Re: [ptxdist] [APPLIED] libcurl: Version bump. 8.2.1 -> 8.3.0

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Christian Melki <christian.melki@t2data.com>
Subject: Re: [ptxdist] [APPLIED] libcurl: Version bump. 8.2.1 -> 8.3.0
Date: Sun, 24 Sep 2023 07:44:34 +0200	[thread overview]
Message-ID: <20230924054434.121902-1-m.olbrich@pengutronix.de> (raw)
In-Reply-To: <20230915175919.2719326-1-christian.melki@t2data.com>

Thanks, applied as 8ecec82432c61630537aa95f57c413055c8f6fa8.

Michael

[sent from post-receive hook]

On Sun, 24 Sep 2023 07:44:34 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Some work went in to more tweaks and making a smaller curl.
> https://curl.se/changes.html#8_3_0
> 
> Plugs CVEs:
> CVE-2023-38039 HTTP headers eat all memory
> 
> * crypto-auth is actually gone. But instead of adding per auth
> capability right now, just keep the symbol and make it behave as it used to.
> Sans basic-auth that is. That was always enabled.
> 
> * Move some options to better adapt to options filtering.
> 
> * Make bindlocal enabled, as it used to be.
> 
> * Make form-api dependant on mime, afaiu, this is how it works.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20230915175919.2719326-1-christian.melki@t2data.com>
> [mol: update host-libcurl configure options]
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> index 509b6c015e46..686a3d4ab3dc 100644
> --- a/rules/host-libcurl.make
> +++ b/rules/host-libcurl.make
> @@ -57,7 +57,12 @@ HOST_LIBCURL_CONF_OPT	:= \
>  	--enable-pthreads \
>  	--disable-verbose \
>  	--disable-sspi \
> -	--disable-crypto-auth \
> +	--enable-basic-auth \
> +	--disable-bearer-auth \
> +	--disable-digest-auth \
> +	--disable-kerberos-auth \
> +	--disable-negotiate-auth \
> +	--disable-aws \
>  	--disable-ntlm \
>  	--disable-ntlm-wb \
>  	--disable-tls-srp \
> @@ -67,23 +72,27 @@ HOST_LIBCURL_CONF_OPT	:= \
>  	--disable-http-auth \
>  	--disable-doh \
>  	--disable-mime \
> +	--enable-bindlocal \
> +	--disable-form-api \
>  	--enable-dateparse \
>  	--disable-netrc \
>  	--enable-progress-meter \
>  	--disable-dnsshuffle \
>  	--enable-get-easy-options \
>  	--disable-alt-svc \
> +	--disable-headers-api \
>  	--enable-hsts \
> +	--disable-websockets \
>  	--without-schannel \
>  	--without-secure-transport \
>  	--without-amissl \
> +	--with-ssl \
>  	--with-openssl=$(PTXDIST_SYSROOT_HOST) \
>  	--without-gnutls \
>  	--without-mbedtls \
>  	--without-wolfssl \
>  	--without-bearssl \
>  	--without-rustls \
> -	--without-nss \
>  	--without-hyper \
>  	--without-zlib \
>  	--without-brotli \
> @@ -104,6 +113,7 @@ HOST_LIBCURL_CONF_OPT	:= \
>  	--without-ngtcp2 \
>  	--without-nghttp3 \
>  	--without-quiche \
> +	--without-msh3 \
>  	--without-zsh-functions-dir \
>  	--without-fish-functions-dir
>  
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index c19f828e51e5..ad615bd87f1c 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
>  #
>  # Paths and names
>  #
> -LIBCURL_VERSION	:= 8.2.1
> -LIBCURL_MD5	:= 556576a795bdd2c7d10de6886480065f
> +LIBCURL_VERSION	:= 8.3.0
> +LIBCURL_MD5	:= 2fc6cf5cefa8b73e3826aa24befdccff
>  LIBCURL		:= curl-$(LIBCURL_VERSION)
>  LIBCURL_SUFFIX	:= tar.xz
>  LIBCURL_URL	:= https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
> @@ -45,7 +45,6 @@ LIBCURL_CONF_OPT	:= \
>  	--enable-rt \
>  	--disable-ech \
>  	--disable-code-coverage \
> -	--disable-headers-api \
>  	$(GLOBAL_LARGE_FILE_OPTION) \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_HTTP)-http \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_FTP)-ftp \
> @@ -73,7 +72,12 @@ LIBCURL_CONF_OPT	:= \
>  	--enable-pthreads \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_VERBOSE)-verbose \
>  	--disable-sspi \
> -	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-crypto-auth \
> +	--enable-basic-auth \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-bearer-auth \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-digest-auth \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-kerberos-auth \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-negotiate-auth \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-aws \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-ntlm \
>  	--disable-ntlm-wb \
>  	--enable-tls-srp \
> @@ -83,12 +87,15 @@ LIBCURL_CONF_OPT	:= \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_HTTP)-http-auth \
>  	--disable-doh \
>  	--$(call ptx/endis, PTXCONF_LIBCURL_MIME)-mime \
> +	--enable-bindlocal \
> +	--$(call ptx/endis, PTXCONF_LIBCURL_MIME)-form-api \
>  	--enable-dateparse \
>  	--enable-netrc \
>  	--enable-progress-meter \
>  	--disable-dnsshuffle \
>  	--enable-get-easy-options \
>  	--disable-alt-svc \
> +	--disable-headers-api \
>  	--enable-hsts \
>  	--disable-websockets \
>  	--without-schannel \
> @@ -101,7 +108,6 @@ LIBCURL_CONF_OPT	:= \
>  	--without-wolfssl \
>  	--without-bearssl \
>  	--without-rustls \
> -	--without-nss \
>  	--without-hyper \
>  	--with-zlib=$(SYSROOT) \
>  	--without-brotli \
> @@ -122,9 +128,9 @@ LIBCURL_CONF_OPT	:= \
>  	--without-libidn2 \
>  	--without-nghttp2 \
>  	--without-ngtcp2 \
> -	--without-msh3 \
>  	--without-nghttp3 \
>  	--without-quiche \
> +	--without-msh3 \
>  	--without-zsh-functions-dir \
>  	--without-fish-functions-dir
>

     prev parent reply	other threads:[~2023-09-24  5:46 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-15 17:59 [ptxdist] [PATCH] " Christian Melki
2023-09-24  5:44 ` Michael Olbrich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230924054434.121902-1-m.olbrich@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=christian.melki@t2data.com \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox