From 51f07044e3962c69ccca58ab65ac319c41d420aa Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 19 Dec 2018 13:42:58 +0100 Subject: [PATCH] Resolves: #1658574 - curl -J: do not append to the destination file --- 0007-curl-7.63.0-JO-preserve-local-file.patch | 116 ++++++++++++++++++ curl.spec | 9 +- 2 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 0007-curl-7.63.0-JO-preserve-local-file.patch diff --git a/0007-curl-7.63.0-JO-preserve-local-file.patch b/0007-curl-7.63.0-JO-preserve-local-file.patch new file mode 100644 index 0000000..6799dfa --- /dev/null +++ b/0007-curl-7.63.0-JO-preserve-local-file.patch @@ -0,0 +1,116 @@ +From ff74657fb645e7175971128a171ef7d5ece40d77 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 17 Dec 2018 12:51:51 +0100 +Subject: [PATCH] curl -J: do not append to the destination file + +Reported-by: Kamil Dudka +Fixes #3380 +Closes #3381 + +Upstream-commit: 4849267197682e69cfa056c2bd7a44acd123a917 +Signed-off-by: Kamil Dudka +--- + src/tool_cb_hdr.c | 6 +++--- + src/tool_cb_wrt.c | 9 ++++----- + src/tool_cb_wrt.h | 2 +- + src/tool_operate.c | 2 +- + 4 files changed, 9 insertions(+), 10 deletions(-) + +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c +index 84b0d9c..3844904 100644 +--- a/src/tool_cb_hdr.c ++++ b/src/tool_cb_hdr.c +@@ -148,12 +148,12 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + outs->filename = filename; + outs->alloc_filename = TRUE; + hdrcbdata->honor_cd_filename = FALSE; /* done now! */ +- if(!tool_create_output_file(outs, TRUE)) ++ if(!tool_create_output_file(outs)) + return failure; + } + break; + } +- if(!outs->stream && !tool_create_output_file(outs, FALSE)) ++ if(!outs->stream && !tool_create_output_file(outs)) + return failure; + } + +@@ -162,7 +162,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + /* bold headers only happen for HTTP(S) and RTSP */ + char *value = NULL; + +- if(!outs->stream && !tool_create_output_file(outs, FALSE)) ++ if(!outs->stream && !tool_create_output_file(outs)) + return failure; + + if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output) +diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c +index 2cb5e1b..195d6e7 100644 +--- a/src/tool_cb_wrt.c ++++ b/src/tool_cb_wrt.c +@@ -32,8 +32,7 @@ + #include "memdebug.h" /* keep this as LAST include */ + + /* create a local file for writing, return TRUE on success */ +-bool tool_create_output_file(struct OutStruct *outs, +- bool append) ++bool tool_create_output_file(struct OutStruct *outs) + { + struct GlobalConfig *global = outs->config->global; + FILE *file; +@@ -43,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs, + return FALSE; + } + +- if(outs->is_cd_filename && !append) { ++ if(outs->is_cd_filename) { + /* don't overwrite existing files */ + file = fopen(outs->filename, "rb"); + if(file) { +@@ -55,7 +54,7 @@ bool tool_create_output_file(struct OutStruct *outs, + } + + /* open file for writing */ +- file = fopen(outs->filename, append?"ab":"wb"); ++ file = fopen(outs->filename, "wb"); + if(!file) { + warnf(global, "Failed to create the file %s: %s\n", outs->filename, + strerror(errno)); +@@ -142,7 +141,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) + } + #endif + +- if(!outs->stream && !tool_create_output_file(outs, FALSE)) ++ if(!outs->stream && !tool_create_output_file(outs)) + return failure; + + if(is_tty && (outs->bytes < 2000) && !config->terminal_binary_ok) { +diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h +index 51e002b..188d3ea 100644 +--- a/src/tool_cb_wrt.h ++++ b/src/tool_cb_wrt.h +@@ -30,7 +30,7 @@ + size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata); + + /* create a local file for writing, return TRUE on success */ +-bool tool_create_output_file(struct OutStruct *outs, bool append); ++bool tool_create_output_file(struct OutStruct *outs); + + #endif /* HEADER_CURL_TOOL_CB_WRT_H */ + +diff --git a/src/tool_operate.c b/src/tool_operate.c +index e53a9d8..429e9cf 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -1581,7 +1581,7 @@ static CURLcode operate_do(struct GlobalConfig *global, + /* do not create (or even overwrite) the file in case we get no + data because of unmet condition */ + curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &cond_unmet); +- if(!cond_unmet && !tool_create_output_file(&outs, FALSE)) ++ if(!cond_unmet && !tool_create_output_file(&outs)) + result = CURLE_WRITE_ERROR; + } + +-- +2.17.2 + diff --git a/curl.spec b/curl.spec index df9f6c0..0b17308 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.61.1 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz @@ -25,6 +25,9 @@ Patch5: 0005-curl-7.61.1-CVE-2018-16840.patch # SASL password overflow via integer overflow (CVE-2018-16839) Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch +# curl -J: do not append to the destination file (#1658574) +Patch7: 0007-curl-7.63.0-JO-preserve-local-file.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -190,6 +193,7 @@ git init git apply %{PATCH4} %patch5 -p1 %patch6 -p1 +%patch7 -p1 # Fedora patches %patch101 -p1 @@ -356,6 +360,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Dec 19 2018 Kamil Dudka - 7.61.1-6 +- curl -J: do not append to the destination file (#1658574) + * Thu Nov 15 2018 Kamil Dudka - 7.61.1-5 - make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)