From b85ada8ff6c29a9aefcec5c09616b4326995e8a3 Mon Sep 17 00:00:00 2001 From: Meena Renganathan Date: Tue, 8 Mar 2022 09:35:56 -0800 Subject: [PATCH 1/4] Upgrdaed the curl package to fix vulnerabilities reported by WhiteSource --- contrib/curl | 2 +- contrib/curl-cmake/CMakeLists.txt | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/contrib/curl b/contrib/curl index 3b8bbbbd160..801bd5138ce 160000 --- a/contrib/curl +++ b/contrib/curl @@ -1 +1 @@ -Subproject commit 3b8bbbbd1609c638a3d3d0acb148a33dedb67be3 +Subproject commit 801bd5138ce31aa0d906fa4e2eabfc599d74e793 diff --git a/contrib/curl-cmake/CMakeLists.txt b/contrib/curl-cmake/CMakeLists.txt index 589f40384e3..b1e1a0ded8a 100644 --- a/contrib/curl-cmake/CMakeLists.txt +++ b/contrib/curl-cmake/CMakeLists.txt @@ -32,7 +32,6 @@ set (SRCS "${LIBRARY_DIR}/lib/transfer.c" "${LIBRARY_DIR}/lib/strcase.c" "${LIBRARY_DIR}/lib/easy.c" - "${LIBRARY_DIR}/lib/security.c" "${LIBRARY_DIR}/lib/curl_fnmatch.c" "${LIBRARY_DIR}/lib/fileinfo.c" "${LIBRARY_DIR}/lib/wildcard.c" @@ -115,6 +114,12 @@ set (SRCS "${LIBRARY_DIR}/lib/curl_get_line.c" "${LIBRARY_DIR}/lib/altsvc.c" "${LIBRARY_DIR}/lib/socketpair.c" + "${LIBRARY_DIR}/lib/bufref.c" + "${LIBRARY_DIR}/lib/dynbuf.c" + "${LIBRARY_DIR}/lib/hsts.c" + "${LIBRARY_DIR}/lib/http_aws_sigv4.c" + "${LIBRARY_DIR}/lib/mqtt.c" + "${LIBRARY_DIR}/lib/rename.c" "${LIBRARY_DIR}/lib/vauth/vauth.c" "${LIBRARY_DIR}/lib/vauth/cleartext.c" "${LIBRARY_DIR}/lib/vauth/cram.c" @@ -131,8 +136,6 @@ set (SRCS "${LIBRARY_DIR}/lib/vtls/gtls.c" "${LIBRARY_DIR}/lib/vtls/vtls.c" "${LIBRARY_DIR}/lib/vtls/nss.c" - "${LIBRARY_DIR}/lib/vtls/polarssl.c" - "${LIBRARY_DIR}/lib/vtls/polarssl_threadlock.c" "${LIBRARY_DIR}/lib/vtls/wolfssl.c" "${LIBRARY_DIR}/lib/vtls/schannel.c" "${LIBRARY_DIR}/lib/vtls/schannel_verify.c" @@ -141,6 +144,7 @@ set (SRCS "${LIBRARY_DIR}/lib/vtls/mbedtls.c" "${LIBRARY_DIR}/lib/vtls/mesalink.c" "${LIBRARY_DIR}/lib/vtls/bearssl.c" + "${LIBRARY_DIR}/lib/vtls/keylog.c" "${LIBRARY_DIR}/lib/vquic/ngtcp2.c" "${LIBRARY_DIR}/lib/vquic/quiche.c" "${LIBRARY_DIR}/lib/vssh/libssh2.c" From db58a87fcb541621c5999bd81b3763974c016069 Mon Sep 17 00:00:00 2001 From: Meena Renganathan Date: Thu, 24 Mar 2022 06:36:03 -0700 Subject: [PATCH 2/4] Updated the curl-cmake/curl_config.h to resolve the build error in MacOS --- contrib/curl-cmake/curl_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/curl-cmake/curl_config.h b/contrib/curl-cmake/curl_config.h index 1efdd88600f..268b2a98287 100644 --- a/contrib/curl-cmake/curl_config.h +++ b/contrib/curl-cmake/curl_config.h @@ -48,3 +48,6 @@ #define ENABLE_IPV6 #define USE_OPENSSL #define USE_THREADS_POSIX + +#define HAVE_BOOL_T 1 +#define HAVE_STDBOOL_H 1 From 05ffa45907c65150f0de7041e49f2af76af21a7f Mon Sep 17 00:00:00 2001 From: Meena Renganathan Date: Fri, 25 Mar 2022 16:22:34 -0700 Subject: [PATCH 3/4] Further updates to the CMakeLists.txt to fix the build error in MacOS --- contrib/curl-cmake/CMakeLists.txt | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/contrib/curl-cmake/CMakeLists.txt b/contrib/curl-cmake/CMakeLists.txt index b1e1a0ded8a..fdd73612549 100644 --- a/contrib/curl-cmake/CMakeLists.txt +++ b/contrib/curl-cmake/CMakeLists.txt @@ -153,6 +153,22 @@ set (SRCS add_library (_curl ${SRCS}) +set(CURL_LIBS "") +if(APPLE) + + find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") + if(NOT SYSTEMCONFIGURATION_FRAMEWORK) + message(FATAL_ERROR "SystemConfiguration framework not found") + endif() + set(CURL_LIBS ${CURL_LIBS} "-framework SystemConfiguration") + + find_library(COREFOUNDATION_FRAMEWORK "CoreFoundation") + if(NOT COREFOUNDATION_FRAMEWORK) + message(FATAL_ERROR "CoreFoundation framework not found") + endif() + set(CURL_LIBS ${CURL_LIBS} "-framework CoreFoundation") +endif() + target_compile_definitions (_curl PRIVATE HAVE_CONFIG_H BUILDING_LIBCURL @@ -166,7 +182,8 @@ target_include_directories (_curl SYSTEM PUBLIC . # curl_config.h ) -target_link_libraries (_curl PRIVATE OpenSSL::SSL) +set(CURL_LIBS ${CURL_LIBS} OpenSSL::SSL) +target_link_libraries (_curl PRIVATE ${CURL_LIBS}) # The library is large - avoid bloat (XXX: is it?) target_compile_options (_curl PRIVATE -g0) From 0d0b1ef7dc961877054f709633428a9c70a0b5c4 Mon Sep 17 00:00:00 2001 From: Meena Renganathan Date: Wed, 6 Apr 2022 06:28:35 -0700 Subject: [PATCH 4/4] Fix to restrict the curl, azure and sentry build in MacOS --- CMakeLists.txt | 6 ++++++ contrib/CMakeLists.txt | 10 +++++++--- contrib/curl-cmake/CMakeLists.txt | 19 +------------------ contrib/curl-cmake/curl_config.h | 3 --- 4 files changed, 14 insertions(+), 24 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9649fc32d74..fa94e1c6782 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -222,6 +222,12 @@ else () set(NO_WHOLE_ARCHIVE --no-whole-archive) endif () +option(ENABLE_CURL_BUILD "Enable curl, azure, sentry build on by default except MacOS." ON) +if (OS_DARWIN) + # Disable the curl, azure, senry build on MacOS + set (ENABLE_CURL_BUILD OFF) +endif () + # Ignored if `lld` is used option(ADD_GDB_INDEX_FOR_GOLD "Add .gdb-index to resulting binaries for gold linker.") diff --git a/contrib/CMakeLists.txt b/contrib/CMakeLists.txt index 9cf307c473e..1f03c0fd341 100644 --- a/contrib/CMakeLists.txt +++ b/contrib/CMakeLists.txt @@ -119,9 +119,13 @@ add_contrib (fastops-cmake fastops) add_contrib (libuv-cmake libuv) add_contrib (amqpcpp-cmake AMQP-CPP) # requires: libuv add_contrib (cassandra-cmake cassandra) # requires: libuv -add_contrib (curl-cmake curl) -add_contrib (azure-cmake azure) -add_contrib (sentry-native-cmake sentry-native) # requires: curl + +if (ENABLE_CURL_BUILD) + add_contrib (curl-cmake curl) + add_contrib (azure-cmake azure) + add_contrib (sentry-native-cmake sentry-native) # requires: curl +endif() + add_contrib (fmtlib-cmake fmtlib) add_contrib (krb5-cmake krb5) add_contrib (cyrus-sasl-cmake cyrus-sasl) # for krb5 diff --git a/contrib/curl-cmake/CMakeLists.txt b/contrib/curl-cmake/CMakeLists.txt index fdd73612549..b1e1a0ded8a 100644 --- a/contrib/curl-cmake/CMakeLists.txt +++ b/contrib/curl-cmake/CMakeLists.txt @@ -153,22 +153,6 @@ set (SRCS add_library (_curl ${SRCS}) -set(CURL_LIBS "") -if(APPLE) - - find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") - if(NOT SYSTEMCONFIGURATION_FRAMEWORK) - message(FATAL_ERROR "SystemConfiguration framework not found") - endif() - set(CURL_LIBS ${CURL_LIBS} "-framework SystemConfiguration") - - find_library(COREFOUNDATION_FRAMEWORK "CoreFoundation") - if(NOT COREFOUNDATION_FRAMEWORK) - message(FATAL_ERROR "CoreFoundation framework not found") - endif() - set(CURL_LIBS ${CURL_LIBS} "-framework CoreFoundation") -endif() - target_compile_definitions (_curl PRIVATE HAVE_CONFIG_H BUILDING_LIBCURL @@ -182,8 +166,7 @@ target_include_directories (_curl SYSTEM PUBLIC . # curl_config.h ) -set(CURL_LIBS ${CURL_LIBS} OpenSSL::SSL) -target_link_libraries (_curl PRIVATE ${CURL_LIBS}) +target_link_libraries (_curl PRIVATE OpenSSL::SSL) # The library is large - avoid bloat (XXX: is it?) target_compile_options (_curl PRIVATE -g0) diff --git a/contrib/curl-cmake/curl_config.h b/contrib/curl-cmake/curl_config.h index 268b2a98287..1efdd88600f 100644 --- a/contrib/curl-cmake/curl_config.h +++ b/contrib/curl-cmake/curl_config.h @@ -48,6 +48,3 @@ #define ENABLE_IPV6 #define USE_OPENSSL #define USE_THREADS_POSIX - -#define HAVE_BOOL_T 1 -#define HAVE_STDBOOL_H 1