From 11d9c9173f89991b0b773a7de8f0475de68b6fef Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Thu, 12 Oct 2023 20:29:02 +0300 Subject: Upgrade to 8.4.0 That in particular fixes CVE-2023-38545 CVE-2023-38546. --- README-DEV | 40 +++--- curl/.gitignore | 1 + curl/README-DEV | 9 +- curl/curl/base64.c | 1 + curl/curl/buildfile | 2 +- curl/curl/tool_main.c | 39 ++---- curl/curl/tool_main.c.orig | 290 ++++++++++++++++++++++++++++++++++++++++++ curl/curl/tool_main.c.patch | 16 ++- curl/manifest | 2 +- libcurl/.gitignore | 1 + libcurl/build/bootstrap.build | 2 +- libcurl/libcurl/buildfile | 4 +- libcurl/libcurl/curl_config.h | 32 +++-- libcurl/manifest | 2 +- upstream | 2 +- 15 files changed, 370 insertions(+), 73 deletions(-) create mode 120000 curl/curl/base64.c create mode 100644 curl/curl/tool_main.c.orig diff --git a/README-DEV b/README-DEV index 2c75418..1b6895f 100644 --- a/README-DEV +++ b/README-DEV @@ -28,11 +28,11 @@ Debian and Fedora distributions. The configuration options defining these sets are specified in the Debian's rules and Fedora's RPM .spec files. These files can be obtained as follows: -$wget http://deb.debian.org/debian/pool/main/c/curl/curl_7.88.1-6.debian.tar.xz -$ tar xf curl_7.88.1-6.debian.tar.xz +$ wget http://deb.debian.org/debian/pool/main/c/curl/curl_8.3.0-3.debian.tar.xz +$ tar xf curl_8.3.0-3.debian.tar.xz -$ wget https://kojipkgs.fedoraproject.org/packages/curl/7.88.1/1.fc39/src/curl-7.88.1-1.fc39.src.rpm -$ rpm2cpio curl-7.88.1-1.fc39.src.rpm | cpio -civ '*.spec' +$ wget https://kojipkgs.fedoraproject.org/packages/curl/8.4.0/1.fc40/src/curl-8.4.0-1.fc40.src.rpm +$ rpm2cpio curl-8.4.0-1.fc40.src.rpm | cpio -civ '*.spec' As a side note, on Debian and Fedora the source, library, headers, and tools are packaged as follows: @@ -48,24 +48,25 @@ Here are the discovered configuration options. Debian: - --disable-symbol-hiding --enable-versioned-symbols - --enable-threaded-resolver --with-lber-lib=lber - --with-gssapi=/usr --with-libssh2 --with-nghttp2 + --disable-dependency-tracking --disable-symbol-hiding + --enable-versioned-symbols --enable-threaded-resolver --with-lber-lib=lber + --with-gssapi=/usr --with-nghttp2 --with-zsh-functions-dir=/usr/share/zsh/vendor-completions - --with-openssl + --without-libssh --with-libssh2 + --with-openssl --with-gnutls --with-ca-path=/etc/ssl/certs --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt Fedora: - --disable-static --enable-symbol-hiding --enable-ipv6 - --enable-threaded-resolver --with-gssapi --with-nghttp2 --with-ssl - --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt - --enable-ldap --enable-ldaps --enable-manual --with-brotli --with-libidn2 - --with-libpsl --with-libssh - --enable-hsts --without-zstd --enable-dict --enable-gopher --enable-imap - --enable-mqtt --enable-ntlm --enable-ntlm-wb --enable-pop3 --enable-rtsp - --enable-smb --enable-smtp --enable-telnet --enable-tftp --enable-tls-srp + --disable-static --enable-hsts --enable-ipv6 --enable-symbol-hiding + --enable-threaded-resolver --without-zstd --with-gssapi --with-libidn2 + --with-nghttp2 --with-ssl --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt + --enable-dict --enable-gopher --enable-imap --enable-ldap --enable-ldaps + --enable-manual --enable-mqtt --enable-ntlm --enable-ntlm-wb --enable-pop3 + --enable-rtsp --enable-smb --enable-smtp --enable-telnet --enable-tftp + --enable-tls-srp --enable-websockets --with-brotli --with-libpsl + --with-libssh The union of these feature sets translates into the following options: @@ -74,10 +75,11 @@ The union of these feature sets translates into the following options: --with-nghttp2 --with-zsh-functions-dir= --with-ca-path= --with-ca-bundle= --enable-ipv6 --with-openssl --enable-ldap --enable-ldaps --enable-manual --with-brotli --with-libidn2 - --with-libpsl --with-libssh + --with-libpsl --with-libssh --with-gnutls --enable-hsts --enable-dict --enable-gopher --enable-imap --enable-mqtt --enable-ntlm --enable-ntlm-wb --enable-pop3 --enable-rtsp --enable-smb --enable-smtp --enable-telnet --enable-tftp --enable-tls-srp + --enable-websockets We, however, drop the external dependencies that are not packaged for build2, disable default CA bundle/directory and use --with-ca-fallback instead, @@ -89,11 +91,12 @@ explicitly request to use zlib and end up with the following options: --without-gssapi --without-libssh --without-libssh2 --without-nghttp2 --without-zsh-functions-dir --without-brotli --without-libidn2 --without-libpsl --without-bearssl --without-libgsasl --without-hyper - --without-rustls --without-wolfssh + --without-rustls --without-wolfssh --without-gnutls --without-ca-bundle --without-ca-path --with-ca-fallback --enable-hsts --enable-dict --enable-gopher --enable-imap --enable-mqtt --enable-ntlm --enable-ntlm-wb --enable-pop3 --enable-rtsp --enable-smb --enable-smtp --enable-telnet --enable-tftp --enable-tls-srp + --enable-websockets See the configuration options description at the "Install from source" page (https://curl.se/docs/install.html). @@ -151,6 +154,7 @@ $ ../configure --enable-symbol-hiding --enable-versioned-symbols \ --enable-hsts --enable-dict --enable-gopher --enable-imap \ --enable-mqtt --enable-ntlm --enable-ntlm-wb --enable-pop3 --enable-rtsp \ --enable-smb --enable-smtp --enable-telnet --enable-tftp --enable-tls-srp \ + --enable-websockets \ >build.log 2>&1 $ make V=1 >>build.log 2>&1 diff --git a/curl/.gitignore b/curl/.gitignore index 3dcc22f..d4a1da2 100644 --- a/curl/.gitignore +++ b/curl/.gitignore @@ -13,6 +13,7 @@ *.ifc *.so *.so.* +*.dylib *.dll *.a *.lib diff --git a/curl/README-DEV b/curl/README-DEV index 760e273..fa202e4 100644 --- a/curl/README-DEV +++ b/curl/README-DEV @@ -5,11 +5,16 @@ understanding will be useful when upgrading to a new upstream version. See Symlink the required upstream directories into curl/: $ ln -s ../../upstream/{src,lib} curl -$ ln -s lib/{strtoofft,nonblock,warnless,dynbuf,version_win32,curl_multibyte}.c curl +$ ln -s lib/{strtoofft,nonblock,warnless,dynbuf,version_win32,curl_multibyte,base64}.c curl $ ln -s ../../libcurl/libcurl/curl_config.h curl Patch curl to use CA certificate bundle provided by the libca-certificates-curl package by default: +$ cp curl/src/tool_main.c curl/tool_main.c.orig $ cp curl/src/tool_main.c curl -$ patch -p0 curl/tool_main.c.patch diff --git a/curl/curl/base64.c b/curl/curl/base64.c new file mode 120000 index 0000000..6a380e3 --- /dev/null +++ b/curl/curl/base64.c @@ -0,0 +1 @@ +lib/base64.c \ No newline at end of file diff --git a/curl/curl/buildfile b/curl/curl/buildfile index 9780540..cdd8f9f 100644 --- a/curl/curl/buildfile +++ b/curl/curl/buildfile @@ -11,7 +11,7 @@ tsys = $c.target.system # Build options. # -c.poptions += -DHAVE_CONFIG_H +c.poptions += -DBUILDING_CURL -DHAVE_CONFIG_H switch $tclass, $tsys { diff --git a/curl/curl/tool_main.c b/curl/curl/tool_main.c index 0eb4e6d..494ec02 100644 --- a/curl/curl/tool_main.c +++ b/curl/curl/tool_main.c @@ -29,19 +29,12 @@ #include #endif -#ifdef HAVE_SIGNAL_H #include -#endif #ifdef HAVE_FCNTL_H #include #endif -#ifdef USE_NSS -#include -#include -#endif - #include /* setenv(), _putenv() */ #include @@ -57,6 +50,7 @@ #include "tool_vms.h" #include "tool_main.h" #include "tool_libinfo.h" +#include "tool_stderr.h" /* * This is low-level hard-hacking memory leak tracking and similar. Using @@ -81,6 +75,7 @@ int vms_show = 0; * when command-line argument globbing is enabled under the MSYS shell, so turn * it off. */ +extern int _CRT_glob; int _CRT_glob = 0; #endif /* __MINGW32__ */ @@ -195,7 +190,6 @@ static CURLcode main_init(struct GlobalConfig *config) /* Initialise the global config */ config->showerror = FALSE; /* show errors when silent */ - config->errors = stderr; /* Default errors to stderr */ config->styled_output = TRUE; /* enable detection */ config->parallel_max = PARALLEL_DEFAULT; @@ -214,17 +208,17 @@ static CURLcode main_init(struct GlobalConfig *config) config->first->global = config; } else { - errorf(config, "error retrieving curl library information\n"); + errorf(config, "error retrieving curl library information"); free(config->first); } } else { - errorf(config, "error initializing curl library\n"); + errorf(config, "error initializing curl library"); free(config->first); } } else { - errorf(config, "error initializing curl\n"); + errorf(config, "error initializing curl"); result = CURLE_FAILED_INIT; } @@ -235,10 +229,6 @@ static void free_globalconfig(struct GlobalConfig *config) { Curl_safefree(config->trace_dump); - if(config->errors_fopened && config->errors) - fclose(config->errors); - config->errors = NULL; - if(config->trace_fopened && config->trace_stream) fclose(config->trace_stream); config->trace_stream = NULL; @@ -255,14 +245,6 @@ static void main_free(struct GlobalConfig *config) /* Cleanup the easy handle */ /* Main cleanup */ curl_global_cleanup(); -#ifdef USE_NSS - if(PR_Initialized()) { - /* prevent valgrind from reporting still reachable mem from NSPR arenas */ - PL_ArenaFinish(); - /* prevent valgrind from reporting possibly lost memory (fd cache, ...) */ - PR_Cleanup(); - } -#endif free_globalconfig(config); /* Free the config structures */ @@ -275,6 +257,11 @@ static void main_free(struct GlobalConfig *config) ** curl tool main function. */ #ifdef _UNICODE +#if defined(__GNUC__) +/* GCC doesn't know about wmain() */ +#pragma GCC diagnostic ignored "-Wmissing-prototypes" +#pragma GCC diagnostic ignored "-Wmissing-declarations" +#endif int wmain(int argc, wchar_t *argv[]) #else int main(int argc, char *argv[]) @@ -284,6 +271,8 @@ int main(int argc, char *argv[]) struct GlobalConfig global; memset(&global, 0, sizeof(global)); + tool_init_stderr(); + #ifdef WIN32 /* Undocumented diagnostic option to list the full paths of all loaded modules. This is purposely pre-init. */ @@ -297,13 +286,13 @@ int main(int argc, char *argv[]) /* win32_init must be called before other init routines. */ result = win32_init(); if(result) { - fprintf(stderr, "curl: (%d) Windows-specific init failed.\n", result); + errorf(&global, "(%d) Windows-specific init failed", result); return result; } #endif if(main_checkfds()) { - fprintf(stderr, "curl: out of file descriptors\n"); + errorf(&global, "out of file descriptors"); return CURLE_FAILED_INIT; } diff --git a/curl/curl/tool_main.c.orig b/curl/curl/tool_main.c.orig new file mode 100644 index 0000000..2f132e2 --- /dev/null +++ b/curl/curl/tool_main.c.orig @@ -0,0 +1,290 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#include "tool_setup.h" + +#include + +#ifdef WIN32 +#include +#endif + +#include + +#ifdef HAVE_FCNTL_H +#include +#endif + +#define ENABLE_CURLX_PRINTF +/* use our own printf() functions */ +#include "curlx.h" + +#include "tool_cfgable.h" +#include "tool_doswin.h" +#include "tool_msgs.h" +#include "tool_operate.h" +#include "tool_vms.h" +#include "tool_main.h" +#include "tool_libinfo.h" +#include "tool_stderr.h" + +/* + * This is low-level hard-hacking memory leak tracking and similar. Using + * the library level code from this client-side is ugly, but we do this + * anyway for convenience. + */ +#include "memdebug.h" /* keep this as LAST include */ + +#ifdef __VMS +/* + * vms_show is a global variable, used in main() as parameter for + * function vms_special_exit() to allow proper curl tool exiting. + * Its value may be set in other tool_*.c source files thanks to + * forward declaration present in tool_vms.h + */ +int vms_show = 0; +#endif + +#ifdef __MINGW32__ +/* + * There seems to be no way to escape "*" in command-line arguments with MinGW + * when command-line argument globbing is enabled under the MSYS shell, so turn + * it off. + */ +extern int _CRT_glob; +int _CRT_glob = 0; +#endif /* __MINGW32__ */ + +/* if we build a static library for unit tests, there is no main() function */ +#ifndef UNITTESTS + +#if defined(HAVE_PIPE) && defined(HAVE_FCNTL) +/* + * Ensure that file descriptors 0, 1 and 2 (stdin, stdout, stderr) are + * open before starting to run. Otherwise, the first three network + * sockets opened by curl could be used for input sources, downloaded data + * or error logs as they will effectively be stdin, stdout and/or stderr. + * + * fcntl's F_GETFD instruction returns -1 if the file descriptor is closed, + * otherwise it returns "the file descriptor flags (which typically can only + * be FD_CLOEXEC, which is not set here). + */ +static int main_checkfds(void) +{ + int fd[2]; + while((fcntl(STDIN_FILENO, F_GETFD) == -1) || + (fcntl(STDOUT_FILENO, F_GETFD) == -1) || + (fcntl(STDERR_FILENO, F_GETFD) == -1)) + if(pipe(fd)) + return 1; + return 0; +} +#else +#define main_checkfds() 0 +#endif + +#ifdef CURLDEBUG +static void memory_tracking_init(void) +{ + char *env; + /* if CURL_MEMDEBUG is set, this starts memory tracking message logging */ + env = curlx_getenv("CURL_MEMDEBUG"); + if(env) { + /* use the value as file name */ + char fname[CURL_MT_LOGFNAME_BUFSIZE]; + if(strlen(env) >= CURL_MT_LOGFNAME_BUFSIZE) + env[CURL_MT_LOGFNAME_BUFSIZE-1] = '\0'; + strcpy(fname, env); + curl_free(env); + curl_dbg_memdebug(fname); + /* this weird stuff here is to make curl_free() get called before + curl_dbg_memdebug() as otherwise memory tracking will log a free() + without an alloc! */ + } + /* if CURL_MEMLIMIT is set, this enables fail-on-alloc-number-N feature */ + env = curlx_getenv("CURL_MEMLIMIT"); + if(env) { + char *endptr; + long num = strtol(env, &endptr, 10); + if((endptr != env) && (endptr == env + strlen(env)) && (num > 0)) + curl_dbg_memlimit(num); + curl_free(env); + } +} +#else +# define memory_tracking_init() Curl_nop_stmt +#endif + +/* + * This is the main global constructor for the app. Call this before + * _any_ libcurl usage. If this fails, *NO* libcurl functions may be + * used, or havoc may be the result. + */ +static CURLcode main_init(struct GlobalConfig *config) +{ + CURLcode result = CURLE_OK; + +#if defined(__DJGPP__) || defined(__GO32__) + /* stop stat() wasting time */ + _djstat_flags |= _STAT_INODE | _STAT_EXEC_MAGIC | _STAT_DIRSIZE; +#endif + + /* Initialise the global config */ + config->showerror = FALSE; /* show errors when silent */ + config->styled_output = TRUE; /* enable detection */ + config->parallel_max = PARALLEL_DEFAULT; + + /* Allocate the initial operate config */ + config->first = config->last = malloc(sizeof(struct OperationConfig)); + if(config->first) { + /* Perform the libcurl initialization */ + result = curl_global_init(CURL_GLOBAL_DEFAULT); + if(!result) { + /* Get information about libcurl */ + result = get_libcurl_info(); + + if(!result) { + /* Initialise the config */ + config_init(config->first); + config->first->global = config; + } + else { + errorf(config, "error retrieving curl library information"); + free(config->first); + } + } + else { + errorf(config, "error initializing curl library"); + free(config->first); + } + } + else { + errorf(config, "error initializing curl"); + result = CURLE_FAILED_INIT; + } + + return result; +} + +static void free_globalconfig(struct GlobalConfig *config) +{ + Curl_safefree(config->trace_dump); + + if(config->trace_fopened && config->trace_stream) + fclose(config->trace_stream); + config->trace_stream = NULL; + + Curl_safefree(config->libcurl); +} + +/* + * This is the main global destructor for the app. Call this after + * _all_ libcurl usage is done. + */ +static void main_free(struct GlobalConfig *config) +{ + /* Cleanup the easy handle */ + /* Main cleanup */ + curl_global_cleanup(); + free_globalconfig(config); + + /* Free the config structures */ + config_free(config->last); + config->first = NULL; + config->last = NULL; +} + +/* +** curl tool main function. +*/ +#ifdef _UNICODE +#if defined(__GNUC__) +/* GCC doesn't know about wmain() */ +#pragma GCC diagnostic ignored "-Wmissing-prototypes" +#pragma GCC diagnostic ignored "-Wmissing-declarations" +#endif +int wmain(int argc, wchar_t *argv[]) +#else +int main(int argc, char *argv[]) +#endif +{ + CURLcode result = CURLE_OK; + struct GlobalConfig global; + memset(&global, 0, sizeof(global)); + + tool_init_stderr(); + +#ifdef WIN32 + /* Undocumented diagnostic option to list the full paths of all loaded + modules. This is purposely pre-init. */ + if(argc == 2 && !_tcscmp(argv[1], _T("--dump-module-paths"))) { + struct curl_slist *item, *head = GetLoadedModulePaths(); + for(item = head; item; item = item->next) + printf("%s\n", item->data); + curl_slist_free_all(head); + return head ? 0 : 1; + } + /* win32_init must be called before other init routines. */ + result = win32_init(); + if(result) { + errorf(&global, "(%d) Windows-specific init failed", result); + return result; + } +#endif + + if(main_checkfds()) { + errorf(&global, "out of file descriptors"); + return CURLE_FAILED_INIT; + } + +#if defined(HAVE_SIGNAL) && defined(SIGPIPE) + (void)signal(SIGPIPE, SIG_IGN); +#endif + + /* Initialize memory tracking */ + memory_tracking_init(); + + /* Initialize the curl library - do not call any libcurl functions before + this point */ + result = main_init(&global); + if(!result) { + /* Start our curl operation */ + result = operate(&global, argc, argv); + + /* Perform the main cleanup */ + main_free(&global); + } + +#ifdef WIN32 + /* Flush buffers of all streams opened in write or update mode */ + fflush(NULL); +#endif + +#ifdef __VMS + vms_special_exit(result, vms_show); +#else + return (int)result; +#endif +} + +#endif /* ndef UNITTESTS */ diff --git a/curl/curl/tool_main.c.patch b/curl/curl/tool_main.c.patch index cae1787..b344940 100644 --- a/curl/curl/tool_main.c.patch +++ b/curl/curl/tool_main.c.patch @@ -1,9 +1,11 @@ ---- curl/src/tool_main.c 2020-01-18 23:47:34.559751631 +0300 -+++ curl/tool_main.c 2020-01-20 16:07:17.183814044 +0300 -@@ -32,6 +32,10 @@ - #include +diff --git a/curl/curl/tool_main.c b/curl/curl/tool_main.c +index 2f132e2..494ec02 100644 +--- a/curl/curl/tool_main.c ++++ b/curl/curl/tool_main.c +@@ -35,6 +35,10 @@ + #include #endif - + +#include /* setenv(), _putenv() */ + +#include @@ -11,7 +13,7 @@ #define ENABLE_CURLX_PRINTF /* use our own printf() functions */ #include "curlx.h" -@@ -138,6 +142,41 @@ static void memory_tracking_init(void) +@@ -142,6 +146,41 @@ static void memory_tracking_init(void) */ static CURLcode main_init(struct GlobalConfig *config) { @@ -51,5 +53,5 @@ + return CURLE_FAILED_INIT; + CURLcode result = CURLE_OK; - + #if defined(__DJGPP__) || defined(__GO32__) diff --git a/curl/manifest b/curl/manifest index 80cbfe4..009133d 100644 --- a/curl/manifest +++ b/curl/manifest @@ -1,6 +1,6 @@ : 1 name: curl -version: 7.88.1 +version: 8.4.0-a.0.z priority: security summary: Command line tool for transferring data with URLs license: curl ; MIT/X derivate license. diff --git a/libcurl/.gitignore b/libcurl/.gitignore index 3dcc22f..d4a1da2 100644 --- a/libcurl/.gitignore +++ b/libcurl/.gitignore @@ -13,6 +13,7 @@ *.ifc *.so *.so.* +*.dylib *.dll *.a *.lib diff --git a/libcurl/build/bootstrap.build b/libcurl/build/bootstrap.build index 29c04ff..9704ab7 100644 --- a/libcurl/build/bootstrap.build +++ b/libcurl/build/bootstrap.build @@ -24,7 +24,7 @@ using dist # # https://curl.se/libcurl/abi.html # -if ($version.major == 7 && $version.minor == 88 && $version.patch == 1) +if ($version.major == 8 && $version.minor == 4 && $version.patch == 0) { abi_version_major = 4 abi_version = "$abi_version_major.8.0" # .. diff --git a/libcurl/libcurl/buildfile b/libcurl/libcurl/buildfile index cdae37c..62c8680 100644 --- a/libcurl/libcurl/buildfile +++ b/libcurl/libcurl/buildfile @@ -61,7 +61,7 @@ vsc{libcurl}: lib/in{libcurl} # for Clang versions prior to 7.0. # if ($c.id == 'clang' && $c.version.major < 7) - lib/obj{easy version}: cc.reprocess = true + lib/obj{easy version hostip}: cc.reprocess = true # Build options. # @@ -131,7 +131,7 @@ switch $tclass, $tsys case 'windows', 'mingw32' { c.loptions += -Wl,--enable-auto-image-base - c.libs += -lws2_32 -lcrypt32 + c.libs += -lws2_32 -lcrypt32 -lbcrypt } case 'windows' { diff --git a/libcurl/libcurl/curl_config.h b/libcurl/libcurl/curl_config.h index 8458725..2ccc522 100644 --- a/libcurl/libcurl/curl_config.h +++ b/libcurl/libcurl/curl_config.h @@ -47,16 +47,15 @@ #define CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG 1 -#undef HAVE_BORINGSSL #undef USE_WOLFSSL /* Enabled features. */ -#define ENABLE_IPV6 1 -#define HAVE_LIBZ 1 +#define ENABLE_IPV6 1 +#define HAVE_LIBZ 1 +#define USE_WEBSOCKETS 1 #undef CURL_DISABLE_COOKIES -#undef CURL_DISABLE_CRYPTO_AUTH #undef CURL_DISABLE_DICT #undef CURL_DISABLE_DOH #undef CURL_DISABLE_FILE @@ -86,6 +85,14 @@ #undef CURL_DISABLE_HEADERS_API #undef CURL_DISABLE_HSTS #undef CURL_DISABLE_NTLM +#undef CURL_DISABLE_AWS +#undef CURL_DISABLE_BASIC_AUTH +#undef CURL_DISABLE_BEARER_AUTH +#undef CURL_DISABLE_BINDLOCAL +#undef CURL_DISABLE_DIGEST_AUTH +#undef CURL_DISABLE_FORM_API +#undef CURL_DISABLE_KERBEROS_AUTH +#undef CURL_DISABLE_NEGOTIATE_AUTH /* Diabled features. */ @@ -107,7 +114,6 @@ #undef USE_NGHTTP2 #undef USE_NGHTTP3 #undef USE_NGTCP2 -#undef USE_NSS #undef USE_OPENLDAP #undef USE_LIBRTMP #undef USE_QUICHE @@ -117,7 +123,6 @@ #undef USE_RUSTLS #undef USE_WOLFSSH #undef USE_MSH3 -#undef USE_WEBSOCKETS /* Specific for (non-) Linux. */ @@ -153,12 +158,14 @@ */ #if defined(__FreeBSD__) || defined(__APPLE__) # define HAVE_SYS_SOCKIO_H 1 +# define HAVE_ARC4RANDOM 1 #endif /* Specific for Linux and Mac OS. */ #if defined(__linux__) || defined(__APPLE__) -# define HAVE_FSETXATTR 1 +# define HAVE_FSETXATTR 1 +# define HAVE_CLOCK_GETTIME_MONOTONIC_RAW 1 #endif /* Specific for POSIX. @@ -230,6 +237,7 @@ # define HAVE_SYS_UTIME_H 1 # define HAVE_WINDOWS_H 1 # define HAVE_WINSOCK2_H 1 +# define HAVE__FSEEKI64 1 # undef _UNICODE # undef UNICODE @@ -276,11 +284,9 @@ # define HAVE_INET_PTON 1 # define HAVE_LIBGEN_H 1 # define HAVE_PTHREAD_H 1 -# define HAVE_SETJMP_H 1 # define HAVE_SIGNAL 1 # define HAVE_STRCASECMP 1 # define HAVE_STRINGS_H 1 -# define HAVE_STRING_H 1 # define HAVE_STRTOK_R 1 # define HAVE_SYS_PARAM_H 1 # define HAVE_SYS_TIME_H 1 @@ -290,6 +296,7 @@ # define HAVE_OPENSSL_SRP 1 # define HAVE_FTRUNCATE 1 # define HAVE_SCHED_YIELD 1 +# define HAVE_FSEEKO 1 #else # define USE_THREADS_WIN32 1 # undef USE_THREADS_POSIX @@ -303,7 +310,6 @@ #define HAVE_BOOL_T 1 #define HAVE_FCNTL_H 1 #define HAVE_WS2TCPIP_H 1 -#define HAVE_SIGNAL_H 1 #define HAVE_LOCALE_H 1 #define HAVE_SETLOCALE 1 #define HAVE_GETADDRINFO 1 @@ -328,6 +334,8 @@ #define HAVE_SNPRINTF 1 #define HAVE_STDATOMIC_H 1 #define HAVE_ATOMIC 1 +#define HAVE_INTTYPES_H 1 +#define HAVE_STDINT_H 1 /* SSL_set0_wbio() was added in OpenSSL 1.1.0 and we don't care about earlier * versions. @@ -353,9 +361,7 @@ #undef HAVE_GSSGNU #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO #undef HAVE_OLD_GSSMIT -#undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT #undef HAVE_PROTO_BSDSOCKET_H -#undef HAVE_RAND_EGD #undef HAVE_STRCMPI #undef HAVE_STROPTS_H #undef HAVE_TERMIO_H @@ -379,11 +385,9 @@ #undef NEED_REENTRANT #undef NEED_THREAD_SAFE -#undef USE_GSKIT #undef USE_OS400CRYPTO #undef BSD -#undef EGD_SOCKET #undef CURLDEBUG #undef DEBUGBUILD #undef ENABLE_QUIC diff --git a/libcurl/manifest b/libcurl/manifest index 5d88d1f..433e9d8 100644 --- a/libcurl/manifest +++ b/libcurl/manifest @@ -1,6 +1,6 @@ : 1 name: libcurl -version: 7.88.1 +version: 8.4.0-a.0.z project: curl priority: security summary: C library for transferring data with URLs diff --git a/upstream b/upstream index 046209e..d755a5f 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit 046209e561b7e9b5aab1aef7daebf29ee6e6e8c7 +Subproject commit d755a5f7c009dd63a61b2c745180d8ba937cbfeb -- cgit v1.1