From 1b257c8a1bf2d4dc4cb971ac0f8cb404c63ea290 Mon Sep 17 00:00:00 2001 From: Gerwout van der Veen Date: Thu, 14 Nov 2024 14:58:26 -0800 Subject: [PATCH] PR #79955: Update the curl dependency: 8.6.0 -> 8.11.0. Imported from GitHub PR https://github.com/tensorflow/tensorflow/pull/79955 Due to multiple security vulnerabilities CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096 and CVE-2024-9681 Copybara import of the project: -- f05738b11ff2a6654ef5460d9dac8c6795c04ac6 by Gerwout van der Veen : Update the curl dependency: 8.6.0 -> 8.11.0. Due to multiple security vulnerabilities CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096 and CVE-2024-9681 -- b5ce0879ff980d61089c74257f450419d8d167cf by Gerwout van der Veen : buildifier formatting Merging this change closes #79955 PiperOrigin-RevId: 696661168 --- third_party/curl.BUILD | 23 +++++++++++++++----- tsl/platform/cloud/curl_http_request_test.cc | 8 +++---- workspace2.bzl | 6 ++--- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/third_party/curl.BUILD b/third_party/curl.BUILD index 3ba905215..4a8c3ef5a 100644 --- a/third_party/curl.BUILD +++ b/third_party/curl.BUILD @@ -97,10 +97,6 @@ cc_library( "lib/curl_multibyte.h", "lib/curl_ntlm_core.c", "lib/curl_ntlm_core.h", - "lib/curl_ntlm_wb.c", - "lib/curl_ntlm_wb.h", - "lib/curl_path.c", - "lib/curl_path.h", "lib/curl_printf.h", "lib/curl_range.c", "lib/curl_range.h", @@ -111,6 +107,8 @@ cc_library( "lib/curl_setup.h", "lib/curl_setup_once.h", "lib/curl_sha256.h", + "lib/curl_sha512_256.c", + "lib/curl_sha512_256.h", "lib/curl_sspi.c", "lib/curl_sspi.h", "lib/curl_threads.c", @@ -118,8 +116,11 @@ cc_library( "lib/curl_trc.c", "lib/curl_trc.h", "lib/curlx.h", + "lib/cw-out.c", + "lib/cw-out.h", "lib/dict.c", "lib/dict.h", + "lib/dllmain.c", "lib/doh.c", "lib/doh.h", "lib/dynbuf.c", @@ -231,6 +232,8 @@ cc_library( "lib/rand.h", "lib/rename.c", "lib/rename.h", + "lib/request.c", + "lib/request.h", "lib/rtsp.c", "lib/rtsp.h", "lib/select.c", @@ -317,12 +320,16 @@ cc_library( "lib/vquic/vquic.c", "lib/vquic/vquic.h", "lib/vquic/vquic_int.h", + "lib/vssh/curl_path.c", + "lib/vssh/curl_path.h", "lib/vssh/libssh.c", "lib/vssh/libssh2.c", "lib/vssh/ssh.h", "lib/vssh/wolfssh.c", "lib/vtls/bearssl.c", "lib/vtls/bearssl.h", + "lib/vtls/cipher_suite.c", + "lib/vtls/cipher_suite.h", "lib/vtls/gtls.c", "lib/vtls/gtls.h", "lib/vtls/hostcheck.c", @@ -452,6 +459,8 @@ cc_binary( "lib/config-win32.h", "src/slist_wc.c", "src/slist_wc.h", + "src/terminal.c", + "src/terminal.h", "src/tool_binmode.c", "src/tool_binmode.h", "src/tool_bname.c", @@ -466,6 +475,8 @@ cc_binary( "src/tool_cb_rea.h", "src/tool_cb_see.c", "src/tool_cb_see.h", + "src/tool_cb_soc.c", + "src/tool_cb_soc.h", "src/tool_cb_wrt.c", "src/tool_cb_wrt.h", "src/tool_cfgable.c", @@ -591,7 +602,7 @@ genrule( "# define HAVE_SETMODE 1", "# define HAVE_SYS_FILIO_H 1", "# define HAVE_SYS_SOCKIO_H 1", - "# define OS \"x86_64-apple-darwin15.5.0\"", + "# define CURL_OS \"x86_64-apple-darwin15.5.0\"", "# define USE_SECTRANSP 1", "#else", "# define CURL_CA_BUNDLE \"/etc/ssl/certs/ca-certificates.crt\"", @@ -620,7 +631,7 @@ genrule( "# define HAVE_RAND_STATUS 1", "# define HAVE_SSL_GET_SHUTDOWN 1", "# define HAVE_TERMIOS_H 1", - "# define OS \"x86_64-pc-linux-gnu\"", + "# define CURL_OS \"x86_64-pc-linux-gnu\"", "# define RANDOM_FILE \"/dev/urandom\"", "# define USE_OPENSSL 1", "#endif", diff --git a/tsl/platform/cloud/curl_http_request_test.cc b/tsl/platform/cloud/curl_http_request_test.cc index 429006a37..e60f18bfa 100644 --- a/tsl/platform/cloud/curl_http_request_test.cc +++ b/tsl/platform/cloud/curl_http_request_test.cc @@ -497,11 +497,9 @@ TEST(CurlHttpRequestTest, GetRequest_CouldntResolveHost) { const auto& status = http_request.Send(); EXPECT_EQ(error::FAILED_PRECONDITION, status.code()); EXPECT_EQ( - absl::StrCat( - "Error executing an HTTP request: libcurl code 6 meaning ", - (kIsOpenSource ? "'Couldn't resolve host name', error details: " - : "'Could not resolve hostname', error details: "), - "Could not resolve host ", "'metadata'"), + absl::StrCat("Error executing an HTTP request: libcurl code 6 meaning ", + "'Could not resolve hostname', error details: ", + "Could not resolve host ", "'metadata'"), status.message()); EXPECT_EQ(0, http_request.GetResponseCode()); } diff --git a/workspace2.bzl b/workspace2.bzl index 056612468..4a96b83d9 100644 --- a/workspace2.bzl +++ b/workspace2.bzl @@ -323,10 +323,10 @@ def _tf_repositories(): tf_http_archive( name = "curl", build_file = "//third_party:curl.BUILD", - sha256 = "9c6db808160015f30f3c656c0dec125feb9dc00753596bf858a272b5dd8dc398", - strip_prefix = "curl-8.6.0", + sha256 = "264537d90e58d2b09dddc50944baf3c38e7089151c8986715e2aaeaaf2b8118f", + strip_prefix = "curl-8.11.0", system_build_file = "//third_party/systemlibs:curl.BUILD", - urls = tf_mirror_urls("https://curl.se/download/curl-8.6.0.tar.gz"), + urls = tf_mirror_urls("https://curl.se/download/curl-8.11.0.tar.gz"), ) # WARNING: make sure ncteisen@ and vpai@ are cc-ed on any CL to change the below rule