patch to upgrade bundled curl in trunk

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

patch to upgrade bundled curl in trunk

Don Lewis-2
The attached patch upgrades the version of curl that we bundle in trunk
from 7.50.1 to 7.61.0.  The old version has quite a few CVEs.
Fortunately we don't use curl for much in OpenOffice.



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

curl.patch (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Matthias Seidel

Hi Don,

My Windows build based on r1839722 and your patch applied was successful.

First tests show no problems.

Regards
   Matthias

Am 31.08.2018 um 01:12 schrieb Don Lewis:
The attached patch upgrades the version of curl that we bundle in trunk
from 7.50.1 to 7.61.0.  The old version has quite a few CVEs.
Fortunately we don't use curl for much in OpenOffice.



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Peter Kovacs-2
Can we Bundle this also with 1.4.6?

Am 1. September 2018 10:02:10 MESZ schrieb Matthias Seidel <[hidden email]>:

>Hi Don,
>
>My Windows build based on r1839722 and your patch applied was
>successful.
>
>First tests show no problems.
>
>Regards
>   Matthias
>
>Am 31.08.2018 um 01:12 schrieb Don Lewis:
>> The attached patch upgrades the version of curl that we bundle in
>trunk
>> from 7.50.1 to 7.61.0.  The old version has quite a few CVEs.
>> Fortunately we don't use curl for much in OpenOffice.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Don Lewis-2
That's the plan.  I need to do some test builds first.

On  1 Sep, Peter Kovacs wrote:

> Can we Bundle this also with 1.4.6?
>
> Am 1. September 2018 10:02:10 MESZ schrieb Matthias Seidel <[hidden email]>:
>>Hi Don,
>>
>>My Windows build based on r1839722 and your patch applied was
>>successful.
>>
>>First tests show no problems.
>>
>>Regards
>>   Matthias
>>
>>Am 31.08.2018 um 01:12 schrieb Don Lewis:
>>> The attached patch upgrades the version of curl that we bundle in
>>trunk
>>> from 7.50.1 to 7.61.0.  The old version has quite a few CVEs.
>>> Fortunately we don't use curl for much in OpenOffice.
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Peter Kovacs-4
Hi Don,

what is the status on this? - Do you have a bug for this activity? Can
some tester support you?


All the best

Peter

On 9/1/18 9:09 PM, Don Lewis wrote:

> That's the plan.  I need to do some test builds first.
>
> On  1 Sep, Peter Kovacs wrote:
>> Can we Bundle this also with 1.4.6?
>>
>> Am 1. September 2018 10:02:10 MESZ schrieb Matthias Seidel <[hidden email]>:
>>> Hi Don,
>>>
>>> My Windows build based on r1839722 and your patch applied was
>>> successful.
>>>
>>> First tests show no problems.
>>>
>>> Regards
>>>     Matthias
>>>
>>> Am 31.08.2018 um 01:12 schrieb Don Lewis:
>>>> The attached patch upgrades the version of curl that we bundle in
>>> trunk
>>>> from 7.50.1 to 7.61.0.  The old version has quite a few CVEs.
>>>> Fortunately we don't use curl for much in OpenOffice.
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Don Lewis-2
On  9 Sep, Peter Kovacs wrote:
> Hi Don,
>
> what is the status on this? - Do you have a bug for this activity? Can
> some tester support you?

I committed the patch here:

  r1839837 | truckman | 2018-09-01 12:37:14 -0700 (Sat, 01 Sep 2018) | 3 lines

  Upgrade the bundled version of curl from 7.50.1 to 7.61.0.

and I committed an update to 7.61.1 within the last day in response to a
new curl CVE.

Curl isn't used for much ... I think only for access to ftp and maybe
webdav.  I've tested the former.

I'm also testing an update for 4.1.6 as well.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: patch to upgrade bundled curl in trunk

Don Lewis-2
On  9 Sep, Don Lewis wrote:

> On  9 Sep, Peter Kovacs wrote:
>> Hi Don,
>>
>> what is the status on this? - Do you have a bug for this activity? Can
>> some tester support you?
>
> I committed the patch here:
>
>   r1839837 | truckman | 2018-09-01 12:37:14 -0700 (Sat, 01 Sep 2018) | 3 lines
>
>   Upgrade the bundled version of curl from 7.50.1 to 7.61.0.
>
> and I committed an update to 7.61.1 within the last day in response to a
> new curl CVE.
>
> Curl isn't used for much ... I think only for access to ftp and maybe
> webdav.  I've tested the former.
>
> I'm also testing an update for 4.1.6 as well.

The bug report for 4.1.6 is here:
  https://bz.apache.org/ooo/show_bug.cgi?id=127886


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]