Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

Add curl 8.7.1 and configure agent-runtime-main to use it #816

Merged
merged 2 commits into from
Apr 18, 2024
Merged

Add curl 8.7.1 and configure agent-runtime-main to use it #816

merged 2 commits into from
Apr 18, 2024

Conversation

joshcooper
Copy link
Contributor

@joshcooper joshcooper commented Apr 4, 2024
edited
Loading

All other runtimes continue to use 7.88.1 and apply patches

$ bundle exec rake vanagon:component_diff -- -P all -p el-7-x86_64 --from upstream/master --to HEAD 
...
Here is what your code changes would affect:

Project pe-installer-runtime-main
Nothing is affected 😊
Project pe-bolt-server-runtime-main
Nothing is affected 😊
Project agent-runtime-7.x
Nothing is affected 😊
Project pe-bolt-server-runtime-2021.7.x
Nothing is affected 😊
Project pe-installer-runtime-2021.7.x
Nothing is affected 😊
Project bolt-runtime
Nothing is affected 😊
Project pdk-runtime
Nothing is affected 😊
Project client-tools-runtime-main
Nothing is affected 😊
Project client-tools-runtime-2021.7.x
Nothing is affected 😊
Project agent-runtime-main

Platform name: el-7-x86_64
    Component 'curl'
        Field: mirrors[0]
        --------------------
        - https://artifactory.delivery.puppetlabs.net/artifactory/generic/buildsources/curl-7.88.1.tar.gz
        + https://artifactory.delivery.puppetlabs.net/artifactory/generic/buildsources/curl-8.7.1.tar.gz

        Field: options|sum
        --------------------
        - cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7
        + f91249c87f68ea00cf27c44fdfa5a78423e41e71b7d408e5901a9896d905c495

        Field: patches[7]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2024-2398.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2024-2398.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[6]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2024-2004.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2024-2004.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[5]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-46218.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-46218.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[4]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-38546.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-38546.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[3]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-38545.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-38545.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[2]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-32001.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-32001.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[1]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-28319.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-28319.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: patches[0]
        --------------------
        - {"origin_path"=>"resources/patches/curl/CVE-2023-27535.patch", "namespace"=>"curl", "assembly_path"=>"patches/curl/CVE-2023-27535.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

        Field: url
        --------------------
        - https://curl.se/download/curl-7.88.1.tar.gz
        + https://curl.se/download/curl-8.7.1.tar.gz

        Field: version
        --------------------
        - 7.88.1
        + 8.7.1

Fixes #815

@joshcooper joshcooper added the enhancement New feature or request label Apr 11, 2024
@joshcooper
Add curl 8.7.1 and configure agent-runtime-main to use it
9a62dd5 
All other runtimes continue to use 7.88.1 and apply patches

Signed-off-by: Josh Cooper <[email protected]>
@joshcooper
Drop unused curl patch on AIX
fc11658 
We stopped applying the patch in 2126a43, so delete it.

Signed-off-by: Josh Cooper <[email protected]>
@joshcooper joshcooper marked this pull request as ready for review April 17, 2024 20:45
@joshcooper joshcooper requested review from a team as code owners April 17, 2024 20:45
@joshcooper joshcooper marked this pull request as draft April 18, 2024 00:11
@joshcooper joshcooper marked this pull request as ready for review April 18, 2024 00:34
@cthorn42
Copy link
Collaborator

@joshcooper this all looks great, is there a tracking ticket for the work for updating the other runtimes I can track?

@joshcooper joshcooper mentioned this pull request Apr 18, 2024
Open
@joshcooper
Copy link
Contributor Author

@cthorn42 sure, the PE ticket is https://perforce.atlassian.net/browse/PE-38160 and the PDK issue is linked to this PR.

@cthorn42 cthorn42 merged commit 50954b5 into puppetlabs-toy-chest:master Apr 18, 2024
3 checks passed
@cthorn42 cthorn42 mentioned this pull request May 2, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cthorn42 cthorn42 cthorn42 approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update to curl 8
2 participants
@joshcooper @cthorn42