From 70232dde4319be43011d6ec9328b05ca2b320443 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 18 Feb 2019 18:42:01 +0100 Subject: [PATCH] Resolves: #1669156 - do not let libssh create a new socket for SCP/SFTP --- 0014-curl-7.61.1-libssh-socket.patch | 66 ++++++++++++++++++++++++++++ curl.spec | 9 +++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 0014-curl-7.61.1-libssh-socket.patch diff --git a/0014-curl-7.61.1-libssh-socket.patch b/0014-curl-7.61.1-libssh-socket.patch new file mode 100644 index 0000000..83c9cc7 --- /dev/null +++ b/0014-curl-7.61.1-libssh-socket.patch @@ -0,0 +1,66 @@ +From 095d4cf3b1c388b2871e3783f8c41b1e01200a25 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Felix=20H=C3=A4dicke?= +Date: Wed, 23 Jan 2019 23:47:55 +0100 +Subject: [PATCH] libssh: do not let libssh create socket + +By default, libssh creates a new socket, instead of using the socket +created by curl for SSH connections. + +Pass the socket created by curl to libssh using ssh_options_set() with +SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket +instead of creating a new one. + +This approach is very similar to what is done in the libssh2 code, where +the socket created by curl is passed to libssh2 when +libssh2_session_startup() is called. + +Fixes #3491 +Closes #3495 + +Upstream-commit: 15c94b310bf9e0c92d71fca5a88eb67a1e2548a6 +Signed-off-by: Kamil Dudka +--- + lib/ssh-libssh.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c +index 7d59089..4110be2 100644 +--- a/lib/ssh-libssh.c ++++ b/lib/ssh-libssh.c +@@ -549,6 +549,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) + struct Curl_easy *data = conn->data; + struct SSHPROTO *protop = data->req.protop; + struct ssh_conn *sshc = &conn->proto.sshc; ++ curl_socket_t sock = conn->sock[FIRSTSOCKET]; + int rc = SSH_NO_ERROR, err; + char *new_readdir_line; + int seekerr = CURL_SEEKFUNC_OK; +@@ -792,7 +793,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) + + Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */ + +- conn->sockfd = ssh_get_fd(sshc->ssh_session); ++ conn->sockfd = sock; + conn->writesockfd = CURL_SOCKET_BAD; + + if(conn->handler->protocol == CURLPROTO_SFTP) { +@@ -2048,6 +2049,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) + { + struct ssh_conn *ssh; + CURLcode result; ++ curl_socket_t sock = conn->sock[FIRSTSOCKET]; + struct Curl_easy *data = conn->data; + int rc; + +@@ -2076,6 +2078,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done) + return CURLE_FAILED_INIT; + } + ++ ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock); ++ + if(conn->user) { + infof(data, "User: %s\n", conn->user); + ssh_options_set(ssh->ssh_session, SSH_OPTIONS_USER, conn->user); +-- +2.17.2 + diff --git a/curl.spec b/curl.spec index 179242e..20f5b57 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.61.1 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz @@ -43,6 +43,9 @@ Patch11: 0011-curl-7.61.1-CVE-2019-3823.patch # make zsh completion work again Patch13: 0013-curl-7.61.1-zsh-completion.patch +# do not let libssh create a new socket for SCP/SFTP (#1669156) +Patch14: 0014-curl-7.61.1-libssh-socket.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -214,6 +217,7 @@ git apply %{PATCH4} %patch10 -p1 %patch11 -p1 %patch13 -p1 +%patch14 -p1 # Fedora patches %patch101 -p1 @@ -380,6 +384,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Feb 18 2019 Kamil Dudka - 7.61.1-10 +- do not let libssh create a new socket for SCP/SFTP (#1669156) + * Mon Feb 11 2019 Kamil Dudka - 7.61.1-9 - make zsh completion work again