From 46b6053f6dea5968ed20493b69f3daf0a4a05237 Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Mon, 13 Mar 2023 19:30:11 +0300 Subject: Upgrade to 7.88.1 That in particular fixes CVE-2023-23914 CVE-2023-23915 CVE-2023-23916. --- README-DEV | 8 ++++---- curl/curl/tool_main.c | 4 ++-- curl/manifest | 2 +- libcurl/build/bootstrap.build | 2 +- libcurl/libcurl/curl_config.h | 5 +++++ libcurl/manifest | 2 +- upstream | 2 +- 7 files changed, 15 insertions(+), 10 deletions(-) diff --git a/README-DEV b/README-DEV index a92bafc..2c75418 100644 --- a/README-DEV +++ b/README-DEV @@ -28,11 +28,11 @@ Debian and Fedora distributions. The configuration options defining these sets are specified in the Debian's rules and Fedora's RPM .spec files. These files can be obtained as follows: -$wget http://deb.debian.org/debian/pool/main/c/curl/curl_7.87.0-2.debian.tar.xz -$ tar xf curl_7.87.0-2.debian.tar.xz debian/rules +$wget http://deb.debian.org/debian/pool/main/c/curl/curl_7.88.1-6.debian.tar.xz +$ tar xf curl_7.88.1-6.debian.tar.xz -$ wget https://kojipkgs.fedoraproject.org/packages/curl/7.87.0/1.fc38/src/curl-7.87.0-1.fc38.src.rpm -$ rpm2cpio curl-7.87.0-1.fc38.src.rpm | cpio -civ '*.spec' +$ wget https://kojipkgs.fedoraproject.org/packages/curl/7.88.1/1.fc39/src/curl-7.88.1-1.fc39.src.rpm +$ rpm2cpio curl-7.88.1-1.fc39.src.rpm | cpio -civ '*.spec' As a side note, on Debian and Fedora the source, library, headers, and tools are packaged as follows: diff --git a/curl/curl/tool_main.c b/curl/curl/tool_main.c index 9b8d498..0eb4e6d 100644 --- a/curl/curl/tool_main.c +++ b/curl/curl/tool_main.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. + * Copyright (C) Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -194,7 +194,7 @@ static CURLcode main_init(struct GlobalConfig *config) #endif /* Initialise the global config */ - config->showerror = -1; /* Will show errors */ + config->showerror = FALSE; /* show errors when silent */ config->errors = stderr; /* Default errors to stderr */ config->styled_output = TRUE; /* enable detection */ config->parallel_max = PARALLEL_DEFAULT; diff --git a/curl/manifest b/curl/manifest index 87476f3..31f1348 100644 --- a/curl/manifest +++ b/curl/manifest @@ -1,6 +1,6 @@ : 1 name: curl -version: 7.87.0 +version: 7.88.1-a.0.z priority: security summary: Command line tool for transferring data with URLs license: curl ; MIT/X derivate license. diff --git a/libcurl/build/bootstrap.build b/libcurl/build/bootstrap.build index 1d200dd..29c04ff 100644 --- a/libcurl/build/bootstrap.build +++ b/libcurl/build/bootstrap.build @@ -24,7 +24,7 @@ using dist # # https://curl.se/libcurl/abi.html # -if ($version.major == 7 && $version.minor == 87 && $version.patch == 0) +if ($version.major == 7 && $version.minor == 88 && $version.patch == 1) { abi_version_major = 4 abi_version = "$abi_version_major.8.0" # .. diff --git a/libcurl/libcurl/curl_config.h b/libcurl/libcurl/curl_config.h index 4d46e69..8458725 100644 --- a/libcurl/libcurl/curl_config.h +++ b/libcurl/libcurl/curl_config.h @@ -329,6 +329,11 @@ #define HAVE_STDATOMIC_H 1 #define HAVE_ATOMIC 1 +/* SSL_set0_wbio() was added in OpenSSL 1.1.0 and we don't care about earlier + * versions. + */ +#define HAVE_SSL_SET0_WBIO 1 + #define STDC_HEADERS 1 #undef _ALL_SOURCE diff --git a/libcurl/manifest b/libcurl/manifest index f708f1d..c7bd8d9 100644 --- a/libcurl/manifest +++ b/libcurl/manifest @@ -1,6 +1,6 @@ : 1 name: libcurl -version: 7.87.0 +version: 7.88.1-a.0.z project: curl priority: security summary: C library for transferring data with URLs diff --git a/upstream b/upstream index c12fb3d..046209e 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit c12fb3ddaf48e709a7a4deaa55ec485e4df163ee +Subproject commit 046209e561b7e9b5aab1aef7daebf29ee6e6e8c7 -- cgit v1.1