[ptxdist] [PATCH] libcurl: Version bump. 7.83.1 -> 7.84.0

[ptxdist] [PATCH] libcurl: Version bump. 7.83.1 -> 7.84.0

[Christian Melki]

The usual slew of fixes and development.
https://curl.se/changes.html#7_84_0
Plugs CVEs:
CVE-2022-32208: FTP-KRB bad message verification
CVE-2022-32207: Unpreserved file permissions
CVE-2022-32206: HTTP compression denial of service
CVE-2022-32205: Set-Cookie denial of service

* Add patches to fix two build errors.
Patches from upstream curl repo.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 ...ude-sched.h-if-available-to-fix-buil.patch | 25 +++++++++++++++++++
 ...-__asm__-instead-of-asm-to-fix-build.patch | 22 ++++++++++++++++
 patches/curl-7.84.0/series                    |  5 ++++
 rules/libcurl.make                            |  4 +--
 4 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
 create mode 100644 patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
 create mode 100644 patches/curl-7.84.0/series

diff --git a/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch b/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
new file mode 100644
index 000000000..099e49c0c
--- /dev/null
+++ b/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
@@ -0,0 +1,25 @@
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 27 Jun 2022 08:46:21 +0200
+Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
+
+Patched-by: Harry Sintonen
+
+Closes #9054
+---
+ lib/easy_lock.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/easy_lock.h b/lib/easy_lock.h
+index 819f50ce815b..1f54289ceb2d 100644
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -36,6 +36,9 @@
+ 
+ #elif defined (HAVE_ATOMIC)
+ #include <stdatomic.h>
++#if defined(HAVE_SCHED_YIELD)
++#include <sched.h>
++#endif
+ 
+ #define curl_simple_lock atomic_bool
+ #define CURL_SIMPLE_LOCK_INIT false
diff --git a/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch b/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
new file mode 100644
index 000000000..7443ba41e
--- /dev/null
+++ b/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
@@ -0,0 +1,22 @@
+From: vvb2060 <vvb2060@gmail.com>
+Date: Tue, 28 Jun 2022 03:48:43 +0800
+Subject: [PATCH] easy_lock.h: use __asm__ instead of asm to fix build
+
+Closes #9056
+---
+ lib/easy_lock.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/easy_lock.h b/lib/easy_lock.h
+index 1f54289ceb2d..07c85c5ffdd1 100644
+--- a/lib/easy_lock.h
++++ b/lib/easy_lock.h
+@@ -54,7 +54,7 @@ static inline void curl_simple_lock_lock(curl_simple_lock *lock)
+ #if defined(__i386__) || defined(__x86_64__)
+       __builtin_ia32_pause();
+ #elif defined(__aarch64__)
+-      asm volatile("yield" ::: "memory");
++      __asm__ volatile("yield" ::: "memory");
+ #elif defined(HAVE_SCHED_YIELD)
+       sched_yield();
+ #endif
diff --git a/patches/curl-7.84.0/series b/patches/curl-7.84.0/series
new file mode 100644
index 000000000..a8ea60cf2
--- /dev/null
+++ b/patches/curl-7.84.0/series
@@ -0,0 +1,5 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
+0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
+# 3ace341f1349f3d078579bbef0b35324  - git-ptx-patches magic
diff --git a/rules/libcurl.make b/rules/libcurl.make
index 8faa948bf..e40063f14 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
 #
 # Paths and names
 #
-LIBCURL_VERSION	:= 7.83.1
-LIBCURL_MD5	:= 08c6d9c25d9cf8d17be28363753e42ca
+LIBCURL_VERSION	:= 7.84.0
+LIBCURL_MD5	:= 6ce66afa416bb11b8f39cc9e059afd5b
 LIBCURL		:= curl-$(LIBCURL_VERSION)
 LIBCURL_SUFFIX	:= tar.xz
 LIBCURL_URL	:= https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
-- 
2.34.1

Re: [ptxdist] [APPLIED] libcurl: Version bump. 7.83.1 -> 7.84.0

[Michael Olbrich]

Thanks, applied as 7b68aa26afad1cf06cb8fe7e5ef34e927363f6c5.

Michael

[sent from post-receive hook]

On Fri, 29 Jul 2022 08:23:03 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> The usual slew of fixes and development.
> https://curl.se/changes.html#7_84_0
> Plugs CVEs:
> CVE-2022-32208: FTP-KRB bad message verification
> CVE-2022-32207: Unpreserved file permissions
> CVE-2022-32206: HTTP compression denial of service
> CVE-2022-32205: Set-Cookie denial of service
> 
> * Add patches to fix two build errors.
> Patches from upstream curl repo.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20220628085859.2748013-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch b/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
> new file mode 100644
> index 000000000000..099e49c0c825
> --- /dev/null
> +++ b/patches/curl-7.84.0/0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
> @@ -0,0 +1,25 @@
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Mon, 27 Jun 2022 08:46:21 +0200
> +Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
> +
> +Patched-by: Harry Sintonen
> +
> +Closes #9054
> +---
> + lib/easy_lock.h | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/lib/easy_lock.h b/lib/easy_lock.h
> +index 819f50ce815b..1f54289ceb2d 100644
> +--- a/lib/easy_lock.h
> ++++ b/lib/easy_lock.h
> +@@ -36,6 +36,9 @@
> + 
> + #elif defined (HAVE_ATOMIC)
> + #include <stdatomic.h>
> ++#if defined(HAVE_SCHED_YIELD)
> ++#include <sched.h>
> ++#endif
> + 
> + #define curl_simple_lock atomic_bool
> + #define CURL_SIMPLE_LOCK_INIT false
> diff --git a/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch b/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
> new file mode 100644
> index 000000000000..7443ba41eed1
> --- /dev/null
> +++ b/patches/curl-7.84.0/0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
> @@ -0,0 +1,22 @@
> +From: vvb2060 <vvb2060@gmail.com>
> +Date: Tue, 28 Jun 2022 03:48:43 +0800
> +Subject: [PATCH] easy_lock.h: use __asm__ instead of asm to fix build
> +
> +Closes #9056
> +---
> + lib/easy_lock.h | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/lib/easy_lock.h b/lib/easy_lock.h
> +index 1f54289ceb2d..07c85c5ffdd1 100644
> +--- a/lib/easy_lock.h
> ++++ b/lib/easy_lock.h
> +@@ -54,7 +54,7 @@ static inline void curl_simple_lock_lock(curl_simple_lock *lock)
> + #if defined(__i386__) || defined(__x86_64__)
> +       __builtin_ia32_pause();
> + #elif defined(__aarch64__)
> +-      asm volatile("yield" ::: "memory");
> ++      __asm__ volatile("yield" ::: "memory");
> + #elif defined(HAVE_SCHED_YIELD)
> +       sched_yield();
> + #endif
> diff --git a/patches/curl-7.84.0/series b/patches/curl-7.84.0/series
> new file mode 100644
> index 000000000000..a8ea60cf2cf2
> --- /dev/null
> +++ b/patches/curl-7.84.0/series
> @@ -0,0 +1,5 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-easy_lock.h-include-sched.h-if-available-to-fix-buil.patch
> +0002-easy_lock.h-use-__asm__-instead-of-asm-to-fix-build.patch
> +# 3ace341f1349f3d078579bbef0b35324  - git-ptx-patches magic
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index 8faa948bf476..e40063f14406 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
>  #
>  # Paths and names
>  #
> -LIBCURL_VERSION	:= 7.83.1
> -LIBCURL_MD5	:= 08c6d9c25d9cf8d17be28363753e42ca
> +LIBCURL_VERSION	:= 7.84.0
> +LIBCURL_MD5	:= 6ce66afa416bb11b8f39cc9e059afd5b
>  LIBCURL		:= curl-$(LIBCURL_VERSION)
>  LIBCURL_SUFFIX	:= tar.xz
>  LIBCURL_URL	:= https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)