Makefile.fetch | 2 RepositoryExternal.mk | 2 download.lst | 3 external/curl/ExternalPackage_curl.mk | 10 external/curl/ExternalProject_curl.mk | 37 + external/curl/NSS-support-for-CERTINFO-feature.patch | 391 ------------------- external/curl/UnpackedTarball_curl.mk | 7 external/curl/curl-7.26.0_win-proxy.patch | 97 ++-- external/curl/curl-msvc-disable-protocols.patch.1 | 35 + external/curl/curl-msvc-schannel.patch.1 | 22 - external/curl/curl-msvc.patch.1 | 48 +- 11 files changed, 140 insertions(+), 514 deletions(-)
New commits: commit 596a17b2a616a627c9ab17dc4ffffdd29c7ab6db Author: Michael Stahl <mst...@redhat.com> Date: Wed Jan 24 11:44:26 2018 +0100 curl: upgrade to release 7.58.0 * fixes 2 CVEs * disable some new optional dependencies Change-Id: If7725d126e68de04b67969a83c0ea08573a43679 Reviewed-on: https://gerrit.libreoffice.org/48493 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Michael Stahl <mst...@redhat.com> (cherry picked from commit 5e3799a0c8a92918b9e1868c942f8918ff61c003) Reviewed-on: https://gerrit.libreoffice.org/48539 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> diff --git a/download.lst b/download.lst index 2546b381f655..4c8ea886c240 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_MD5SUM := 7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b -export CURL_TARBALL := curl-7.57.0.tar.gz +CURL_MD5SUM := cc245bf9a1a42a45df491501d97d5593392a03f7b4f07b952793518d97666115 +export CURL_TARBALL := curl-7.58.0.tar.gz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 4efc3ef03cff..457b66239cc2 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -40,13 +40,21 @@ $(call gb_ExternalProject_get_state_target,curl,build): CPPFLAGS="$(curl_CPPFLAGS)" \ LDFLAGS=$(curl_LDFLAGS) \ ./configure \ - $(if $(filter MACOSX IOS,$(OS)),\ - --with-darwinssl, \ - --with-nss$(if $(filter NO,$(SYSTEM_NSS)),="$(call gb_UnpackedTarball_get_dir,nss)/dist/out")) \ - --without-ssl \ - --without-libidn --enable-ftp --enable-ipv6 --enable-http --disable-gopher \ - --disable-file --disable-ldap --disable-telnet --disable-dict --without-libssh2 \ - $(if $(filter YES,$(CROSS_COMPILING)),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ + $(if $(filter IOS MACOSX,$(OS)),\ + --with-darwinssl,\ + $(if $(ENABLE_NSS),--with-nss$(if $(SYSTEM_NSS),,="$(call gb_UnpackedTarball_get_dir,nss)/dist/out"),--without-nss)) \ + --without-ssl --without-gnutls --without-polarssl --without-cyassl --without-axtls --without-mbedtls \ + --enable-ftp --enable-http --enable-ipv6 \ + --without-libidn2 --without-libpsl --without-librtmp \ + --without-libssh2 --without-metalink --without-nghttp2 \ + --without-libssh --without-brotli \ + --disable-ares \ + --disable-dict --disable-file --disable-gopher --disable-imap \ + --disable-ldap --disable-ldaps --disable-manual --disable-pop3 \ + --disable-rtsp --disable-smb --disable-smtp --disable-telnet \ + --disable-tftp \ + $(if $(filter LINUX,$(OS)),--without-ca-bundle --without-ca-path) \ + $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(filter TRUE,$(DISABLE_DYNLOADING)),--disable-shared,--disable-static) \ $(if $(filter TRUE,$(ENABLE_DEBUG)),--enable-debug) \ && cd lib \ commit 8ce5fffd5b57f7303d7df5830de30af870c04660 Author: Michael Stahl <mst...@redhat.com> Date: Wed Nov 29 11:30:49 2017 +0100 curl: upgrade to release 7.57.0 fixes 3 CVEs Change-Id: Idf5eee66fac399a2b338c2a9aaea2f56d2cb3a51 Reviewed-on: https://gerrit.libreoffice.org/45480 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Michael Stahl <mst...@redhat.com> (cherry picked from commit a16eb857f3497a5ac65a7c7e89d0d6b8614aeb5e) Reviewed-on: https://gerrit.libreoffice.org/45510 diff --git a/download.lst b/download.lst index 862bd010162d..2546b381f655 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_SHA256SUM := 961a25531d72a843dfcce87b290e7a882f2d376f3b88de11df009710019c5b16 -export CURL_TARBALL := curl-7.56.1.tar.gz +CURL_MD5SUM := 7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b +export CURL_TARBALL := curl-7.57.0.tar.gz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 commit f5015223ae209200c4fe762d89ddc1ed70b21791 Author: Michael Stahl <mst...@redhat.com> Date: Mon Oct 23 17:43:21 2017 +0200 curl: upgrade to release 7.56.1 - fixes a very minor CVE: CVE-2017-1000254 - the Windows nmakefiles we were previously using have been removed, so we use the *other* Windows nmake build system now - /EHs override is pointless, default /EHsc should work fine - the macros defined in ExternalProject are not needed any more - curl-msvc-schannel.patch.1: drop, not needed with new makefiles - curl-osx.patch.1: none of it applies, presumably fixed upstream Change-Id: I15c71b9c82c31d286d935b57543a1b0216123b66 Reviewed-on: https://gerrit.libreoffice.org/43724 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Michael Stahl <mst...@redhat.com> diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index 4a4ce6e80b24..e78979bb4c7e 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -2058,7 +2058,7 @@ $(call gb_LinkTarget_set_include,$(1),\ ifeq ($(COM),MSC) $(call gb_LinkTarget_add_libs,$(1),\ - $(call gb_UnpackedTarball_get_dir,curl)/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d)_imp.lib \ + $(call gb_UnpackedTarball_get_dir,curl)/builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).lib \ ) else $(call gb_LinkTarget_add_libs,$(1),\ diff --git a/download.lst b/download.lst index 520582ceada8..862bd010162d 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_MD5SUM := 4e1ef056e117b4d25f4ec42ac609c0d4 -export CURL_TARBALL := curl-7.52.1.tar.gz +CURL_SHA256SUM := 961a25531d72a843dfcce87b290e7a882f2d376f3b88de11df009710019c5b16 +export CURL_TARBALL := curl-7.56.1.tar.gz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 diff --git a/external/curl/ExternalPackage_curl.mk b/external/curl/ExternalPackage_curl.mk index 6e3c7fd83c8a..56c418b6ef0c 100644 --- a/external/curl/ExternalPackage_curl.mk +++ b/external/curl/ExternalPackage_curl.mk @@ -13,14 +13,14 @@ $(eval $(call gb_ExternalPackage_use_external_project,curl,curl)) ifneq ($(DISABLE_DYNLOADING),TRUE) -ifeq ($(OS)$(COM),WNTGCC) -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.dll,lib/.libs/libcurl.dll)) -else ifeq ($(COM),MSC) -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll,lib/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),d).dll)) +ifeq ($(COM),MSC) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll,builds/libcurl-vc12-$(if $(filter X86_64,$(CPUNAME)),x64,x86)-$(if $(MSVC_USE_DEBUG_RUNTIME),debug,release)-dll-ipv6-sspi-winssl/bin/libcurl$(if $(MSVC_USE_DEBUG_RUNTIME),_debug).dll)) +else ifeq ($(OS),MACOSX) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.4.dylib,lib/.libs/libcurl.4.dylib)) else ifeq ($(OS),AIX) $(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so,lib/.libs/libcurl.so.4)) else -$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.3.0)) +$(eval $(call gb_ExternalPackage_add_file,curl,$(LIBO_LIB_FOLDER)/libcurl.so.4,lib/.libs/libcurl.so.4.5.0)) endif endif # $(DISABLE_DYNLOADING) diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index f95ded47235e..4efc3ef03cff 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -72,10 +72,17 @@ else ifeq ($(COM),MSC) $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \ - cfg=$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \ - EXCFLAGS="/EHa /Zc:wchar_t- /D_CRT_SECURE_NO_DEPRECATE /DUSE_WINDOWS_SSPI $(SOLARINC)" $(if $(filter X86_64,$(CPUNAME)),MACHINE=X64) \ - ,lib) + CC="$(shell cygpath -w $(filter-out -%,$(CC))) $(filter -%,$(CC))" \ + MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc \ + mode=dll \ + VC=12 \ + $(if $(filter X86_64,$(CPUNAME)),MACHINE=x64,MACHINE=x86) \ + GEN_PDB=$(if $(gb_SYMBOL),yes,no) \ + DEBUG=$(if $(MSVC_USE_DEBUG_RUNTIME),yes,no) \ + ENABLE_IPV6=yes \ + ENABLE_SSPI=yes \ + ENABLE_WINSSL=yes \ + ,winbuild) endif diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 77cc8fecad6c..a578a103c350 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -14,13 +14,12 @@ $(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl)) $(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1)) $(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\ - lib/Makefile.vc12 \ + winbuild/MakefileBuild.vc \ )) $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc.patch.1 \ - external/curl/curl-msvc-schannel.patch.1 \ - external/curl/curl-7.26.0_mingw.patch \ + external/curl/curl-msvc-disable-protocols.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ )) diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 5392d32ed0d1..e51c5d017818 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -1,11 +1,121 @@ ---- curl-7.26.0/lib/Makefile.vc10 -+++ misc/build/curl-7.26.0/lib/Makefile.vc10 -@@ -116,7 +116,7 @@ LFLAGS = /nologo /machine:$(MACHINE) - SSLLIBS = libeay32.lib ssleay32.lib - ZLIBLIBSDLL = zdll.lib - ZLIBLIBS = zlib.lib --WINLIBS = ws2_32.lib wldap32.lib advapi32.lib -+WINLIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib - CFLAGS = $(CFLAGS) $(EXCFLAGS) - - CFGSET = FALSE +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 17:15:22.969492548 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 17:16:38.491490679 +0200 +@@ -72,7 +72,7 @@ + + CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB + +-WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib ++WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib + + BASE_NAME = libcurl + BASE_NAME_DEBUG = $(BASE_NAME)_debug +--- curl-7.26.0/lib/url.c ++++ misc/build/curl-7.26.0/lib/url.c +@@ -78,6 +78,10 @@ + bool curl_win32_idn_to_ascii(const char *in, char **out); + #endif /* USE_LIBIDN2 */ + ++#ifdef _WIN32 ++#include <WinHttp.h> ++#endif ++ + #include "urldata.h" + #include "netrc.h" + +@@ -4586,6 +4590,21 @@ + } + + #ifndef CURL_DISABLE_HTTP ++#ifdef _WIN32 ++static char *wstrToCstr(LPWSTR wStr) ++{ ++ int bufSize; ++ char *out = NULL; ++ if(wStr != NULL) { ++ bufSize = WideCharToMultiByte( ++ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL); ++ out = (char *)malloc(bufSize * sizeof(char)); ++ WideCharToMultiByte(CP_ACP, 0, wStr, -1, out, bufSize, NULL, NULL); ++ } ++ return out; ++} ++#endif ++ + /**************************************************************** + * Detect what (if any) proxy to use. Remember that this selects a host + * name and is not limited to HTTP proxies only. +@@ -4613,6 +4633,66 @@ + * For compatibility, the all-uppercase versions of these variables are + * checked if the lowercase versions don't exist. + */ ++#ifdef _WIN32 ++ char *no_proxy = NULL; ++ WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig; ++ ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *) ++ malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG)); ++ if(WinHttpGetIEProxyConfigForCurrentUser(ieProxyConfig)) { ++ if(!ieProxyConfig->fAutoDetect) { ++ char *ieProxy; ++ char *ieNoProxy; ++ char *pos; ++ ++ ieProxy = wstrToCstr(ieProxyConfig->lpszProxy); ++ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass); ++ ++ /* Convert the ieNoProxy into a proper no_proxy value */ ++ if(NULL != ieNoProxy) { ++ no_proxy = strdup(ieNoProxy); ++ pos = strpbrk(no_proxy, "; "); ++ while(NULL != pos) { ++ no_proxy[pos-no_proxy] = ','; ++ pos = strpbrk(no_proxy, "; "); ++ } ++ } ++ ++ if(!check_noproxy(conn->host.name, no_proxy)) { ++ /* Look for the http proxy setting */ ++ char *tok; ++ char *saveptr; ++ ++ if(NULL != ieProxy) { ++ tok = strtok_s(ieProxy, ";", &saveptr); ++ if(strchr(tok, '=') == NULL) { ++ proxy = strdup(ieProxy); ++ } ++ else { ++ do { ++ if(strncmp(tok, "http=", 5) == 0) { ++ /* We found HTTP proxy value, then use it */ ++ proxy = strdup(tok + 5); ++ } ++ tok = strtok_s(NULL, ";", &saveptr); ++ } ++ while(NULL != tok); ++ } ++ } ++ } ++ ++ free(ieProxy); ++ free(ieNoProxy); ++ } ++ else { ++ /* TODO Handle the Proxy config Auto Detection case */ ++ } ++ ++ GlobalFree(ieProxyConfig->lpszAutoConfigUrl); ++ GlobalFree(ieProxyConfig->lpszProxy); ++ GlobalFree(ieProxyConfig->lpszProxyBypass); ++ } ++ free(no_proxy); ++#else /* !WIN32 */ + char proxy_env[128]; + const char *protop = conn->handler->scheme; + char *envp = proxy_env; +@@ -4663,6 +4739,7 @@ + if(!proxy) + proxy = curl_getenv("ALL_PROXY"); + } ++#endif /* WIN32 */ + + return proxy; + } diff --git a/external/curl/curl-msvc-disable-protocols.patch.1 b/external/curl/curl-msvc-disable-protocols.patch.1 new file mode 100644 index 000000000000..c8747a5fcc1d --- /dev/null +++ b/external/curl/curl-msvc-disable-protocols.patch.1 @@ -0,0 +1,35 @@ +disable protocols nobody needs in MSVC build + +--- curl/lib/config-win32.h.orig 2017-08-09 16:43:29.464000000 +0200 ++++ curl/lib/config-win32.h 2017-08-09 16:47:38.549200000 +0200 +@@ -733,4 +733,19 @@ + # define ENABLE_IPV6 1 + #endif + ++#define CURL_DISABLE_DICT 1 ++#define CURL_DISABLE_FILE 1 ++//#undef CURL_DISABLE_FTP ++#define CURL_DISABLE_GOPHER 1 ++//#undef CURL_DISABLE_HTTP ++#define CURL_DISABLE_IMAP 1 ++#define CURL_DISABLE_LDAP 1 ++#define CURL_DISABLE_LDAPS 1 ++#define CURL_DISABLE_POP3 1 ++#define CURL_DISABLE_RTSP 1 ++#define CURL_DISABLE_SMB 1 ++#define CURL_DISABLE_SMTP 1 ++#define CURL_DISABLE_TELNET 1 ++#define CURL_DISABLE_TFTP 1 ++ + #endif /* HEADER_CURL_CONFIG_WIN32_H */ +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 23:41:21.393200000 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 23:34:16.028000000 +0200 +@@ -431,7 +431,7 @@ + + EXE_OBJS = $(CURL_OBJS) $(CURL_DIROBJ)\curl.res + +-all : $(TARGET) $(PROGRAM_NAME) ++all : $(TARGET) + + package: $(TARGET) + @cd $(DIRDIST) diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1 deleted file mode 100644 index 96768aa3f92c..000000000000 --- a/external/curl/curl-msvc-schannel.patch.1 +++ /dev/null @@ -1,22 +0,0 @@ -MSVC: use WNT native Schannel SSL/TLS implementation - ---- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100 -+++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100 -@@ -260,7 +260,7 @@ - TARGET = $(LIBCURL_DYN_LIB_REL) - DIROBJ = $(CFG) - LNK = $(LNKDLL) $(WINLIBS) /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_REL) --CC = $(CCNODBG) $(RTLIB) -+CC = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL) - CFGSET = TRUE - RESOURCE = $(DIROBJ)\libcurl.res - !ENDIF -@@ -427,7 +427,7 @@ - TARGET = $(LIBCURL_DYN_LIB_DBG) - DIROBJ = $(CFG) - LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) --CC = $(CCDEBUG) $(RTLIBD) -+CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL) - CFGSET = TRUE - RESOURCE = $(DIROBJ)\libcurl.res - !ENDIF diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 57a292bb69a3..80160958c99d 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -1,27 +1,27 @@ -MSVC: using SOLARINC and EXCFLAGS +MSVC: using SOLARINC ---- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400 -+++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400 -@@ -117,7 +117,7 @@ - ZLIBLIBSDLL = zdll.lib - ZLIBLIBS = zlib.lib - WINLIBS = ws2_32.lib wldap32.lib advapi32.lib --CFLAGS = $(CFLAGS) -+CFLAGS = $(CFLAGS) $(EXCFLAGS) +--- curl/winbuild/MakefileBuild.vc.orig 2017-10-23 16:36:07.713550851 +0200 ++++ curl/winbuild/MakefileBuild.vc 2017-10-23 16:38:19.301547594 +0200 +@@ -60,7 +60,7 @@ + !ELSE + CC_NODEBUG = $(CC) /O2 /DNDEBUG + CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd +-CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL ++CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL $(SOLARINC) + !ENDIF - CFGSET = FALSE + LFLAGS = /nologo /machine:$(MACHINE) +@@ -300,11 +300,11 @@ + # CURL_XX macros are for the curl.exe command -@@ -620,11 +620,11 @@ - debug-dll-ssl-dll\libcurl.res \ - debug-dll-zlib-dll\libcurl.res \ - debug-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc -- rc /dDEBUGBUILD=1 /Fo $@ libcurl.rc -+ rc $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ libcurl.rc - - release-dll\libcurl.res \ - release-dll-ssl-dll\libcurl.res \ - release-dll-zlib-dll\libcurl.res \ - release-dll-ssl-dll-zlib-dll\libcurl.res: libcurl.rc -- rc /dDEBUGBUILD=0 /Fo $@ libcurl.rc -+ rc $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ libcurl.rc - !ENDIF # End of case where a config was provided. + !IF "$(DEBUG)"=="yes" +-RC_FLAGS = /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=1 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc + CURL_CC = $(CC_DEBUG) $(RTLIB_DEBUG) + CURL_RC_FLAGS = /i../include /dDEBUGBUILD=1 /Fo $@ $(CURL_SRC_DIR)\curl.rc + !ELSE +-RC_FLAGS = /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc ++RC_FLAGS = $(SOLARINC) /dDEBUGBUILD=0 /Fo $@ $(LIBCURL_SRC_DIR)\libcurl.rc + CURL_CC = $(CC_NODEBUG) $(RTLIB) + CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@ $(CURL_SRC_DIR)\curl.rc + !ENDIF commit 8685c15cc9c7887c1ec0ec68bc56ab65dd1580a8 Author: Thorsten Behrens <thorsten.behr...@cib.de> Date: Mon Jan 23 15:32:36 2017 +0100 curl: upgrade to version 7.52.1 - fixes some four CVEs - and a ton of other fixes & improvements Change-Id: I2312f30f72c914c7e930c59ddbe44fb8a282c0a5 Reviewed-on: https://gerrit.libreoffice.org/33471 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de> diff --git a/download.lst b/download.lst index dc3fc400014c..520582ceada8 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_MD5SUM := 490e19a8ccd1f4a244b50338a0eb9456 -export CURL_TARBALL := curl-7.51.0.tar.gz +CURL_MD5SUM := 4e1ef056e117b4d25f4ec42ac609c0d4 +export CURL_TARBALL := curl-7.52.1.tar.gz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index a7983b967071..5392d32ed0d1 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -9,120 +9,3 @@ CFLAGS = $(CFLAGS) $(EXCFLAGS) CFGSET = FALSE ---- curl-7.26.0/lib/url.c -+++ misc/build/curl-7.26.0/lib/url.c -@@ -80,6 +80,10 @@ void idn_free (void *ptr); - int curl_win32_idn_to_ascii(const char *in, char **out); - #endif /* USE_LIBIDN */ - -+#ifdef WIN32 -+#include <WinHttp.h> -+#endif -+ - #include "urldata.h" - #include "netrc.h" - -@@ -4111,6 +4115,21 @@ static bool check_noproxy(const char* name, const char* no_proxy) - return FALSE; - } - -+#ifdef WIN32 -+static char* wstrToCstr( LPWSTR wStr ) -+{ -+ int bufSize; -+ char* out = NULL; -+ if(wStr != NULL) { -+ bufSize = WideCharToMultiByte( -+ CP_ACP, 0, wStr, -1, NULL, 0, NULL, NULL ); -+ out = ( char* )malloc( bufSize * sizeof(char)); -+ WideCharToMultiByte( CP_ACP, 0, wStr, -1, out, bufSize, NULL, NULL ); -+ } -+ return out; -+} -+#endif -+ - /**************************************************************** - * Detect what (if any) proxy to use. Remember that this selects a host - * name and is not limited to HTTP proxies only. -@@ -4119,6 +4138,7 @@ static bool check_noproxy(const char* name, const char* no_proxy) - static char *detect_proxy(struct connectdata *conn) - { - char *proxy = NULL; -+ char *no_proxy=NULL; - - #ifndef CURL_DISABLE_HTTP - /* If proxy was not specified, we check for default proxy environment -@@ -4138,7 +4158,63 @@ static char *detect_proxy(struct connectdata *conn) - * For compatibility, the all-uppercase versions of these variables are - * checked if the lowercase versions don't exist. - */ -- char *no_proxy=NULL; -+#ifdef WIN32 -+ WINHTTP_CURRENT_USER_IE_PROXY_CONFIG *ieProxyConfig; -+ ieProxyConfig = (WINHTTP_CURRENT_USER_IE_PROXY_CONFIG*) -+ malloc(sizeof(WINHTTP_CURRENT_USER_IE_PROXY_CONFIG)); -+ if(WinHttpGetIEProxyConfigForCurrentUser(ieProxyConfig)) { -+ if(!ieProxyConfig->fAutoDetect) { -+ char *ieProxy; -+ char *ieNoProxy; -+ char* pos; -+ -+ ieProxy = wstrToCstr(ieProxyConfig->lpszProxy); -+ ieNoProxy = wstrToCstr(ieProxyConfig->lpszProxyBypass); -+ -+ /* Convert the ieNoProxy into a proper no_proxy value */ -+ if(NULL != ieNoProxy) { -+ no_proxy = strdup(ieNoProxy); -+ pos = strpbrk(no_proxy, "; "); -+ while(NULL != pos) { -+ no_proxy[pos-no_proxy] = ','; -+ pos = strpbrk(no_proxy, "; "); -+ } -+ } -+ -+ if(!check_noproxy(conn->host.name, no_proxy)) { -+ /* Look for the http proxy setting */ -+ char* tok; -+ char *saveptr; -+ -+ if(NULL != ieProxy) { -+ tok = strtok_s(ieProxy, ";", &saveptr); -+ if(strchr(tok, '=') == NULL) { -+ proxy = strdup(ieProxy); -+ } -+ else { -+ do { -+ if(strncmp(tok, "http=", 5) == 0) { -+ /* We found HTTP proxy value, then use it */ -+ proxy = strdup( tok + 5 ); -+ } -+ tok = strtok_s(NULL, ";", &saveptr); -+ } -+ while(NULL != tok); -+ } -+ } -+ } -+ -+ free(ieProxy); -+ free(ieNoProxy); -+ } -+ else { -+ /* TODO Handle the Proxy config Auto Detection case */ -+ } -+ -+ GlobalFree( ieProxyConfig->lpszAutoConfigUrl ); -+ GlobalFree( ieProxyConfig->lpszProxy ); -+ GlobalFree( ieProxyConfig->lpszProxyBypass ); -+ } -+#else /* !WIN32 */ - char proxy_env[128]; - - no_proxy=curl_getenv("no_proxy"); -@@ -4189,6 +4265,7 @@ static char *detect_proxy(struct connectdata *conn) - } - } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified - non-proxy */ -+#endif /* WIN32 */ - free(no_proxy); - - #else /* !CURL_DISABLE_HTTP */ diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 88ced0a75493..57a292bb69a3 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -11,14 +11,6 @@ MSVC: using SOLARINC and EXCFLAGS CFGSET = FALSE -@@ -632,7 +632,6 @@ - $(DIROBJ)\vtls.obj \ - $(DIROBJ)\openssl.obj \ - $(DIROBJ)\strdup.obj \ -- $(DIROBJ)\strequal.obj \ - $(DIROBJ)\strerror.obj \ - $(DIROBJ)\strtok.obj \ - $(DIROBJ)\strtoofft.obj \ @@ -620,11 +620,11 @@ debug-dll-ssl-dll\libcurl.res \ debug-dll-zlib-dll\libcurl.res \ commit 9233783326c8d45147498c2bd862b21c0caefefa Author: Michael Stahl <mst...@redhat.com> Date: Wed Nov 2 11:48:21 2016 +0100 curl: upgrade to version 7.51.0 - fixes about a dozen CVEs - tweak curl-7.26.0_win-proxy.patch: there is a "checksrc" thing now in curl that fails the build with: warning: use of strtok is banned (BANNEDFUNC) so use strtok_s instead (which is MSVC's name for standard strtok_r) - use Makefile.vc12 instead of Makefile.vc10 - remove strequal.obj from Makefile.vc12, it does not actually exist Change-Id: Ie2da64980d88c72b0c902376ffc01abf97a7bc91 Reviewed-on: https://gerrit.libreoffice.org/30484 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Michael Stahl <mst...@redhat.com> diff --git a/download.lst b/download.lst index 791377a1fbb0..dc3fc400014c 100644 --- a/download.lst +++ b/download.lst @@ -2,8 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 -CURL_MD5SUM := 11bddbb452a8b766b932f859aaeeed39 -export CURL_TARBALL := curl-7.43.0.tar.bz2 +CURL_MD5SUM := 490e19a8ccd1f4a244b50338a0eb9456 +export CURL_TARBALL := curl-7.51.0.tar.gz EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 diff --git a/external/curl/ExternalProject_curl.mk b/external/curl/ExternalProject_curl.mk index 81d46f63901e..f95ded47235e 100644 --- a/external/curl/ExternalProject_curl.mk +++ b/external/curl/ExternalProject_curl.mk @@ -72,7 +72,7 @@ else ifeq ($(COM),MSC) $(call gb_ExternalProject_get_state_target,curl,build): $(call gb_ExternalProject_run,build,\ - MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc10 \ + MAKEFLAGS= LIB="$(ILIB)" nmake -f Makefile.vc12 \ cfg=$(if $(MSVC_USE_DEBUG_RUNTIME),debug-dll,release-dll) \ EXCFLAGS="/EHa /Zc:wchar_t- /D_CRT_SECURE_NO_DEPRECATE /DUSE_WINDOWS_SSPI $(SOLARINC)" $(if $(filter X86_64,$(CPUNAME)),MACHINE=X64) \ ,lib) diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 2e4d4cc1283c..77cc8fecad6c 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -14,11 +14,10 @@ $(eval $(call gb_UnpackedTarball_set_tarball,curl,$(CURL_TARBALL),,curl)) $(eval $(call gb_UnpackedTarball_set_patchlevel,curl,1)) $(eval $(call gb_UnpackedTarball_fix_end_of_line,curl,\ - lib/Makefile.vc10 \ + lib/Makefile.vc12 \ )) $(eval $(call gb_UnpackedTarball_add_patches,curl,\ - external/curl/curl-freebsd.patch.1 \ external/curl/curl-msvc.patch.1 \ external/curl/curl-msvc-schannel.patch.1 \ external/curl/curl-7.26.0_mingw.patch \ diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 99402a437e5a..a7983b967071 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -83,9 +83,10 @@ + if(!check_noproxy(conn->host.name, no_proxy)) { + /* Look for the http proxy setting */ + char* tok; ++ char *saveptr; + + if(NULL != ieProxy) { -+ tok = strtok(ieProxy, ";"); ++ tok = strtok_s(ieProxy, ";", &saveptr); + if(strchr(tok, '=') == NULL) { + proxy = strdup(ieProxy); + } @@ -95,7 +96,7 @@ + /* We found HTTP proxy value, then use it */ + proxy = strdup( tok + 5 ); + } -+ tok = strtok(NULL, ";"); ++ tok = strtok_s(NULL, ";", &saveptr); + } + while(NULL != tok); + } diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1 index 1091a762a5e8..96768aa3f92c 100644 --- a/external/curl/curl-msvc-schannel.patch.1 +++ b/external/curl/curl-msvc-schannel.patch.1 @@ -1,7 +1,7 @@ MSVC: use WNT native Schannel SSL/TLS implementation ---- curl/lib/Makefile.vc10.old 2013-11-19 00:00:29.044499752 +0100 -+++ curl/lib/Makefile.vc10 2013-11-19 00:01:29.135499684 +0100 +--- curl/lib/Makefile.vc12.old 2013-11-19 00:00:29.044499752 +0100 ++++ curl/lib/Makefile.vc12 2013-11-19 00:01:29.135499684 +0100 @@ -260,7 +260,7 @@ TARGET = $(LIBCURL_DYN_LIB_REL) DIROBJ = $(CFG) diff --git a/external/curl/curl-msvc.patch.1 b/external/curl/curl-msvc.patch.1 index 927b3f184a78..88ced0a75493 100644 --- a/external/curl/curl-msvc.patch.1 +++ b/external/curl/curl-msvc.patch.1 @@ -1,7 +1,7 @@ MSVC: using SOLARINC and EXCFLAGS ---- curl/lib/Makefile.vc10 2012-05-24 12:07:02.000000000 -0400 -+++ curl/lib/Makefile.vc10 2012-10-29 11:53:44.658809300 -0400 +--- curl/lib/Makefile.vc12 2012-05-24 12:07:02.000000000 -0400 ++++ curl/lib/Makefile.vc12 2012-10-29 11:53:44.658809300 -0400 @@ -117,7 +117,7 @@ ZLIBLIBSDLL = zdll.lib ZLIBLIBS = zlib.lib @@ -11,6 +11,14 @@ MSVC: using SOLARINC and EXCFLAGS CFGSET = FALSE +@@ -632,7 +632,6 @@ + $(DIROBJ)\vtls.obj \ + $(DIROBJ)\openssl.obj \ + $(DIROBJ)\strdup.obj \ +- $(DIROBJ)\strequal.obj \ + $(DIROBJ)\strerror.obj \ + $(DIROBJ)\strtok.obj \ + $(DIROBJ)\strtoofft.obj \ @@ -620,11 +620,11 @@ debug-dll-ssl-dll\libcurl.res \ debug-dll-zlib-dll\libcurl.res \ commit 44b5194f813403ca49e83927164a35aa8f976893 Author: Michael Stahl <mst...@redhat.com> Date: Wed Jul 1 00:04:32 2015 +0200 curl: upgrade to release 7.43.0 Change-Id: Ic16111f21625fc510e79bba8122eaa60662f7a59 diff --git a/Makefile.fetch b/Makefile.fetch index c04bb7c5a228..820aa952a460 100644 --- a/Makefile.fetch +++ b/Makefile.fetch @@ -77,6 +77,7 @@ $(WORKDIR)/download: $(BUILDDIR)/config_host.mk $(SRCDIR)/download.lst $(SRCDIR) $(call fetch_Optional,LIBATOMIC_OPS,LIBATOMIC_OPS_TARBALL) \ $(call fetch_Optional,ABW,ABW_TARBALL) \ $(call fetch_Optional,CDR,CDR_TARBALL) \ + $(call fetch_Optional,CURL,CURL_TARBALL) \ $(call fetch_Optional,EBOOK,EBOOK_TARBALL) \ $(call fetch_Optional,FREEHAND,FREEHAND_TARBALL) \ $(call fetch_Optional,ETONYEK,ETONYEK_TARBALL) \ @@ -107,7 +108,6 @@ $(WORKDIR)/download: $(BUILDDIR)/config_host.mk $(SRCDIR)/download.lst $(SRCDIR) $(call fetch_Optional,CMIS,$(CMIS_TARBALL)) \ $(call fetch_Optional,CPPUNIT,$(CPPUNIT_TARBALL)) \ $(call fetch_Optional,CT2N,$(CT2N_TARBALL)) \ - $(call fetch_Optional,CURL,$(CURL_TARBALL)) \ $(call fetch_Optional,EPM,$(EPM_TARBALL)) \ $(call fetch_Optional,MARIADB,$(MARIADB_TARBALL)) \ $(call fetch_Optional,MORE_FONTS,$(FONT_CALADEA_TARBALL)) \ diff --git a/download.lst b/download.lst index a33f4f15e030..791377a1fbb0 100644 --- a/download.lst +++ b/download.lst @@ -2,6 +2,8 @@ ABW_MD5SUM := 40fa48e03b1e28ae0325cc34b35bc46d export ABW_TARBALL := libabw-0.0.2.tar.bz2 CDR_MD5SUM := fbcd8619fc6646f41d527c1329102998 export CDR_TARBALL := libcdr-0.0.15.tar.bz2 +CURL_MD5SUM := 11bddbb452a8b766b932f859aaeeed39 +export CURL_TARBALL := curl-7.43.0.tar.bz2 EBOOK_MD5SUM := 2f1ceaf2ac8752ed278e175447d9b978 export EBOOK_TARBALL := libe-book-0.0.3.tar.bz2 ETONYEK_MD5SUM := 3c50bc60394d1f2675fbf9bd22581363 @@ -51,7 +53,6 @@ export CLUCENE_TARBALL := 48d647fbd8ef8889e5a7f422c1bfda94-clucene-core-2.3.3.4. export CMIS_TARBALL := 22f8a85daf4a012180322e1f52a7563b-libcmis-0.4.1.tar.gz export CPPUNIT_TARBALL := ac4781e01619be13461bb2d562b94a7b-cppunit-1.13.1.tar.gz export CT2N_TARBALL := 451ccf439a36a568653b024534669971-ConvertTextToNumber-1.3.2.oxt -export CURL_TARBALL := 57409d6bf0bd97053b8378dbe0cadcef-curl-7.33.0.tar.bz2 export DBGHELP_DLL := 13fbc2e8b37ddf28181dd6d8081c2b8e-dbghelp.dll export EPM_TARBALL := 3ade8cfe7e59ca8e65052644fed9fca4-epm-3.7.tar.gz export FONTCONFIG_TARBALL := 77e15a92006ddc2adbb06f840d591c0e-fontconfig-2.8.0.tar.gz diff --git a/external/curl/NSS-support-for-CERTINFO-feature.patch b/external/curl/NSS-support-for-CERTINFO-feature.patch deleted file mode 100644 index 7976a08685e4..000000000000 --- a/external/curl/NSS-support-for-CERTINFO-feature.patch +++ /dev/null @@ -1,391 +0,0 @@ -From f6c335d63f2da025a0a3efde1fe59e3bb7189b70 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat <p...@datasphere.ch> -Date: Wed, 30 Oct 2013 11:12:06 +0100 -Subject: [PATCH] NSS: support for CERTINFO feature - ---- - docs/libcurl/curl_easy_getinfo.3 | 6 +-- - docs/libcurl/curl_easy_setopt.3 | 5 +- - lib/hostcheck.c | 4 +- - lib/nss.c | 46 ++++++++++++++++-- - lib/url.c | 3 +- - lib/x509asn1.c | 100 +++++++++++++++++++++++++-------------- - lib/x509asn1.h | 4 +- - 7 files changed, 119 insertions(+), 49 deletions(-) - -diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3 -index 62d8ae4..db0f4d6 100644 ---- a/docs/libcurl/curl_easy_getinfo.3 -+++ b/docs/libcurl/curl_easy_getinfo.3 -@@ -5,7 +5,7 @@ - .\" * | (__| |_| | _ <| |___ - .\" * \___|\___/|_| \_\_____| - .\" * --.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <dan...@haxx.se>, et al. -+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <dan...@haxx.se>, et al. - .\" * - .\" * This software is licensed as described in the file COPYING, which - .\" * you should have received as part of this distribution. The terms -@@ -219,8 +219,8 @@ done. The struct reports how many certs it found and then you can extract info - for each of those certs by following the linked lists. The info chain is - provided in a series of data in the format "name:content" where the content is - for the specific named data. See also the certinfo.c example. NOTE: this --option is only available in libcurl built with OpenSSL support. (Added in --7.19.1) -+option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL -+support. (Added in 7.19.1) - .IP CURLINFO_CONDITION_UNMET - Pass a pointer to a long to receive the number 1 if the condition provided in - the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if -diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 -index f58c8fb..2887483 100644 ---- a/docs/libcurl/curl_easy_setopt.3 -+++ b/docs/libcurl/curl_easy_setopt.3 -@@ -2549,9 +2549,10 @@ is ignored. - - .IP CURLOPT_CERTINFO - Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With --this enabled, libcurl (if built with OpenSSL) will extract lots of information -+this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will -+extract lots of information - and data about the certificates in the certificate chain used in the SSL --connection. This data is then possible to extract after a transfer using -+connection. This data may then be retrieved after a transfer using - \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in - 7.19.1) - .IP CURLOPT_RANDOM_FILE -diff --git a/lib/hostcheck.c b/lib/hostcheck.c -index abd1fa0..4be5baa 100644 ---- a/lib/hostcheck.c -+++ b/lib/hostcheck.c -@@ -23,7 +23,7 @@ - #include "curl_setup.h" - - #if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \ -- defined(USE_GSKIT) -+ defined(USE_GSKIT) || defined(USE_NSS) - /* these backends use functions from this file */ - - #include "hostcheck.h" -@@ -94,4 +94,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) - return 0; - } - --#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */ -+#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT or NSS */ -diff --git a/lib/nss.c b/lib/nss.c -index 43576e6..2562fcf 100644 ---- a/lib/nss.c -+++ b/lib/nss.c -@@ -653,6 +653,10 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) - SSLChannelInfo channel; - SSLCipherSuiteInfo suite; - CERTCertificate *cert; -+ CERTCertificate *cert2; -+ CERTCertificate *cert3; -+ PRTime now; -+ int i; - - if(SSL_GetChannelInfo(sock, &channel, sizeof channel) == - SECSuccess && channel.length == sizeof channel && -@@ -663,11 +667,45 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock) - } - } - -- infof(conn->data, "Server certificate:\n"); -- - cert = SSL_PeerCertificate(sock); -- display_cert_info(conn->data, cert); -- CERT_DestroyCertificate(cert); -+ -+ if(cert) { -+ infof(conn->data, "Server certificate:\n"); -+ -+ if(!conn->data->set.ssl.certinfo) { -+ display_cert_info(conn->data, cert); -+ CERT_DestroyCertificate(cert); -+ } -+ else { -+ /* Count certificates in chain. */ -+ now = PR_Now(); -+ i = 1; -+ if(!cert->isRoot) { -+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); -+ while(cert2) { -+ i++; -+ if(cert2->isRoot) { -+ CERT_DestroyCertificate(cert2); -+ break; -+ } -+ cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA); -+ CERT_DestroyCertificate(cert2); -+ cert2 = cert3; -+ } -+ } -+ Curl_ssl_init_certinfo(conn->data, i); -+ for(i = 0; cert; cert = cert2) { -+ Curl_extract_certinfo(conn, i++, cert->derCert.data, -+ cert->derCert.data + cert->derCert.len); -+ if(cert->isRoot) { -+ CERT_DestroyCertificate(cert); -+ break; -+ } -+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); -+ CERT_DestroyCertificate(cert); -+ } -+ } -+ } - - return; - } -diff --git a/lib/url.c b/lib/url.c -index e86fbc2..03c7607 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -1926,7 +1926,8 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, - data->set.ssl.fsslctxp = va_arg(param, void *); - break; - #endif --#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT) || \ -+ defined(USE_NSS) - case CURLOPT_CERTINFO: - data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE; - break; -diff --git a/lib/x509asn1.c b/lib/x509asn1.c -index 94b89b2..d6aa045 100644 ---- a/lib/x509asn1.c -+++ b/lib/x509asn1.c -@@ -22,7 +22,7 @@ - - #include "curl_setup.h" - --#if defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) - - #include <curl/curl.h> - #include "urldata.h" -@@ -803,7 +803,7 @@ static const char * dumpAlgo(curl_asn1Element * param, - return OID2str(oid.beg, oid.end, TRUE); - } - --static void do_pubkey_field(struct SessionHandle *data, int certnum, -+static void do_pubkey_field(struct SessionHandle * data, int certnum, - const char * label, curl_asn1Element * elem) - { - const char * output; -@@ -812,8 +812,10 @@ static void do_pubkey_field(struct SessionHandle *data, int certnum, - - output = Curl_ASN1tostr(elem, 0); - if(output) { -- Curl_ssl_push_certinfo(data, certnum, label, output); -- infof(data, " %s: %s\n", label, output); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, label, output); -+ if(!certnum) -+ infof(data, " %s: %s\n", label, output); - free((char *) output); - } - } -@@ -845,11 +847,14 @@ static void do_pubkey(struct SessionHandle * data, int certnum, - len--; - if(len > 32) - elem.beg = q; /* Strip leading zero bytes. */ -- infof(data, " RSA Public Key (%lu bits)\n", len); -- q = curl_maprintf("%lu", len); -- if(q) { -- Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q); -- free((char *) q); -+ if(!certnum) -+ infof(data, " RSA Public Key (%lu bits)\n", len); -+ if(data->set.ssl.certinfo) { -+ q = curl_maprintf("%lu", len); -+ if(q) { -+ Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q); -+ free((char *) q); -+ } - } - /* Generate coefficients. */ - do_pubkey_field(data, certnum, "rsa(n)", &elem); -@@ -896,6 +901,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - size_t i; - size_t j; - -+ if(!data->set.ssl.certinfo) -+ if(certnum) -+ return CURLE_OK; -+ - /* Prepare the certificate information for curl_easy_getinfo(). */ - - /* Extract the certificate ASN.1 elements. */ -@@ -905,35 +914,44 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - ccp = Curl_DNtostr(&cert.subject); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Subject", ccp); -- infof(data, "%2d Subject: %s\n", certnum, ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Subject", ccp); -+ if(!certnum) -+ infof(data, "%2d Subject: %s\n", certnum, ccp); - free((char *) ccp); - - /* Issuer. */ - ccp = Curl_DNtostr(&cert.issuer); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp); -- infof(data, " Issuer: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp); -+ if(!certnum) -+ infof(data, " Issuer: %s\n", ccp); - free((char *) ccp); - - /* Version (always fits in less than 32 bits). */ - version = 0; - for(ccp = cert.version.beg; ccp < cert.version.end; ccp++) - version = (version << 8) | *(const unsigned char *) ccp; -- ccp = curl_maprintf("%lx", version); -- if(!ccp) -- return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Version", ccp); -- free((char *) ccp); -- infof(data, " Version: %lu (0x%lx)\n", version + 1, version); -+ if(data->set.ssl.certinfo) { -+ ccp = curl_maprintf("%lx", version); -+ if(!ccp) -+ return CURLE_OUT_OF_MEMORY; -+ Curl_ssl_push_certinfo(data, certnum, "Version", ccp); -+ free((char *) ccp); -+ } -+ if(!certnum) -+ infof(data, " Version: %lu (0x%lx)\n", version + 1, version); - - /* Serial number. */ - ccp = Curl_ASN1tostr(&cert.serialNumber, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp); -- infof(data, " Serial Number: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp); -+ if(!certnum) -+ infof(data, " Serial Number: %s\n", ccp); - free((char *) ccp); - - /* Signature algorithm .*/ -@@ -941,24 +959,30 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - cert.signatureAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp); -- infof(data, " Signature Algorithm: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp); -+ if(!certnum) -+ infof(data, " Signature Algorithm: %s\n", ccp); - free((char *) ccp); - - /* Start Date. */ - ccp = Curl_ASN1tostr(&cert.notBefore, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp); -- infof(data, " Start Date: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp); -+ if(!certnum) -+ infof(data, " Start Date: %s\n", ccp); - free((char *) ccp); - - /* Expire Date. */ - ccp = Curl_ASN1tostr(&cert.notAfter, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp); -- infof(data, " Expire Date: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp); -+ if(!certnum) -+ infof(data, " Expire Date: %s\n", ccp); - free((char *) ccp); - - /* Public Key Algorithm. */ -@@ -966,8 +990,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - cert.subjectPublicKeyAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp); -- infof(data, " Public Key Algorithm: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp); -+ if(!certnum) -+ infof(data, " Public Key Algorithm: %s\n", ccp); - do_pubkey(data, certnum, ccp, ¶m, &cert.subjectPublicKey); - free((char *) ccp); - -@@ -977,8 +1003,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - ccp = Curl_ASN1tostr(&cert.signature, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; -- Curl_ssl_push_certinfo(data, certnum, "Signature", ccp); -- infof(data, " Signature: %s\n", ccp); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Signature", ccp); -+ if(!certnum) -+ infof(data, " Signature: %s\n", ccp); - free((char *) ccp); - - /* Generate PEM certificate. */ -@@ -987,7 +1015,7 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - &cp1, &cl1); - if(cc != CURLE_OK) - return cc; -- /* Compute the number of charaters in final certificate string. Format is: -+ /* Compute the number of characters in final certificate string. Format is: - -----BEGIN CERTIFICATE-----\n - <max 64 base64 characters>\n - . -@@ -1008,8 +1036,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, - i += copySubstring(cp2 + i, "-----END CERTIFICATE-----"); - cp2[i] = '\0'; - free(cp1); -- Curl_ssl_push_certinfo(data, certnum, "Cert", cp2); -- infof(data, "%s\n", cp2); -+ if(data->set.ssl.certinfo) -+ Curl_ssl_push_certinfo(data, certnum, "Cert", cp2); -+ if(!certnum) -+ infof(data, "%s\n", cp2); - free(cp2); - return CURLE_OK; - } -@@ -1148,4 +1178,4 @@ CURLcode Curl_verifyhost(struct connectdata * conn, - return CURLE_PEER_FAILED_VERIFICATION; - } - --#endif /* USE_QSOSSL or USE_GSKIT */ -+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ -diff --git a/lib/x509asn1.h b/lib/x509asn1.h -index 2276b5b..1741d6d 100644 ---- a/lib/x509asn1.h -+++ b/lib/x509asn1.h -@@ -25,7 +25,7 @@ - - #include "curl_setup.h" - --#if defined(USE_QSOSSL) || defined(USE_GSKIT) -+#if defined(USE_QSOSSL) || defined(USE_GSKIT) || defined(USE_NSS) - - #include "urldata.h" - -@@ -125,5 +125,5 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum, - CURLcode Curl_verifyhost(struct connectdata * conn, - const char * beg, const char * end); - --#endif /* USE_QSOSSL or USE_GSKIT */ -+#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */ - #endif /* HEADER_CURL_X509ASN1_H */ --- -1.8.4.2 - diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index f6542e5217f8..2e4d4cc1283c 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc-schannel.patch.1 \ external/curl/curl-7.26.0_mingw.patch \ external/curl/curl-7.26.0_win-proxy.patch \ - external/curl/NSS-support-for-CERTINFO-feature.patch \ )) ifeq ($(OS),ANDROID) diff --git a/external/curl/curl-7.26.0_win-proxy.patch b/external/curl/curl-7.26.0_win-proxy.patch index 26c42f7c56e7..99402a437e5a 100644 --- a/external/curl/curl-7.26.0_win-proxy.patch +++ b/external/curl/curl-7.26.0_win-proxy.patch @@ -117,14 +117,11 @@ char proxy_env[128]; no_proxy=curl_getenv("no_proxy"); -@@ -4189,9 +4265,9 @@ static char *detect_proxy(struct connectdata *conn) +@@ -4189,6 +4265,7 @@ static char *detect_proxy(struct connectdata *conn) } } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified non-proxy */ +#endif /* WIN32 */ - if(no_proxy) - free(no_proxy); -- - #else /* !CURL_DISABLE_HTTP */ + free(no_proxy); - (void)conn; + #else /* !CURL_DISABLE_HTTP */ diff --git a/external/curl/curl-msvc-schannel.patch.1 b/external/curl/curl-msvc-schannel.patch.1 index 68af66d6dd2f..1091a762a5e8 100644 --- a/external/curl/curl-msvc-schannel.patch.1 +++ b/external/curl/curl-msvc-schannel.patch.1 @@ -11,11 +11,11 @@ MSVC: use WNT native Schannel SSL/TLS implementation CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res !ENDIF -@@ -411,7 +411,7 @@ +@@ -427,7 +427,7 @@ TARGET = $(LIBCURL_DYN_LIB_DBG) DIROBJ = $(CFG) LNK = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIBCURL_IMP_LIB_DBG) /PDB:$(DIROBJ)\$(LIBCURL_DYN_LIB_PDB) --CC = $(CCDEBUG) $(RTLIBD) +-CC = $(CCDEBUG) $(RTLIBD) +CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSWINSSL) CFGSET = TRUE RESOURCE = $(DIROBJ)\libcurl.res _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits