* [PR PATCH] curl: update to 7.88.0.
@ 2023-02-15 13:58 leahneukirchen
2023-02-16 6:48 ` sgn
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: leahneukirchen @ 2023-02-15 13:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1305 bytes --]
There is a new pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages curl788
https://github.com/void-linux/void-packages/pull/42284
curl: update to 7.88.0.
<!-- Uncomment relevant sections and delete options which are not applicable -->
Fixes three not very serious CVE.
#### Testing the changes
- I tested the changes in this PR: **YES**|**briefly**|**NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/42284.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-curl788-42284.patch --]
[-- Type: text/x-diff, Size: 5655 bytes --]
From 309cb05e0b53f355ab8c31f095f89bc29a0fab19 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Wed, 15 Feb 2023 14:56:50 +0100
Subject: [PATCH] curl: update to 7.88.0.
---
.../patches/cfilter-first-non-connected.patch | 34 -------------
.../curl/patches/typecheck-expression.patch | 49 -------------------
srcpkgs/curl/template | 6 +--
3 files changed, 3 insertions(+), 86 deletions(-)
delete mode 100644 srcpkgs/curl/patches/cfilter-first-non-connected.patch
delete mode 100644 srcpkgs/curl/patches/typecheck-expression.patch
diff --git a/srcpkgs/curl/patches/cfilter-first-non-connected.patch b/srcpkgs/curl/patches/cfilter-first-non-connected.patch
deleted file mode 100644
index 2808e7b6468d..000000000000
--- a/srcpkgs/curl/patches/cfilter-first-non-connected.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 728400f875e845f72ee5602edb905f6301ade3e7 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 26 Dec 2022 09:59:20 +0100
-Subject: [PATCH] cfilters:Curl_conn_get_select_socks: use the first
- non-connected filter
-
-When there are filters addded for both socket and SSL, the code
-previously checked the SSL sockets during connect when it *should* first
-check the socket layer until that has connected.
-
-Fixes #10157
-Fixes #10146
-Closes #10160
-
-Reviewed-by: Stefan Eissing
----
- lib/cfilters.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/cfilters.c b/lib/cfilters.c
-index 8951533418915..8b05fbc8f4381 100644
---- a/lib/cfilters.c
-+++ b/lib/cfilters.c
-@@ -437,6 +437,10 @@ int Curl_conn_get_select_socks(struct Curl_easy *data, int sockindex,
- DEBUGASSERT(data);
- DEBUGASSERT(data->conn);
- cf = data->conn->cfilter[sockindex];
-+
-+ /* if the next one is not yet connected, that's the one we want */
-+ while(cf && cf->next && !cf->next->connected)
-+ cf = cf->next;
- if(cf) {
- return cf->cft->get_select_socks(cf, data, socks);
- }
diff --git a/srcpkgs/curl/patches/typecheck-expression.patch b/srcpkgs/curl/patches/typecheck-expression.patch
deleted file mode 100644
index b41a7e6779f0..000000000000
--- a/srcpkgs/curl/patches/typecheck-expression.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From e2aed004302e51cfa5b6ce8c8ab65ef92aa83196 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Fri, 23 Dec 2022 15:35:27 +0100
-Subject: [PATCH] typecheck: accept expressions for option/info parameters
-
-As expressions can have side effects, evaluate only once.
-
-To enable deprecation reporting only once, get rid of the __typeof__
-use to define the local temporary variable and use the target type
-(CURLoption/CURLINFO). This also avoids multiple reports on type
-conflicts (if some) by the curlcheck_* macros.
-
-Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
-their values: a curl_easy_setopt call with an integer constant as option
-will never report a deprecation.
-
-Reported-by: Thomas Klausner
-Fixes #10148
-Closes #10149
----
- include/curl/typecheck-gcc.h | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
-index bf655bb63220d..85aa8b7b49422 100644
---- a/include/curl/typecheck-gcc.h
-+++ b/include/curl/typecheck-gcc.h
-@@ -42,9 +42,8 @@
- */
- #define curl_easy_setopt(handle, option, value) \
- __extension__({ \
-- CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;) \
-+ CURLoption _curl_opt = (option); \
- if(__builtin_constant_p(_curl_opt)) { \
-- (void) option; \
- CURL_IGNORE_DEPRECATION( \
- if(curlcheck_long_option(_curl_opt)) \
- if(!curlcheck_long(value)) \
-@@ -120,9 +119,8 @@
- /* wraps curl_easy_getinfo() with typechecking */
- #define curl_easy_getinfo(handle, info, arg) \
- __extension__({ \
-- CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;) \
-+ CURLINFO _curl_info = (info); \
- if(__builtin_constant_p(_curl_info)) { \
-- (void) info; \
- CURL_IGNORE_DEPRECATION( \
- if(curlcheck_string_info(_curl_info)) \
- if(!curlcheck_arr((arg), char *)) \
diff --git a/srcpkgs/curl/template b/srcpkgs/curl/template
index 6f70942f8838..30434547e879 100644
--- a/srcpkgs/curl/template
+++ b/srcpkgs/curl/template
@@ -1,7 +1,7 @@
# Template file for 'curl'
pkgname=curl
-version=7.87.0
-revision=2
+version=7.88.0
+revision=1
build_style=gnu-configure
configure_args="ac_cv_sizeof_off_t=8 --enable-threaded-resolver --enable-ipv6
--enable-websockets --with-random=/dev/urandom
@@ -25,7 +25,7 @@ license="MIT"
homepage="https://curl.haxx.se"
changelog="https://curl.haxx.se/changes.html#${version//./_}"
distfiles="${homepage}/download/${pkgname}-${version}.tar.bz2"
-checksum=5d6e128761b7110946d1276aff6f0f266f2b726f5e619f7e0a057a474155f307
+checksum=c81f439ed02442f6a9b95836dfb3a98e0c477610ca7b2f4d5aa1fc329543d33f
build_options="gnutls gssapi ldap rtmp ssh ssl zstd"
build_options_default="ssh ssl zstd"
vopt_conflict ssl gnutls
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: curl: update to 7.88.0.
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
@ 2023-02-16 6:48 ` sgn
2023-02-16 6:58 ` Kangie
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: sgn @ 2023-02-16 6:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 330 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/42284#issuecomment-1432605472
Comment:
https://github.com/curl/curl/issues/10525
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: curl: update to 7.88.0.
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
2023-02-16 6:48 ` sgn
@ 2023-02-16 6:58 ` Kangie
2023-03-03 15:32 ` sgn
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Kangie @ 2023-02-16 6:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 578 bytes --]
New comment by Kangie on void-packages repository
https://github.com/void-linux/void-packages/pull/42284#issuecomment-1432612682
Comment:
Recommend that this not be merged due to the HTTP/2 issue linked above.
https://lore.kernel.org/distributions/e3306ab8-3656-3128-40f8-f76e6871a3a3@footclan.ninja/T/#u
Either add a patch to revert the commit that made this more prevalent or (ideally) wait for upstream to merge the fixes (it looks like two patches so far).
I also note that when packaging for Gentoo I had to add new commits from master so that tests would pass.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: curl: update to 7.88.0.
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
2023-02-16 6:48 ` sgn
2023-02-16 6:58 ` Kangie
@ 2023-03-03 15:32 ` sgn
2023-05-19 20:35 ` mhmdanas
2023-05-19 20:58 ` [PR PATCH] [Closed]: " leahneukirchen
4 siblings, 0 replies; 6+ messages in thread
From: sgn @ 2023-03-03 15:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 158 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/42284#issuecomment-1453706075
Comment:
7.88.1 is available.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: curl: update to 7.88.0.
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
` (2 preceding siblings ...)
2023-03-03 15:32 ` sgn
@ 2023-05-19 20:35 ` mhmdanas
2023-05-19 20:58 ` [PR PATCH] [Closed]: " leahneukirchen
4 siblings, 0 replies; 6+ messages in thread
From: mhmdanas @ 2023-05-19 20:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 237 bytes --]
New comment by mhmdanas on void-packages repository
https://github.com/void-linux/void-packages/pull/42284#issuecomment-1555210490
Comment:
https://github.com/void-linux/void-packages/pull/43279 was merged in, so this is now obsolete.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Closed]: curl: update to 7.88.0.
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
` (3 preceding siblings ...)
2023-05-19 20:35 ` mhmdanas
@ 2023-05-19 20:58 ` leahneukirchen
4 siblings, 0 replies; 6+ messages in thread
From: leahneukirchen @ 2023-05-19 20:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1140 bytes --]
There's a closed pull request on the void-packages repository
curl: update to 7.88.0.
https://github.com/void-linux/void-packages/pull/42284
Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->
Fixes three not very serious CVE.
#### Testing the changes
- I tested the changes in this PR: **YES**|**briefly**|**NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-05-19 20:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-15 13:58 [PR PATCH] curl: update to 7.88.0 leahneukirchen
2023-02-16 6:48 ` sgn
2023-02-16 6:58 ` Kangie
2023-03-03 15:32 ` sgn
2023-05-19 20:35 ` mhmdanas
2023-05-19 20:58 ` [PR PATCH] [Closed]: " leahneukirchen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).