From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Christian Melki <christian.melki@t2data.com>
Subject: Re: [ptxdist] [APPLIED] libcurl: Version bump. 8.2.1 -> 8.3.0
Date: Sun, 24 Sep 2023 07:44:34 +0200 [thread overview]
Message-ID: <20230924054434.121902-1-m.olbrich@pengutronix.de> (raw)
In-Reply-To: <20230915175919.2719326-1-christian.melki@t2data.com>
Thanks, applied as 8ecec82432c61630537aa95f57c413055c8f6fa8.
Michael
[sent from post-receive hook]
On Sun, 24 Sep 2023 07:44:34 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Some work went in to more tweaks and making a smaller curl.
> https://curl.se/changes.html#8_3_0
>
> Plugs CVEs:
> CVE-2023-38039 HTTP headers eat all memory
>
> * crypto-auth is actually gone. But instead of adding per auth
> capability right now, just keep the symbol and make it behave as it used to.
> Sans basic-auth that is. That was always enabled.
>
> * Move some options to better adapt to options filtering.
>
> * Make bindlocal enabled, as it used to be.
>
> * Make form-api dependant on mime, afaiu, this is how it works.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20230915175919.2719326-1-christian.melki@t2data.com>
> [mol: update host-libcurl configure options]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> index 509b6c015e46..686a3d4ab3dc 100644
> --- a/rules/host-libcurl.make
> +++ b/rules/host-libcurl.make
> @@ -57,7 +57,12 @@ HOST_LIBCURL_CONF_OPT := \
> --enable-pthreads \
> --disable-verbose \
> --disable-sspi \
> - --disable-crypto-auth \
> + --enable-basic-auth \
> + --disable-bearer-auth \
> + --disable-digest-auth \
> + --disable-kerberos-auth \
> + --disable-negotiate-auth \
> + --disable-aws \
> --disable-ntlm \
> --disable-ntlm-wb \
> --disable-tls-srp \
> @@ -67,23 +72,27 @@ HOST_LIBCURL_CONF_OPT := \
> --disable-http-auth \
> --disable-doh \
> --disable-mime \
> + --enable-bindlocal \
> + --disable-form-api \
> --enable-dateparse \
> --disable-netrc \
> --enable-progress-meter \
> --disable-dnsshuffle \
> --enable-get-easy-options \
> --disable-alt-svc \
> + --disable-headers-api \
> --enable-hsts \
> + --disable-websockets \
> --without-schannel \
> --without-secure-transport \
> --without-amissl \
> + --with-ssl \
> --with-openssl=$(PTXDIST_SYSROOT_HOST) \
> --without-gnutls \
> --without-mbedtls \
> --without-wolfssl \
> --without-bearssl \
> --without-rustls \
> - --without-nss \
> --without-hyper \
> --without-zlib \
> --without-brotli \
> @@ -104,6 +113,7 @@ HOST_LIBCURL_CONF_OPT := \
> --without-ngtcp2 \
> --without-nghttp3 \
> --without-quiche \
> + --without-msh3 \
> --without-zsh-functions-dir \
> --without-fish-functions-dir
>
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index c19f828e51e5..ad615bd87f1c 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
> #
> # Paths and names
> #
> -LIBCURL_VERSION := 8.2.1
> -LIBCURL_MD5 := 556576a795bdd2c7d10de6886480065f
> +LIBCURL_VERSION := 8.3.0
> +LIBCURL_MD5 := 2fc6cf5cefa8b73e3826aa24befdccff
> LIBCURL := curl-$(LIBCURL_VERSION)
> LIBCURL_SUFFIX := tar.xz
> LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
> @@ -45,7 +45,6 @@ LIBCURL_CONF_OPT := \
> --enable-rt \
> --disable-ech \
> --disable-code-coverage \
> - --disable-headers-api \
> $(GLOBAL_LARGE_FILE_OPTION) \
> --$(call ptx/endis, PTXCONF_LIBCURL_HTTP)-http \
> --$(call ptx/endis, PTXCONF_LIBCURL_FTP)-ftp \
> @@ -73,7 +72,12 @@ LIBCURL_CONF_OPT := \
> --enable-pthreads \
> --$(call ptx/endis, PTXCONF_LIBCURL_VERBOSE)-verbose \
> --disable-sspi \
> - --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-crypto-auth \
> + --enable-basic-auth \
> + --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-bearer-auth \
> + --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-digest-auth \
> + --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-kerberos-auth \
> + --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-negotiate-auth \
> + --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-aws \
> --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-ntlm \
> --disable-ntlm-wb \
> --enable-tls-srp \
> @@ -83,12 +87,15 @@ LIBCURL_CONF_OPT := \
> --$(call ptx/endis, PTXCONF_LIBCURL_HTTP)-http-auth \
> --disable-doh \
> --$(call ptx/endis, PTXCONF_LIBCURL_MIME)-mime \
> + --enable-bindlocal \
> + --$(call ptx/endis, PTXCONF_LIBCURL_MIME)-form-api \
> --enable-dateparse \
> --enable-netrc \
> --enable-progress-meter \
> --disable-dnsshuffle \
> --enable-get-easy-options \
> --disable-alt-svc \
> + --disable-headers-api \
> --enable-hsts \
> --disable-websockets \
> --without-schannel \
> @@ -101,7 +108,6 @@ LIBCURL_CONF_OPT := \
> --without-wolfssl \
> --without-bearssl \
> --without-rustls \
> - --without-nss \
> --without-hyper \
> --with-zlib=$(SYSROOT) \
> --without-brotli \
> @@ -122,9 +128,9 @@ LIBCURL_CONF_OPT := \
> --without-libidn2 \
> --without-nghttp2 \
> --without-ngtcp2 \
> - --without-msh3 \
> --without-nghttp3 \
> --without-quiche \
> + --without-msh3 \
> --without-zsh-functions-dir \
> --without-fish-functions-dir
>
prev parent reply other threads:[~2023-09-24 5:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-15 17:59 [ptxdist] [PATCH] " Christian Melki
2023-09-24 5:44 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230924054434.121902-1-m.olbrich@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox