Resolves: #1658574 - curl -J: do not append to the destination file
This commit is contained in:
parent
3a4404c668
commit
51f07044e3
116
0007-curl-7.63.0-JO-preserve-local-file.patch
Normal file
116
0007-curl-7.63.0-JO-preserve-local-file.patch
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
From ff74657fb645e7175971128a171ef7d5ece40d77 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 17 Dec 2018 12:51:51 +0100
|
||||||
|
Subject: [PATCH] curl -J: do not append to the destination file
|
||||||
|
|
||||||
|
Reported-by: Kamil Dudka
|
||||||
|
Fixes #3380
|
||||||
|
Closes #3381
|
||||||
|
|
||||||
|
Upstream-commit: 4849267197682e69cfa056c2bd7a44acd123a917
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
src/tool_cb_hdr.c | 6 +++---
|
||||||
|
src/tool_cb_wrt.c | 9 ++++-----
|
||||||
|
src/tool_cb_wrt.h | 2 +-
|
||||||
|
src/tool_operate.c | 2 +-
|
||||||
|
4 files changed, 9 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
|
||||||
|
index 84b0d9c..3844904 100644
|
||||||
|
--- a/src/tool_cb_hdr.c
|
||||||
|
+++ b/src/tool_cb_hdr.c
|
||||||
|
@@ -148,12 +148,12 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
|
||||||
|
outs->filename = filename;
|
||||||
|
outs->alloc_filename = TRUE;
|
||||||
|
hdrcbdata->honor_cd_filename = FALSE; /* done now! */
|
||||||
|
- if(!tool_create_output_file(outs, TRUE))
|
||||||
|
+ if(!tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -162,7 +162,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
|
||||||
|
/* bold headers only happen for HTTP(S) and RTSP */
|
||||||
|
char *value = NULL;
|
||||||
|
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
|
||||||
|
if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output)
|
||||||
|
diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
|
||||||
|
index 2cb5e1b..195d6e7 100644
|
||||||
|
--- a/src/tool_cb_wrt.c
|
||||||
|
+++ b/src/tool_cb_wrt.c
|
||||||
|
@@ -32,8 +32,7 @@
|
||||||
|
#include "memdebug.h" /* keep this as LAST include */
|
||||||
|
|
||||||
|
/* create a local file for writing, return TRUE on success */
|
||||||
|
-bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
- bool append)
|
||||||
|
+bool tool_create_output_file(struct OutStruct *outs)
|
||||||
|
{
|
||||||
|
struct GlobalConfig *global = outs->config->global;
|
||||||
|
FILE *file;
|
||||||
|
@@ -43,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(outs->is_cd_filename && !append) {
|
||||||
|
+ if(outs->is_cd_filename) {
|
||||||
|
/* don't overwrite existing files */
|
||||||
|
file = fopen(outs->filename, "rb");
|
||||||
|
if(file) {
|
||||||
|
@@ -55,7 +54,7 @@ bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* open file for writing */
|
||||||
|
- file = fopen(outs->filename, append?"ab":"wb");
|
||||||
|
+ file = fopen(outs->filename, "wb");
|
||||||
|
if(!file) {
|
||||||
|
warnf(global, "Failed to create the file %s: %s\n", outs->filename,
|
||||||
|
strerror(errno));
|
||||||
|
@@ -142,7 +141,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
|
||||||
|
if(is_tty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
|
||||||
|
diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h
|
||||||
|
index 51e002b..188d3ea 100644
|
||||||
|
--- a/src/tool_cb_wrt.h
|
||||||
|
+++ b/src/tool_cb_wrt.h
|
||||||
|
@@ -30,7 +30,7 @@
|
||||||
|
size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata);
|
||||||
|
|
||||||
|
/* create a local file for writing, return TRUE on success */
|
||||||
|
-bool tool_create_output_file(struct OutStruct *outs, bool append);
|
||||||
|
+bool tool_create_output_file(struct OutStruct *outs);
|
||||||
|
|
||||||
|
#endif /* HEADER_CURL_TOOL_CB_WRT_H */
|
||||||
|
|
||||||
|
diff --git a/src/tool_operate.c b/src/tool_operate.c
|
||||||
|
index e53a9d8..429e9cf 100644
|
||||||
|
--- a/src/tool_operate.c
|
||||||
|
+++ b/src/tool_operate.c
|
||||||
|
@@ -1581,7 +1581,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
||||||
|
/* do not create (or even overwrite) the file in case we get no
|
||||||
|
data because of unmet condition */
|
||||||
|
curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &cond_unmet);
|
||||||
|
- if(!cond_unmet && !tool_create_output_file(&outs, FALSE))
|
||||||
|
+ if(!cond_unmet && !tool_create_output_file(&outs))
|
||||||
|
result = CURLE_WRITE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.1
|
Version: 7.61.1
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -25,6 +25,9 @@ Patch5: 0005-curl-7.61.1-CVE-2018-16840.patch
|
|||||||
# SASL password overflow via integer overflow (CVE-2018-16839)
|
# SASL password overflow via integer overflow (CVE-2018-16839)
|
||||||
Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch
|
Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch
|
||||||
|
|
||||||
|
# curl -J: do not append to the destination file (#1658574)
|
||||||
|
Patch7: 0007-curl-7.63.0-JO-preserve-local-file.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -190,6 +193,7 @@ git init
|
|||||||
git apply %{PATCH4}
|
git apply %{PATCH4}
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -356,6 +360,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-6
|
||||||
|
- curl -J: do not append to the destination file (#1658574)
|
||||||
|
|
||||||
* Thu Nov 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-5
|
* Thu Nov 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-5
|
||||||
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
|
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user