third_party: update libcurl from 8.6.0 to 8.7.1 #9637

ligurio · 2024-02-01T07:23:38Z

The patch updates curl module to the version 8.6.0 [1][2] that brings a number of functional fixes, and updates CMake module for building curl library.

Changes in CMake module:

Option ENABLE_CURL_MANUAL was added and disabled by default [3]
Option BUILD_LIBCURL_DOCS was added and disabled by default [3]

The patch follows up commit 9bdf2ba ("httpc: fix reading data in a chunked request") where curl submodule was updated to a version based on 8.5.0 release with applied patch with fix [5].

Changelog entry has been removed because duplicate entries about bumps confuses end users.

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

ligurio · 2024-02-01T08:08:52Z

1) http_client.sock_family:"AF_UNIX".test_http_params_head                                                                              
curl: Weird server reply: Invalid argument                                                                                              
stack traceback:                                                                                                                        
        builtin/http.client.lua:592: in function 'head'                                                                                 
        ...rces/MRG/tarantool/test/app-luatest/http_client_test.lua:960: in function 'http_client.sock_family:"AF_UNIX".test_http_params
_head'                                                                                                                                  
        ...                                                                                                                             
        [C]: in function 'xpcall'                                                                                                       
Ran 112 tests in 18.092 seconds, 111 succeeded, 1 errored

ligurio · 2024-02-01T09:00:55Z

"regression in 8.6.0: unexpected body leads to CURLE_WEIRD_SERVER_REPLY",
https://curl.se/mail/lib-2024-02/0000.html

coveralls · 2024-03-28T08:49:42Z

coverage: 87.06% (+0.02%) from 87.037%
when pulling 7275216 on ligurio:ligurio/bump-curl-8.6.0
into ff7d8f0
on tarantool:master.

The patch updates curl module to the version 8.6.0 [1][2] that brings a number of functional fixes, and updates CMake module for building curl library. Changes in CMake module: - Option `ENABLE_CURL_MANUAL` was added and disabled by default [3] - Option `BUILD_LIBCURL_DOCS` was added and disabled by default [3] The patch follows up commit 9bdf2ba ("httpc: fix reading data in a chunked request") where curl submodule was updated to a version based on 8.5.0 release with applied patch with fix [5]. Changelog entry has been removed because duplicate entries about bumps confuses end users. 1. https://curl.se/changes.html#8_6_0 2. curl/curl@curl-8_5_0...curl-8_6_0 3. curl/curl@a808aab 5. curl/curl@cdd905a NO_DOC=libcurl submodule bump NO_TEST=libcurl submodule bump

The patch updates curl module to the version 8.7.1 [1][2] that brings a number of functional and security fixes, and updates CMake module for building curl library. Security fixes: - CVE-2024-2004: Usage of disabled protocol. (low) - CVE-2024-2398: HTTP/2 push headers memory-leak. (medium) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL. (low) - CVE-2024-2466: TLS certificate check bypass with mbedTLS. (medium) Changes in CMake module: - Option `USE_OPENSSL_QUIC` was added and disabled by default [3] Changelog entry has been removed because duplicate entries about bumps confuses end users. 1. https://curl.se/changes.html#8_7_1 2. curl/curl@curl-8_6_0...curl-8_7_1 3. curl/curl@8e74164 NO_DOC=libcurl submodule bump NO_CHANGELOG=libcurl submodule bump NO_TEST=libcurl submodule bump

ligurio · 2024-03-28T10:34:12Z

Superseded by #9885

ligurio force-pushed the ligurio/bump-curl-8.6.0 branch 2 times, most recently from e2fecb5 to 065c458 Compare February 1, 2024 07:35

ligurio requested a review from a team as a code owner February 1, 2024 07:35

ligurio force-pushed the ligurio/bump-curl-8.6.0 branch from 065c458 to 80f0fb3 Compare February 1, 2024 07:36

ligurio requested a review from olegrok February 1, 2024 07:38

olegrok approved these changes Feb 1, 2024

View reviewed changes

ligurio marked this pull request as draft February 1, 2024 08:08

xuniq approved these changes Feb 1, 2024

View reviewed changes

ligurio changed the title ~~third_party: update libcurl from 8.5.0+patch to 8.6.0~~ third_party: update libcurl from 8.6.0 to 8.7.1 Mar 28, 2024

ligurio added the full-ci Enables all tests for a pull request label Mar 28, 2024

ligurio added 2 commits March 28, 2024 13:17

ligurio force-pushed the ligurio/bump-curl-8.6.0 branch from 12b72b6 to 7275216 Compare March 28, 2024 10:17

ligurio closed this Mar 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

third_party: update libcurl from 8.6.0 to 8.7.1 #9637

third_party: update libcurl from 8.6.0 to 8.7.1 #9637

ligurio commented Feb 1, 2024 •

edited

ligurio commented Feb 1, 2024

ligurio commented Feb 1, 2024

coveralls commented Mar 28, 2024 •

edited

ligurio commented Mar 28, 2024 •

edited

third_party: update libcurl from 8.6.0 to 8.7.1 #9637

third_party: update libcurl from 8.6.0 to 8.7.1 #9637

Conversation

ligurio commented Feb 1, 2024 • edited

ligurio commented Feb 1, 2024

ligurio commented Feb 1, 2024

coveralls commented Mar 28, 2024 • edited

ligurio commented Mar 28, 2024 • edited

ligurio commented Feb 1, 2024 •

edited

coveralls commented Mar 28, 2024 •

edited

ligurio commented Mar 28, 2024 •

edited