You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by tr...@apache.org on 2016/07/28 21:29:05 UTC

svn commit: r1754469 - in /openoffice/trunk/main: LICENSE curl/curl-7.19.7.patch curl/curl-7.19.7_win.patch curl/curl-7.49.1_win.patch curl/makefile.mk curl/prj/d.lst external_deps.lst

Author: truckman
Date: Thu Jul 28 21:29:05 2016
New Revision: 1754469

URL: http://svn.apache.org/viewvc?rev=1754469&view=rev
Log:
#i126896#:  bundled curl version 7.19.7 has many vulnerabilities
 
Upgrade bundled curl to version 7.49.1.

Delete most of the curl patches since they are no longer necessary.
The only needed patch is to produce a library with the expected name
when building on Windows.

Update the curl copyright info in LICENSE.
 
These curl CVEs have been fixed since 7.19.7:
    CVE-2010-0734
    CVE-2011-2192
    CVE-2013-2174
    CVE-2014-3143
    CVE-2014-3144
    CVE-2014-3145
    CVE-2014-3148
    CVE-2014-8150
    CVE-2015-3153
    CVE-2016-0755
Whether any of these affect the OpenOffice usage of curl is not known. 
OpenOffice only uses curl to access ftp:// URLs, which is likely to be
only rarely done.


Added:
    openoffice/trunk/main/curl/curl-7.49.1_win.patch
Removed:
    openoffice/trunk/main/curl/curl-7.19.7.patch
    openoffice/trunk/main/curl/curl-7.19.7_win.patch
Modified:
    openoffice/trunk/main/LICENSE
    openoffice/trunk/main/curl/makefile.mk
    openoffice/trunk/main/curl/prj/d.lst
    openoffice/trunk/main/external_deps.lst

Modified: openoffice/trunk/main/LICENSE
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/LICENSE?rev=1754469&r1=1754468&r2=1754469&view=diff
==============================================================================
--- openoffice/trunk/main/LICENSE (original)
+++ openoffice/trunk/main/LICENSE Thu Jul 28 21:29:05 2016
@@ -1003,14 +1003,15 @@ ____
 For integration of the library curl - built in main/curl/
 - license like MIT license
 
-Copyright (c) 1996 - 2011, Daniel Stenberg, <da...@haxx.se>.
- 
+Copyright (c) 1996 - 2016, Daniel Stenberg, <da...@haxx.se>, and many
+contributors, see the THANKS file.
+
 All rights reserved.
- 
+
 Permission to use, copy, modify, and distribute this software for any purpose
 with or without fee is hereby granted, provided that the above copyright
 notice and this permission notice appear in all copies.
- 
+
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
@@ -1018,7 +1019,7 @@ NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
 OR OTHER DEALINGS IN THE SOFTWARE.
- 
+
 Except as contained in this notice, the name of a copyright holder shall not
 be used in advertising or otherwise to promote the sale, use or other dealings
 in this Software without prior written authorization of the copyright holder.

Added: openoffice/trunk/main/curl/curl-7.49.1_win.patch
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/curl/curl-7.49.1_win.patch?rev=1754469&view=auto
==============================================================================
--- openoffice/trunk/main/curl/curl-7.49.1_win.patch (added)
+++ openoffice/trunk/main/curl/curl-7.49.1_win.patch Thu Jul 28 21:29:05 2016
@@ -0,0 +1,35 @@
+diff -ur misc/curl-7.49.1/winbuild/Makefile.msvc.names misc/build/curl-7.49.1/winbuild/Makefile.msvc.names
+--- misc/curl-7.49.1/winbuild/Makefile.msvc.names	2016-03-22 00:15:38.000000000 -0700
++++ misc/build/curl-7.49.1/winbuild/Makefile.msvc.names	2016-07-19 15:35:28.465823000 -0700
+@@ -43,7 +43,7 @@
+ !ENDIF
+ 
+ !IF !DEFINED(LIB_NAME_STA_DBG) || "$(LIB_NAME_STA_DBG)" == ""
+-LIB_NAME_STA_DBG = $(LIB_NAME_STA_REL)d
++LIB_NAME_STA_DBG = $(LIB_NAME_STA_REL)
+ !ENDIF
+ 
+ !IF !DEFINED(LIB_NAME_DYN_REL) || "$(LIB_NAME_DYN_REL)" == ""
+@@ -51,7 +51,7 @@
+ !ENDIF
+ 
+ !IF !DEFINED(LIB_NAME_DYN_DBG) || "$(LIB_NAME_DYN_DBG)" == ""
+-LIB_NAME_DYN_DBG = $(LIB_NAME_DYN_REL)d
++LIB_NAME_DYN_DBG = $(LIB_NAME_DYN_REL)
+ !ENDIF
+ 
+ # --------------------------------------------
+@@ -59,11 +59,11 @@
+ # --------------------------------------------
+ 
+ !IF !DEFINED(LIB_NAME_IMP_REL) || "$(LIB_NAME_IMP_REL)" == ""
+-LIB_NAME_IMP_REL = $(LIB_NAME_DYN_REL)_imp
++LIB_NAME_IMP_REL = $(LIB_NAME_DYN_REL)
+ !ENDIF
+ 
+ !IF !DEFINED(LIB_NAME_IMP_DBG) || "$(LIB_NAME_IMP_DBG)" == ""
+-LIB_NAME_IMP_DBG = $(LIB_NAME_DYN_DBG)_imp
++LIB_NAME_IMP_DBG = $(LIB_NAME_DYN_DBG)
+ !ENDIF
+ 
+ # --------------------------------------

Modified: openoffice/trunk/main/curl/makefile.mk
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/curl/makefile.mk?rev=1754469&r1=1754468&r2=1754469&view=diff
==============================================================================
--- openoffice/trunk/main/curl/makefile.mk (original)
+++ openoffice/trunk/main/curl/makefile.mk Thu Jul 28 21:29:05 2016
@@ -37,15 +37,15 @@ all:
 
 # --- Files --------------------------------------------------------
 
-TARFILE_NAME=curl-7.19.7
-TARFILE_MD5=ecb2e37e45c9933e2a963cabe03670ab
-PATCH_FILES=curl-7.19.7.patch
+TARFILE_NAME=curl-7.49.1
+TARFILE_MD5=2feb3767b958add6a177c6602ff21e8c
+PATCH_FILES=
 
 .IF "$(GUI)"=="WNT"
-	PATCH_FILES+=curl-7.19.7_win.patch
-	.IF "$(COM)"=="GCC"
-		PATCH_FILES+=curl-7.19.7_mingw.patch
-	.ENDIF
+	PATCH_FILES+=curl-7.49.1_win.patch
+#	.IF "$(COM)"=="GCC"
+#		PATCH_FILES+=curl-7.19.7_mingw.patch
+#	.ENDIF
 .ENDIF
 
 
@@ -141,7 +141,7 @@ OUT2INC= \
 	include$/curl$/multi.h  		\
 	include$/curl$/curl.h  			\
 	include$/curl$/curlver.h  		\
-	include$/curl$/types.h  		\
+	include$/curl$/typecheck-gcc.h  	\
 	include$/curl$/stdcheaders.h  	\
 	include$/curl$/mprintf.h	    \
 	include$/curl$/curlbuild.h		\

Modified: openoffice/trunk/main/curl/prj/d.lst
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/curl/prj/d.lst?rev=1754469&r1=1754468&r2=1754469&view=diff
==============================================================================
--- openoffice/trunk/main/curl/prj/d.lst (original)
+++ openoffice/trunk/main/curl/prj/d.lst Thu Jul 28 21:29:05 2016
@@ -5,11 +5,11 @@ mkdir: %_DEST%\inc%_EXT%\external\curl
 ..\%__SRC%\inc\mprintf.h %_DEST%\inc%_EXT%\external\curl\mprintf.h
 ..\%__SRC%\inc\multi.h %_DEST%\inc%_EXT%\external\curl\multi.h
 ..\%__SRC%\inc\stdcheaders.h %_DEST%\inc%_EXT%\external\curl\stdcheaders.h
-..\%__SRC%\inc\types.h %_DEST%\inc%_EXT%\external\curl\types.h
+..\%__SRC%\inc\typecheck-gcc.h %_DEST%\inc%_EXT%\external\curl\typecheck-gcc.h
 ..\%__SRC%\inc\curlbuild.h %_DEST%\inc%_EXT%\external\curl\curlbuild.h
 ..\%__SRC%\inc\curlrules.h %_DEST%\inc%_EXT%\external\curl\curlrules.h
 
 ..\%__SRC%\bin\libcurl*.dll %_DEST%\bin%_EXT%\*.dll
 ..\%__SRC%\lib\libcurl.* %_DEST%\lib%_EXT%\libcurl.*
 
-linklib: libcurl.*.*
\ No newline at end of file
+linklib: libcurl.*.*

Modified: openoffice/trunk/main/external_deps.lst
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/external_deps.lst?rev=1754469&r1=1754468&r2=1754469&view=diff
==============================================================================
--- openoffice/trunk/main/external_deps.lst (original)
+++ openoffice/trunk/main/external_deps.lst Thu Jul 28 21:29:05 2016
@@ -227,9 +227,9 @@ if (SYSTEM_EXPAT != YES)
     URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
 
 if (SYSTEM_CURL != YES)
-    MD5 = ecb2e37e45c9933e2a963cabe03670ab
-    name = curl-7.19.7.tar.gz
-    URL1 = http://curl.haxx.se/download/curl-7.19.7.tar.gz
+    MD5 = 2feb3767b958add6a177c6602ff21e8c
+    name = curl-7.49.1.tar.gz
+    URL1 = http://curl.haxx.se/download/curl-7.49.1.tar.gz
     URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
 
 if (WITH_CATA_FONTS == YES)