From patchwork Thu Mar 2 10:14:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6658 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PS7Dp20bbz3wfc for ; Thu, 2 Mar 2023 10:50:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PS6Sm2RYkz3nQ; Thu, 2 Mar 2023 10:16:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PS6RP0fWGz30JX; Thu, 2 Mar 2023 10:14:57 +0000 (UTC) Received: from mail01.ipfire.org (unknown [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PS6RK6JN8z2xxK for ; Thu, 2 Mar 2023 10:14:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PS6R71V7Cz35G; Thu, 2 Mar 2023 10:14:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1677752083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GcNSJ0WLCobeSi2W4WKtkFRNP9usxtM7P/MUFlX8r40=; b=8KkfrCdQiDlZp1fB0xdAUsc6FlKzSuSSo0xkQAUZaCIkDH9odGVmMaG3dUprpXpiYsheha MfSSQyWHxQXemzCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1677752083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GcNSJ0WLCobeSi2W4WKtkFRNP9usxtM7P/MUFlX8r40=; b=jhVNcrE3TcMcDUOiQF3eLcbNH8qptuv7e1rNOF11I8+wwW0RqsCV59c5DUE+gqGWdLlSSy mATYxvTktO34ztxabKhjNLjTaZ+5fB/6tnYgHhFxaLOu85MVAQDHT0rag8lsP9WqGRJKIq h4vc8DY9CK03XPVEPI4HR+0adBXCFQxMGgDrGhFCWJ5GYM6/l71G3IWbjQyBPnZdGQ4lRD J1Ewk0ND/XzQZOgVD7JaliHU6P4j499LqUwyuZC+L7Nje9UYEhsEw+w+Nl7TKHll8YWYgp R+F8n0JiFf871rDA/PC0HmtVOv2dt5QxufcLnjqy/sXNhcyjUPqymoK777BDuQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] curl: Update to version 7.88.1 Date: Thu, 2 Mar 2023 11:14:07 +0100 Message-Id: <20230302101419.3443689-2-adolf.belka@ipfire.org> In-Reply-To: <20230302101419.3443689-1-adolf.belka@ipfire.org> References: <20230302101419.3443689-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 7.87.0 to 7.88.1 - Update of rootfile not required - Patch removed as fix now built into source tarball - Changelog Fixed in 7.88.1 - February 20 2023 Bugfixes: build-openssl.bat: keep OpenSSL 3 engine binaries cmake: fix Windows check for CryptAcquireContext connnect: fix timeout handling to use full duration curl: make --silent work stand-alone curl_setup: Suppress OpenSSL 3 deprecation warnings CURLOPT_WS_OPTIONS.3: fix the availability version GHA: update rustls dependency to 0.9.2 http2: buffer/pausedata and output flush fix. http2: set drain on stream end http: include stdint.h more readily krb5: silence cast-align warning lib1560: add IPv6 canonicalization tests os400: correct Curl_os400_sendto() remote-header-name.d: mention that filename* is not supported runtests: fix "uninitialized value $port" setopt: allow HTTP3 when HTTP2 is not defined socketpair: allow EWOULDBLOCK when reading the pair check bytes socks: allow using DoH to resolve host names tests-httpd: add proxy tests tests: make sure gnuserv-tls has SRP support before using it tests: make the telnet server shut down a socket gracefully tool_getparam: make --get a true boolean tool_operate: allow debug builds to set buffersize urlapi: do the port number extraction without using sscanf() urldata: remove `now` from struct SingleRequest - not needed Fixed in 7.88.0 - February 15 2023 Changes: curl.h: add CURL_HTTP_VERSION_3ONLY share: add sharing of HSTS cache among handles src: add --http3-only tool_operate: share HSTS between handles urlapi: add CURLU_PUNYCODE writeout: add %{certs} and %{num_certs} Bugfixes: cf-socket: fix build when not HAVE_GETPEERNAME cf-socket: keep sockaddr local in the socket filters cfilters:Curl_conn_get_select_socks: use the first non-connected filter CI: add a workflow to automatically label pull requests CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup CI: Retry failed downloads to reduce spurious failures CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12 cmake: bump requirement to 3.7 cmake: check for sendmsg cmake: delete redundant macro definition `SECURITY_WIN32` cmake: fix dev warning due to mismatched arg cmake: fix the snprintf detection cmake: remove deprecated symbols check cmake: set SOVERSION also for macOS cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS cmdline-opts/Makefile: on error, do not leave a partial CODEOWNERS: remove the peeps mentioned as CI owners connect: fix access of pointer before NULL check connect: fix build when not ENABLE_IPV6 connect: fix strategy testing for attempts, timeouts and happy-eyeball connections: introduce http/3 happy eyeballs content_encoding: do not reset stage counter for each header CONTRIBUTE: More formally specify the commit description cookies: fp is always not NULL copyright.pl: cease doing year verifications copyright: update all copyright lines and remove year ranges curl.1: make help, version and manual sections "custom" curl.h: allow up to 10M buffer size curl.h: mark CURLSSLBACKEND_MESALINK as deprecated curl/websockets.h: extend the websocket frame struct curl: output warning at --verbose output for debug-enabled version curl_free.3: fix return type of `curl_free` curl_global_sslset.3: clarify the openssl situation curl_log: for failf/infof and debug logging implementations curl_setup: Disable by default recv-before-send in Windows curl_version_info.3: fix typo curl_ws_send.3: clarify how to send multi-frame messages CURLOPT_HEADERDATA.3: warn DLL users must set write function CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 CURLOPT_WRITEFUNCTION.3: fix memory leak in example dict: URL decode the entire path always docs/DEPRECATE.md: deprecate gskit docs: add link to GitHub Discussions docs: mention indirect effects of --insecure docs: POSTFIELDSIZE must be set to -1 with read function doh: ifdef IPv6 code easyoptions: fix header printing in generation script escape: hex decode with a lookup-table escape: use table lookup when adding %-codes to output examples: remove the curlgtk.c example fopen: remove unnecessary assignment ftpserver: lower the DATA connect timeout to speed up torture tests GHA/macos.yml: bump to gcc-12 GHA/macos: use Xcode_14.0.1 for cmake builds GHA: add job on Slackware 15.0 GHA: bump ngtcp2 workflow dependencies GHA: enable websockets in the torture job GHA: move the quiche job here from zuul GHA: use designated ngtcp2 and its dependencies versions haxproxy: send before TLS handhshake header.d: add a header file example hsts.d: explain hsts more hsts: handle adding the same host name again HTTP/[23]: continue upload when state.drain is set http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames http2: fix compiler warning due to uninitialized variable http2: minor buffer and error path fixes http2: when using printf %.*s, the length arg must be 'int' HTTP3: mention what needs to be in place to remove EXPERIMENTAL label http: add additional condition for including stdint.h http: decode transfer encoding first http: fix "part of conditional expression is always false" http: remove the trace message "Mark bundle... multiuse" http_aws_sigv4: remove typecasts from HMAC_SHA256 macro http_proxy: do not assign data->req.p.http use local copy INSTALL: document how to use multiple TLS backends lib670: make test.h the first include lib: connect/h2/h3 refactor lib: fix typos lib: fix typos in comments which repeat a word libssh2: try sha2 algos for hostkey methods libtest: add a sleep macro for Windows Linux CI: update some dependecies to latest tag Makefile.mk: fix wolfssl and mbedtls default paths man pages: call the custom user pointer 'clientp' consistently md4: fix build with GnuTLS + OpenSSL v1 misc: fix grammar and spelling misc: fix spelling misc: reduce struct and struct field sizes msh3: add support for request payload msh3: update to v0.5 Release msh3: update to v0.6 multi: stop sending empty HTTP/3 UDP datagrams on Windows multihandle: turn bool struct fields into bits ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl ngtcp2: fix the build without 'sendmsg' ngtcp2: replace removed define and stop using removed function no-clobber.d: only use long form options in man page text noproxy: support for space-separated names is deprecated nss: implement data_pending method openldap: fix missing sasl symbols at build in specific configs openssl: adapt to boringssl's error code type openssl: don't ignore CA paths when using Windows CA store (redux) openssl: don't log raw record headers openssl: make the BIO_METHOD a local variable in the connection filter openssl: only use CA_BLOB if verifying peer openssl: remove attached easy handles from SSL instances openssl: store the CA after first send (ClientHello) os400: fixes to make-lib.sh and initscript.sh packages: remove Android, update README release-notes.pl: check fixes/closes lines better Revert "x509asn1: avoid freeing unallocated pointers" runtest.pl: add expected fourth return value runtests: tear down http2/http3 servers when https server is stopped runtests: consider warnings fatal and error on them runtests: fix detection of TLS backends runtests: make 'mbedtls' a testable feature rustls: improve error messages scripts/delta: show percent of number of files changed since last tag scripts: fix Appveyor job detection in cijobs.pl scripts: set file mode +x on all perl and shell scripts sectransp: fix for incomplete read/writes SECURITY-PROCESS.md: document severity levels setopt: Address undefined behaviour by checking for null setopt: move the SHA256 opt within #ifdef libssh2 setopt: use >, not >=, when checking if uarg is larger than uint-max smb: return error on upload without size socketpair: allow localhost MITM sniffers strdup: name it Curl_strdup system.h: assume OS400 is always built with ILEC compiler test1560: use a UTF8-using locale when run test2304: remove stdout verification tests-httpd: basic infra to run curl against an apache httpd tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx tests: add tests for HTTP/2 and HTTP/3 to verify the header API tests: avoid use of sha1 in certificates tls: fixes for wolfssl + openssl combo builds tool_getparam: fix hiding of command line secrets tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type tool_operate: fix error codes during DOS filename sanitize tool_operate: fix error codes on bad URL & OOM tool_operate: fix headerfile writing tool_operate: repair --rate transfer: break the read loop when RECV is cleared typecheck: accept expressions for option/info parameters url: fix part of conditional expression is always true urlapi: avoid Curl_dyn_addf() for hex outputs urlapi: fix part of conditional expression is always true: qlen urlapi: skip path checks if path is just "/" urlapi: skip the extra dedotdot alloc if no dot in path urldata: cease storing TLS auth type urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP urldata: make set.http200aliases conditional on HTTP being present urldata: move the cookefilelist to the 'set' struct urldata: remove unused struct fields, made more conditional vquic: stabilization and improvements vtls: fix hostname handling in filters vtls: manage current easy handle in nested cfilter calls vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used winbuild: document that arm64 is supported windows: always use curl's basename() implementation wolfssl: remove deprecated post-quantum algorithms workflows/linux.yml: merge 3 common packages write-out.d: add 'since version' to %{header_json} documentation write-out.d: clarify Windows % symbol escaping ws: fix autoping handling ws: fix multiframe send handling ws: fix recv of larger frames ws: remove bad assert ws: unstick connect-only shutdown ws: use %Ou for outputting curl_off_t with info() x509asn1: fix compile errors and warnings zuul: stop using this CI service Signed-off-by: Adolf Belka --- lfs/curl | 7 ++-- ...pressions_for_option_info_parameters.patch | 42 ------------------- 2 files changed, 3 insertions(+), 46 deletions(-) delete mode 100644 src/patches/curl-7.87.0_typecheck_accept_expressions_for_option_info_parameters.patch diff --git a/lfs/curl b/lfs/curl index b76c33410..feb4fa810 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 7.87.0 +VER = 7.88.1 THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b272ec928c5ef1728434630d8910f58834327a30570913df9d47921a2810d002bd88b81371005197db857d3a53386420c1e28b1e463e6241d46c1e50fbce0c13 +$(DL_FILE)_BLAKE2 = ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 install : $(TARGET) @@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) # Add upstream patche. - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/curl-7.87.0_typecheck_accept_expressions_for_option_info_parameters.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ diff --git a/src/patches/curl-7.87.0_typecheck_accept_expressions_for_option_info_parameters.patch b/src/patches/curl-7.87.0_typecheck_accept_expressions_for_option_info_parameters.patch deleted file mode 100644 index 63b23e309..000000000 --- a/src/patches/curl-7.87.0_typecheck_accept_expressions_for_option_info_parameters.patch +++ /dev/null @@ -1,42 +0,0 @@ -From curl commit e2aed00 - -As expressions can have side effects, evaluate only once. - -To enable deprecation reporting only once, get rid of the __typeof__ -use to define the local temporary variable and use the target type -(CURLoption/CURLINFO). This also avoids multiple reports on type -conflicts (if some) by the curlcheck_* macros. - -Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not -their values: a curl_easy_setopt call with an integer constant as option -will never report a deprecation. - -Reported-by: Thomas Klausner -Fixes #10148 -Closes #10149 - - ---- curl-7.87.0/include/curl/typecheck-gcc.h.orig 2022-12-19 08:48:23.000000000 +0100 -+++ curl-7.87.0/include/curl/typecheck-gcc.h 2022-12-26 20:39:29.243819395 +0100 -@@ -42,9 +42,8 @@ - */ - #define curl_easy_setopt(handle, option, value) \ - __extension__({ \ -- CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;) \ -+ CURLoption _curl_opt = (option); \ - if(__builtin_constant_p(_curl_opt)) { \ -- (void) option; \ - CURL_IGNORE_DEPRECATION( \ - if(curlcheck_long_option(_curl_opt)) \ - if(!curlcheck_long(value)) \ -@@ -120,9 +119,8 @@ - /* wraps curl_easy_getinfo() with typechecking */ - #define curl_easy_getinfo(handle, info, arg) \ - __extension__({ \ -- CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;) \ -+ CURLINFO _curl_info = (info); \ - if(__builtin_constant_p(_curl_info)) { \ -- (void) info; \ - CURL_IGNORE_DEPRECATION( \ - if(curlcheck_string_info(_curl_info)) \ - if(!curlcheck_arr((arg), char *)) \