hush
/
hush3
9
0
Fork 11
Code Issues 140 Pull Requests 2 Projects Releases 16 Wiki Activity
Labels Milestones
New Issue

Upgrade curl to 8.4.0 #325

Closed
opened 7 months ago by duke · 2 comments
duke commented 7 months ago
Owner

https://daniel.haxx.se/blog/2023/10/11/curl-8-4-0/

https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

We currently use curl 7.77 unless using windows, then we use 7.67 (because of some bug). Upgrading to 8.x could require some code changes on our side due to non-backward compatible stuff.

The socks5+curl bug linked above only affects people compiling Hush, not people that run full nodes from binaries/packages.

For the bug to affect compilers, they would need to be using an OS-level socks5 proxy for all traffic and use a socks5 proxy which is malicious that they do not control.

https://daniel.haxx.se/blog/2023/10/11/curl-8-4-0/ https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/ We currently use curl 7.77 unless using windows, then we use 7.67 (because of some bug). Upgrading to 8.x could require some code changes on our side due to non-backward compatible stuff. The socks5+curl bug linked above only affects people compiling Hush, not people that run full nodes from binaries/packages. For the bug to affect compilers, they would need to be using an OS-level socks5 proxy for all traffic and use a socks5 proxy which is malicious that they do not control.
duke added the
medium priority
bug
 labels 7 months ago
duke commented 7 months ago
Poster
Owner

This issue involves updating this file : https://git.hush.is/hush/hush3/src/branch/master/depends/packages/libcurl.mk

This can be done directly on the dev branch. I would say leave alone the the version that will be used on windows. The person who is able to test it on windows can change it.

This issue involves updating this file : https://git.hush.is/hush/hush3/src/branch/master/depends/packages/libcurl.mk This can be done directly on the dev branch. I would say leave alone the the version that will be used on windows. The person who is able to test it on windows can change it.
jahway603 was assigned by duke 7 months ago
duke commented 7 months ago
Poster
Owner

Done on dev branch

Done on `dev` branch
duke closed this issue 7 months ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
arm
asyncnotedecryption
danger
dev
dev-aarch64
dev-mac
dev-old-randomx
divzaddrs
dragonx
duke
freebsd
getfilterednotes
hip39
insync
jahway603
master
mvstuff
onryo
p2p_privacy
ramhash
relaytx
rx-largepages
setbestchain
warmup
witness_cache
wolfssl
wolfssl_win
z_createrawtransaction
z_importwallet
z_signmessage
Labels
Apply labels
Clear labels
0-500 bounty
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it testing
related to testing tor
related to tor wontfix
this won't be fixed
No Label 0-500 bounty 2001-5000 bounty 501-2000 bounty arm beginners bug build documentation feature high priority i2p low priority medium priority question release testing tor wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
jahway603
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes