-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
third_party: update libcurl from 8.6.0 to 8.7.1 #9637
Closed
Closed
+9
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ligurio
force-pushed
the
ligurio/bump-curl-8.6.0
branch
2 times, most recently
from
February 1, 2024 07:35
e2fecb5
to
065c458
Compare
ligurio
force-pushed
the
ligurio/bump-curl-8.6.0
branch
from
February 1, 2024 07:36
065c458
to
80f0fb3
Compare
olegrok
approved these changes
Feb 1, 2024
|
"regression in 8.6.0: unexpected body leads to CURLE_WEIRD_SERVER_REPLY", |
xuniq
approved these changes
Feb 1, 2024
ligurio
changed the title
third_party: update libcurl from 8.5.0+patch to 8.6.0
third_party: update libcurl from 8.6.0 to 8.7.1
Mar 28, 2024
The patch updates curl module to the version 8.6.0 [1][2] that brings a number of functional fixes, and updates CMake module for building curl library. Changes in CMake module: - Option `ENABLE_CURL_MANUAL` was added and disabled by default [3] - Option `BUILD_LIBCURL_DOCS` was added and disabled by default [3] The patch follows up commit 9bdf2ba ("httpc: fix reading data in a chunked request") where curl submodule was updated to a version based on 8.5.0 release with applied patch with fix [5]. Changelog entry has been removed because duplicate entries about bumps confuses end users. 1. https://curl.se/changes.html#8_6_0 2. curl/curl@curl-8_5_0...curl-8_6_0 3. curl/curl@a808aab 5. curl/curl@cdd905a NO_DOC=libcurl submodule bump NO_TEST=libcurl submodule bump
The patch updates curl module to the version 8.7.1 [1][2] that brings a number of functional and security fixes, and updates CMake module for building curl library. Security fixes: - CVE-2024-2004: Usage of disabled protocol. (low) - CVE-2024-2398: HTTP/2 push headers memory-leak. (medium) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL. (low) - CVE-2024-2466: TLS certificate check bypass with mbedTLS. (medium) Changes in CMake module: - Option `USE_OPENSSL_QUIC` was added and disabled by default [3] Changelog entry has been removed because duplicate entries about bumps confuses end users. 1. https://curl.se/changes.html#8_7_1 2. curl/curl@curl-8_6_0...curl-8_7_1 3. curl/curl@8e74164 NO_DOC=libcurl submodule bump NO_CHANGELOG=libcurl submodule bump NO_TEST=libcurl submodule bump
ligurio
force-pushed
the
ligurio/bump-curl-8.6.0
branch
from
March 28, 2024 10:17
12b72b6
to
7275216
Compare
Superseded by #9885 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The patch updates curl module to the version 8.6.0 [1][2] that brings a number of functional fixes, and updates CMake module for building curl library.
Changes in CMake module:
ENABLE_CURL_MANUAL
was added and disabled by default [3]BUILD_LIBCURL_DOCS
was added and disabled by default [3]The patch follows up commit 9bdf2ba ("httpc: fix reading data in a chunked request") where curl submodule was updated to a version based on 8.5.0 release with applied patch with fix [5].
Changelog entry has been removed because duplicate entries about bumps confuses end users.
NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump