lexiforest · perkfly · Jun 19, 2024 · Apr 28, 2024 · Apr 28, 2024 · Apr 28, 2024
diff --git a/Makefile.in b/Makefile.in
@@ -9,16 +9,17 @@ SHELL := bash
 # MAKEFLAGS += --no-builtin-rules
 SUBJOBS := 4
 
-BROTLI_VERSION := 1.0.9
+BROTLI_VERSION := 1.1.0
  # In case this is changed, update build-and-test-make.yml as well
  # In case this is changed, update build-and-test-make.yml as well
 BORING_SSL_COMMIT := d24a38200fef19150eef00cad35b138936c08767
-NGHTTP2_VERSION := nghttp2-1.56.0
-NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.bz2
-CURL_VERSION := curl-8_5_0
+NGHTTP2_VERSION := nghttp2-1.61.0
+NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.bz2
+CURL_VERSION := curl-8_7_1
 
+# https://github.com/google/brotli/commit/641bec0e30bea648b3da1cd90fc6b44deb429f71
 brotli_install_dir := $(abspath brotli-$(BROTLI_VERSION)/out/installed)
-brotli_static_libs := $(brotli_install_dir)/lib/libbrotlicommon-static.a $(brotli_install_dir)/lib/libbrotlidec-static.a
+brotli_static_libs := $(brotli_install_dir)/lib/libbrotlicommon.a $(brotli_install_dir)/lib/libbrotlidec.a
 boringssl_install_dir := $(abspath boringssl/build)
 boringssl_static_libs := $(boringssl_install_dir)/lib/libssl.a $(boringssl_install_dir)/lib/libcrypto.a
 nghttp2_install_dir := $(abspath $(NGHTTP2_VERSION)/installed)
@@ -144,6 +145,7 @@ $(brotli_static_libs): brotli-$(BROTLI_VERSION).tar.gz
 			-DCMAKE_C_FLAGS="$(CFLAGS)" \
 	        -DCMAKE_SYSTEM_NAME=$$system_name \
 	        -DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \
+	        -DBUILD_SHARED_LIBS=OFF \
 	        ..
 
 	@cmake@ --build . --config Release --target install --parallel $(SUBJOBS)

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@
 > 2. ZSTD compression support introduced in Chrome 123.
 > 3. X25519Kyber768 curve introduced in Chrome 124.
 > 4. More options for impersonation Akamai http/2 fingerprints, especially for Safari.
-> 5. Upgrade to more recent version of curl, 8.5.0 as of April, 2024.
+> 5. Upgrade to more recent version of curl, 8.7.1 as of April, 2024.
 > 6. Ability to change extension orders and enable/disable TLS grease.
 > 7. (In progress) Single binary to support both Webkit-based and Gecko-based browsers, i.e. Chrome and Firefox.
 

diff --git a/chrome/curl_chrome100 b/chrome/curl_chrome100
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome101 b/chrome/curl_chrome101
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome104 b/chrome/curl_chrome104
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome107 b/chrome/curl_chrome107
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome110 b/chrome/curl_chrome110
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps --tls-permute-extensions \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome116 b/chrome/curl_chrome116
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps --tls-permute-extensions \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome119 b/chrome/curl_chrome119
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --ech GREASE \
     --tlsv1.2 --alps --tls-permute-extensions \

diff --git a/chrome/curl_chrome120 b/chrome/curl_chrome120
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --ech GREASE \
     --tlsv1.2 --alps --tls-permute-extensions \

diff --git a/chrome/curl_chrome123 b/chrome/curl_chrome123
@@ -26,6 +26,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --ech GREASE \
     --tlsv1.2 --alps --tls-permute-extensions \

diff --git a/chrome/curl_chrome124 b/chrome/curl_chrome124
@@ -29,6 +29,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;2:0;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --ech GREASE \
     --tlsv1.2 --alps --tls-permute-extensions \

diff --git a/chrome/curl_chrome99 b/chrome/curl_chrome99
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_chrome99_android b/chrome/curl_chrome99_android
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_edge101 b/chrome/curl_edge101
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_edge99 b/chrome/curl_edge99
@@ -23,6 +23,8 @@ dir=${0%/*}
     --http2 \
     --http2-settings '1:65536;3:1000;4:6291456;6:262144' \
     --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
     --compressed \
     --tlsv1.2 --alps \
     --cert-compression brotli \

diff --git a/chrome/curl_safari15_3 b/chrome/curl_safari15_3
@@ -18,6 +18,8 @@ dir=${0%/*}
     --http2-settings '4:4194304;3:100' \
     --http2-pseudo-headers-order 'mspa' \
     --http2-window-update 10485760 \
+    --http2-stream-weight 255 \
+    --http2-stream-exclusive 0 \
     --compressed \
     --tlsv1.0 --no-tls-session-ticket \
     --tls-grease \

diff --git a/chrome/curl_safari15_5 b/chrome/curl_safari15_5
@@ -18,6 +18,8 @@ dir=${0%/*}
     --http2-settings '4:4194304;3:100' \
     --http2-pseudo-headers-order 'mspa' \
     --http2-window-update 10485760 \
+    --http2-stream-weight 255 \
+    --http2-stream-exclusive 0 \
     --compressed \
     --tlsv1.0 --no-tls-session-ticket \
     --cert-compression zlib \

diff --git a/chrome/curl_safari17_0 b/chrome/curl_safari17_0
@@ -21,6 +21,8 @@ dir=${0%/*}
     --http2-settings '2:0;4:4194304;3:100' \
     --http2-pseudo-headers-order 'mspa' \
     --http2-window-update 10485760 \
+    --http2-stream-weight 255 \
+    --http2-stream-exclusive 0 \
     --compressed \
     --tlsv1.0 --no-tls-session-ticket \
     --cert-compression zlib \

diff --git a/chrome/curl_safari17_2_ios b/chrome/curl_safari17_2_ios
@@ -21,6 +21,8 @@ dir=${0%/*}
     --http2-settings '2:0;4:2097152;3:100' \
     --http2-pseudo-headers-order 'mspa' \
     --http2-window-update 10485760 \
+    --http2-stream-weight 255 \
+    --http2-stream-exclusive 0 \
     --compressed \
     --tlsv1.0 --no-tls-session-ticket \
     --cert-compression zlib \

diff --git a/chrome/patches/boringssl.patch b/chrome/patches/boringssl.patch
@@ -232,6 +232,20 @@ index c9facb699..eab61611e 100644
    X509_STORE *cert_store = nullptr;
    LHASH_OF(SSL_SESSION) *sessions = nullptr;
    // Most session-ids that will be cached, default is
+diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
+index aa46a8bb6..4e5bddd89 100644
+--- a/ssl/ssl_cert.cc
++++ b/ssl/ssl_cert.cc
+@@ -602,8 +602,7 @@ bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit) {
+     }
+
+     if (!CBS_asn1_bitstring_has_bit(&bit_string, bit)) {
+-      OPENSSL_PUT_ERROR(SSL, SSL_R_KEY_USAGE_BIT_INCORRECT);
+-      return false;
++      // curl-impersonate: bypass the key usage check
+     }
+
+     return true;
 diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
 index fd8cef95d..3d2c8ff6d 100644
 --- a/ssl/ssl_cipher.cc