From b34f250825ff5b6f42731126980a7fc32cecf938 Mon Sep 17 00:00:00 2001
From: Yong Tang <yong.tang.github@outlook.com>
Date: Sun, 8 Jan 2023 01:08:34 +0000
Subject: [PATCH 1/2] Update curl to 7.87.0

This PR updates curl to 7.87.0 to fix the following vulnerabilities in previous 7.86.0 inside tensorflow:

- CVE-2022-43552: HTTP Proxy deny use-after-free        2022-12-21
- CVE-2022-43551: Another HSTS bypass via IDN   2022-12-21

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---
 tensorflow/workspace2.bzl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tensorflow/workspace2.bzl b/tensorflow/workspace2.bzl
index 8cfa628e0cf86f..b29b5aad0ed6b6 100644
--- a/tensorflow/workspace2.bzl
+++ b/tensorflow/workspace2.bzl
@@ -500,10 +500,10 @@ def _tf_repositories():
     tf_http_archive(
         name = "curl",
         build_file = "//third_party:curl.BUILD",
-        sha256 = "3dfdd39ba95e18847965cd3051ea6d22586609d9011d91df7bc5521288987a82",
-        strip_prefix = "curl-7.86.0",
+        sha256 = "8a063d664d1c23d35526b87a2bf15514962ffdd8ef7fd40519191b3c23e39548",
+        strip_prefix = "curl-7.87.0",
         system_build_file = "//third_party/systemlibs:curl.BUILD",
-        urls = tf_mirror_urls("https://curl.haxx.se/download/curl-7.86.0.tar.gz"),
+        urls = tf_mirror_urls("https://curl.haxx.se/download/curl-7.87.0.tar.gz"),
     )
 
     # WARNING: make sure ncteisen@ and vpai@ are cc-ed on any CL to change the below rule

From ee70df026000371155a5b8a29ac5092ff53b47b5 Mon Sep 17 00:00:00 2001
From: Yong Tang <yong.tang.github@outlook.com>
Date: Sun, 8 Jan 2023 01:09:06 +0000
Subject: [PATCH 2/2] Fix build failure introduced by curl 7.87

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---
 third_party/curl.BUILD | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/third_party/curl.BUILD b/third_party/curl.BUILD
index 50ccdb52e75cff..09346af8ef6082 100644
--- a/third_party/curl.BUILD
+++ b/third_party/curl.BUILD
@@ -44,6 +44,8 @@ cc_library(
         "lib/bufref.h",
         "lib/c-hyper.c",
         "lib/c-hyper.h",
+        "lib/cfilters.c",
+        "lib/cfilters.h",
         "lib/config-amigaos.h",
         "lib/config-dos.h",
         "lib/config-mac.h",
@@ -170,7 +172,8 @@ cc_library(
         "lib/http_proxy.h",
         "lib/http_aws_sigv4.c",
         "lib/http_aws_sigv4.h",
-        "lib/idn_win32.c",
+        "lib/idn.c",
+        "lib/idn.h",
         "lib/if2ip.c",
         "lib/if2ip.h",
         "lib/imap.c",
@@ -333,6 +336,7 @@ cc_library(
         "lib/vtls/sectransp.h",
         "lib/vtls/vtls.c",
         "lib/vtls/vtls.h",
+        "lib/vtls/vtls_int.h",
         "lib/vtls/wolfssl.c",
         "lib/vtls/wolfssl.h",
         "lib/vtls/x509asn1.c",