package/libcurl: security bump to 8.7.1

Drop patch that is included in this release. Drop autoreconf that was
introduced for this patch.

Fixes the following security issues:

* CVE-2024-2004
* CVE-2024-2379
* CVE-2024-2398
* CVE-2024-2466

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fbeec56312)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Marcus Hoffmann 2024-03-28 10:50:24 +01:00 committed by Peter Korsgaard
parent ee27dfff40
commit e14d5578d6
3 changed files with 3 additions and 114 deletions

View File

@ -1,109 +0,0 @@
From 9b3f67e267d1fa8d7867655d133bdbf8830a0ab3 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Thu, 15 Feb 2024 20:59:25 +0100
Subject: [PATCH] configure.ac: find libpsl with pkg-config
Find libpsl with pkg-config to avoid static build failures.
Ref: http://autobuild.buildroot.org/results/1fb15e1a99472c403d0d3b1a688902f32e78d002
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes #12947
Upstream: https://github.com/curl/curl/commit/9b3f67e267d1fa8d7867655d133bdbf8830a0ab3
---
configure.ac | 79 ++++++++++++++++++++++++++++++++++++++++++++--------
docs/TODO | 7 -----
2 files changed, 67 insertions(+), 19 deletions(-)
diff --git a/configure.ac b/configure.ac
index cd0e2d07d8d164..09d5364f4de575 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2075,19 +2075,74 @@ dnl **********************************************************************
dnl Check for libpsl
dnl **********************************************************************
-AC_ARG_WITH(libpsl,
- AS_HELP_STRING([--without-libpsl],
- [disable support for libpsl]),
- with_libpsl=$withval,
- with_libpsl=yes)
-curl_psl_msg="no (libpsl disabled)"
-if test $with_libpsl != "no"; then
- AC_SEARCH_LIBS(psl_builtin, psl,
- [curl_psl_msg="enabled";
- AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
- ],
- [AC_MSG_ERROR([libpsl was not found]) ]
+dnl Default to compiler & linker defaults for LIBPSL files & libraries.
+OPT_LIBPSL=off
+AC_ARG_WITH(libpsl,dnl
+AS_HELP_STRING([--with-libpsl=PATH],[Where to look for libpsl, PATH points to the LIBPSL installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option])
+AS_HELP_STRING([--without-libpsl], [disable LIBPSL]),
+ OPT_LIBPSL=$withval)
+
+if test X"$OPT_LIBPSL" != Xno; then
+ dnl backup the pre-libpsl variables
+ CLEANLDFLAGS="$LDFLAGS"
+ CLEANCPPFLAGS="$CPPFLAGS"
+ CLEANLIBS="$LIBS"
+
+ case "$OPT_LIBPSL" in
+ yes)
+ dnl --with-libpsl (without path) used
+ CURL_CHECK_PKGCONFIG(libpsl)
+
+ if test "$PKGCONFIG" != "no" ; then
+ LIB_PSL=`$PKGCONFIG --libs-only-l libpsl`
+ LD_PSL=`$PKGCONFIG --libs-only-L libpsl`
+ CPP_PSL=`$PKGCONFIG --cflags-only-I libpsl`
+ else
+ dnl no libpsl pkg-config found
+ LIB_PSL="-lpsl"
+ fi
+
+ ;;
+ off)
+ dnl no --with-libpsl option given, just check default places
+ LIB_PSL="-lpsl"
+ ;;
+ *)
+ dnl use the given --with-libpsl spot
+ LIB_PSL="-lpsl"
+ PREFIX_PSL=$OPT_LIBPSL
+ ;;
+ esac
+
+ dnl if given with a prefix, we set -L and -I based on that
+ if test -n "$PREFIX_PSL"; then
+ LD_PSL=-L${PREFIX_PSL}/lib$libsuff
+ CPP_PSL=-I${PREFIX_PSL}/include
+ fi
+
+ LDFLAGS="$LDFLAGS $LD_PSL"
+ CPPFLAGS="$CPPFLAGS $CPP_PSL"
+ LIBS="$LIB_PSL $LIBS"
+
+ AC_CHECK_LIB(psl, psl_builtin,
+ [
+ AC_CHECK_HEADERS(libpsl.h,
+ curl_psl_msg="enabled"
+ LIBPSL_ENABLED=1
+ AC_DEFINE(USE_LIBPSL, 1, [if libpsl is in use])
+ AC_SUBST(USE_LIBPSL, [1])
+ )
+ ],
+ dnl not found, revert back to clean variables
+ LDFLAGS=$CLEANLDFLAGS
+ CPPFLAGS=$CLEANCPPFLAGS
+ LIBS=$CLEANLIBS
)
+
+ if test X"$OPT_LIBPSL" != Xoff &&
+ test "$LIBPSL_ENABLED" != "1"; then
+ AC_MSG_ERROR([libpsl libs and/or directories were not found where specified!])
+ fi
fi
AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "enabled"])

View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.se/download/curl-8.6.0.tar.xz.asc
# https://curl.se/download/curl-8.7.1.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15 curl-8.6.0.tar.xz
sha256 6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd curl-8.7.1.tar.xz
sha256 adb1fc06547fd136244179809f7b7c2d2ae6c4534f160aa513af9b6a12866a32 COPYING

View File

@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 8.6.0
LIBCURL_VERSION = 8.7.1
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@ -14,8 +14,6 @@ LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
LIBCURL_CPE_ID_VENDOR = haxx
LIBCURL_INSTALL_STAGING = YES
# 0001-configure.ac-find-libpsl-with-pkg-config.patch
LIBCURL_AUTORECONF = YES
# We disable NTLM delegation to winbinds ntlm_auth ('--disable-ntlm-wb')
# support because it uses fork(), which doesn't work on non-MMU platforms.