[Libreoffice-commits] core.git: Branch 'feature/cib_contract891' - 6 commits - download.lst external/curl Makefile.fetch RepositoryExternal.mk
Michael Stahl
mstahl at redhat.com
Sun May 13 23:57:32 UTC 2018
Makefile.fetch | 2
RepositoryExternal.mk | 2
download.lst | 3
external/curl/ExternalPackage_curl.mk | 10
external/curl/ExternalProject_curl.mk | 37 +
external/curl/NSS-support-for-CERTINFO-feature.patch | 391 -------------------
external/curl/UnpackedTarball_curl.mk | 7
external/curl/curl-7.26.0_win-proxy.patch | 97 ++--
external/curl/curl-msvc-disable-protocols.patch.1 | 35 +
external/curl/curl-msvc-schannel.patch.1 | 22 -
external/curl/curl-msvc.patch.1 | 48 +-
11 files changed, 140 insertions(+), 514 deletions(-)
New commits:
commit 596a17b2a616a627c9ab17dc4ffffdd29c7ab6db
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Jan 24 11:44:26 2018 +0100
curl: upgrade to release 7.58.0
* fixes 2 CVEs
* disable some new optional dependencies
Change-Id: If7725d126e68de04b67969a83c0ea08573a43679
Reviewed-on: https://gerrit.libreoffice.org/48493
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit 5e3799a0c8a92918b9e1868c942f8918ff61c003)
Reviewed-on: https://gerrit.libreoffice.org/48539
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/download.lst b/download.lst
index 2546b381f655..4c8ea886c240 100644
--- a/download.lst
+++ b/download.lst
@@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
-CURL_MD5SUM := 7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b
-export CURL_TARBALL := curl-7.57.0.tar.gz
+CURL_MD5SUM := cc245bf9a1a42a45df491501d97d5593392a03f7b4f07b952793518d97666115
+export CURL_TARBALL := curl-7.58.0.tar.gz
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index 4efc3ef03cff..457b66239cc2 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -40,13 +40,21 @@ $(call gb_ExternalProject_get_state_target,curl,build):
CPPFLAGS="$(curl_CPPFLAGS)" \
LDFLAGS=$(curl_LDFLAGS) \
./configure \
- $(if $(filter MACOSX IOS,$(OS)),\
- --with-darwinssl, \
- --with-nss$(if $(filter NO,$(SYSTEM_NSS)),="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")) \
- --without-ssl \
- --without-libidn --enable-ftp --enable-ipv6 --enable-http --disable-gopher \
- --disable-file --disable-ldap --disable-telnet --disable-dict --without-libssh2 \
- $(if $(filter YES,$(CROSS_COMPILING)),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
+ $(if $(filter IOS MACOSX,$(OS)),\
+ --with-darwinssl,\
+ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \
+ --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \
+ --enable-ftp --enable-http --enable-ipv6 \
+ --without-libidn2 --without-libpsl --without-librtmp \
+ --without-libssh2 --without-metalink --without-nghttp2 \
+ --without-libssh --without-brotli \
+ --disable-ares \
+ --disable-dict --disable-file --disable-gopher --disable-imap \
+ --disable-ldap --disable-ldaps --disable-manual --disable-pop3 \
+ --disable-rtsp --disable-smb --disable-smtp --disable-telnet \
+ --disable-tftp \
+ $(if $(filter LINUX,$(OS)),--without-ca-bundle --without-ca-path) \
+ $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
$(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \
$(if $(filter TRUE,$(ENABLE_DEBUG)),--enable-debug) \
&& cd lib \
commit 8ce5fffd5b57f7303d7df5830de30af870c04660
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Nov 29 11:30:49 2017 +0100
curl: upgrade to release 7.57.0
fixes 3 CVEs
Change-Id: Idf5eee66fac399a2b338c2a9aaea2f56d2cb3a51
Reviewed-on: https://gerrit.libreoffice.org/45480
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit a16eb857f3497a5ac65a7c7e89d0d6b8614aeb5e)
Reviewed-on: https://gerrit.libreoffice.org/45510
diff --git a/download.lst b/download.lst
index 862bd010162d..2546b381f655 100644
--- a/download.lst
+++ b/download.lst
@@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
-CURL_SHA256SUM := 961a25531d72a843dfcce87b290e7a882f2d376f3b88de11df009710019c5b16
-export CURL_TARBALL := curl-7.56.1.tar.gz
+CURL_MD5SUM := 7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b
+export CURL_TARBALL := curl-7.57.0.tar.gz
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
commit f5015223ae209200c4fe762d89ddc1ed70b21791
Author: Michael Stahl <mstahl at redhat.com>
Date: Mon Oct 23 17:43:21 2017 +0200
curl: upgrade to release 7.56.1
- fixes a very minor CVE: CVE-2017-1000254
- the Windows nmakefiles we were previously using have been
removed, so we use the *other* Windows nmake build system now
- /EHs override is pointless, default /EHsc should work fine
- the macros defined in ExternalProject are not needed any more
- curl-msvc-schannel.patch.1: drop, not needed with new makefiles
- curl-osx.patch.1: none of it applies, presumably fixed upstream
Change-Id: I15c71b9c82c31d286d935b57543a1b0216123b66
Reviewed-on: https://gerrit.libreoffice.org/43724
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 4a4ce6e80b24..e78979bb4c7e 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -2058,7 +2058,7 @@ $(call gb_LinkTarget_set_include,$(1),\
ifeq ($(COM),MSC)
$(call gb_LinkTarget_add_libs,$(1),\
- $(call gb_UnpackedTarball_get_dir,curl)/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d)_imp.lib \
+ $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \
)
else
$(call gb_LinkTarget_add_libs,$(1),\
diff --git a/download.lst b/download.lst
index 520582ceada8..862bd010162d 100644
--- a/download.lst
+++ b/download.lst
@@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
-CURL_MD5SUM := 4e1ef056e117b4d25f4ec42ac609c0d4
-export CURL_TARBALL := curl-7.52.1.tar.gz
+CURL_SHA256SUM := 961a25531d72a843dfcce87b290e7a882f2d376f3b88de11df009710019c5b16
+export CURL_TARBALL := curl-7.56.1.tar.gz
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk
index 6e3c7fd83c8a..56c418b6ef0c 100644
--- a/external/curl/ExternalPackage_curl.mk
+++ b/external/curl/ExternalPackage_curl.mk
@@ -13,14 +13,14 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl))
ifneq ($(DISABLE_DYNLOADING),TRUE)
-ifeq ($(OS)$(COM),WNTGCC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.dll,lib/.libs/libcurl.dll))
-else ifeq ($(COM),MSC)
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll,lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll))
+ifeq ($(COM),MSC)
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll))
+else ifeq ($(OS),MACOSX)
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib))
else ifeq ($(OS),AIX)
$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4))
else
-$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.3.0))
+$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0))
endif
endif # $(DISABLE_DYNLOADING)
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index f95ded47235e..4efc3ef03cff 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -72,10 +72,17 @@ else ifeq ($(COM),MSC)
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
- MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \
- cfg=$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \
- EXCFLAGS="/EHa /Zc:wchar_t- /D_CRT_SECURE_NO_DEPRECATE /DUSE_WINDOWS_SSPI $(SOLARINC)" $(if $(filter X86_64,$(CPUNAME)),MACHINE=X64) \
- ,lib)
+ CC="$(shell cygpath -w $(filter-out -%,$(CC))) $(filter -%,$(CC))" \
+ MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc \
+ mode=dll \
+ VC=12 \
+ $(if $(filter X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \
+ GEN_PDB=$(if $(gb_SYMBOL),yes,no) \
+ DEBUG=$(if $(MSVC_USE_DEBUG_RUNTIME),yes,no) \
+ ENABLE_IPV6=yes \
+ ENABLE_SSPI=yes \
+ ENABLE_WINSSL=yes \
+ ,winbuild)
endif
diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk
index 77cc8fecad6c..a578a103c350 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -14,13 +14,12 @@ $(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl))
$(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1))
$(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\
- lib/Makefile.vc12 \
+ winbuild/MakefileBuild.vc \
))
$(eval $(call gb_UnpackedTarball_add_patches,curl,\
external/curl/curl-msvc.patch.1 \
- external/curl/curl-msvc-schannel.patch.1 \
- external/curl/curl-7.26.0_mingw.patch \
+ external/curl/curl-msvc-disable-protocols.patch.1 \
external/curl/curl-7.26.0_win-proxy.patch \
))
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index 5392d32ed0d1..e51c5d017818 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -1,11 +1,121 @@
---- curl-7.26.0/lib/Makefile.vc10
-+++ misc/build/curl-7.26.0/lib/Makefile.vc10
-@@ -116,7 +116,7 @@ LFLAGS = /nologo /machine:$(MACHINE)
- SSLLIBS = libeay32.lib ssleay32.lib
- ZLIBLIBSDLL = zdll.lib
- ZLIBLIBS = zlib.lib
--WINLIBS = ws2_32.lib wldap32.lib advapi32.lib
-+WINLIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib
- CFLAGS = $(CFLAGS) $(EXCFLAGS)
-
- CFGSET = FALSE
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 17:15:22.969492548 +0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 17:16:38.491490679 +0200
+@@ -72,7 +72,7 @@
+
+ CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB
+
+-WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib
++WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib
+
+ BASE_NAME = libcurl
+ BASE_NAME_DEBUG = $(BASE_NAME)_debug
+--- curl-7.26.0/lib/url.c
++++ misc/build/curl-7.26.0/lib/url.c
+@@ -78,6 +78,10 @@
+ bool curl_win32_idn_to_ascii(const char *in, char **out);
+ #endif /* USE_LIBIDN2 */
+
++#ifdef _WIN32
++#include <WinHttp.h>
++#endif
++
+ #include "urldata.h"
+ #include "netrc.h"
+
+@@ -4586,6 +4590,21 @@
+ }
+
+ #ifndef CURL_DISABLE_HTTP
++#ifdef _WIN32
++static char *wstrToCstr(LPWSTR wStr)
++{
++ int bufSize;
++ char *out = NULL;
++ if(wStr != NULL) {
++ bufSize = WideCharToMultiByte(
++ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL);
++ out = (char *)malloc(bufSize * sizeof(char));
++ WideCharToMultiByte(CP_ACP, 0, wStr, -1, out, bufSize, NULL, NULL);
++ }
++ return out;
++}
++#endif
++
+ /****************************************************************
+ * Detect what (if any) proxy to use. Remember that this selects a host
+ * name and is not limited to HTTP proxies only.
+@@ -4613,6 +4633,66 @@
+ * For compatibility, the all-uppercase versions of these variables are
+ * checked if the lowercase versions don't exist.
+ */
++#ifdef _WIN32
++ char *no_proxy = NULL;
++ WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig;
++ ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *)
++ malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG));
++ if(WinHttpGetIEProxyConfigForCurrentUser(ieProxyConfig)) {
++ if(!ieProxyConfig->fAutoDetect) {
++ char *ieProxy;
++ char *ieNoProxy;
++ char *pos;
++
++ ieProxy = wstrToCstr(ieProxyConfig->lpszProxy);
++ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass);
++
++ /* Convert the ieNoProxy into a proper no_proxy value */
++ if(NULL != ieNoProxy) {
++ no_proxy = strdup(ieNoProxy);
++ pos = strpbrk(no_proxy, "; ");
++ while(NULL != pos) {
++ no_proxy[pos-no_proxy] = ',';
++ pos = strpbrk(no_proxy, "; ");
++ }
++ }
++
++ if(!check_noproxy(conn->host.name, no_proxy)) {
++ /* Look for the http proxy setting */
++ char *tok;
++ char *saveptr;
++
++ if(NULL != ieProxy) {
++ tok = strtok_s(ieProxy, ";", &saveptr);
++ if(strchr(tok, '=') == NULL) {
++ proxy = strdup(ieProxy);
++ }
++ else {
++ do {
++ if(strncmp(tok, "http=", 5) == 0) {
++ /* We found HTTP proxy value, then use it */
++ proxy = strdup(tok + 5);
++ }
++ tok = strtok_s(NULL, ";", &saveptr);
++ }
++ while(NULL != tok);
++ }
++ }
++ }
++
++ free(ieProxy);
++ free(ieNoProxy);
++ }
++ else {
++ /* TODO Handle the Proxy config Auto Detection case */
++ }
++
++ GlobalFree(ieProxyConfig->lpszAutoConfigUrl);
++ GlobalFree(ieProxyConfig->lpszProxy);
++ GlobalFree(ieProxyConfig->lpszProxyBypass);
++ }
++ free(no_proxy);
++#else /* !WIN32 */
+ char proxy_env[128];
+ const char *protop = conn->handler->scheme;
+ char *envp = proxy_env;
+@@ -4663,6 +4739,7 @@
+ if(!proxy)
+ proxy = curl_getenv("ALL_PROXY");
+ }
++#endif /* WIN32 */
+
+ return proxy;
+ }
diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1
new file mode 100644
index 000000000000..c8747a5fcc1d
--- /dev/null
+++ b/external/curl/curl-msvc-disable-protocols.patch.1
@@ -0,0 +1,35 @@
+disable protocols nobody needs in MSVC build
+
+--- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200
++++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200
+@@ -733,4 +733,19 @@
+ # define ENABLE_IPV6 1
+ #endif
+
++#define CURL_DISABLE_DICT 1
++#define CURL_DISABLE_FILE 1
++//#undef CURL_DISABLE_FTP
++#define CURL_DISABLE_GOPHER 1
++//#undef CURL_DISABLE_HTTP
++#define CURL_DISABLE_IMAP 1
++#define CURL_DISABLE_LDAP 1
++#define CURL_DISABLE_LDAPS 1
++#define CURL_DISABLE_POP3 1
++#define CURL_DISABLE_RTSP 1
++#define CURL_DISABLE_SMB 1
++#define CURL_DISABLE_SMTP 1
++#define CURL_DISABLE_TELNET 1
++#define CURL_DISABLE_TFTP 1
++
+ #endif /* HEADER_CURL_CONFIG_WIN32_H */
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 23:41:21.393200000 +0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 23:34:16.028000000 +0200
+@@ -431,7 +431,7 @@
+
+ EXE_OBJS = $(CURL_OBJS) $(CURL_DIROBJ)\curl.res
+
+-all : $(TARGET) $(PROGRAM_NAME)
++all : $(TARGET)
+
+ package: $(TARGET)
+ @cd $(DIRDIST)
diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1
deleted file mode 100644
index 96768aa3f92c..000000000000
--- a/external/curl/curl-msvc-schannel.patch.1
+++ /dev/null
@@ -1,22 +0,0 @@
-MSVC: use WNT native Schannel SSL/TLS implementation
-
---- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100
-+++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100
-@@ -260,7 +260,7 @@
- TARGET = $(LIBCURL_DYN_LIB_REL)
- DIROBJ = $(CFG)
- LNK = $(LNKDLL) $(WINLIBS) /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_REL)
--CC = $(CCNODBG) $(RTLIB)
-+CC = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL)
- CFGSET = TRUE
- RESOURCE = $(DIROBJ)\libcurl.res
- !ENDIF
-@@ -427,7 +427,7 @@
- TARGET = $(LIBCURL_DYN_LIB_DBG)
- DIROBJ = $(CFG)
- LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB)
--CC = $(CCDEBUG) $(RTLIBD)
-+CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL)
- CFGSET = TRUE
- RESOURCE = $(DIROBJ)\libcurl.res
- !ENDIF
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 57a292bb69a3..80160958c99d 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -1,27 +1,27 @@
-MSVC: using SOLARINC and EXCFLAGS
+MSVC: using SOLARINC
---- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400
-+++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400
-@@ -117,7 +117,7 @@
- ZLIBLIBSDLL = zdll.lib
- ZLIBLIBS = zlib.lib
- WINLIBS = ws2_32.lib wldap32.lib advapi32.lib
--CFLAGS = $(CFLAGS)
-+CFLAGS = $(CFLAGS) $(EXCFLAGS)
+--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 16:36:07.713550851 +0200
++++ curl/winbuild/MakefileBuild.vc 2017-10-23 16:38:19.301547594 +0200
+@@ -60,7 +60,7 @@
+ !ELSE
+ CC_NODEBUG = $(CC) /O2 /DNDEBUG
+ CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd
+-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL
++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC)
+ !ENDIF
- CFGSET = FALSE
+ LFLAGS = /nologo /machine:$(MACHINE)
+@@ -300,11 +300,11 @@
+ # CURL_XX macros are for the curl.exe command
-@@ -620,11 +620,11 @@
- debug-dll-ssl-dll\libcurl.res \
- debug-dll-zlib-dll\libcurl.res \
- debug-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc
-- rc /dDEBUGBUILD=1 /Fo $@ libcurl.rc
-+ rc $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ libcurl.rc
-
- release-dll\libcurl.res \
- release-dll-ssl-dll\libcurl.res \
- release-dll-zlib-dll\libcurl.res \
- release-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc
-- rc /dDEBUGBUILD=0 /Fo $@ libcurl.rc
-+ rc $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ libcurl.rc
- !ENDIF # End of case where a config was provided.
+ !IF "$(DEBUG)"=="yes"
+-RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+ CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG)
+ CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ !ELSE
+-RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc
+ CURL_CC = $(CC_NODEBUG) $(RTLIB)
+ CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc
+ !ENDIF
commit 8685c15cc9c7887c1ec0ec68bc56ab65dd1580a8
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date: Mon Jan 23 15:32:36 2017 +0100
curl: upgrade to version 7.52.1
- fixes some four CVEs
- and a ton of other fixes & improvements
Change-Id: I2312f30f72c914c7e930c59ddbe44fb8a282c0a5
Reviewed-on: https://gerrit.libreoffice.org/33471
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/download.lst b/download.lst
index dc3fc400014c..520582ceada8 100644
--- a/download.lst
+++ b/download.lst
@@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
-CURL_MD5SUM := 490e19a8ccd1f4a244b50338a0eb9456
-export CURL_TARBALL := curl-7.51.0.tar.gz
+CURL_MD5SUM := 4e1ef056e117b4d25f4ec42ac609c0d4
+export CURL_TARBALL := curl-7.52.1.tar.gz
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index a7983b967071..5392d32ed0d1 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -9,120 +9,3 @@
CFLAGS = $(CFLAGS) $(EXCFLAGS)
CFGSET = FALSE
---- curl-7.26.0/lib/url.c
-+++ misc/build/curl-7.26.0/lib/url.c
-@@ -80,6 +80,10 @@ void idn_free (void *ptr);
- int curl_win32_idn_to_ascii(const char *in, char **out);
- #endif /* USE_LIBIDN */
-
-+#ifdef WIN32
-+#include <WinHttp.h>
-+#endif
-+
- #include "urldata.h"
- #include "netrc.h"
-
-@@ -4111,6 +4115,21 @@ static bool check_noproxy(const char* name, const char* no_proxy)
- return FALSE;
- }
-
-+#ifdef WIN32
-+static char* wstrToCstr( LPWSTR wStr )
-+{
-+ int bufSize;
-+ char* out = NULL;
-+ if(wStr != NULL) {
-+ bufSize = WideCharToMultiByte(
-+ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL );
-+ out = ( char* )malloc( bufSize * sizeof(char));
-+ WideCharToMultiByte( CP_ACP, 0, wStr, -1, out, bufSize, NULL, NULL );
-+ }
-+ return out;
-+}
-+#endif
-+
- /****************************************************************
- * Detect what (if any) proxy to use. Remember that this selects a host
- * name and is not limited to HTTP proxies only.
-@@ -4119,6 +4138,7 @@ static bool check_noproxy(const char* name, const char* no_proxy)
- static char *detect_proxy(struct connectdata *conn)
- {
- char *proxy = NULL;
-+ char *no_proxy=NULL;
-
- #ifndef CURL_DISABLE_HTTP
- /* If proxy was not specified, we check for default proxy environment
-@@ -4138,7 +4158,63 @@ static char *detect_proxy(struct connectdata *conn)
- * For compatibility, the all-uppercase versions of these variables are
- * checked if the lowercase versions don't exist.
- */
-- char *no_proxy=NULL;
-+#ifdef WIN32
-+ WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig;
-+ ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG*)
-+ malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG));
-+ if(WinHttpGetIEProxyConfigForCurrentUser(ieProxyConfig)) {
-+ if(!ieProxyConfig->fAutoDetect) {
-+ char *ieProxy;
-+ char *ieNoProxy;
-+ char* pos;
-+
-+ ieProxy = wstrToCstr(ieProxyConfig->lpszProxy);
-+ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass);
-+
-+ /* Convert the ieNoProxy into a proper no_proxy value */
-+ if(NULL != ieNoProxy) {
-+ no_proxy = strdup(ieNoProxy);
-+ pos = strpbrk(no_proxy, "; ");
-+ while(NULL != pos) {
-+ no_proxy[pos-no_proxy] = ',';
-+ pos = strpbrk(no_proxy, "; ");
-+ }
-+ }
-+
-+ if(!check_noproxy(conn->host.name, no_proxy)) {
-+ /* Look for the http proxy setting */
-+ char* tok;
-+ char *saveptr;
-+
-+ if(NULL != ieProxy) {
-+ tok = strtok_s(ieProxy, ";", &saveptr);
-+ if(strchr(tok, '=') == NULL) {
-+ proxy = strdup(ieProxy);
-+ }
-+ else {
-+ do {
-+ if(strncmp(tok, "http=", 5) == 0) {
-+ /* We found HTTP proxy value, then use it */
-+ proxy = strdup( tok + 5 );
-+ }
-+ tok = strtok_s(NULL, ";", &saveptr);
-+ }
-+ while(NULL != tok);
-+ }
-+ }
-+ }
-+
-+ free(ieProxy);
-+ free(ieNoProxy);
-+ }
-+ else {
-+ /* TODO Handle the Proxy config Auto Detection case */
-+ }
-+
-+ GlobalFree( ieProxyConfig->lpszAutoConfigUrl );
-+ GlobalFree( ieProxyConfig->lpszProxy );
-+ GlobalFree( ieProxyConfig->lpszProxyBypass );
-+ }
-+#else /* !WIN32 */
- char proxy_env[128];
-
- no_proxy=curl_getenv("no_proxy");
-@@ -4189,6 +4265,7 @@ static char *detect_proxy(struct connectdata *conn)
- }
- } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
- non-proxy */
-+#endif /* WIN32 */
- free(no_proxy);
-
- #else /* !CURL_DISABLE_HTTP */
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 88ced0a75493..57a292bb69a3 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -11,14 +11,6 @@ MSVC: using SOLARINC and EXCFLAGS
CFGSET = FALSE
-@@ -632,7 +632,6 @@
- $(DIROBJ)\vtls.obj \
- $(DIROBJ)\openssl.obj \
- $(DIROBJ)\strdup.obj \
-- $(DIROBJ)\strequal.obj \
- $(DIROBJ)\strerror.obj \
- $(DIROBJ)\strtok.obj \
- $(DIROBJ)\strtoofft.obj \
@@ -620,11 +620,11 @@
debug-dll-ssl-dll\libcurl.res \
debug-dll-zlib-dll\libcurl.res \
commit 9233783326c8d45147498c2bd862b21c0caefefa
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Nov 2 11:48:21 2016 +0100
curl: upgrade to version 7.51.0
- fixes about a dozen CVEs
- tweak curl-7.26.0_win-proxy.patch:
there is a "checksrc" thing now in curl that fails the build with:
warning: use of strtok is banned (BANNEDFUNC)
so use strtok_s instead (which is MSVC's name for standard strtok_r)
- use Makefile.vc12 instead of Makefile.vc10
- remove strequal.obj from Makefile.vc12, it does not actually exist
Change-Id: Ie2da64980d88c72b0c902376ffc01abf97a7bc91
Reviewed-on: https://gerrit.libreoffice.org/30484
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
diff --git a/download.lst b/download.lst
index 791377a1fbb0..dc3fc400014c 100644
--- a/download.lst
+++ b/download.lst
@@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
-CURL_MD5SUM := 11bddbb452a8b766b932f859aaeeed39
-export CURL_TARBALL := curl-7.43.0.tar.bz2
+CURL_MD5SUM := 490e19a8ccd1f4a244b50338a0eb9456
+export CURL_TARBALL := curl-7.51.0.tar.gz
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk
index 81d46f63901e..f95ded47235e 100644
--- a/external/curl/ExternalProject_curl.mk
+++ b/external/curl/ExternalProject_curl.mk
@@ -72,7 +72,7 @@ else ifeq ($(COM),MSC)
$(call gb_ExternalProject_get_state_target,curl,build):
$(call gb_ExternalProject_run,build,\
- MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc10 \
+ MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \
cfg=$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \
EXCFLAGS="/EHa /Zc:wchar_t- /D_CRT_SECURE_NO_DEPRECATE /DUSE_WINDOWS_SSPI $(SOLARINC)" $(if $(filter X86_64,$(CPUNAME)),MACHINE=X64) \
,lib)
diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk
index 2e4d4cc1283c..77cc8fecad6c 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -14,11 +14,10 @@ $(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl))
$(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1))
$(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\
- lib/Makefile.vc10 \
+ lib/Makefile.vc12 \
))
$(eval $(call gb_UnpackedTarball_add_patches,curl,\
- external/curl/curl-freebsd.patch.1 \
external/curl/curl-msvc.patch.1 \
external/curl/curl-msvc-schannel.patch.1 \
external/curl/curl-7.26.0_mingw.patch \
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index 99402a437e5a..a7983b967071 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -83,9 +83,10 @@
+ if(!check_noproxy(conn->host.name, no_proxy)) {
+ /* Look for the http proxy setting */
+ char* tok;
++ char *saveptr;
+
+ if(NULL != ieProxy) {
-+ tok = strtok(ieProxy, ";");
++ tok = strtok_s(ieProxy, ";", &saveptr);
+ if(strchr(tok, '=') == NULL) {
+ proxy = strdup(ieProxy);
+ }
@@ -95,7 +96,7 @@
+ /* We found HTTP proxy value, then use it */
+ proxy = strdup( tok + 5 );
+ }
-+ tok = strtok(NULL, ";");
++ tok = strtok_s(NULL, ";", &saveptr);
+ }
+ while(NULL != tok);
+ }
diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1
index 1091a762a5e8..96768aa3f92c 100644
--- a/external/curl/curl-msvc-schannel.patch.1
+++ b/external/curl/curl-msvc-schannel.patch.1
@@ -1,7 +1,7 @@
MSVC: use WNT native Schannel SSL/TLS implementation
---- curl/lib/Makefile.vc10.old 2013-11-19 00:00:29.044499752 +0100
-+++ curl/lib/Makefile.vc10 2013-11-19 00:01:29.135499684 +0100
+--- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100
++++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100
@@ -260,7 +260,7 @@
TARGET = $(LIBCURL_DYN_LIB_REL)
DIROBJ = $(CFG)
diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1
index 927b3f184a78..88ced0a75493 100644
--- a/external/curl/curl-msvc.patch.1
+++ b/external/curl/curl-msvc.patch.1
@@ -1,7 +1,7 @@
MSVC: using SOLARINC and EXCFLAGS
---- curl/lib/Makefile.vc10 2012-05-24 12:07:02.000000000 -0400
-+++ curl/lib/Makefile.vc10 2012-10-29 11:53:44.658809300 -0400
+--- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400
++++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400
@@ -117,7 +117,7 @@
ZLIBLIBSDLL = zdll.lib
ZLIBLIBS = zlib.lib
@@ -11,6 +11,14 @@ MSVC: using SOLARINC and EXCFLAGS
CFGSET = FALSE
+@@ -632,7 +632,6 @@
+ $(DIROBJ)\vtls.obj \
+ $(DIROBJ)\openssl.obj \
+ $(DIROBJ)\strdup.obj \
+- $(DIROBJ)\strequal.obj \
+ $(DIROBJ)\strerror.obj \
+ $(DIROBJ)\strtok.obj \
+ $(DIROBJ)\strtoofft.obj \
@@ -620,11 +620,11 @@
debug-dll-ssl-dll\libcurl.res \
debug-dll-zlib-dll\libcurl.res \
commit 44b5194f813403ca49e83927164a35aa8f976893
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Jul 1 00:04:32 2015 +0200
curl: upgrade to release 7.43.0
Change-Id: Ic16111f21625fc510e79bba8122eaa60662f7a59
diff --git a/Makefile.fetch b/Makefile.fetch
index c04bb7c5a228..820aa952a460 100644
--- a/Makefile.fetch
+++ b/Makefile.fetch
@@ -77,6 +77,7 @@ $(WORKDIR)/download: $(BUILDDIR)/config_host.mk $(SRCDIR)/download.lst $(SRCDIR)
$(call fetch_Optional,LIBATOMIC_OPS,LIBATOMIC_OPS_TARBALL) \
$(call fetch_Optional,ABW,ABW_TARBALL) \
$(call fetch_Optional,CDR,CDR_TARBALL) \
+ $(call fetch_Optional,CURL,CURL_TARBALL) \
$(call fetch_Optional,EBOOK,EBOOK_TARBALL) \
$(call fetch_Optional,FREEHAND,FREEHAND_TARBALL) \
$(call fetch_Optional,ETONYEK,ETONYEK_TARBALL) \
@@ -107,7 +108,6 @@ $(WORKDIR)/download: $(BUILDDIR)/config_host.mk $(SRCDIR)/download.lst $(SRCDIR)
$(call fetch_Optional,CMIS,$(CMIS_TARBALL)) \
$(call fetch_Optional,CPPUNIT,$(CPPUNIT_TARBALL)) \
$(call fetch_Optional,CT2N,$(CT2N_TARBALL)) \
- $(call fetch_Optional,CURL,$(CURL_TARBALL)) \
$(call fetch_Optional,EPM,$(EPM_TARBALL)) \
$(call fetch_Optional,MARIADB,$(MARIADB_TARBALL)) \
$(call fetch_Optional,MORE_FONTS,$(FONT_CALADEA_TARBALL)) \
diff --git a/download.lst b/download.lst
index a33f4f15e030..791377a1fbb0 100644
--- a/download.lst
+++ b/download.lst
@@ -2,6 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d
export ABW_TARBALL := libabw-0.0.2.tar.bz2
CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998
export CDR_TARBALL := libcdr-0.0.15.tar.bz2
+CURL_MD5SUM := 11bddbb452a8b766b932f859aaeeed39
+export CURL_TARBALL := curl-7.43.0.tar.bz2
EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978
export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2
ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363
@@ -51,7 +53,6 @@ export CLUCENE_TARBALL := 48d647fbd8ef8889e5a7f422c1bfda94-clucene-core-2.3.3.4.
export CMIS_TARBALL := 22f8a85daf4a012180322e1f52a7563b-libcmis-0.4.1.tar.gz
export CPPUNIT_TARBALL := ac4781e01619be13461bb2d562b94a7b-cppunit-1.13.1.tar.gz
export CT2N_TARBALL := 451ccf439a36a568653b024534669971-ConvertTextToNumber-1.3.2.oxt
-export CURL_TARBALL := 57409d6bf0bd97053b8378dbe0cadcef-curl-7.33.0.tar.bz2
export DBGHELP_DLL := 13fbc2e8b37ddf28181dd6d8081c2b8e-dbghelp.dll
export EPM_TARBALL := 3ade8cfe7e59ca8e65052644fed9fca4-epm-3.7.tar.gz
export FONTCONFIG_TARBALL := 77e15a92006ddc2adbb06f840d591c0e-fontconfig-2.8.0.tar.gz
diff --git a/external/curl/NSS-support-for-CERTINFO-feature.patch b/external/curl/NSS-support-for-CERTINFO-feature.patch
deleted file mode 100644
index 7976a08685e4..000000000000
--- a/external/curl/NSS-support-for-CERTINFO-feature.patch
+++ /dev/null
@@ -1,391 +0,0 @@
-From f6c335d63f2da025a0a3efde1fe59e3bb7189b70 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <pm at datasphere.ch>
-Date: Wed, 30 Oct 2013 11:12:06 +0100
-Subject: [PATCH] NSS: support for CERTINFO feature
-
----
- docs/libcurl/curl_easy_getinfo.3 | 6 +--
- docs/libcurl/curl_easy_setopt.3 | 5 +-
- lib/hostcheck.c | 4 +-
- lib/nss.c | 46 ++++++++++++++++--
- lib/url.c | 3 +-
- lib/x509asn1.c | 100 +++++++++++++++++++++++++--------------
- lib/x509asn1.h | 4 +-
- 7 files changed, 119 insertions(+), 49 deletions(-)
-
-diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3
-index 62d8ae4..db0f4d6 100644
---- a/docs/libcurl/curl_easy_getinfo.3
-+++ b/docs/libcurl/curl_easy_getinfo.3
-@@ -5,7 +5,7 @@
- .\" * | (__| |_| | _ <| |___
- .\" * \___|\___/|_| \_\_____|
- .\" *
--.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel at haxx.se>, et al.
-+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel at haxx.se>, et al.
- .\" *
- .\" * This software is licensed as described in the file COPYING, which
- .\" * you should have received as part of this distribution. The terms
-@@ -219,8 +219,8 @@ done. The struct reports how many certs it found and then you can extract info
- for each of those certs by following the linked lists. The info chain is
- provided in a series of data in the format "name:content" where the content is
- for the specific named data. See also the certinfo.c example. NOTE: this
--option is only available in libcurl built with OpenSSL support. (Added in
--7.19.1)
-+option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL
-+support. (Added in 7.19.1)
- .IP CURLINFO_CONDITION_UNMET
- Pass a pointer to a long to receive the number 1 if the condition provided in
- the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if
-diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
-index f58c8fb..2887483 100644
---- a/docs/libcurl/curl_easy_setopt.3
-+++ b/docs/libcurl/curl_easy_setopt.3
-@@ -2549,9 +2549,10 @@ is ignored.
-
- .IP CURLOPT_CERTINFO
- Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
--this enabled, libcurl (if built with OpenSSL) will extract lots of information
-+this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will
-+extract lots of information
- and data about the certificates in the certificate chain used in the SSL
--connection. This data is then possible to extract after a transfer using
-+connection. This data may then be retrieved after a transfer using
- \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in
- 7.19.1)
- .IP CURLOPT_RANDOM_FILE
-diff --git a/lib/hostcheck.c b/lib/hostcheck.c
-index abd1fa0..4be5baa 100644
---- a/lib/hostcheck.c
-+++ b/lib/hostcheck.c
-@@ -23,7 +23,7 @@
- #include "curl_setup.h"
-
- #if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
-- defined(USE_GSKIT)
-+ defined(USE_GSKIT) || defined(USE_NSS)
- /* these backends use functions from this file */
-
- #include "hostcheck.h"
-@@ -94,4 +94,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
- return 0;
- }
-
--#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */
-+#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT or NSS */
-diff --git a/lib/nss.c b/lib/nss.c
-index 43576e6..2562fcf 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -653,6 +653,10 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
- SSLChannelInfo channel;
- SSLCipherSuiteInfo suite;
- CERTCertificate *cert;
-+ CERTCertificate *cert2;
-+ CERTCertificate *cert3;
-+ PRTime now;
-+ int i;
-
- if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==
- SECSuccess && channel.length == sizeof channel &&
-@@ -663,11 +667,45 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
- }
- }
-
-- infof(conn->data, "Server certificate:\n");
--
- cert = SSL_PeerCertificate(sock);
-- display_cert_info(conn->data, cert);
-- CERT_DestroyCertificate(cert);
-+
-+ if(cert) {
-+ infof(conn->data, "Server certificate:\n");
-+
-+ if(!conn->data->set.ssl.certinfo) {
-+ display_cert_info(conn->data, cert);
-+ CERT_DestroyCertificate(cert);
-+ }
-+ else {
-+ /* Count certificates in chain. */
-+ now = PR_Now();
-+ i = 1;
-+ if(!cert->isRoot) {
-+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
-+ while(cert2) {
-+ i++;
-+ if(cert2->isRoot) {
-+ CERT_DestroyCertificate(cert2);
-+ break;
-+ }
-+ cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
-+ CERT_DestroyCertificate(cert2);
-+ cert2 = cert3;
-+ }
-+ }
-+ Curl_ssl_init_certinfo(conn->data, i);
-+ for(i = 0; cert; cert = cert2) {
-+ Curl_extract_certinfo(conn, i++, cert->derCert.data,
-+ cert->derCert.data + cert->derCert.len);
-+ if(cert->isRoot) {
-+ CERT_DestroyCertificate(cert);
-+ break;
-+ }
-+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
-+ CERT_DestroyCertificate(cert);
-+ }
-+ }
-+ }
-
- return;
- }
-diff --git a/lib/url.c b/lib/url.c
-index e86fbc2..03c7607 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -1926,7 +1926,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
- data->set.ssl.fsslctxp = va_arg(param, void *);
- break;
- #endif
--#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT)
-+#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) || \
-+ defined(USE_NSS)
- case CURLOPT_CERTINFO:
- data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-diff --git a/lib/x509asn1.c b/lib/x509asn1.c
-index 94b89b2..d6aa045 100644
---- a/lib/x509asn1.c
-+++ b/lib/x509asn1.c
-@@ -22,7 +22,7 @@
-
- #include "curl_setup.h"
-
--#if defined(USE_QSOSSL) || defined(USE_GSKIT)
-+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
-
- #include <curl/curl.h>
- #include "urldata.h"
-@@ -803,7 +803,7 @@ static const char * dumpAlgo(curl_asn1Element * param,
- return OID2str(oid.beg, oid.end, TRUE);
- }
-
--static void do_pubkey_field(struct SessionHandle *data, int certnum,
-+static void do_pubkey_field(struct SessionHandle * data, int certnum,
- const char * label, curl_asn1Element * elem)
- {
- const char * output;
-@@ -812,8 +812,10 @@ static void do_pubkey_field(struct SessionHandle *data, int certnum,
-
- output = Curl_ASN1tostr(elem, 0);
- if(output) {
-- Curl_ssl_push_certinfo(data, certnum, label, output);
-- infof(data, " %s: %s\n", label, output);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, label, output);
-+ if(!certnum)
-+ infof(data, " %s: %s\n", label, output);
- free((char *) output);
- }
- }
-@@ -845,11 +847,14 @@ static void do_pubkey(struct SessionHandle * data, int certnum,
- len--;
- if(len > 32)
- elem.beg = q; /* Strip leading zero bytes. */
-- infof(data, " RSA Public Key (%lu bits)\n", len);
-- q = curl_maprintf("%lu", len);
-- if(q) {
-- Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
-- free((char *) q);
-+ if(!certnum)
-+ infof(data, " RSA Public Key (%lu bits)\n", len);
-+ if(data->set.ssl.certinfo) {
-+ q = curl_maprintf("%lu", len);
-+ if(q) {
-+ Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
-+ free((char *) q);
-+ }
- }
- /* Generate coefficients. */
- do_pubkey_field(data, certnum, "rsa(n)", &elem);
-@@ -896,6 +901,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- size_t i;
- size_t j;
-
-+ if(!data->set.ssl.certinfo)
-+ if(certnum)
-+ return CURLE_OK;
-+
- /* Prepare the certificate information for curl_easy_getinfo(). */
-
- /* Extract the certificate ASN.1 elements. */
-@@ -905,35 +914,44 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- ccp = Curl_DNtostr(&cert.subject);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Subject", ccp);
-- infof(data, "%2d Subject: %s\n", certnum, ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Subject", ccp);
-+ if(!certnum)
-+ infof(data, "%2d Subject: %s\n", certnum, ccp);
- free((char *) ccp);
-
- /* Issuer. */
- ccp = Curl_DNtostr(&cert.issuer);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp);
-- infof(data, " Issuer: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp);
-+ if(!certnum)
-+ infof(data, " Issuer: %s\n", ccp);
- free((char *) ccp);
-
- /* Version (always fits in less than 32 bits). */
- version = 0;
- for(ccp = cert.version.beg; ccp < cert.version.end; ccp++)
- version = (version << 8) | *(const unsigned char *) ccp;
-- ccp = curl_maprintf("%lx", version);
-- if(!ccp)
-- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
-- free((char *) ccp);
-- infof(data, " Version: %lu (0x%lx)\n", version + 1, version);
-+ if(data->set.ssl.certinfo) {
-+ ccp = curl_maprintf("%lx", version);
-+ if(!ccp)
-+ return CURLE_OUT_OF_MEMORY;
-+ Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
-+ free((char *) ccp);
-+ }
-+ if(!certnum)
-+ infof(data, " Version: %lu (0x%lx)\n", version + 1, version);
-
- /* Serial number. */
- ccp = Curl_ASN1tostr(&cert.serialNumber, 0);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp);
-- infof(data, " Serial Number: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp);
-+ if(!certnum)
-+ infof(data, " Serial Number: %s\n", ccp);
- free((char *) ccp);
-
- /* Signature algorithm .*/
-@@ -941,24 +959,30 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- cert.signatureAlgorithm.end);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
-- infof(data, " Signature Algorithm: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
-+ if(!certnum)
-+ infof(data, " Signature Algorithm: %s\n", ccp);
- free((char *) ccp);
-
- /* Start Date. */
- ccp = Curl_ASN1tostr(&cert.notBefore, 0);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp);
-- infof(data, " Start Date: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp);
-+ if(!certnum)
-+ infof(data, " Start Date: %s\n", ccp);
- free((char *) ccp);
-
- /* Expire Date. */
- ccp = Curl_ASN1tostr(&cert.notAfter, 0);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp);
-- infof(data, " Expire Date: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp);
-+ if(!certnum)
-+ infof(data, " Expire Date: %s\n", ccp);
- free((char *) ccp);
-
- /* Public Key Algorithm. */
-@@ -966,8 +990,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- cert.subjectPublicKeyAlgorithm.end);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp);
-- infof(data, " Public Key Algorithm: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp);
-+ if(!certnum)
-+ infof(data, " Public Key Algorithm: %s\n", ccp);
- do_pubkey(data, certnum, ccp, ¶m, &cert.subjectPublicKey);
- free((char *) ccp);
-
-@@ -977,8 +1003,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- ccp = Curl_ASN1tostr(&cert.signature, 0);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
-- Curl_ssl_push_certinfo(data, certnum, "Signature", ccp);
-- infof(data, " Signature: %s\n", ccp);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Signature", ccp);
-+ if(!certnum)
-+ infof(data, " Signature: %s\n", ccp);
- free((char *) ccp);
-
- /* Generate PEM certificate. */
-@@ -987,7 +1015,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- &cp1, &cl1);
- if(cc != CURLE_OK)
- return cc;
-- /* Compute the number of charaters in final certificate string. Format is:
-+ /* Compute the number of characters in final certificate string. Format is:
- -----BEGIN CERTIFICATE-----\n
- <max 64 base64 characters>\n
- .
-@@ -1008,8 +1036,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
- i += copySubstring(cp2 + i, "-----END CERTIFICATE-----");
- cp2[i] = '\0';
- free(cp1);
-- Curl_ssl_push_certinfo(data, certnum, "Cert", cp2);
-- infof(data, "%s\n", cp2);
-+ if(data->set.ssl.certinfo)
-+ Curl_ssl_push_certinfo(data, certnum, "Cert", cp2);
-+ if(!certnum)
-+ infof(data, "%s\n", cp2);
- free(cp2);
- return CURLE_OK;
- }
-@@ -1148,4 +1178,4 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
- return CURLE_PEER_FAILED_VERIFICATION;
- }
-
--#endif /* USE_QSOSSL or USE_GSKIT */
-+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
-diff --git a/lib/x509asn1.h b/lib/x509asn1.h
-index 2276b5b..1741d6d 100644
---- a/lib/x509asn1.h
-+++ b/lib/x509asn1.h
-@@ -25,7 +25,7 @@
-
- #include "curl_setup.h"
-
--#if defined(USE_QSOSSL) || defined(USE_GSKIT)
-+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS)
-
- #include "urldata.h"
-
-@@ -125,5 +125,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
- CURLcode Curl_verifyhost(struct connectdata * conn,
- const char * beg, const char * end);
-
--#endif /* USE_QSOSSL or USE_GSKIT */
-+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
- #endif /* HEADER_CURL_X509ASN1_H */
---
-1.8.4.2
-
diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk
index f6542e5217f8..2e4d4cc1283c 100644
--- a/external/curl/UnpackedTarball_curl.mk
+++ b/external/curl/UnpackedTarball_curl.mk
@@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\
external/curl/curl-msvc-schannel.patch.1 \
external/curl/curl-7.26.0_mingw.patch \
external/curl/curl-7.26.0_win-proxy.patch \
- external/curl/NSS-support-for-CERTINFO-feature.patch \
))
ifeq ($(OS),ANDROID)
diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch
index 26c42f7c56e7..99402a437e5a 100644
--- a/external/curl/curl-7.26.0_win-proxy.patch
+++ b/external/curl/curl-7.26.0_win-proxy.patch
@@ -117,14 +117,11 @@
char proxy_env[128];
no_proxy=curl_getenv("no_proxy");
-@@ -4189,9 +4265,9 @@ static char *detect_proxy(struct connectdata *conn)
+@@ -4189,6 +4265,7 @@ static char *detect_proxy(struct connectdata *conn)
}
} /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
non-proxy */
+#endif /* WIN32 */
- if(no_proxy)
- free(no_proxy);
--
- #else /* !CURL_DISABLE_HTTP */
+ free(no_proxy);
- (void)conn;
+ #else /* !CURL_DISABLE_HTTP */
diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1
index 68af66d6dd2f..1091a762a5e8 100644
--- a/external/curl/curl-msvc-schannel.patch.1
+++ b/external/curl/curl-msvc-schannel.patch.1
@@ -11,11 +11,11 @@ MSVC: use WNT native Schannel SSL/TLS implementation
CFGSET = TRUE
RESOURCE = $(DIROBJ)\libcurl.res
!ENDIF
-@@ -411,7 +411,7 @@
+@@ -427,7 +427,7 @@
TARGET = $(LIBCURL_DYN_LIB_DBG)
DIROBJ = $(CFG)
LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB)
--CC = $(CCDEBUG) $(RTLIBD)
+-CC = $(CCDEBUG) $(RTLIBD)
+CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL)
CFGSET = TRUE
RESOURCE = $(DIROBJ)\libcurl.res
More information about the Libreoffice-commits
mailing list