From patchwork Wed Aug 19 12:56:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Titouan Christophe X-Patchwork-Id: 1347785 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=railnova.eu Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=railnova-eu.20150623.gappssmtp.com header.i=@railnova-eu.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=AolcZIiS; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BWnqG4KWnz9sPB for ; Wed, 19 Aug 2020 22:56:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 9699386F12; Wed, 19 Aug 2020 12:56:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u149ayjo5uo5; Wed, 19 Aug 2020 12:56:52 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 2952A86727; Wed, 19 Aug 2020 12:56:52 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id CAC2E1BF33D for ; Wed, 19 Aug 2020 12:56:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id BA79B203DB for ; Wed, 19 Aug 2020 12:56:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ey63KRHr+yqa for ; Wed, 19 Aug 2020 12:56:47 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by silver.osuosl.org (Postfix) with ESMTPS id B593C203D6 for ; Wed, 19 Aug 2020 12:56:46 +0000 (UTC) Received: by mail-wm1-f46.google.com with SMTP id 9so1984268wmj.5 for ; Wed, 19 Aug 2020 05:56:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=railnova-eu.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=TD2PLWatxXPDqDEhnpew9n2PP+MmW0zClePXdsBtYCQ=; b=AolcZIiSR9RijAVMQUWUowK1p/HcbAZGK00GtZdr2N7QVVUqzkP1w6+APC25lD7TH1 5LaceKVlEQdwLEHhvJY7RMoQEVjDA273e2MK5NHiNSY2RNSDAyG3JDsSbcjugYt/pqUI 94Own2lJ5loQXbhwmWt38TcNkPC5J1jgo3OsiFq1S+t8CcwW/JWep59UkmYB5zuhejEM uwiFGujWe0tisJ2f4PfwYOUNw4XS+HtP4kHXwzXlZxPf7USwyc5ZjdLEMO5Im419eY/4 FHh2DbkyXQHdcbtOZjpE1b9f6ktgo4tUlF55QLwBUaHYjB969WotYw5FjAQFZonp4yIm 4wkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=TD2PLWatxXPDqDEhnpew9n2PP+MmW0zClePXdsBtYCQ=; b=tOhr3baGOVlmHITYkK3auH68R0x5VFYXsQ9HzlFKrz0UhEQ4CkiRqcgR6yVg5aKe8n UqGE9XhFpMzR0s7EfC++IJgSqcUWkFHzOyVPdgfpxH0U5fTYGPEI7VqkKIbzzl0fZyVJ QtdNKc40Sl7QBm2XauHlVPOt6Y3TTW+g/Ekx1LVTKZ1HJx+P9AGrU04wEiROMmqHdJc7 qhmnuIaHln4uExN57kLqQPlrpIChKAu5EpwS46TZXJgTQGqGQoBKx1S/9HxEWiWt+ZhL jlgEEOVNvzXogc1sbqJQJP7yFk86SOYNgIX71tUFEhAbYHX13/wEnz/0I+/RCXEN24Ge paxA== X-Gm-Message-State: AOAM531xfKQy3hJ0JJFms0i9gLZ8fiAp1TQGEZ0aPv1fvg84JWb0fP+s DLko4hIGLjx5kn339swD3AUl5GF7SRJ/w3L2 X-Google-Smtp-Source: ABdhPJyfOVOjth2MjGXYyckpULe/BqmqaK2C7fJ55YwNvb/KZzGtwnjOgcvtCBJvRM+fsSfynyUZnQ== X-Received: by 2002:a1c:3c87:: with SMTP id j129mr4738443wma.176.1597841804176; Wed, 19 Aug 2020 05:56:44 -0700 (PDT) Received: from localhost.localdomain ([2a02:a03f:63d3:7700:5fb9:2a66:a7a8:378f]) by smtp.gmail.com with ESMTPSA id i4sm40666266wrw.26.2020.08.19.05.56.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Aug 2020 05:56:43 -0700 (PDT) From: Titouan Christophe To: buildroot@buildroot.org Date: Wed, 19 Aug 2020 14:56:40 +0200 Message-Id: <20200819125640.142469-1-titouan.christophe@railnova.eu> X-Mailer: git-send-email 2.25.3 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/libcurl: bump to v7.72.0 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Titouan Christophe Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This new version fixes, amongst many other things, CVE-2020-8231 (https://curl.haxx.se/docs/CVE-2020-8231.html). See the full changelog on https://curl.haxx.se/changes.html#7_72_0 . Also drop the 4 patches, that have all been released upstream. Signed-off-by: Titouan Christophe --- ...ix-build-with-disabled-proxy-support.patch | 50 ------ ...ix-build-with-disabled-proxy-support.patch | 159 ------------------ ...nutls-Fetch-backend-when-using-proxy.patch | 29 ---- ...ir-the-build-with-CURL_DISABLE_PROXY.patch | 125 -------------- package/libcurl/libcurl.hash | 4 +- package/libcurl/libcurl.mk | 2 +- 6 files changed, 3 insertions(+), 366 deletions(-) delete mode 100644 package/libcurl/0001-bearssl-fix-build-with-disabled-proxy-support.patch delete mode 100644 package/libcurl/0002-nss-fix-build-with-disabled-proxy-support.patch delete mode 100644 package/libcurl/0003-gnutls-Fetch-backend-when-using-proxy.patch delete mode 100644 package/libcurl/0004-gnutls-repair-the-build-with-CURL_DISABLE_PROXY.patch diff --git a/package/libcurl/0001-bearssl-fix-build-with-disabled-proxy-support.patch b/package/libcurl/0001-bearssl-fix-build-with-disabled-proxy-support.patch deleted file mode 100644 index b6d89859b9..0000000000 --- a/package/libcurl/0001-bearssl-fix-build-with-disabled-proxy-support.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78 Mon Sep 17 00:00:00 2001 -Message-Id: <3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78.1594274321.git.baruch@tkos.co.il> -From: Baruch Siach -Date: Thu, 9 Jul 2020 08:14:49 +0300 -Subject: [PATCH] bearssl: fix build with disabled proxy support - -Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is -defined. - -Signed-off-by: Baruch Siach ---- -Upstream status: https://github.com/curl/curl/pull/5666 - - lib/vtls/bearssl.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c -index 628e16a124a9..44e7406e8e39 100644 ---- a/lib/vtls/bearssl.c -+++ b/lib/vtls/bearssl.c -@@ -300,8 +300,12 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); -+#ifndef CURL_DISABLE_PROXY - const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : - conn->host.name; -+#else -+ const char *hostname = conn->host.name; -+#endif - const bool verifypeer = SSL_CONN_CONFIG(verifypeer); - const bool verifyhost = SSL_CONN_CONFIG(verifyhost); - CURLcode ret; -@@ -386,8 +390,11 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) - */ - - #ifdef USE_NGHTTP2 -- if(data->set.httpversion >= CURL_HTTP_VERSION_2 && -- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { -+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 -+#ifndef CURL_DISABLE_PROXY -+ && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) -+#endif -+ ) { - backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID; - infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); - } --- -2.27.0 - diff --git a/package/libcurl/0002-nss-fix-build-with-disabled-proxy-support.patch b/package/libcurl/0002-nss-fix-build-with-disabled-proxy-support.patch deleted file mode 100644 index 0d1286338e..0000000000 --- a/package/libcurl/0002-nss-fix-build-with-disabled-proxy-support.patch +++ /dev/null @@ -1,159 +0,0 @@ -From d040da28f57d0b3fcd6f63809a8c85a600f87a62 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Baruch Siach -Date: Thu, 9 Jul 2020 08:14:49 +0300 -Subject: [PATCH] nss: fix build with disabled proxy support - -Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is -defined. - -Signed-off-by: Baruch Siach ---- -Upstream status: https://github.com/curl/curl/pull/5667 - - lib/vtls/nss.c | 44 +++++++++++++++++++++++++++++++++++--------- - 1 file changed, 35 insertions(+), 9 deletions(-) - -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index fca292613815..0f0d1ee6c80f 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1027,9 +1027,11 @@ static SECStatus BadCertHandler(void *arg, PRFileDesc *sock) - CERTCertificate *cert; - - /* remember the cert verification result */ -+#ifndef CURL_DISABLE_PROXY - if(SSL_IS_PROXY()) - data->set.proxy_ssl.certverifyresult = err; - else -+#endif - data->set.ssl.certverifyresult = err; - - if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost)) -@@ -1553,24 +1555,32 @@ static void nss_close(struct ssl_connect_data *connssl) - static void Curl_nss_close(struct connectdata *conn, int sockindex) - { - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; -+#ifndef CURL_DISABLE_PROXY - struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; -+#endif - struct ssl_backend_data *backend = connssl->backend; - -- if(backend->handle || connssl_proxy->backend->handle) { -+ if(backend->handle -+#ifndef CURL_DISABLE_PROXY -+ || connssl_proxy->backend->handle -+#endif -+ ) { - /* NSS closes the socket we previously handed to it, so we must mark it - as closed to avoid double close */ - fake_sclose(conn->sock[sockindex]); - conn->sock[sockindex] = CURL_SOCKET_BAD; - } - -+#ifndef CURL_DISABLE_PROXY - if(backend->handle) - /* nss_close(connssl) will transitively close also - connssl_proxy->backend->handle if both are used. Clear it to avoid - a double close leading to crash. */ - connssl_proxy->backend->handle = NULL; - -- nss_close(connssl); - nss_close(connssl_proxy); -+#endif -+ nss_close(connssl); - } - - /* return true if NSS can provide error code (and possibly msg) for the -@@ -1828,6 +1838,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - CURLcode result; - bool second_layer = FALSE; - SSLVersionRange sslver_supported; -+#ifndef CURL_DISABLE_PROXY -+ const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : -+ conn->host.name; -+#else -+ const char *hostname = conn->host.name; -+#endif - - SSLVersionRange sslver = { - SSL_LIBRARY_VERSION_TLS_1_0, /* min */ -@@ -1932,9 +1948,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - goto error; - - /* not checked yet */ -+#ifndef CURL_DISABLE_PROXY - if(SSL_IS_PROXY()) - data->set.proxy_ssl.certverifyresult = 0; - else -+#endif - data->set.ssl.certverifyresult = 0; - - if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess) -@@ -1991,12 +2009,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - goto error; - } - -+#ifndef CURL_DISABLE_PROXY - if(conn->proxy_ssl[sockindex].use) { - DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL); - nspr_io = conn->proxy_ssl[sockindex].backend->handle; - second_layer = TRUE; - } -+#endif - else { - /* wrap OS file descriptor by NSPR's file descriptor abstraction */ - nspr_io = PR_ImportTCPSocket(sockfd); -@@ -2077,8 +2097,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - unsigned char protocols[128]; - - #ifdef USE_NGHTTP2 -- if(data->set.httpversion >= CURL_HTTP_VERSION_2 && -- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { -+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 -+#ifndef CURL_DISABLE_PROXY -+ && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) -+#endif -+ ) { - protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; - memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, - NGHTTP2_PROTO_VERSION_ID_LEN); -@@ -2101,14 +2124,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - goto error; - - /* propagate hostname to the TLS layer */ -- if(SSL_SetURL(backend->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name : -- conn->host.name) != SECSuccess) -+ if(SSL_SetURL(backend->handle, hostname) != SECSuccess) - goto error; - - /* prevent NSS from re-using the session for a different hostname */ -- if(SSL_SetSockPeerID(backend->handle, SSL_IS_PROXY() ? -- conn->http_proxy.host.name : conn->host.name) -- != SECSuccess) -+ if(SSL_SetSockPeerID(backend->handle, hostname) != SECSuccess) - goto error; - - return CURLE_OK; -@@ -2127,11 +2147,17 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex) - struct Curl_easy *data = conn->data; - CURLcode result = CURLE_SSL_CONNECT_ERROR; - PRUint32 timeout; -+#ifndef CURL_DISABLE_PROXY - long * const certverifyresult = SSL_IS_PROXY() ? - &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; - const char * const pinnedpubkey = SSL_IS_PROXY() ? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : - data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; -+#else -+ long * const certverifyresult = &data->set.ssl.certverifyresult; -+ const char * const pinnedpubkey = -+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; -+#endif - - - /* check timeout situation */ --- -2.27.0 - diff --git a/package/libcurl/0003-gnutls-Fetch-backend-when-using-proxy.patch b/package/libcurl/0003-gnutls-Fetch-backend-when-using-proxy.patch deleted file mode 100644 index 4e5ad25365..0000000000 --- a/package/libcurl/0003-gnutls-Fetch-backend-when-using-proxy.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 691df98d51955f7f24b34332ad867b6d69093ae0 Mon Sep 17 00:00:00 2001 -From: Alex Kiernan -Date: Fri, 26 Jun 2020 08:59:24 +0000 -Subject: [PATCH] gnutls: Fetch backend when using proxy - -Fixes: 89865c149 ("gnutls: remove the BACKEND define kludge") -Signed-off-by: Alex Kiernan -Signed-off-by: Baruch Siach ---- -Upstream status: commit 691df98d51955f7f24b34332ad867b6d69093ae0 - - lib/vtls/gtls.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 9b4c3659acc5..02d0825e5ac7 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -1382,6 +1382,7 @@ static bool Curl_gtls_data_pending(const struct connectdata *conn, - res = TRUE; - - connssl = &conn->proxy_ssl[connindex]; -+ backend = connssl->backend; - if(backend->session && - 0 != gnutls_record_check_pending(backend->session)) - res = TRUE; --- -2.27.0 - diff --git a/package/libcurl/0004-gnutls-repair-the-build-with-CURL_DISABLE_PROXY.patch b/package/libcurl/0004-gnutls-repair-the-build-with-CURL_DISABLE_PROXY.patch deleted file mode 100644 index 4f8a72c6ea..0000000000 --- a/package/libcurl/0004-gnutls-repair-the-build-with-CURL_DISABLE_PROXY.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 0fda8db95c98f1e08a830ec5dbccb24e0994a9e3 Mon Sep 17 00:00:00 2001 -From: Alex Kiernan -Date: Fri, 26 Jun 2020 09:08:32 +0000 -Subject: [PATCH] gnutls: repair the build with `CURL_DISABLE_PROXY` - -`http_proxy`/`proxy_ssl`/`tunnel_proxy` will not be available in `conn` -if `CURL_DISABLE_PROXY` is enabled. Repair the build with that -configuration. - -Signed-off-by: Alex Kiernan -Closes #5645 -Signed-off-by: Baruch Siach ---- -Upstream status: commit 0fda8db95c98f1e08a830ec5dbccb24e0994a9e3 - - lib/vtls/gtls.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 02d0825e5ac7..75331388cc13 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -399,10 +399,15 @@ gtls_connect_step1(struct connectdata *conn, - #endif - const char *prioritylist; - const char *err = NULL; -+#ifndef CURL_DISABLE_PROXY - const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : - conn->host.name; - long * const certverifyresult = SSL_IS_PROXY() ? - &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; -+#else -+ const char * const hostname = conn->host.name; -+ long * const certverifyresult = &data->set.ssl.certverifyresult; -+#endif - - if(connssl->state == ssl_connection_complete) - /* to make us tolerant against being called more than once for the -@@ -620,8 +625,11 @@ gtls_connect_step1(struct connectdata *conn, - gnutls_datum_t protocols[2]; - - #ifdef USE_NGHTTP2 -- if(data->set.httpversion >= CURL_HTTP_VERSION_2 && -- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { -+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 -+#ifndef CURL_DISABLE_PROXY -+ && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) -+#endif -+ ) { - protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID; - protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN; - cur++; -@@ -694,12 +702,15 @@ gtls_connect_step1(struct connectdata *conn, - } - } - -+#ifndef CURL_DISABLE_PROXY - if(conn->proxy_ssl[sockindex].use) { - transport_ptr = conn->proxy_ssl[sockindex].backend->session; - gnutls_transport_push = Curl_gtls_push_ssl; - gnutls_transport_pull = Curl_gtls_pull_ssl; - } -- else { -+ else -+#endif -+ { - /* file descriptor for the socket */ - transport_ptr = &conn->sock[sockindex]; - gnutls_transport_push = Curl_gtls_push; -@@ -828,10 +839,15 @@ gtls_connect_step3(struct connectdata *conn, - unsigned int bits; - gnutls_protocol_t version = gnutls_protocol_get_version(session); - #endif -+#ifndef CURL_DISABLE_PROXY - const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : - conn->host.name; - long * const certverifyresult = SSL_IS_PROXY() ? - &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; -+#else -+ const char * const hostname = conn->host.name; -+ long * const certverifyresult = &data->set.ssl.certverifyresult; -+#endif - - /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */ - ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session), -@@ -1112,8 +1128,12 @@ gtls_connect_step3(struct connectdata *conn, - } - #endif - if(!rc) { -+#ifndef CURL_DISABLE_PROXY - const char * const dispname = SSL_IS_PROXY() ? - conn->http_proxy.host.dispname : conn->host.dispname; -+#else -+ const char * const dispname = conn->host.dispname; -+#endif - - if(SSL_CONN_CONFIG(verifyhost)) { - failf(data, "SSL: certificate subject name (%s) does not match " -@@ -1381,11 +1401,13 @@ static bool Curl_gtls_data_pending(const struct connectdata *conn, - 0 != gnutls_record_check_pending(backend->session)) - res = TRUE; - -+#ifndef CURL_DISABLE_PROXY - connssl = &conn->proxy_ssl[connindex]; - backend = connssl->backend; - if(backend->session && - 0 != gnutls_record_check_pending(backend->session)) - res = TRUE; -+#endif - - return res; - } -@@ -1434,7 +1456,9 @@ static void close_one(struct ssl_connect_data *connssl) - static void Curl_gtls_close(struct connectdata *conn, int sockindex) - { - close_one(&conn->ssl[sockindex]); -+#ifndef CURL_DISABLE_PROXY - close_one(&conn->proxy_ssl[sockindex]); -+#endif - } - - /* --- -2.27.0 - diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 46f72c1eaf..2bd1890caf 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.haxx.se/download/curl-7.71.1.tar.xz.asc +# https://curl.haxx.se/download/curl-7.72.0.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 40f83eda27cdbeb25cd4da48cefb639af1b9395d6026d2da1825bf059239658c curl-7.71.1.tar.xz +sha256 0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713 curl-7.72.0.tar.xz sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 6f053f00a8..ea7e06e27e 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.71.1 +LIBCURL_VERSION = 7.72.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \