Pick up curl 7.72.0 current #13063
Pick up curl 7.72.0 current #13063
Conversation
- Picks up fix of CVE-2020-8231: libcurl: wrong connect-only connection (Envoy doesn't use the affected CURLOPT_CONNECT_ONLY toggle) - Resolves small patch correction and premature force-AF_UNIX toggle in our dev branch (curl 7.72 doesn't pick up afunix.h on windows, will first address this upstream.) - Preparing for specific corrections to get curl building curl.lib with cmake using clang-cl on Windows, starting at envoy and pushing the fix(es) to CMakeLists.txt upstream. Signed-off-by: William A Rowe Jr <[email protected]>
|
@wrowe this is failing |
Signed-off-by: William A Rowe Jr <[email protected]>
Signed-off-by: William A Rowe Jr <[email protected]>
|
Thanks @htuch - that was a problem, we've had to disable UNIX_SOCKETS till we repair curl itself. Fixed the test short-term to not expect that feature on Windows builds, should be ready to merge once passing CI. |
Signed-off-by: William A Rowe Jr <[email protected]>
| +cmake_minimum_required(VERSION 3.0 FATAL_ERROR) | ||
| +cmake_minimum_required(VERSION 3.2 FATAL_ERROR) |
There was a problem hiding this comment.
Is this a Windows specific patch? If so wondering if a comment should be added to https://github.com/envoyproxy/envoy/blob/master/bazel/repositories.bzl#L677-L678
There was a problem hiding this comment.
It would be good to understand why this is needed.
| +cmake_minimum_required(VERSION 3.0 FATAL_ERROR) | ||
| +cmake_minimum_required(VERSION 3.2 FATAL_ERROR) |
There was a problem hiding this comment.
It would be good to understand why this is needed.
|
/wait reworking the patch |
- See bazel-contrib/rules_foreign_cc#426 for comprehensive discussion of the defect. This workaround could be dropped if rules_foreign_cc works around it for us. Signed-off-by: William A Rowe Jr <[email protected]> Co-authored-by: Sunjay Bhatia <[email protected]>
|
We were able to drop the patch altogether by working around the CMake project's breakage. (This wasn't actually on the curl project's logic.) |
|
@htuch This should be much easier to follow now, are ready to review/merge |
|
Really good to remove the patch @wrowe. Thanks. LGTM |
Commit Message: Pick up curl 7.72.0 current
Additional Description:
Picks up fix of CVE-2020-8231: libcurl: wrong connect-only connection
(Envoy does NOT use the affected CURLOPT_CONNECT_ONLY toggle,
this change simply satisfies overly-simplistic audits, and this further
reinforces issue Remove curl as an Envoy dependency #11816 )
Resolve premature force-AF_UNIX toggle in our working branch and
disables UNIX_SOCKETS on windows, until afunix.h is used for sys/un.h
(Breakage is between curl 7.69 and curl 7.72, which doesn't pick up afunix.h
on windows; will address and resolve upstream before revisiting at envoy.)
Work around misplaced -MD cflag on Windows build
See Windows flaw when building with bazel in modern CMake due to erroneous policy CMP0091 bazel-contrib/rules_foreign_cc#426
for comprehensive discussion of the defect. This workaround
could be dropped if rules_foreign_cc works around it for us.
Preparing for specific corrections to get curl building curl.lib
with cmake using clang-cl on Windows, starting at envoy and pushing
the fix(es) to CMakeLists.txt upstream.
Risk Level: low
Testing: local
Docs Changes: n/a
Release Notes: n/a