download.lst | 8 +- external/curl/CVE-2018-14618.patch | 34 --------- external/curl/CVE-2018-16890.patch | 30 -------- external/curl/CVE-2019-3822.patch | 35 --------- external/curl/ExternalPackage_curl.mk | 2 external/curl/ExternalProject_curl.mk | 31 ++------ external/curl/UnpackedTarball_curl.mk | 10 +- external/curl/clang-cl.patch.0 | 11 ++ external/curl/curl-msvc.patch.1 | 8 +- external/curl/zlib.patch.0 | 90 ++++++++++++++++++++++++ external/nss/UnpackedTarball_nss.mk | 1 external/nss/nss-no-c99.patch | 44 ----------- external/nss/nss.aix.patch | 2 external/nss/nss.patch | 125 +++++++++++++--------------------- external/nss/nss.windowbuild.patch.0 | 55 -------------- solenv/gbuild/UnpackedTarball.mk | 11 ++ 16 files changed, 190 insertions(+), 307 deletions(-)
New commits: commit b4a3da2b8d37d609aac5f1a73ea611229b20e0b4 Author: Michael Stahl <[email protected]> AuthorDate: Mon Nov 25 12:34:28 2019 +0100 Commit: Gabor Kelemen <[email protected]> CommitDate: Sun Jun 19 10:53:27 2022 +0200 nss: upgrade to release 3.47.1 Fixes CVE-2019-11745. Remove nss.fix-freebl-add-lcc-support.patch.1, fixed upstream. Reviewed-on: https://gerrit.libreoffice.org/83673 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit a6238c3fba80889f9090d997e2a4979b78b34ac7) Change-Id: I72e35c90fabb0a83f547a787dbaee774e35f9c08 diff --git a/download.lst b/download.lst index f5f3fbefbecd..12fea73facdd 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := 2f7dab8f5b85b1494f6bec2cc32a1f5c -export NSS_TARBALL := nss-3.45-with-nspr-4.21.tar.gz +NSS_MD5SUM := 9bc54feb6f1e39c60932f668d3caab5e +export NSS_TARBALL := nss-3.47.1-with-nspr-4.23.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/nss.aix.patch b/external/nss/nss.aix.patch index da9aacb10e84..4b0c6bfb3261 100644 --- a/external/nss/nss.aix.patch +++ b/external/nss/nss.aix.patch @@ -38,7 +38,7 @@ diff -ru a/nspr/pr/src/Makefile.in b/nspr/pr/src/Makefile.in --- a/a/nspr/pr/src/Makefile.in 2014-09-29 16:46:35.281395079 +0100 +++ b/b/nspr/pr/src/Makefile.in 2014-09-29 16:50:33.909375948 +0100 @@ -74,7 +74,6 @@ - endif + endif # SunOS ifeq ($(OS_ARCH),AIX) -DSO_LDOPTS += -binitfini::_PR_Fini diff --git a/external/nss/nss.patch b/external/nss/nss.patch index 62e4bc769073..a58152bb1dc5 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -12,14 +12,14 @@ --- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530 +++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530 @@ -438,7 +438,7 @@ - char *buf = *bufp; - PRIntn buflen = *buflenp; + char *buf = *bufp; + PRIntn buflen = *buflenp; -- if (align && ((long)buf & (align - 1))) { -+ if (align && ((ptrdiff_t)buf & (align - 1))) { - PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); - if (buflen < skip) { - return 0; +- if (align && ((long)buf & (align - 1))) { ++ if (align && ((ptrdiff_t)buf & (align - 1))) { + PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); + if (buflen < skip) { + return 0; --- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530 +++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530 @@ -10,17 +10,22 @@ commit 45350846d10771570ddd591adf8df2655624249a Author: Michael Stahl <[email protected]> AuthorDate: Wed Jul 10 12:20:00 2019 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Sun Jun 19 10:40:46 2022 +0200 nss: upgrade to release 3.45 Fixes CVE-2019-11729 CVE-2019-11719 CVE-2019-11727, and the less important CVE-2018-12384 and CVE-2018-12404 from intermediate releases. Since NSS 3.44 it's possible to build as static libraries and for iOS; drop the nss-chromium-nss-static.patch and nss-more-static.patch and hope that it works. Drop one hunk from nss.patch that looks fixed upstream. Reviewed-on: https://gerrit.libreoffice.org/75344 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 6efc8a33f69bc7f4be45b7b81f67cd74c163b99e) Change-Id: I7f37ac36f7f8dfd49d0bfb4a6185ca49d4f618a3 Reviewed-on: https://gerrit.libreoffice.org/75410 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Michael Stahl <[email protected]> diff --git a/download.lst b/download.lst index 03778a89e941..f5f3fbefbecd 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := cd649be8ee61fe15d64d7bef361b37ba -export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz +NSS_MD5SUM := 2f7dab8f5b85b1494f6bec2cc32a1f5c +export NSS_TARBALL := nss-3.45-with-nspr-4.21.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/nss.patch b/external/nss/nss.patch index a933912d3408..62e4bc769073 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -153,16 +153,3 @@ #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public -@@ -89,10 +91,10 @@ - NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ - endif - ifdef CC --NSPR_CONFIGURE_ENV = CC=$(CC) -+NSPR_CONFIGURE_ENV = CC="$(CC) " - endif - ifdef CCC --NSPR_CONFIGURE_ENV += CXX=$(CCC) -+NSPR_CONFIGURE_ENV += CXX="$(CCC) " - endif - # Remove -arch definitions. NSPR can't handle that. - NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV)) commit 70514a85d79d0a3ae2738aa6b170aeafb5d8a258 Author: Michael Stahl <[email protected]> AuthorDate: Tue Aug 7 18:11:41 2018 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Sun Jun 19 10:02:47 2022 +0200 nss: upgrade to release 3.38 Fixes CVE-2018-0495 and "the ASN.1 code". (Remove one hunk of nss-android.patch.1 that should be obsolete with the current Android toolchain baseline (but that hunk didn't exist in libreoffice-6-0 or older anyway).) Reviewed-on: https://gerrit.libreoffice.org/58697 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 3ef76067bfa1f9f60ec3989bd6b40a5760137903) Reviewed-on: https://gerrit.libreoffice.org/58722 Reviewed-by: Miklos Vajna <[email protected]> (cherry picked from commit e4874f777048535650a2bb1ce875e1a6e3e4b7ef) Change-Id: I5516edec17b72f53acd2749e8840805eead077bc diff --git a/download.lst b/download.lst index 32d64c381c21..03778a89e941 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := b47a61cb90571c0b88a531037114685a -export NSS_TARBALL := nss-3.31.1-with-nspr-4.15.tar.gz +NSS_MD5SUM := cd649be8ee61fe15d64d7bef361b37ba +export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/nss-no-c99.patch b/external/nss/nss-no-c99.patch index eb686145e4e9..8992ecb9aaa9 100644 --- a/external/nss/nss-no-c99.patch +++ b/external/nss/nss-no-c99.patch @@ -1475,31 +1475,6 @@ 64, } }; ---- a/nss/nss/lib/freebl/ecl/curve25519_64.c 2017-04-06 16:14:46.000000000 +0200 -+++ b/nss/nss/lib/freebl/ecl/curve25519_64.c 2018-05-22 19:18:07.482457400 +0200 -@@ -38,17 +38,17 @@ - const int64_t *in = (const int64_t *)iin; - int64_t *out = (int64_t *)ioutput; - -+ // An arithmetic shift right of 63 places turns a positive number to 0 and a -+ // negative number to all 1's. This gives us a bitmask that lets us avoid -+ // side-channel prone branches. -+ int64_t t; -+ - out[0] = in[0] - out[0]; - out[1] = in[1] - out[1]; - out[2] = in[2] - out[2]; - out[3] = in[3] - out[3]; - out[4] = in[4] - out[4]; - -- // An arithmetic shift right of 63 places turns a positive number to 0 and a -- // negative number to all 1's. This gives us a bitmask that lets us avoid -- // side-channel prone branches. -- int64_t t; -- - #define NEGCHAIN(a, b) \ - t = out[a] >> 63; \ - out[a] += twotothe51 & t; \ --- a/nss/nss/lib/softoken/pkcs11c.c 2017-04-06 16:14:46.000000000 +0200 +++ b/nss/nss/lib/softoken/pkcs11c.c 2018-05-22 19:43:15.154079800 +0200 @@ -5105,10 +5105,11 @@ @@ -1517,22 +1492,3 @@ if (!pubValue) { crv = CKR_ARGUMENTS_BAD; goto ecgn_done; ---- a/nss/nss/lib/ssl/ssl3con.c 2017-04-06 16:14:46.000000000 +0200 -+++ b/nss/nss/lib/ssl/ssl3con.c 2018-05-22 20:19:16.542798900 +0200 -@@ -2261,6 +2261,7 @@ - { - const ssl3MACDef *mac_def; - SECStatus rv; -+ PK11Context *mac_context; - - PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen)); - PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength)); -@@ -2271,7 +2272,7 @@ - return SECSuccess; - } - -- PK11Context *mac_context = -+ mac_context = - (useServerMacKey ? spec->server.write_mac_context - : spec->client.write_mac_context); - rv = PK11_DigestBegin(mac_context); commit be451f7e8f2ecc799211337eda50323cbda822e5 Author: Michael Stahl <[email protected]> AuthorDate: Fri Apr 21 14:41:53 2017 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Jun 17 17:37:26 2022 +0200 nss: try to remove nss.windowbuild.patch.0 It's not obvious to me what problem this solves. Maybe the problem no longer exsists in the new upstream release? Change-Id: I16762e0024536afb821eac70c6ba3929d5b8927a Reviewed-on: https://gerrit.libreoffice.org/36798 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Michael Stahl <[email protected]> diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 59b6147a5142..e35aeda0cd94 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -16,7 +16,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.aix.patch \ external/nss/nss-3.13.5-zlib-werror.patch \ $(if $(filter WNTMSC,$(OS)$(COM)),external/nss/nss.windows.patch) \ - external/nss/nss.windowbuild.patch.0 \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ $(if $(findstring 120_70,$(VCVER)_$(WINDOWS_SDK_VERSION)), \ diff --git a/external/nss/nss.windowbuild.patch.0 b/external/nss/nss.windowbuild.patch.0 deleted file mode 100644 index c25ff4d6437b..000000000000 --- a/external/nss/nss.windowbuild.patch.0 +++ /dev/null @@ -1,55 +0,0 @@ ---- ./nss/gtests/ssl_gtest/tls_connect.cc -+++ ./nss/gtests/ssl_gtest/tls_connect.cc -@@ -375,6 +375,12 @@ - } - } - -+// A simple value of "a", "b". Note that the preferred value of "a" is placed -+// at the end, because the NSS API follows the now defunct NPN specification, -+// which places the preferred (and default) entry at the end of the list. -+// NSS will move this final entry to the front when used with ALPN. -+const uint8_t alpn_dummy_val_[4] = { 0x01, 0x62, 0x01, 0x61 }; -+ - void TlsConnectTestBase::EnableAlpn() { - client_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_)); - server_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_)); ---- ./nss/gtests/ssl_gtest/tls_connect.h -+++ ./nss/gtests/ssl_gtest/tls_connect.h -@@ -113,12 +113,6 @@ - SessionResumptionMode expected_resumption_mode_; - std::vector<std::vector<uint8_t>> session_ids_; - -- // A simple value of "a", "b". Note that the preferred value of "a" is placed -- // at the end, because the NSS API follows the now defunct NPN specification, -- // which places the preferred (and default) entry at the end of the list. -- // NSS will move this final entry to the front when used with ALPN. -- const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61}; -- - private: - static inline Mode ToMode(const std::string& str) { - return str == "TLS" ? STREAM : DGRAM; ---- ./nss/gtests/ssl_gtest/ssl_loopback_unittest.cc -+++ ./nss/gtests/ssl_gtest/ssl_loopback_unittest.cc -@@ -51,6 +51,12 @@ - CheckAlpn("a"); - } - -+// A simple value of "a", "b". Note that the preferred value of "a" is placed -+// at the end, because the NSS API follows the now defunct NPN specification, -+// which places the preferred (and default) entry at the end of the list. -+// NSS will move this final entry to the front when used with ALPN. -+const uint8_t alpn_dummy_val_[4] = { 0x01, 0x62, 0x01, 0x61 }; -+ - TEST_P(TlsConnectGeneric, ConnectAlpnClone) { - EnsureModelSockets(); - client_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_)); ---- ./nss/gtests/ssl_gtest/databuffer.h -+++ ./nss/gtests/ssl_gtest/databuffer.h -@@ -10,6 +10,7 @@ - #include <algorithm> - #include <cassert> - #include <cstring> -+#include <cstdint> - #include <iomanip> - #include <iostream> - #if defined(WIN32) || defined(WIN64) commit ba479325c1e1e9f8344ec7ff6cbbeaf0600b2a6c Author: Gautam Prajapati <[email protected]> AuthorDate: Mon Aug 28 18:17:29 2017 +0530 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Jun 17 16:27:47 2022 +0200 nss: Upgrade to release 3.31.1 and update patches This commit updates the NSS to release 3.31.1 and NSPR to 4.15. It also updates the external/nss/nss.patch and external/nss/nss-android.patch to incorporate the NSS source changes. Reviewed-on: https://gerrit.libreoffice.org/41636 Tested-by: Jenkins <[email protected]> Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit c6df07f905cd9562132b06e44f90b0479b250f7a) Change-Id: Icdd933b67e717f8d91622cd5f6001e34e261b746 diff --git a/download.lst b/download.lst index b1f11e09aadf..32d64c381c21 100644 --- a/download.lst +++ b/download.lst @@ -34,8 +34,8 @@ LIBEOT_MD5SUM := aa24f5dd2a2992f4a116aa72af817548 export LIBEOT_TARBALL := libeot-0.01.tar.bz2 LANGTAGREG_MD5SUM := 504af523f5d1a5590bbeb6a4b55e8a97 export LANGTAGREG_TARBALL := language-subtag-registry-2014-03-27.tar.bz2 -NSS_MD5SUM := e55ee06b22687df68fafc6a30c0554b2 -export NSS_TARBALL := nss-3.29.5-with-nspr-4.13.1.tar.gz +NSS_MD5SUM := b47a61cb90571c0b88a531037114685a +export NSS_TARBALL := nss-3.31.1-with-nspr-4.15.tar.gz PYTHON_MD5SUM := 803a75927f8f241ca78633890c798021 export PYTHON_TARBALL := Python-3.3.5.tgz OPENSSL_MD5SUM := 44279b8557c3247cbe324e2322ecd114 diff --git a/external/nss/nss.patch b/external/nss/nss.patch index 4995d165c00c..a933912d3408 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -1,5 +1,16 @@ ---- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2016-02-12 14:51:25.000000000 +0100 -+++ b/nss/nspr/pr/src/misc/prnetdb.c 2016-03-04 19:23:00.462892600 +0100 +--- a/a/nspr/configure 2017-08-29 23:44:13.686045013 +0530 ++++ b/b/nspr/configure 2017-08-29 23:46:53.774768655 +0530 +@@ -7034,7 +7034,7 @@ + PR_MD_CSRCS=linux.c + MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' + DSO_CFLAGS=-fPIC +- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)' ++ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)' + _OPTIMIZE_FLAGS=-O2 + _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that + # combo is not yet good at debugging inlined +--- a/nss.orig/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:44:13.690045031 +0530 ++++ b/nss/nspr/pr/src/misc/prnetdb.c 2017-08-29 23:47:03.810814019 +0530 @@ -438,7 +438,7 @@ char *buf = *bufp; PRIntn buflen = *buflenp; @@ -9,21 +20,8 @@ PRIntn skip = align - ((ptrdiff_t)buf & (align - 1)); if (buflen < skip) { return 0; -diff -ru a/nspr/configure b/nspr/configure ---- a/a/nspr/configure 2014-09-29 16:46:38.427423757 +0100 -+++ b/b/nspr/configure 2014-09-29 16:47:42.984012225 +0100 -@@ -7018,7 +7018,7 @@ - PR_MD_CSRCS=linux.c - MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' - DSO_CFLAGS=-fPIC -- DSO_LDOPTS='-shared -Wl,-soname -Wl,$(notdir $@)' -+ DSO_LDOPTS='-shared -Wl,-z,origin -Wl,-rpath,\$$ORIGIN -Wl,-soname -Wl,$(notdir $@)' - _OPTIMIZE_FLAGS=-O2 - _DEBUG_FLAGS="-g -fno-inline" # most people on linux use gcc/gdb, and that - # combo is not yet good at debugging inlined -diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk ---- a/a/nss/cmd/platlibs.mk 2014-09-29 16:46:38.306422654 +0100 -+++ b/b/nss/cmd/platlibs.mk 2014-09-29 16:47:42.987012253 +0100 +--- a/a/nss/cmd/platlibs.mk 2017-08-29 23:44:13.554044416 +0530 ++++ b/b/nss/cmd/platlibs.mk 2017-08-29 23:46:09.638569150 +0530 @@ -10,17 +10,22 @@ ifeq ($(OS_ARCH), SunOS) @@ -51,10 +49,9 @@ diff -ru a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk endif endif -diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk ---- a/nss.orig/nss/coreconf/arch.mk 2016-02-12 15:36:18.000000000 +0100 -+++ b/nss/nss/coreconf/arch.mk 2016-02-23 20:48:31.595941079 +0100 -@@ -280,11 +280,17 @@ +--- a/nss.org/nss/coreconf/arch.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/arch.mk 2017-08-29 23:45:51.494487134 +0530 +@@ -305,11 +305,17 @@ OBJDIR_NAME_COMPILER = $(COMPILER_TAG) endif OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG) @@ -74,9 +71,8 @@ diff -ru nss.orig/nss/coreconf/arch.mk nss/nss/coreconf/arch.mk # # Define USE_DEBUG_RTL if you want to use the debug runtime library # (RTL) in the debug build -diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk ---- a/a/nss/coreconf/FreeBSD.mk 2014-09-29 16:46:38.189421588 +0100 -+++ b/b/nss/coreconf/FreeBSD.mk 2014-09-29 16:47:42.984012225 +0100 +--- a/nss.org/nss/coreconf/FreeBSD.mk 2017-08-29 23:44:13.642044814 +0530 ++++ b/nss/nss/coreconf/FreeBSD.mk 2017-08-29 23:45:20.850348615 +0530 @@ -25,6 +25,7 @@ DSO_CFLAGS = -fPIC @@ -85,19 +81,18 @@ diff -ru a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk # # The default implementation strategy for FreeBSD is pthreads. -diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk ---- a/a/nss/coreconf/Linux.mk 2014-09-29 16:46:38.189421588 +0100 -+++ b/b/nss/coreconf/Linux.mk 2014-09-29 16:47:42.985012235 +0100 -@@ -157,7 +160,7 @@ +--- a/nss.org/nss/coreconf/Linux.mk 2017-08-29 23:44:13.642044814 +0530 ++++ b/nss/nss/coreconf/Linux.mk 2017-08-29 23:47:26.318915759 +0530 +@@ -147,7 +147,7 @@ + # Also, -z defs conflicts with Address Sanitizer, which emits relocations # against the libsanitizer runtime built into the main executable. ZDEFS_FLAG = -Wl,-z,defs - ifneq ($(USE_ASAN),1) -DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' - endif - LDFLAGS += $(ARCHFLAG) ++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' + LDFLAGS += $(ARCHFLAG) -z noexecstack -@@ -189,8 +192,13 @@ + # On Maemo, we need to use the -rpath-link flag for even the standard system +@@ -177,8 +177,13 @@ endif endif @@ -111,9 +106,8 @@ diff -ru a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk # The -rpath '$$ORIGIN' linker option instructs this library to search for its # dependencies in the same directory where it resides. -diff -ru a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk ---- a/a/nss/coreconf/rules.mk 2014-09-29 16:46:38.188421578 +0100 -+++ b/b/nss/coreconf/rules.mk 2014-09-29 16:47:42.986012244 +0100 +--- a/nss.org/nss/coreconf/rules.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/rules.mk 2017-08-29 23:47:37.442966042 +0530 @@ -261,7 +261,7 @@ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) $(AR) $(subst /,\\,$(OBJS)) @@ -123,34 +117,43 @@ diff -ru a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk endif $(RANLIB) $@ -diff -ru a/nss/coreconf/SunOS5.mk b/nss/coreconf/SunOS5.mk ---- a/a/nss/coreconf/SunOS5.mk 2014-09-29 16:46:38.175421471 +0100 -+++ b/b/nss/coreconf/SunOS5.mk 2014-09-29 16:47:42.985012235 +0100 -@@ -48,8 +48,12 @@ +--- a/nss.org/nss/coreconf/SunOS5.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/SunOS5.mk 2017-08-29 23:45:00.902258445 +0530 +@@ -48,8 +48,11 @@ # OPTIMIZER += -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer endif else - CC = cc - CCC = CC -+# CC is taken from environment automatically. -+# CC = cc -+# Use CXX from environment. -+# CCC = CC -+ CCC = $(CXX) -+ ++ # CC is taken from environment automatically. ++ # CC = cc ++ # Use CXX from environment. ++ # CCC = CC ++ CCC = $(CXX) ASFLAGS += -Wa,-P OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG) ifndef BUILD_OPT -diff -ru a/nss/Makefile b/nss/Makefile ---- a/a/nss/Makefile 2014-09-29 16:46:38.171421425 +0100 -+++ b/b/nss/Makefile 2014-09-29 16:47:42.987012253 +0100 +--- a/nss.org/nss/coreconf/Werror.mk 2017-08-29 23:44:13.646044832 +0530 ++++ b/nss/nss/coreconf/Werror.mk 2017-08-29 23:44:23.994091608 +0530 +@@ -94,7 +94,8 @@ + endif #ndef NSS_ENABLE_WERROR + + ifeq ($(NSS_ENABLE_WERROR),1) +- WARNING_CFLAGS += -Werror ++ # We do not treat warnings as errors. ++ # WARNING_CFLAGS += -Werror + else + # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. + # Use this to disable use of that #pragma and the warnings it suppresses. +--- a/nss.org/nss/Makefile 2017-08-29 23:44:13.402043729 +0530 ++++ b/nss/nss/Makefile 2017-08-29 23:44:39.774162939 +0530 @@ -1,3 +1,5 @@ +export AR +export RANLIB #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public -@@ -91,10 +91,10 @@ +@@ -89,10 +91,10 @@ NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ endif ifdef CC @@ -163,16 +166,3 @@ diff -ru a/nss/Makefile b/nss/Makefile endif # Remove -arch definitions. NSPR can't handle that. NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV)) -diff -ru nss.orig/nss/coreconf/Werror.mk nss/nss/coreconf/Werror.mk ---- a/nss.orig/nss/coreconf/Werror.mk 2016-02-12 15:36:18.000000000 +0100 -+++ b/nss/nss/coreconf/Werror.mk 2016-02-23 23:58:15.119584046 +0100 -@@ -94,7 +94,8 @@ - endif #ndef NSS_ENABLE_WERROR - - ifeq ($(NSS_ENABLE_WERROR),1) -- WARNING_CFLAGS += -Werror -+# We do not treat warnings as errors. -+# WARNING_CFLAGS += -Werror - else - # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. - # Use this to disable use of that #pragma and the warnings it suppresses. commit 72929c01dc4028c4896b344a314e2622aa793d43 Author: Gabor Kelemen <[email protected]> AuthorDate: Fri Jun 17 14:15:11 2022 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Jun 17 14:15:11 2022 +0200 [allotropia] Enable support for xz archives on CentOS5 Old tar can't do unpacking xz in one go so call that separately Thanks Michael Stahl for the patch! Change-Id: Icfafafa5caed78b09f6a19ecf3621f412bed8081 diff --git a/solenv/gbuild/UnpackedTarball.mk b/solenv/gbuild/UnpackedTarball.mk index 536347503044..0001c5cedecb 100644 --- a/solenv/gbuild/UnpackedTarball.mk +++ b/solenv/gbuild/UnpackedTarball.mk @@ -37,6 +37,15 @@ $(GNUTAR) \ -f $(UNPACKED_TARBALL) endef +define gb_UnpackedTarget__command_untarxz +< $(UNPACKED_TARBALL) \ +xz -d \ +| $(GNUTAR) \ + -x \ + -C $(UNPACKED_DIR) \ + $(STRIP_COMPONENTS)=$(UNPACKED_STRIP_COMPONENTS) +endef + define gb_UnpackedTarget__command_unzip unzip \ -qq \ @@ -65,7 +74,7 @@ $(call gb_UnpackedTarget_get_target,%).tar.bz2 : $(call gb_UnpackedTarget__command,untar,$@,$*,-j) $(call gb_UnpackedTarget_get_target,%).tar.xz : - $(call gb_UnpackedTarget__command,untar,$@,$*,-J) + $(call gb_UnpackedTarget__command,untarxz,$@,$*,-J) $(call gb_UnpackedTarget_get_target,%).tar.gz : $(call gb_UnpackedTarget__command,untar,$@,$*,-z) commit c9453d60695e4207a117871281b0d0c94bbd64a8 Author: Michael Stahl <[email protected]> AuthorDate: Mon Jun 29 14:00:56 2020 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Fri Jun 17 14:14:34 2022 +0200 curl: upgrade to release 7.71.0 Fixes CVE-2020-8169, and about 3 other ones that don't affect LO/libcmis. Disable new optional dependencies "ngtcp2" and "quiche". Also include change from skipped 7.65.0 update: 4964415001147c6baf2c4b2df24784c5f99f940c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97406 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit cb0c7e26e5708010b1fe941ae2f66134f31ed876) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/97386 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit 43130216127913d30074d3fe99c5706dcce44dee) Change-Id: I595ed909c4e792ac3244643511a338b117e7f102 diff --git a/download.lst b/download.lst index 40688ae15f6c..b1f11e09aadf 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_MD5SUM := 48eb126345d3b0f0a71a486b7f5d0307 -export CURL_TARBALL := curl-7.60.0.tar.gz +CURL_MD5SUM := 9a1f04044df1ddb0d764b2ccb4353215 +export CURL_TARBALL := curl-7.71.0.tar.xz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk index 56c418b6ef0c..8da569e3e0cf 100644 --- a/external/curl/ExternalPackage_curl.mk +++ b/external/curl/ExternalPackage_curl.mk @@ -20,7 +20,7 @@ $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dyli else ifeq ($(OS),AIX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4)) else -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.6.0)) endif endif # $(DISABLE_DYNLOADING) diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 4d941efda06b..da61a5a36790 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -46,6 +46,7 @@ $(call gb_ExternalProject_get_state_target,curl,build): --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ --without-libssh --without-brotli \ + --without-ngtcp2 --without-quiche \ --disable-ares \ --disable-dict --disable-file --disable-gopher --disable-imap \ --disable-ldap --disable-ldaps --disable-manual --disable-pop3 \ diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0 index 2f7fe567460c..2fbb10c2a9aa 100644 --- a/external/curl/clang-cl.patch.0 +++ b/external/curl/clang-cl.patch.0 @@ -4,8 +4,8 @@ !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd --CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) -+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) !ENDIF LFLAGS = /nologo /machine:$(MACHINE) diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 80160958c99d..a5b79a8e9c49 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -6,8 +6,8 @@ MSVC: using SOLARINC !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd --CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL -+CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) !ENDIF LFLAGS = /nologo /machine:$(MACHINE) @@ -18,10 +18,10 @@ MSVC: using SOLARINC -RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG) - CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc !ELSE -RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc +RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc CURL_CC = $(CC_NODEBUG) $(RTLIB) - CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc !ENDIF diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 index b3e821039740..189e820d1afa 100644 --- a/external/curl/zlib.patch.0 +++ b/external/curl/zlib.patch.0 @@ -1,15 +1,5 @@ --- configure +++ configure -@@ -937,8 +937,8 @@ - ZLIB_LIBS - HAVE_LIBZ_FALSE - HAVE_LIBZ_TRUE --HAVE_LIBZ - PKGCONFIG -+HAVE_LIBZ - CURL_DISABLE_GOPHER - CURL_DISABLE_SMTP - CURL_DISABLE_SMB @@ -20709,7 +20709,6 @@ clean_CPPFLAGS=$CPPFLAGS clean_LDFLAGS=$LDFLAGS commit 0c88572c6170ef12ff133ba49ee2be103da100f3 Author: Mike Kaganski <[email protected]> AuthorDate: Thu May 24 06:45:27 2018 -0700 Commit: Gabor Kelemen <[email protected]> CommitDate: Wed Jun 15 18:44:20 2022 +0200 Fix curl build on MSVC2013 Change-Id: Ie2e85d5c9945d4204f69135bc59e1d668294a83f Reviewed-on: https://gerrit.libreoffice.org/54770 Reviewed-by: Andras Timar <[email protected]> Tested-by: Andras Timar <[email protected]> diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index ecdb230f8fdd..4d941efda06b 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -68,11 +68,10 @@ $(call gb_ExternalProject_get_state_target,curl,build): else ifeq ($(COM),MSC) -$(eval $(call gb_ExternalProject_use_nmake,curl,build)) - $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - nmake -f Makefile.vc \ + CC="$(shell cygpath -w $(filter-out -%,$(CC))) $(filter -%,$(CC))" \ + MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc \ mode=dll \ VC=12 \ $(if $(filter X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \ commit 11dd5e354c1e83d330b3a428595385f3d128263a Author: Andras Timar <[email protected]> AuthorDate: Wed May 23 14:10:08 2018 +0200 Commit: Gabor Kelemen <[email protected]> CommitDate: Wed Jun 15 18:42:03 2022 +0200 curl: upgrade to release 7.60.0 Revert also these commits: 8f6b5ab3ce67c3d4f463133fb9e67be3c2a0e1c8 542c991e559ae0f6132b7fea10d995a6452215ba Change-Id: Ic8510b424f52c059f979e26441e67ec15b332933 diff --git a/external/curl/CVE-2018-14618.patch b/external/curl/CVE-2018-14618.patch deleted file mode 100644 index 5d99c9fb3118..000000000000 --- a/external/curl/CVE-2018-14618.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <[email protected]> -Date: Mon, 13 Aug 2018 10:35:52 +0200 -Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password - -... since it would cause an integer overflow if longer than (max size_t -/ 2). - -This is CVE-2018-14618 - -Bug: https://curl.haxx.se/docs/CVE-2018-14618.html -Closes #2756 -Reported-by: Zhaoyang Wu ---- - lib/curl_ntlm_core.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index e27cab353c..922e85a926 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - unsigned char *ntbuffer /* 21 bytes */) - { - size_t len = strlen(password); -- unsigned char *pw = len ? malloc(len * 2) : strdup(""); -+ unsigned char *pw; - CURLcode result; -+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ -+ return CURLE_OUT_OF_MEMORY; -+ pw = len ? malloc(len * 2) : strdup(""); - if(!pw) - return CURLE_OUT_OF_MEMORY; - diff --git a/external/curl/CVE-2018-16890.patch b/external/curl/CVE-2018-16890.patch deleted file mode 100644 index 3ba0b38b21a4..000000000000 --- a/external/curl/CVE-2018-16890.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <[email protected]> -Date: Wed, 2 Jan 2019 20:33:08 +0100 -Subject: [PATCH] NTLM: fix size check condition for type2 received data - -Bug: https://curl.haxx.se/docs/CVE-2018-16890.html -Reported-by: Wenxiang Qian -CVE-2018-16890 ---- - lib/vauth/ntlm.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index c3d55ed251..0ad4d972e3 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, - target_info_len = Curl_read16_le(&buffer[40]); - target_info_offset = Curl_read32_le(&buffer[44]); - if(target_info_len > 0) { -- if(((target_info_offset + target_info_len) > size) || -+ if((target_info_offset >= size) || -+ ((target_info_offset + target_info_len) > size) || - (target_info_offset < 48)) { - infof(data, "NTLM handshake failure (bad type-2 message). " -- "Target Info Offset Len is set incorrect by the peer\n"); -+ "Target Info Offset Len is set incorrect by the peer\n"); - return CURLE_BAD_CONTENT_ENCODING; - } - diff --git a/external/curl/CVE-2019-3822.patch b/external/curl/CVE-2019-3822.patch deleted file mode 100644 index 938926b1d331..000000000000 --- a/external/curl/CVE-2019-3822.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <[email protected]> -Date: Thu, 3 Jan 2019 12:59:28 +0100 -Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow - -Bug: https://curl.haxx.se/docs/CVE-2019-3822.html -Reported-by: Wenxiang Qian -CVE-2019-3822 ---- - lib/vauth/ntlm.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index 0ad4d972e3..6a8fc5ab3d 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, - }); - - #ifdef USE_NTRESPONSES -- if(size < (NTLM_BUFSIZE - ntresplen)) { -- DEBUGASSERT(size == (size_t)ntrespoff); -- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -- size += ntresplen; -+ /* ntresplen + size should not be risking an integer overflow here */ -+ if(ntresplen + size > sizeof(ntlmbuf)) { -+ failf(data, "incoming NTLM message too big"); -+ return CURLE_OUT_OF_MEMORY; - } -+ DEBUGASSERT(size == (size_t)ntrespoff); -+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -+ size += ntresplen; - - DEBUG_OUT({ - fprintf(stderr, "\n ntresp="); diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 457b66239cc2..ecdb230f8fdd 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -21,7 +21,7 @@ $(eval $(call gb_ExternalProject_register_targets,curl,\ ifneq ($(OS),WNT) curl_CPPFLAGS := -curl_LDFLAGS := $(if $(filter LINUX FREEBSD,$(OS)),"-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\\"\$$\$$ORIGIN:'\'\$$\$$ORIGIN/../ure-link/lib) +curl_LDFLAGS := $(if $(filter LINUX FREEBSD,$(OS)),-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib) ifneq ($(OS),ANDROID) ifneq ($(SYSBASE),) @@ -37,8 +37,6 @@ endif $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - CPPFLAGS="$(curl_CPPFLAGS)" \ - LDFLAGS=$(curl_LDFLAGS) \ ./configure \ $(if $(filter IOS MACOSX,$(OS)),\ --with-darwinssl,\ @@ -56,32 +54,25 @@ $(call gb_ExternalProject_get_state_target,curl,build): $(if $(filter LINUX,$(OS)),--without-ca-bundle --without-ca-path) \ $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \ - $(if $(filter TRUE,$(ENABLE_DEBUG)),--enable-debug) \ - && cd lib \ - && $(MAKE) \ - ) - -else ifeq ($(OS)$(COM),WNTGCC) - -$(call gb_ExternalProject_get_state_target,curl,build): - $(call gb_ExternalProject_run,build,\ - ./configure --with-nss --without-ssl --enable-ftp --enable-ipv6 --disable-http --disable-gopher \ - --disable-file --disable-ldap --disable-telnet --disable-dict --build=i586-pc-mingw32 --host=i586-pc-mingw32 \ - $(if $(filter TRUE,$(ENABLE_DEBUG)),--enable-debug) \ - CC="$(CC) -mthreads $(if $(filter YES,$(MINGW_SHARED_GCCLIB)),-shared-libgcc)" \ - LIBS="-lws2_32 -lwinmm $(if $(filter YES,$(MINGW_SHARED_GXXLIB)),$(MINGW_SHARED_LIBSTDCPP))" \ - LDFLAGS="$(patsubst ;, -L,$(ILIB))" \ - CPPFLAGS="$(INCLUDE)" OBJDUMP="objdump" \ + $(if $(ENABLE_DEBUG),--enable-debug) \ + $(if $(verbose),--disable-silent-rules,--enable-silent-rules) \ + $(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \ + $(if $(filter MACOSX,$(OS)),CFLAGS='$(CFLAGS) \ + -mmacosx-version-min=$(MAC_OS_X_VERSION_MIN_REQUIRED_DOTS)') \ + CPPFLAGS='$(curl_CPPFLAGS)' \ + LDFLAGS='$(curl_LDFLAGS)' \ + ZLIB_CFLAGS='$(ZLIB_CFLAGS)' ZLIB_LIBS='$(ZLIB_LIBS)' \ && cd lib \ && $(MAKE) \ ) else ifeq ($(COM),MSC) +$(eval $(call gb_ExternalProject_use_nmake,curl,build)) + $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - CC="$(shell cygpath -w $(filter-out -%,$(CC))) $(filter -%,$(CC))" \ - MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc \ + nmake -f Makefile.vc \ mode=dll \ VC=12 \ $(if $(filter X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \ diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 66a70ecce8c6..5fb117938ac2 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -21,9 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc.patch.1 \ external/curl/curl-msvc-disable-protocols.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ - external/curl/CVE-2018-14618.patch \ - external/curl/CVE-2018-16890.patch \ - external/curl/CVE-2019-3822.patch \ + external/curl/zlib.patch.0 \ )) ifeq ($(OS),ANDROID) @@ -32,4 +30,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ )) endif +ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE) +$(eval $(call gb_UnpackedTarball_add_patches,curl, \ + external/curl/clang-cl.patch.0 \ +)) +endif + # vim: set noet sw=4 ts=4: diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0 new file mode 100644 index 000000000000..2f7fe567460c --- /dev/null +++ b/external/curl/clang-cl.patch.0 @@ -0,0 +1,11 @@ +--- winbuild/MakefileBuild.vc ++++ winbuild/MakefileBuild.vc +@@ -60,7 +60,7 @@ + !ELSE + CC_NODEBUG = $(CC) /O2 /DNDEBUG + CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) + !ENDIF + + LFLAGS = /nologo /machine:$(MACHINE) diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 new file mode 100644 index 000000000000..b3e821039740 --- /dev/null +++ b/external/curl/zlib.patch.0 @@ -0,0 +1,100 @@ +--- configure ++++ configure +@@ -937,8 +937,8 @@ + ZLIB_LIBS + HAVE_LIBZ_FALSE + HAVE_LIBZ_TRUE +-HAVE_LIBZ + PKGCONFIG ++HAVE_LIBZ + CURL_DISABLE_GOPHER + CURL_DISABLE_SMTP + CURL_DISABLE_SMB +@@ -20709,7 +20709,6 @@ + clean_CPPFLAGS=$CPPFLAGS + clean_LDFLAGS=$LDFLAGS + clean_LIBS=$LIBS +-ZLIB_LIBS="" + + # Check whether --with-zlib was given. + if test "${with_zlib+set}" = set; then : +@@ -20718,6 +20719,7 @@ + + + if test "$OPT_ZLIB" = "no" ; then ++ ZLIB_LIBS="" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 + $as_echo "$as_me: WARNING: zlib disabled" >&2;} + else +@@ -20725,6 +20725,21 @@ + OPT_ZLIB="" + fi + ++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then ++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS" ++ LIBS="$ZLIB_LIBS $LIBS" ++ HAVE_LIBZ="1" ++ ++ ++$as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h ++ ++ ++$as_echo "#define HAVE_LIBZ 1" >>confdefs.h ++ ++ AMFIXLIB="1" ++ else ++ ZLIB_LIBS="" ++ + if test -z "$OPT_ZLIB" ; then + + if test -n "$PKG_CONFIG"; then +@@ -21005,6 +21020,7 @@ + $as_echo "$as_me: found both libz and libz.h header" >&6;} + curl_zlib_msg="enabled" + fi ++ fi + fi + + if test x"$AMFIXLIB" = x1; then +--- configure.ac ++++ configure.ac +@@ -880,19 +880,30 @@ + clean_CPPFLAGS=$CPPFLAGS + clean_LDFLAGS=$LDFLAGS + clean_LIBS=$LIBS +-ZLIB_LIBS="" + AC_ARG_WITH(zlib, + AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) + AC_HELP_STRING([--without-zlib],[disable use of zlib]), + [OPT_ZLIB="$withval"]) + + if test "$OPT_ZLIB" = "no" ; then ++ ZLIB_LIBS="" + AC_MSG_WARN([zlib disabled]) + else + if test "$OPT_ZLIB" = "yes" ; then + OPT_ZLIB="" + fi + ++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then ++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS" ++ LIBS="$ZLIB_LIBS $LIBS" ++ HAVE_LIBZ="1" ++ AC_SUBST(HAVE_LIBZ) ++ AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file]) ++ AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available]) ++ AMFIXLIB="1" ++ else ++ ZLIB_LIBS="" ++ + if test -z "$OPT_ZLIB" ; then + CURL_CHECK_PKGCONFIG(zlib) + +@@ -975,6 +986,7 @@ + AC_MSG_NOTICE([found both libz and libz.h header]) + curl_zlib_msg="enabled" + fi ++ fi + fi + + dnl set variable for use in automakefile(s)
