From 740979be22969d4de1f3611048e69ed71618f554 Mon Sep 17 00:00:00 2001 From: Andras Timar Date: Thu, 9 Sep 2021 13:23:43 +0200 Subject: [PATCH] curl: upgrade to release 7.78.0 Change-Id: Ie736220197663b22a39840459c21230192925e3e --- RepositoryExternal.mk | 2 +- download.lst | 4 +- external/curl/CVE-2017-1000254.patch | 50 ---- external/curl/CVE-2017-8816.patch | 67 ----- external/curl/CVE-2018-1000005.patch | 36 --- external/curl/CVE-2018-1000007.patch | 110 --------- external/curl/CVE-2018-1000120.patch | 67 ----- external/curl/CVE-2018-14618.patch | 66 ----- external/curl/CVE-2018-16890.patch | 39 --- external/curl/CVE-2019-3822.patch | 35 --- external/curl/ExternalPackage_curl.mk | 4 +- external/curl/ExternalProject_curl.mk | 38 ++- external/curl/UnpackedTarball_curl.mk | 21 +- external/curl/clang-cl.patch.0 | 11 + external/curl/curl-7.26.0_win-proxy.patch | 49 ++-- external/curl/curl-msvc-disable-protocols.patch.1 | 18 +- external/curl/curl-msvc-schannel.patch.1 | 22 -- external/curl/curl-msvc.patch.1 | 54 ++-- external/curl/curl-osx.patch.1 | 285 ---------------------- external/curl/curl-xp.patch.1 | 12 - external/curl/zlib.patch.0 | 90 +++++++ 21 files changed, 200 insertions(+), 880 deletions(-) delete mode 100644 external/curl/CVE-2017-1000254.patch delete mode 100644 external/curl/CVE-2017-8816.patch delete mode 100644 external/curl/CVE-2018-1000005.patch delete mode 100644 external/curl/CVE-2018-1000007.patch delete mode 100644 external/curl/CVE-2018-1000120.patch delete mode 100644 external/curl/CVE-2018-14618.patch delete mode 100644 external/curl/CVE-2018-16890.patch delete mode 100644 external/curl/CVE-2019-3822.patch create mode 100644 external/curl/clang-cl.patch.0 delete mode 100644 external/curl/curl-msvc-schannel.patch.1 rewrite external/curl/curl-msvc.patch.1 (99%) delete mode 100644 external/curl/curl-osx.patch.1 delete mode 100644 external/curl/curl-xp.patch.1 create mode 100644 external/curl/zlib.patch.0 diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index c28714da5e99..cb63070e09b9 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -2647,7 +2647,7 @@ $(call gb_LinkTarget_set_include,$(1),\ ifeq ($(COM),MSC) $(call gb_LinkTarget_add_libs,$(1),\ - $(call gb_UnpackedTarball_get_dir,curl)/lib/$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d)_imp.lib \ + $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \ ) else $(call gb_LinkTarget_add_libs,$(1),\ diff --git a/download.lst b/download.lst index 34ee34fc40cb..f882b6d05f13 100644 --- a/download.lst +++ b/download.lst @@ -30,8 +30,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt -export CURL_SHA256SUM := a8984e8b20880b621f61a62d95ff3c0763a3152093a9f9ce4287cfd614add6ae -export CURL_TARBALL := curl-7.52.1.tar.gz +export CURL_SHA256SUM := be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5 +export CURL_TARBALL := curl-7.78.0.tar.xz export EBOOK_SHA256SUM := b710a57c633205b933015474d0ac0862253d1c52114d535dd09b20939a0d1850 export EBOOK_TARBALL := libe-book-0.1.2.tar.bz2 export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64 diff --git a/external/curl/CVE-2017-1000254.patch b/external/curl/CVE-2017-1000254.patch deleted file mode 100644 index 2e2af20f7258..000000000000 --- a/external/curl/CVE-2017-1000254.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 29b251362e1839d7094993edbed8f9467069773f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 25 Sep 2017 00:35:22 +0200 -Subject: [PATCH] FTP: zero terminate the entry path even on bad input - -... a single double quote could leave the entry path buffer without a zero -terminating byte. CVE-2017-1000254 - -Test 1152 added to verify. - -Reported-by: Max Dymond -Bug: https://curl.haxx.se/docs/adv_20171004.html ---- - lib/ftp.c | 7 ++++-- - tests/data/Makefile.inc | 1 + - tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 67 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1152 - -diff -urN curl.org/lib/ftp.c curl/lib/ftp.c ---- curl.org/lib/ftp.c 2016-12-19 09:15:11.000000000 +0100 -+++ curl/lib/ftp.c 2018-09-10 05:52:32.148633155 +0200 -@@ -2825,6 +2825,7 @@ - char *ptr=&data->state.buffer[4]; /* start on the first letter */ - char *dir; - char *store; -+ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) -@@ -2856,7 +2857,7 @@ - } - else { - /* end of path */ -- *store = '\0'; /* zero terminate */ -+ entry_extracted = TRUE; - break; /* get out of this loop */ - } - } -@@ -2865,7 +2866,9 @@ - store++; - ptr++; - } -- -+ *store = '\0'; /* zero terminate */ -+ } -+ if(entry_extracted) { - /* If the path name does not look like an absolute path (i.e.: it - does not start with a '/'), we probably need some server-dependent - adjustments. For example, this is the case when connecting to diff --git a/external/curl/CVE-2017-8816.patch b/external/curl/CVE-2017-8816.patch deleted file mode 100644 index dd4fa677e03f..000000000000 --- a/external/curl/CVE-2017-8816.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 7947c50bcd09cf471c95511739bc66d2cb506ee2 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 6 Nov 2017 23:51:52 +0100 -Subject: [PATCH] ntlm: avoid integer overflow for malloc size - -Reported-by: Alex Nichols -Assisted-by: Kamil Dudka and Max Dymond - -CVE-2017-8816 - -Bug: https://curl.haxx.se/docs/adv_2017-11e7.html ---- - lib/curl_ntlm_core.c | 23 +++++++++++++++++++++-- - 1 file changed, 21 insertions(+), 2 deletions(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index 1309bf0d9..e8962769c 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -644,23 +644,42 @@ CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen, - Curl_HMAC_final(ctxt, output); - - return CURLE_OK; - } - -+#ifndef SIZE_T_MAX -+/* some limits.h headers have this defined, some don't */ -+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) -+#define SIZE_T_MAX 18446744073709551615U -+#else -+#define SIZE_T_MAX 4294967295U -+#endif -+#endif -+ - /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode - * (uppercase UserName + Domain) as the data - */ - CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, - const char *domain, size_t domlen, - unsigned char *ntlmhash, - unsigned char *ntlmv2hash) - { - /* Unicode representation */ -- size_t identity_len = (userlen + domlen) * 2; -- unsigned char *identity = malloc(identity_len); -+ size_t identity_len; -+ unsigned char *identity; - CURLcode result = CURLE_OK; - -+ /* we do the length checks below separately to avoid integer overflow risk -+ on extreme data lengths */ -+ if((userlen > SIZE_T_MAX/2) || -+ (domlen > SIZE_T_MAX/2) || -+ ((userlen + domlen) > SIZE_T_MAX/2)) -+ return CURLE_OUT_OF_MEMORY; -+ -+ identity_len = (userlen + domlen) * 2; -+ identity = malloc(identity_len); -+ - if(!identity) - return CURLE_OUT_OF_MEMORY; - - ascii_uppercase_to_unicode_le(identity, user, userlen); - ascii_to_unicode_le(identity + (userlen << 1), domain, domlen); --- -2.15.0 - diff --git a/external/curl/CVE-2018-1000005.patch b/external/curl/CVE-2018-1000005.patch deleted file mode 100644 index 7b5578b1aacc..000000000000 --- a/external/curl/CVE-2018-1000005.patch +++ /dev/null @@ -1,36 +0,0 @@ -From fa3dbb9a147488a2943bda809c66fc497efe06cb Mon Sep 17 00:00:00 2001 -From: Zhouyihai Ding -Date: Wed, 10 Jan 2018 10:12:18 -0800 -Subject: [PATCH] http2: fix incorrect trailer buffer size - -Prior to this change the stored byte count of each trailer was -miscalculated and 1 less than required. It appears any trailer -after the first that was passed to Curl_client_write would be truncated -or corrupted as well as the size. Potentially the size of some -subsequent trailer could be erroneously extracted from the contents of -that trailer, and since that size is used by client write an -out-of-bounds read could occur and cause a crash or be otherwise -processed by client write. - -The bug appears to have been born in 0761a51 (precedes 7.49.0). - -Closes https://github.com/curl/curl/pull/2231 ---- - lib/http2.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/http2.c b/lib/http2.c -index 8e2fc71996..699287940e 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -925,8 +925,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, - - if(stream->bodystarted) { - /* This is trailer fields. */ -- /* 3 is for ":" and "\r\n". */ -- uint32_t n = (uint32_t)(namelen + valuelen + 3); -+ /* 4 is for ": " and "\r\n". */ -+ uint32_t n = (uint32_t)(namelen + valuelen + 4); - - DEBUGF(infof(data_s, "h2 trailer: %.*s: %.*s\n", namelen, name, valuelen, - value)); diff --git a/external/curl/CVE-2018-1000007.patch b/external/curl/CVE-2018-1000007.patch deleted file mode 100644 index c474370c78ad..000000000000 --- a/external/curl/CVE-2018-1000007.patch +++ /dev/null @@ -1,110 +0,0 @@ -From af32cd3859336ab963591ca0df9b1e33a7ee066b Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 19 Jan 2018 13:19:25 +0100 -Subject: [PATCH] http: prevent custom Authorization headers in redirects - -... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how -curl already handles Authorization headers created internally. - -Note: this changes behavior slightly, for the sake of reducing mistakes. - -Added test 317 and 318 to verify. - -Reported-by: Craig de Stigter -Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html ---- - docs/libcurl/opts/CURLOPT_HTTPHEADER.3 | 12 ++++- - lib/http.c | 10 +++- - lib/setopt.c | 2 +- - lib/urldata.h | 2 +- - tests/data/Makefile.inc | 2 +- - tests/data/test317 | 94 +++++++++++++++++++++++++++++++++ - tests/data/test318 | 95 ++++++++++++++++++++++++++++++++++ - 7 files changed, 212 insertions(+), 5 deletions(-) - create mode 100644 tests/data/test317 - create mode 100644 tests/data/test318 - -diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 -index c5ccb1a53d..c9f29e393e 100644 ---- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 -+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 -@@ -5,7 +5,7 @@ - .\" * | (__| |_| | _ <| |___ - .\" * \___|\___/|_| \_\_____| - .\" * --.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - .\" * - .\" * This software is licensed as described in the file COPYING, which - .\" * you should have received as part of this distribution. The terms -@@ -77,6 +77,16 @@ the headers. They may be private or otherwise sensitive to leak. - - Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you - intend them to get sent. -+ -+Custom headers are sent in all requests done by the easy handles, which -+implies that if you tell libcurl to follow redirects -+(\fBCURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers will be sent -+in the subsequent request. Redirects can of course go to other hosts and thus -+those servers will get all the contents of your custom headers too. -+ -+Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers -+from being sent to other hosts than the first used one, unless specifically -+permitted with the \fBCURLOPT_UNRESTRICTED_AUTH(3)\fP option. - .SH DEFAULT - NULL - .SH PROTOCOLS -diff --git a/lib/http.c b/lib/http.c -index c1cdf2da02..a5007670d7 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -714,7 +714,7 @@ Curl_http_output_auth(struct connectdata *conn, - if(!data->state.this_is_a_follow || - conn->bits.netrc || - !data->state.first_host || -- data->set.http_disable_hostname_check_before_authentication || -+ data->set.allow_auth_to_other_hosts || - strcasecompare(data->state.first_host, conn->host.name)) { - result = output_auth_headers(conn, authhost, request, path, FALSE); - } -@@ -1636,6 +1636,14 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn, - checkprefix("Transfer-Encoding:", headers->data)) - /* HTTP/2 doesn't support chunked requests */ - ; -+ else if(checkprefix("Authorization:", headers->data) && -+ /* be careful of sending this potentially sensitive header to -+ other hosts */ -+ (data->state.this_is_a_follow && -+ data->state.first_host && -+ !data->set.allow_auth_to_other_hosts && -+ !strcasecompare(data->state.first_host, conn->host.name))) -+ ; - else { - CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n", - headers->data); -diff --git a/lib/setopt.c b/lib/setopt.c -index 66f30ea653..a5ef75c722 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -976,7 +976,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, - * Send authentication (user+password) when following locations, even when - * hostname changed. - */ -- data->set.http_disable_hostname_check_before_authentication = -+ data->set.allow_auth_to_other_hosts = - (0 != va_arg(param, long)) ? TRUE : FALSE; - break; - -diff --git a/lib/urldata.h b/lib/urldata.h -index 4dcd1a322c..5c04ad1720 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -1599,7 +1599,7 @@ struct UserDefined { - bool http_keep_sending_on_error; /* for HTTP status codes >= 300 */ - bool http_follow_location; /* follow HTTP redirects */ - bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */ -- bool http_disable_hostname_check_before_authentication; -+ bool allow_auth_to_other_hosts; - bool include_header; /* include received protocol headers in data output */ - bool http_set_referer; /* is a custom referer used */ - bool http_auto_referer; /* set "correct" referer when following location: */ diff --git a/external/curl/CVE-2018-1000120.patch b/external/curl/CVE-2018-1000120.patch deleted file mode 100644 index 6da1b1b3dcce..000000000000 --- a/external/curl/CVE-2018-1000120.patch +++ /dev/null @@ -1,67 +0,0 @@ -From a6ae0fbe9c50733e0f645f5bd16e1db38c592c3d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 31 Jan 2018 08:40:11 +0100 -Subject: [PATCH] FTP: reject path components with control codes - -Refuse to operate when given path components featuring byte values lower -than 32. - -Previously, inserting a %00 sequence early in the directory part when -using the 'singlecwd' ftp method could make curl write a zero byte -outside of the allocated buffer. - -Test case 340 verifies. - -CVE-2018-1000120 -Reported-by: Duy Phan Thanh -Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html ---- - lib/ftp.c | 8 ++++---- - tests/data/Makefile.inc | 3 +++ - tests/data/test340 | 40 ++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 47 insertions(+), 4 deletions(-) - create mode 100644 tests/data/test340 - -diff --git a/lib/ftp.c b/lib/ftp.c -index fec591918..e2cc38b62 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -3192,11 +3192,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status, - ftpc->known_filesize = -1; - } - - if(!result) - /* get the "raw" path */ -- result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE); -+ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, TRUE); - if(result) { - /* We can limp along anyway (and should try to since we may already be in - * the error path) */ - ftpc->ctl_valid = FALSE; /* mark control connection as bad */ - connclose(conn, "FTP: out of memory!"); /* mark for connection closure */ -@@ -4153,11 +4153,11 @@ CURLcode ftp_parse_url_path(struct connectdata *conn) - dirlen++; - - result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/", - slash_pos ? dirlen : 1, - &ftpc->dirs[0], NULL, -- FALSE); -+ TRUE); - if(result) { - freedirs(ftpc); - return result; - } - ftpc->dirdepth = 1; /* we consider it to be a single dir */ -@@ -4260,11 +4260,11 @@ CURLcode ftp_parse_url_path(struct connectdata *conn) - /* prevpath is "raw" so we convert the input path before we compare the - strings */ - size_t dlen; - char *path; - CURLcode result = -- Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE); -+ Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, TRUE); - if(result) { - freedirs(ftpc); - return result; - } - diff --git a/external/curl/CVE-2018-14618.patch b/external/curl/CVE-2018-14618.patch deleted file mode 100644 index 40f08e7305c1..000000000000 --- a/external/curl/CVE-2018-14618.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 13 Aug 2018 10:35:52 +0200 -Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password - -... since it would cause an integer overflow if longer than (max size_t -/ 2). - -This is CVE-2018-14618 - -Bug: https://curl.haxx.se/docs/CVE-2018-14618.html -Closes #2756 -Reported-by: Zhaoyang Wu ---- - lib/curl_ntlm_core.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index e27cab353c..922e85a926 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -526,6 +526,15 @@ - - #endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -+#ifndef SIZE_T_MAX -+/* some limits.h headers have this defined, some don't */ -+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) -+#define SIZE_T_MAX 18446744073709551615U -+#else -+#define SIZE_T_MAX 4294967295U -+#endif -+#endif -+ - /* - * Set up nt hashed passwords - * @unittest: 1600 -@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - unsigned char *ntbuffer /* 21 bytes */) - { - size_t len = strlen(password); -- unsigned char *pw = malloc(len * 2); -+ unsigned char *pw; - CURLcode result; -+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ -+ return CURLE_OUT_OF_MEMORY; -+ pw = len ? malloc(len * 2) : strdup(""); - if(!pw) - return CURLE_OUT_OF_MEMORY; - -@@ -621,15 +630,6 @@ - return CURLE_OK; - } - --#ifndef SIZE_T_MAX --/* some limits.h headers have this defined, some don't */ --#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) --#define SIZE_T_MAX 18446744073709551615U --#else --#define SIZE_T_MAX 4294967295U --#endif --#endif -- - /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode - * (uppercase UserName + Domain) as the data - */ diff --git a/external/curl/CVE-2018-16890.patch b/external/curl/CVE-2018-16890.patch deleted file mode 100644 index dabb229c2e6f..000000000000 --- a/external/curl/CVE-2018-16890.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 2 Jan 2019 20:33:08 +0100 -Subject: [PATCH] NTLM: fix size check condition for type2 received data - -Bug: https://curl.haxx.se/docs/CVE-2018-16890.html -Reported-by: Wenxiang Qian -CVE-2018-16890 ---- - lib/vauth/ntlm.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index c3d55ed251..0ad4d972e3 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, - target_info_len = Curl_read16_le(&buffer[40]); - target_info_offset = Curl_read32_le(&buffer[44]); - if(target_info_len > 0) { -- if(((target_info_offset + target_info_len) > size) || -+ if((target_info_offset >= size) || -+ ((target_info_offset + target_info_len) > size) || - (target_info_offset < 48)) { - infof(data, "NTLM handshake failure (bad type-2 message). " -- "Target Info Offset Len is set incorrect by the peer\n"); -+ "Target Info Offset Len is set incorrect by the peer\n"); - return CURLE_BAD_CONTENT_ENCODING; - } - diff --git a/external/curl/CVE-2019-3822.patch b/external/curl/CVE-2019-3822.patch deleted file mode 100644 index deb3edb3bccf..000000000000 --- a/external/curl/CVE-2019-3822.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 3 Jan 2019 12:59:28 +0100 -Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow - -Bug: https://curl.haxx.se/docs/CVE-2019-3822.html -Reported-by: Wenxiang Qian -CVE-2019-3822 ---- - lib/vauth/ntlm.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index 0ad4d972e3..6a8fc5ab3d 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, - }); - - #if USE_NTRESPONSES -- if(size < (NTLM_BUFSIZE - ntresplen)) { -- DEBUGASSERT(size == (size_t)ntrespoff); -- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -- size += ntresplen; -+ /* ntresplen + size should not be risking an integer overflow here */ -+ if(ntresplen + size > sizeof(ntlmbuf)) { -+ failf(data, "incoming NTLM message too big"); -+ return CURLE_OUT_OF_MEMORY; - } -+ DEBUGASSERT(size == (size_t)ntrespoff); -+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -+ size += ntresplen; - - DEBUG_OUT({ - fprintf(stderr, "\n ntresp="); diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk index 18907f4e5a54..1fb360c85ca9 100644 --- a/external/curl/ExternalPackage_curl.mk +++ b/external/curl/ExternalPackage_curl.mk @@ -14,13 +14,13 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl)) ifneq ($(DISABLE_DYNLOADING),TRUE) ifeq ($(COM),MSC) -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll,lib/$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-schannel/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll)) else ifeq ($(OS),MACOSX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib)) else ifeq ($(OS),AIX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4)) else -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.4.0)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.7.0)) endif endif # $(DISABLE_DYNLOADING) diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 155ad3c31834..81886b36fbc5 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -21,7 +21,7 @@ $(eval $(call gb_ExternalProject_register_targets,curl,\ ifneq ($(OS),WNT) curl_CPPFLAGS := -curl_LDFLAGS := $(if $(filter LINUX FREEBSD,$(OS)),"-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\\"\$$\$$ORIGIN) +curl_LDFLAGS := $(if $(filter LINUX FREEBSD,$(OS)),-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\$$$$ORIGIN) ifneq ($(OS),ANDROID) ifneq ($(SYSBASE),) @@ -35,22 +35,22 @@ ifeq ($(SYSTEM_NSS),) curl_CPPFLAGS += -I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss endif -# use --with-darwinssl on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage +# use --with-secure-transport on Mac OS X >10.5 and iOS to get a native UI for SSL certs for CMIS usage # use --with-nss only on platforms other than Mac OS X and iOS $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - CPPFLAGS="$(curl_CPPFLAGS)" \ - LDFLAGS=$(curl_LDFLAGS) \ ./configure \ $(if $(filter IOS MACOSX,$(OS)),\ - --with-darwinssl,\ + --with-secure-transport,\ $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \ - --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls \ + --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ --enable-ftp --enable-http --enable-ipv6 \ - --without-libidn \ --without-libidn2 --without-libpsl --without-librtmp \ --without-libssh2 --without-metalink --without-nghttp2 \ - --disable-ares \ + --without-libssh --without-brotli \ + --without-ngtcp2 --without-quiche \ + --without-zstd --without-hyper --without-gsasl --without-gssapi \ + --disable-mqtt --disable-ares \ --disable-dict --disable-file --disable-gopher --disable-imap \ --disable-ldap --disable-ldaps --disable-manual --disable-pop3 \ --disable-rtsp --disable-smb --disable-smtp --disable-telnet \ @@ -59,19 +59,33 @@ $(call gb_ExternalProject_get_state_target,curl,build): $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \ $(if $(ENABLE_DEBUG),--enable-debug) \ + $(if $(verbose),--disable-silent-rules,--enable-silent-rules) \ $(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \ + $(if $(filter MACOSX,$(OS)),CFLAGS='$(CFLAGS) \ + -mmacosx-version-min=$(MAC_OS_X_VERSION_MIN_REQUIRED_DOTS)') \ + CPPFLAGS='$(curl_CPPFLAGS)' \ + LDFLAGS='$(curl_LDFLAGS)' \ + ZLIB_CFLAGS='$(ZLIB_CFLAGS)' ZLIB_LIBS='$(ZLIB_LIBS)' \ && cd lib \ && $(MAKE) \ ) else ifeq ($(COM),MSC) +$(eval $(call gb_ExternalProject_use_nmake,curl,build)) + $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \ - cfg=$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \ - EXCFLAGS="/EHs /D_CRT_SECURE_NO_DEPRECATE /DUSE_WINDOWS_SSPI /D_USING_V110_SDK71_ $(SOLARINC)" $(if $(filter X86_64,$(CPUNAME)),MACHINE=X64) \ - ,lib) + nmake -f Makefile.vc \ + mode=dll \ + VC=12 \ + $(if $(filter X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \ + GEN_PDB=$(if $(gb_SYMBOL),yes,no) \ + DEBUG=$(if $(MSVC_USE_DEBUG_RUNTIME),yes,no) \ + ENABLE_IPV6=yes \ + ENABLE_SSPI=yes \ + ENABLE_WINSSL=yes \ + ,winbuild) endif diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 9e6dbac0fa28..1cdb64c0bca2 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -14,23 +14,14 @@ $(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl)) $(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1)) $(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\ - lib/Makefile.vc12 \ + winbuild/MakefileBuild.vc \ )) $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc.patch.1 \ external/curl/curl-msvc-disable-protocols.patch.1 \ - external/curl/curl-msvc-schannel.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ - external/curl/curl-xp.patch.1 \ - external/curl/CVE-2017-8816.patch \ - external/curl/CVE-2018-1000005.patch \ - external/curl/CVE-2018-1000007.patch \ - external/curl/CVE-2018-14618.patch \ - external/curl/CVE-2017-1000254.patch \ - external/curl/CVE-2018-1000120.patch \ - external/curl/CVE-2018-16890.patch \ - external/curl/CVE-2019-3822.patch \ + external/curl/zlib.patch.0 \ )) ifeq ($(SYSTEM_NSS),) @@ -39,12 +30,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ )) endif -ifeq ($(OS),MACOSX) -ifneq ($(filter 1090 101000,$(MAC_OS_X_VERSION_MIN_REQUIRED)),) -$(eval $(call gb_UnpackedTarball_add_patches,curl,\ - external/curl/curl-osx.patch.1 \ +ifeq ($(OS)-$(COM_IS_CLANG),WNT-TRUE) +$(eval $(call gb_UnpackedTarball_add_patches,curl, \ + external/curl/clang-cl.patch.0 \ )) endif -endif # vim: set noet sw=4 ts=4: diff --git a/external/curl/clang-cl.patch.0 b/external/curl/clang-cl.patch.0 new file mode 100644 index 000000000000..2fbb10c2a9aa --- /dev/null +++ b/external/curl/clang-cl.patch.0 @@ -0,0 +1,11 @@ +--- winbuild/MakefileBuild.vc ++++ winbuild/MakefileBuild.vc +@@ -60,7 +60,7 @@ + !ELSE + CC_NODEBUG = $(CC) /O2 /DNDEBUG + CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /c /DBUILDING_LIBCURL $(SOLARINC) + !ENDIF + + LFLAGS = /nologo /machine:$(MACHINE) diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 1c478868d7d2..5bb98fa04741 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -1,14 +1,14 @@ ---- curl-7.26.0/lib/Makefile.vc12 -+++ misc/build/curl-7.26.0/lib/Makefile.vc12 -@@ -118,7 +118,7 @@ - WINSSLLIBS = crypt32.lib - ZLIBLIBSDLL = zdll.lib - ZLIBLIBS = zlib.lib --WINLIBS = ws2_32.lib wldap32.lib advapi32.lib -+WINLIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib crypt32.lib - CFLAGS = $(CFLAGS) $(EXCFLAGS) +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 17:15:22.969492548 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 17:16:38.491490679 +0200 +@@ -72,7 +72,7 @@ - CFGSET = FALSE + CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB + +-WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib ++WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib winhttp.lib + + BASE_NAME = libcurl + BASE_NAME_DEBUG = $(BASE_NAME)_debug --- curl-7.26.0/lib/url.c +++ misc/build/curl-7.26.0/lib/url.c @@ -78,6 +78,10 @@ @@ -23,9 +23,9 @@ #include "netrc.h" @@ -4586,6 +4590,21 @@ - return FALSE; } + #ifndef CURL_DISABLE_HTTP +#ifdef _WIN32 +static char *wstrToCstr(LPWSTR wStr) +{ @@ -44,20 +44,12 @@ /**************************************************************** * Detect what (if any) proxy to use. Remember that this selects a host * name and is not limited to HTTP proxies only. -@@ -4594,6 +4613,7 @@ - static char *detect_proxy(struct connectdata *conn) - { - char *proxy = NULL; -+ char *no_proxy=NULL; - - #ifndef CURL_DISABLE_HTTP - /* If proxy was not specified, we check for default proxy environment -@@ -4613,7 +4633,64 @@ +@@ -4613,6 +4633,66 @@ * For compatibility, the all-uppercase versions of these variables are * checked if the lowercase versions don't exist. */ -- char *no_proxy=NULL; +#ifdef _WIN32 ++ char *no_proxy = NULL; + WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig; + ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *) + malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG)); @@ -114,15 +106,16 @@ + GlobalFree(ieProxyConfig->lpszProxy); + GlobalFree(ieProxyConfig->lpszProxyBypass); + } ++ free(no_proxy); +#else /* !WIN32 */ char proxy_env[128]; - - no_proxy=curl_getenv("no_proxy"); + const char *protop = conn->handler->scheme; + char *envp = proxy_env; @@ -4663,6 +4739,7 @@ - } - } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified - non-proxy */ + } + if(proxy) + infof(data, "Uses proxy env variable %s == '%s'", envp, proxy); +#endif /* WIN32 */ - free(no_proxy); - #else /* !CURL_DISABLE_HTTP */ + return proxy; + } diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 index 38ff5ccb5ac0..a6d06c69b004 100644 --- a/external/curl/curl-msvc-disable-protocols.patch.1 +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -2,18 +2,19 @@ disable protocols nobody needs in MSVC build --- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 +++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 -@@ -733,4 +733,19 @@ +@@ -733,4 +733,20 @@ # define ENABLE_IPV6 1 #endif +#define CURL_DISABLE_DICT 1 +#define CURL_DISABLE_FILE 1 -+//#undef CURL_DISABLE_FTP ++#undef CURL_DISABLE_FTP +#define CURL_DISABLE_GOPHER 1 -+//#undef CURL_DISABLE_HTTP ++#undef CURL_DISABLE_HTTP +#define CURL_DISABLE_IMAP 1 +#define CURL_DISABLE_LDAP 1 +#define CURL_DISABLE_LDAPS 1 ++#define CURL_DISABLE_MQTT 1 +#define CURL_DISABLE_POP3 1 +#define CURL_DISABLE_RTSP 1 +#define CURL_DISABLE_SMB 1 @@ -22,3 +23,14 @@ disable protocols nobody needs in MSVC build +#define CURL_DISABLE_TFTP 1 + #endif /* HEADER_CURL_CONFIG_WIN32_H */ +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 23:41:21.393200000 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 23:34:16.028000000 +0200 +@@ -431,7 +431,7 @@ + + EXE_OBJS = $(CURL_OBJS) $(CURL_DIROBJ)\curl.res + +-all : $(TARGET) $(PROGRAM_NAME) ++all : $(TARGET) + + package: $(TARGET) + @cd $(DIRDIST) diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1 deleted file mode 100644 index 96768aa3f92c..000000000000 --- a/external/curl/curl-msvc-schannel.patch.1 +++ /dev/null @@ -1,22 +0,0 @@ -MSVC: use WNT native Schannel SSL/TLS implementation - ---- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100 -+++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100 -@@ -260,7 +260,7 @@ - TARGET = $(LIBCURL_DYN_LIB_REL) - DIROBJ = $(CFG) - LNK = $(LNKDLL) $(WINLIBS) /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_REL) --CC = $(CCNODBG) $(RTLIB) -+CC = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL) - CFGSET = TRUE - RESOURCE = $(DIROBJ)\libcurl.res - !ENDIF -@@ -427,7 +427,7 @@ - TARGET = $(LIBCURL_DYN_LIB_DBG) - DIROBJ = $(CFG) - LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) --CC = $(CCDEBUG) $(RTLIBD) -+CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL) - CFGSET = TRUE - RESOURCE = $(DIROBJ)\libcurl.res - !ENDIF diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 dissimilarity index 99% index 57a292bb69a3..a5b79a8e9c49 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -1,27 +1,27 @@ -MSVC: using SOLARINC and EXCFLAGS - ---- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400 -+++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400 -@@ -117,7 +117,7 @@ - ZLIBLIBSDLL = zdll.lib - ZLIBLIBS = zlib.lib - WINLIBS = ws2_32.lib wldap32.lib advapi32.lib --CFLAGS = $(CFLAGS) -+CFLAGS = $(CFLAGS) $(EXCFLAGS) - - CFGSET = FALSE - -@@ -620,11 +620,11 @@ - debug-dll-ssl-dll\libcurl.res \ - debug-dll-zlib-dll\libcurl.res \ - debug-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc -- rc /dDEBUGBUILD=1 /Fo $@ libcurl.rc -+ rc $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ libcurl.rc - - release-dll\libcurl.res \ - release-dll-ssl-dll\libcurl.res \ - release-dll-zlib-dll\libcurl.res \ - release-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc -- rc /dDEBUGBUILD=0 /Fo $@ libcurl.rc -+ rc $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ libcurl.rc - !ENDIF # End of case where a config was provided. +MSVC: using SOLARINC + +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 16:36:07.713550851 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 16:38:19.301547594 +0200 +@@ -60,7 +60,7 @@ + !ELSE + CC_NODEBUG = $(CC) /O2 /DNDEBUG + CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) + !ENDIF + + LFLAGS = /nologo /machine:$(MACHINE) +@@ -300,11 +300,11 @@ + # CURL_XX macros are for the curl.exe command + + !IF "$(DEBUG)"=="yes" +-RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc + CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG) + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc + !ELSE +-RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc + CURL_CC = $(CC_NODEBUG) $(RTLIB) + CURL_RC_FLAGS = $(CURL_RC_FLAGS) /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc + !ENDIF diff --git a/external/curl/curl-osx.patch.1 b/external/curl/curl-osx.patch.1 deleted file mode 100644 index 7694a1dcda2c..000000000000 --- a/external/curl/curl-osx.patch.1 +++ /dev/null @@ -1,285 +0,0 @@ -From efebf4d4f882a57a98a0653d21d543cd4132d23d Mon Sep 17 00:00:00 2001 -From: Palo Markovic -Date: Sat, 18 Mar 2017 16:37:02 +1300 -Subject: [PATCH] macOS: Fixed crash on 10.8 caused by missing connectx() - function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The connectx() function call appeared in Darwin 15.0.0 -That covers OS X 10.11, iOS 9 and tvOS 9. - -Because connectx is not declared with weak_import attribute it’s not possible -to build libcurl on OS X 10.11 and later and target systems which don’t have -_connectx symbol declared in libsystem_kernel.dylib (i.e. OS 10.8 and earlier). - -Solution is to use connectx only on platforms that officially support it -i.e. by defining CFLAGS="-mmacosx-version-min=10.11" in configure step. - -Note: It is possible to conditionally use connectx() in libcurl targeting -range of systems based on availability determined during runtime using dlsym(). - -[Bug: https://github.com/curl/curl/issues/1330] ---- - lib/connect.c | 2 +- - lib/curl_setup.h | 16 ++++++++++++++++ - lib/url.c | 2 +- - 3 files changed, 18 insertions(+), 2 deletions(-) - -diff --git a/lib/connect.c b/lib/connect.c -index 197eff242f..33251914b8 100644 ---- a/lib/connect.c -+++ b/lib/connect.c -@@ -1075,7 +1075,7 @@ static CURLcode singleipconnect(struct connectdata *conn, - /* Connect TCP sockets, bind UDP */ - if(!isconnected && (conn->socktype == SOCK_STREAM)) { - if(conn->bits.tcp_fastopen) { --#if defined(CONNECT_DATA_IDEMPOTENT) /* OS X */ -+#if defined(HAVE_DARWIN_CONNECTX) /* Darwin */ - sa_endpoints_t endpoints; - endpoints.sae_srcif = 0; - endpoints.sae_srcaddr = NULL; -diff --git a/lib/curl_setup.h b/lib/curl_setup.h -index 0fe3633ec7..8643e1fd28 100644 ---- a/lib/curl_setup.h -+++ b/lib/curl_setup.h -@@ -762,4 +762,20 @@ endings either CRLF or LF so 't' is appropriate. - # endif - # endif - -+/* Detect Darwin connectx() function availability. -+ * The connectx() function call appeared in Darwin 15.0.0 -+ * but it's not declared using availability attribute. -+ */ -+#if defined(__MAC_OS_X_VERSION_MIN_REQUIRED) -+# if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) -+# define HAVE_DARWIN_CONNECTX 1 -+# endif -+#elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED) -+# if (__IPHONE_OS_VERSION_MIN_REQUIRED >= 90000) -+# define HAVE_DARWIN_CONNECTX 1 -+# endif -+#elif defined(CONNECT_DATA_IDEMPOTENT) /* Fallback for other Darwin OS */ -+# define HAVE_DARWIN_CONNECTX 1 -+#endif -+ - #endif /* HEADER_CURL_SETUP_H */ -diff --git a/lib/url.c b/lib/url.c -index 03feaa20f7..08fbe5132b 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -2834,7 +2834,7 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, - data->set.tcp_keepintvl = va_arg(param, long); - break; - case CURLOPT_TCP_FASTOPEN: --#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) -+#if defined(HAVE_DARWIN_CONNECTX) || defined(MSG_FASTOPEN) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; - #else - result = CURLE_NOT_BUILT_IN; -From 45756a8a23967570da1390f9b1475c1db38a52d1 Mon Sep 17 00:00:00 2001 -From: Palo Markovic -Date: Sat, 25 Mar 2017 13:20:51 +1300 -Subject: [PATCH] macOS: moved connectx check to configuration phase - ---- - acinclude.m4 | 40 ++++++++++++++++++++++++++++++++++++++++ - configure.ac | 1 + - lib/connect.c | 2 +- - lib/curl_setup.h | 16 ---------------- - lib/url.c | 2 +- - 5 files changed, 43 insertions(+), 18 deletions(-) - -diff --git a/acinclude.m4 b/acinclude.m4 -index 2abae8d8ad..769e67c510 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -3243,3 +3243,43 @@ AC_DEFUN([CURL_MAC_CFLAGS], [ - fi - - ]) -+ -+ -+dnl CURL_CHECK_FUNC_CONNECTX -+dnl -+dnl Check if connectx() function is present. -+dnl The connectx() function call appeared in Darwin 15.0.0 -+dnl but it's not declared using availability attribute. -+dnl Additionally _connectx symbol is part of OS X 10.9/10.10 -+dnl system lib but does not have specified functionality. -+dnl -+ -+AC_DEFUN([CURL_CHECK_FUNC_CONNECTX], [ -+ AC_REQUIRE([CURL_MAC_CFLAGS])dnl -+ AC_CHECK_FUNCS([connectx]) -+ AC_MSG_CHECKING([if connectx is available in deployment target]) -+ AC_COMPILE_IFELSE( -+ [AC_LANG_PROGRAM([[ -+#if defined(HAVE_CONNECTX) -+# include -+# if defined(__MAC_OS_X_VERSION_MIN_REQUIRED) -+# if (__MAC_OS_X_VERSION_MIN_REQUIRED < 101100) -+# error Function requires deployment target OS X 10.11 or later -+# endif -+# elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED) -+# if (__IPHONE_OS_VERSION_MIN_REQUIRED < 90000) -+# error Function requires deployment target iOS 9.0 or later -+# endif -+# endif -+#else -+# error Function not present in the headers -+#endif -+ ]])], -+ [ -+ AC_DEFINE(HAVE_VALID_CONNECTX, 1, -+ [Set to 1 if connectx() function have specified functionality.]) -+ AC_MSG_RESULT([yes]) -+ ], -+ [AC_MSG_RESULT([no])] -+ ) -+]) -diff --git a/configure.ac b/configure.ac -index abd0def369..a3930447c3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3226,6 +3226,7 @@ CURL_CHECK_FUNC_BASENAME - CURL_CHECK_FUNC_CLOSESOCKET - CURL_CHECK_FUNC_CLOSESOCKET_CAMEL - CURL_CHECK_FUNC_CONNECT -+CURL_CHECK_FUNC_CONNECTX - CURL_CHECK_FUNC_FCNTL - CURL_CHECK_FUNC_FDOPEN - CURL_CHECK_FUNC_FREEADDRINFO -diff --git a/lib/connect.c b/lib/connect.c -index 33251914b8..8c5e45aea5 100644 ---- a/lib/connect.c -+++ b/lib/connect.c -@@ -1075,7 +1075,7 @@ static CURLcode singleipconnect(struct connectdata *conn, - /* Connect TCP sockets, bind UDP */ - if(!isconnected && (conn->socktype == SOCK_STREAM)) { - if(conn->bits.tcp_fastopen) { --#if defined(HAVE_DARWIN_CONNECTX) /* Darwin */ -+#if defined(HAVE_VALID_CONNECTX) /* Darwin */ - sa_endpoints_t endpoints; - endpoints.sae_srcif = 0; - endpoints.sae_srcaddr = NULL; -diff --git a/lib/curl_setup.h b/lib/curl_setup.h -index 8643e1fd28..0fe3633ec7 100644 ---- a/lib/curl_setup.h -+++ b/lib/curl_setup.h -@@ -762,20 +762,4 @@ endings either CRLF or LF so 't' is appropriate. - # endif - # endif - --/* Detect Darwin connectx() function availability. -- * The connectx() function call appeared in Darwin 15.0.0 -- * but it's not declared using availability attribute. -- */ --#if defined(__MAC_OS_X_VERSION_MIN_REQUIRED) --# if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) --# define HAVE_DARWIN_CONNECTX 1 --# endif --#elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED) --# if (__IPHONE_OS_VERSION_MIN_REQUIRED >= 90000) --# define HAVE_DARWIN_CONNECTX 1 --# endif --#elif defined(CONNECT_DATA_IDEMPOTENT) /* Fallback for other Darwin OS */ --# define HAVE_DARWIN_CONNECTX 1 --#endif -- - #endif /* HEADER_CURL_SETUP_H */ -diff --git a/lib/url.c b/lib/url.c -index 08fbe5132b..7160ae041d 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -2834,7 +2834,7 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, - data->set.tcp_keepintvl = va_arg(param, long); - break; - case CURLOPT_TCP_FASTOPEN: --#if defined(HAVE_DARWIN_CONNECTX) || defined(MSG_FASTOPEN) -+#if defined(HAVE_VALID_CONNECTX) || defined(MSG_FASTOPEN) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; - #else - result = CURLE_NOT_BUILT_IN; -From 113088ac81edbb9d51582a114d006bf60e3e6a87 Mon Sep 17 00:00:00 2001 -From: Palo Markovic -Date: Wed, 5 Apr 2017 06:04:42 +1200 -Subject: [PATCH] macOS: added connectx check for cmake - ---- - CMake/CurlTests.c | 18 ++++++++++++++++++ - CMakeLists.txt | 9 +++++++++ - lib/curl_config.h.cmake | 6 ++++++ - 3 files changed, 33 insertions(+) - -diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c -index bc36c8ef7d..7077059f9c 100644 ---- a/CMake/CurlTests.c -+++ b/CMake/CurlTests.c -@@ -533,3 +533,21 @@ main() { - return 0; - } - #endif -+#ifdef HAVE_VALID_CONNECTX -+# include -+# include -+# if defined(__MAC_OS_X_VERSION_MIN_REQUIRED) -+# if (__MAC_OS_X_VERSION_MIN_REQUIRED < 101100) -+# error Function requires deployment target OS X 10.11 or later -+# endif -+# elif defined(__IPHONE_OS_VERSION_MIN_REQUIRED) -+# if (__IPHONE_OS_VERSION_MIN_REQUIRED < 90000) -+# error Function requires deployment target iOS 9.0 or later -+# endif -+# endif -+ -+main() { -+ connectx(0, 0, 0, 0, 0, 0, 0, 0); -+ return 0; -+} -+#endif -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 8390c38c99..ab8be51ebc 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -849,6 +849,15 @@ check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) - check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL) - check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT) - -+# The connectx() function call appeared in Darwin 15.0.0 -+# but it's not declared using availability attribute. -+# Additionally _connectx symbol is part of OS X 10.9/10.10 -+# system lib but does not have specified functionality. -+check_symbol_exists(connectx "${CURL_INCLUDES}" HAVE_CONNECTX) -+if(HAVE_CONNECTX) -+ curl_internal_test_run(HAVE_VALID_CONNECTX) -+endif(HAVE_CONNECTX) -+ - # symbol exists in win32, but function does not. - check_function_exists(inet_pton HAVE_INET_PTON) - -diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake -index 9fcdd97f98..6fc4415a8d 100644 ---- a/lib/curl_config.h.cmake -+++ b/lib/curl_config.h.cmake -@@ -130,6 +130,9 @@ - /* Define to 1 if bool is an available type. */ - #cmakedefine HAVE_BOOL_T 1 - -+/* Define to 1 if you have the connectx function. */ -+#cmakedefine HAVE_CONNECTX 1 -+ - /* Define to 1 if you have the clock_gettime function and monotonic timer. */ - #cmakedefine HAVE_CLOCK_GETTIME_MONOTONIC 1 - -@@ -719,6 +722,9 @@ - /* Define to 1 if you have the header file. */ - #cmakedefine HAVE_UTIME_H 1 - -+/* Define to 1 if you have valid connectx function. */ -+#cmakedefine HAVE_VALID_CONNECTX 1 -+ - /* Define to 1 if compiler supports C99 variadic macro style. */ - #cmakedefine HAVE_VARIADIC_MACROS_C99 1 - diff --git a/external/curl/curl-xp.patch.1 b/external/curl/curl-xp.patch.1 deleted file mode 100644 index 9e4163e3eab1..000000000000 --- a/external/curl/curl-xp.patch.1 +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur curl.org/src/Makefile.vc10 curl/src/Makefile.vc10 ---- curl.org/src/Makefile.vc10 2016-07-04 03:45:24.102995951 +0200 -+++ curl/src/Makefile.vc10 2016-07-04 03:48:00.547835559 +0200 -@@ -127,7 +127,7 @@ - LINKD = link.exe /incremental:yes /debug /libpath:"../lib" - RCD = rc.exe /dDEBUGBUILD=1 - --CFLAGS = /I../lib /I../include /nologo /W3 /EHsc /DWIN32 /FD /c /D_BIND_TO_CURRENT_VCLIBS_VERSION=1 -+CFLAGS = /I../lib /I../include /nologo /W3 /EHsc /DWIN32 /FD /c /D_BIND_TO_CURRENT_VCLIBS_VERSION=1 /D_WIN32_WINNT=0x0502 - LFLAGS = /nologo /out:$(PROGRAM_NAME) /subsystem:console /machine:$(MACHINE) - RESFLAGS = /i../include - diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0 new file mode 100644 index 000000000000..f4a0ad4b152f --- /dev/null +++ b/external/curl/zlib.patch.0 @@ -0,0 +1,90 @@ +--- configure ++++ configure +@@ -20709,7 +20709,6 @@ + clean_CPPFLAGS=$CPPFLAGS + clean_LDFLAGS=$LDFLAGS + clean_LIBS=$LIBS +-ZLIB_LIBS="" + + # Check whether --with-zlib was given. + if test "${with_zlib+set}" = set; then : +@@ -20718,6 +20719,7 @@ + + + if test "$OPT_ZLIB" = "no" ; then ++ ZLIB_LIBS="" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib disabled" >&5 + $as_echo "$as_me: WARNING: zlib disabled" >&2;} + else +@@ -20725,6 +20725,21 @@ + OPT_ZLIB="" + fi + ++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then ++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS" ++ LIBS="$ZLIB_LIBS $LIBS" ++ HAVE_LIBZ="1" ++ ++ ++$as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h ++ ++ ++$as_echo "#define HAVE_LIBZ 1" >>confdefs.h ++ ++ AMFIXLIB="1" ++ else ++ ZLIB_LIBS="" ++ + if test -z "$OPT_ZLIB" ; then + + if test -n "$PKG_CONFIG"; then +@@ -21005,6 +21020,7 @@ + $as_echo "$as_me: found both libz and libz.h header" >&6;} + curl_zlib_msg="enabled" + fi ++ fi + fi + + if test x"$AMFIXLIB" = x1; then +--- configure.ac ++++ configure.ac +@@ -880,19 +880,30 @@ + clean_CPPFLAGS=$CPPFLAGS + clean_LDFLAGS=$LDFLAGS + clean_LIBS=$LIBS +-ZLIB_LIBS="" + AC_ARG_WITH(zlib, + AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) + AS_HELP_STRING([--without-zlib],[disable use of zlib]), + [OPT_ZLIB="$withval"]) + + if test "$OPT_ZLIB" = "no" ; then ++ ZLIB_LIBS="" + AC_MSG_WARN([zlib disabled]) + else + if test "$OPT_ZLIB" = "yes" ; then + OPT_ZLIB="" + fi + ++ if test -n "$ZLIB_CFLAGS$ZLIB_LIBS"; then ++ CPPFLAGS="$CPPFLAGS $ZLIB_CFLAGS" ++ LIBS="$ZLIB_LIBS $LIBS" ++ HAVE_LIBZ="1" ++ AC_SUBST(HAVE_LIBZ) ++ AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file]) ++ AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available]) ++ AMFIXLIB="1" ++ else ++ ZLIB_LIBS="" ++ + if test -z "$OPT_ZLIB" ; then + CURL_CHECK_PKGCONFIG(zlib) + +@@ -975,6 +986,7 @@ + AC_MSG_NOTICE([found both libz and libz.h header]) + curl_zlib_msg="enabled" + fi ++ fi + fi + + dnl set variable for use in automakefile(s) -- 2.11.4.GIT