-7.19.7_win.patch
deleted file mode 100644
index 3f08fd2..0000000
--- a/curl/curl-7.19.7_win.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- misc/curl-7.19.7/lib/Makefile.vc9 2009-11-04 13:35:39.000000000 +0100
-+++ misc/build/curl-7.19.7/lib/Makefile.vc9 2009-11-18 12:32:57.234375000 +0100
-@@ -46,13 +46,13 @@
- # Stem for static libs and DLLs
- #
- LIB_NAME = libcurl
--LIB_NAME_DEBUG = libcurld
-+LIB_NAME_DEBUG = libcurl
-
- #
- # Stem for DLL import libs
- #
--IMPLIB_NAME = libcurl_imp
--IMPLIB_NAME_DEBUG = libcurld_imp
-+IMPLIB_NAME = libcurl
-+IMPLIB_NAME_DEBUG = libcurl
-
- !IFNDEF OPENSSL_PATH
- OPENSSL_PATH = ../../openssl-0.9.8g
diff --git a/curl/curl-7.49.1_win.patch b/curl/curl-7.49.1_win.patch
new file mode 100644
index 0000000..1972718
--- /dev/null
+++ b/curl/curl-7.49.1_win.patch
@@ -0,0 +1,35 @@
+diff -ur misc/curl-7.49.1/winbuild/Makefile.msvc.names misc/build/curl-7.49.1/winbuild/Makefile.msvc.names
+--- misc/curl-7.49.1/winbuild/Makefile.msvc.names 2016-03-22 00:15:38.000000000 -0700
++++ misc/build/curl-7.49.1/winbuild/Makefile.msvc.names 2016-07-19 15:35:28.465823000 -0700
+@@ -43,7 +43,7 @@
+ !ENDIF
+
+ !IF !DEFINED(LIB_NAME_STA_DBG) || "$(LIB_NAME_STA_DBG)" == ""
+-LIB_NAME_STA_DBG = $(LIB_NAME_STA_REL)d
++LIB_NAME_STA_DBG = $(LIB_NAME_STA_REL)
+ !ENDIF
+
+ !IF !DEFINED(LIB_NAME_DYN_REL) || "$(LIB_NAME_DYN_REL)" == ""
+@@ -51,7 +51,7 @@
+ !ENDIF
+
+ !IF !DEFINED(LIB_NAME_DYN_DBG) || "$(LIB_NAME_DYN_DBG)" == ""
+-LIB_NAME_DYN_DBG = $(LIB_NAME_DYN_REL)d
++LIB_NAME_DYN_DBG = $(LIB_NAME_DYN_REL)
+ !ENDIF
+
+ # --------------------------------------------
+@@ -59,11 +59,11 @@
+ # --------------------------------------------
+
+ !IF !DEFINED(LIB_NAME_IMP_REL) || "$(LIB_NAME_IMP_REL)" == ""
+-LIB_NAME_IMP_REL = $(LIB_NAME_DYN_REL)_imp
++LIB_NAME_IMP_REL = $(LIB_NAME_DYN_REL)
+ !ENDIF
+
+ !IF !DEFINED(LIB_NAME_IMP_DBG) || "$(LIB_NAME_IMP_DBG)" == ""
+-LIB_NAME_IMP_DBG = $(LIB_NAME_DYN_DBG)_imp
++LIB_NAME_IMP_DBG = $(LIB_NAME_DYN_DBG)
+ !ENDIF
+
+ # --------------------------------------
diff --git a/curl/makefile.mk b/curl/makefile.mk
index ad0016a..1aff70e 100644
--- a/curl/makefile.mk
+++ b/curl/makefile.mk
@@ -37,15 +37,15 @@ all:
# --- Files --------------------------------------------------------
-TARFILE_NAME=curl-7.19.7
-TARFILE_MD5=ecb2e37e45c9933e2a963cabe03670ab
-PATCH_FILES=curl-7.19.7.patch
+TARFILE_NAME=curl-7.49.1
+TARFILE_MD5=2feb3767b958add6a177c6602ff21e8c
+PATCH_FILES=
.IF "$(GUI)"=="WNT"
- PATCH_FILES+=curl-7.19.7_win.patch
- .IF "$(COM)"=="GCC"
- PATCH_FILES+=curl-7.19.7_mingw.patch
- .ENDIF
+ PATCH_FILES+=curl-7.49.1_win.patch
+# .IF "$(COM)"=="GCC"
+# PATCH_FILES+=curl-7.19.7_mingw.patch
+# .ENDIF
.ENDIF
@@ -141,7 +141,7 @@ OUT2INC= \
include$/curl$/multi.h \
include$/curl$/curl.h \
include$/curl$/curlver.h \
- include$/curl$/types.h \
+ include$/curl$/typecheck-gcc.h \
include$/curl$/stdcheaders.h \
include$/curl$/mprintf.h \
include$/curl$/curlbuild.h \
diff --git a/curl/prj/d.lst b/curl/prj/d.lst
index fe97f20..0cf67ad 100644
--- a/curl/prj/d.lst
+++ b/curl/prj/d.lst
@@ -5,11 +5,11 @@ mkdir: %_DEST%\inc%_EXT%\external\curl
..\%__SRC%\inc\mprintf.h %_DEST%\inc%_EXT%\external\curl\mprintf.h
..\%__SRC%\inc\multi.h %_DEST%\inc%_EXT%\external\curl\multi.h
..\%__SRC%\inc\stdcheaders.h %_DEST%\inc%_EXT%\external\curl\stdcheaders.h
-..\%__SRC%\inc\types.h %_DEST%\inc%_EXT%\external\curl\types.h
+..\%__SRC%\inc\typecheck-gcc.h %_DEST%\inc%_EXT%\external\curl\typecheck-gcc.h
..\%__SRC%\inc\curlbuild.h %_DEST%\inc%_EXT%\external\curl\curlbuild.h
..\%__SRC%\inc\curlrules.h %_DEST%\inc%_EXT%\external\curl\curlrules.h
..\%__SRC%\bin\libcurl*.dll %_DEST%\bin%_EXT%\*.dll
..\%__SRC%\lib\libcurl.* %_DEST%\lib%_EXT%\libcurl.*
-linklib: libcurl.*.*
\ No newline at end of file
+linklib: libcurl.*.*
diff --git a/external_deps.lst b/external_deps.lst
index 553d6ab..822a0c9 100644
--- a/external_deps.lst
+++ b/external_deps.lst
@@ -227,9 +227,9 @@ if (SYSTEM_EXPAT != YES)
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_CURL != YES)
- MD5 = ecb2e37e45c9933e2a963cabe03670ab
- name = curl-7.19.7.tar.gz
- URL1 = http://curl.haxx.se/download/curl-7.19.7.tar.gz
+ MD5 = 2feb3767b958add6a177c6602ff21e8c
+ name = curl-7.49.1.tar.gz
+ URL1 = http://curl.haxx.se/download/curl-7.49.1.tar.gz
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (WITH_CATA_FONTS == YES)
More information about the Libreoffice-commits
mailing list