[PR PATCH] curl: update to 7.88.0.

[PR PATCH] curl: update to 7.88.0.

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 1305 bytes --]

There is a new pull request by leahneukirchen against master on the void-packages repository

https://github.com/leahneukirchen/void-packages curl788
https://github.com/void-linux/void-packages/pull/42284

curl: update to 7.88.0.
<!-- Uncomment relevant sections and delete options which are not applicable -->

Fixes three not very serious CVE.

#### Testing the changes
- I tested the changes in this PR: **YES**|**briefly**|**NO**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42284.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-curl788-42284.patch --]
[-- Type: text/x-diff, Size: 5655 bytes --]

From 309cb05e0b53f355ab8c31f095f89bc29a0fab19 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Wed, 15 Feb 2023 14:56:50 +0100
Subject: [PATCH] curl: update to 7.88.0.

---
 .../patches/cfilter-first-non-connected.patch | 34 -------------
 .../curl/patches/typecheck-expression.patch   | 49 -------------------
 srcpkgs/curl/template                         |  6 +--
 3 files changed, 3 insertions(+), 86 deletions(-)
 delete mode 100644 srcpkgs/curl/patches/cfilter-first-non-connected.patch
 delete mode 100644 srcpkgs/curl/patches/typecheck-expression.patch

diff --git a/srcpkgs/curl/patches/cfilter-first-non-connected.patch b/srcpkgs/curl/patches/cfilter-first-non-connected.patch
deleted file mode 100644
index 2808e7b6468d..000000000000
--- a/srcpkgs/curl/patches/cfilter-first-non-connected.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 728400f875e845f72ee5602edb905f6301ade3e7 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 26 Dec 2022 09:59:20 +0100
-Subject: [PATCH] cfilters:Curl_conn_get_select_socks: use the first
- non-connected filter
-
-When there are filters addded for both socket and SSL, the code
-previously checked the SSL sockets during connect when it *should* first
-check the socket layer until that has connected.
-
-Fixes #10157
-Fixes #10146
-Closes #10160
-
-Reviewed-by: Stefan Eissing
----
- lib/cfilters.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/cfilters.c b/lib/cfilters.c
-index 8951533418915..8b05fbc8f4381 100644
---- a/lib/cfilters.c
-+++ b/lib/cfilters.c
-@@ -437,6 +437,10 @@ int Curl_conn_get_select_socks(struct Curl_easy *data, int sockindex,
-   DEBUGASSERT(data);
-   DEBUGASSERT(data->conn);
-   cf = data->conn->cfilter[sockindex];
-+
-+  /* if the next one is not yet connected, that's the one we want */
-+  while(cf && cf->next && !cf->next->connected)
-+    cf = cf->next;
-   if(cf) {
-     return cf->cft->get_select_socks(cf, data, socks);
-   }
diff --git a/srcpkgs/curl/patches/typecheck-expression.patch b/srcpkgs/curl/patches/typecheck-expression.patch
deleted file mode 100644
index b41a7e6779f0..000000000000
--- a/srcpkgs/curl/patches/typecheck-expression.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From e2aed004302e51cfa5b6ce8c8ab65ef92aa83196 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Fri, 23 Dec 2022 15:35:27 +0100
-Subject: [PATCH] typecheck: accept expressions for option/info parameters
-
-As expressions can have side effects, evaluate only once.
-
-To enable deprecation reporting only once, get rid of the __typeof__
-use to define the local temporary variable and use the target type
-(CURLoption/CURLINFO). This also avoids multiple reports on type
-conflicts (if some) by the curlcheck_* macros.
-
-Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
-their values: a curl_easy_setopt call with an integer constant as option
-will never report a deprecation.
-
-Reported-by: Thomas Klausner
-Fixes #10148
-Closes #10149
----
- include/curl/typecheck-gcc.h | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
-index bf655bb63220d..85aa8b7b49422 100644
---- a/include/curl/typecheck-gcc.h
-+++ b/include/curl/typecheck-gcc.h
-@@ -42,9 +42,8 @@
-  */
- #define curl_easy_setopt(handle, option, value)                         \
-   __extension__({                                                       \
--      CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;)   \
-+      CURLoption _curl_opt = (option);                                  \
-       if(__builtin_constant_p(_curl_opt)) {                             \
--        (void) option;                                                  \
-         CURL_IGNORE_DEPRECATION(                                        \
-           if(curlcheck_long_option(_curl_opt))                          \
-             if(!curlcheck_long(value))                                  \
-@@ -120,9 +119,8 @@
- /* wraps curl_easy_getinfo() with typechecking */
- #define curl_easy_getinfo(handle, info, arg)                            \
-   __extension__({                                                       \
--      CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;)      \
-+      CURLINFO _curl_info = (info);                                     \
-       if(__builtin_constant_p(_curl_info)) {                            \
--        (void) info;                                                    \
-         CURL_IGNORE_DEPRECATION(                                        \
-           if(curlcheck_string_info(_curl_info))                         \
-             if(!curlcheck_arr((arg), char *))                           \
diff --git a/srcpkgs/curl/template b/srcpkgs/curl/template
index 6f70942f8838..30434547e879 100644
--- a/srcpkgs/curl/template
+++ b/srcpkgs/curl/template
@@ -1,7 +1,7 @@
 # Template file for 'curl'
 pkgname=curl
-version=7.87.0
-revision=2
+version=7.88.0
+revision=1
 build_style=gnu-configure
 configure_args="ac_cv_sizeof_off_t=8 --enable-threaded-resolver --enable-ipv6
  --enable-websockets --with-random=/dev/urandom
@@ -25,7 +25,7 @@ license="MIT"
 homepage="https://curl.haxx.se"
 changelog="https://curl.haxx.se/changes.html#${version//./_}"
 distfiles="${homepage}/download/${pkgname}-${version}.tar.bz2"
-checksum=5d6e128761b7110946d1276aff6f0f266f2b726f5e619f7e0a057a474155f307
+checksum=c81f439ed02442f6a9b95836dfb3a98e0c477610ca7b2f4d5aa1fc329543d33f
 build_options="gnutls gssapi ldap rtmp ssh ssl zstd"
 build_options_default="ssh ssl zstd"
 vopt_conflict ssl gnutls

Re: curl: update to 7.88.0.

[sgn]

[-- Attachment #1: Type: text/plain, Size: 330 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/42284#issuecomment-1432605472

Comment:
https://github.com/curl/curl/issues/10525                                                                                                                                                     

Re: curl: update to 7.88.0.

[Kangie]

[-- Attachment #1: Type: text/plain, Size: 578 bytes --]

New comment by Kangie on void-packages repository

https://github.com/void-linux/void-packages/pull/42284#issuecomment-1432612682

Comment:
Recommend that this not be merged due to the HTTP/2 issue linked above.

https://lore.kernel.org/distributions/e3306ab8-3656-3128-40f8-f76e6871a3a3@footclan.ninja/T/#u

Either add a patch to revert the commit that made this more prevalent or (ideally) wait for upstream to merge the fixes (it looks like two patches so far).

I also note that when packaging for Gentoo I had to add new commits from master so that tests would pass.

Re: curl: update to 7.88.0.

[sgn]

[-- Attachment #1: Type: text/plain, Size: 158 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/42284#issuecomment-1453706075

Comment:
7.88.1 is available.

Re: curl: update to 7.88.0.

[mhmdanas]

[-- Attachment #1: Type: text/plain, Size: 237 bytes --]

New comment by mhmdanas on void-packages repository

https://github.com/void-linux/void-packages/pull/42284#issuecomment-1555210490

Comment:
https://github.com/void-linux/void-packages/pull/43279 was merged in, so this is now obsolete.

Re: [PR PATCH] [Closed]: curl: update to 7.88.0.

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 1140 bytes --]

There's a closed pull request on the void-packages repository

curl: update to 7.88.0.
https://github.com/void-linux/void-packages/pull/42284

Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->

Fixes three not very serious CVE.

#### Testing the changes
- I tested the changes in this PR: **YES**|**briefly**|**NO**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->