diff --git a/0001-curl-7.58.0-h2-goaway.patch b/0001-curl-7.58.0-h2-goaway.patch deleted file mode 100644 index de813f9..0000000 --- a/0001-curl-7.58.0-h2-goaway.patch +++ /dev/null @@ -1,206 +0,0 @@ -From d9a3018050ce24e1ee416c33f4907f238e860ce3 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 10 Mar 2018 23:48:43 +0100 -Subject: [PATCH] http2: mark the connection for close on GOAWAY -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... don't consider it an error! - -Assisted-by: Jay Satiro -Reported-by: Ɓukasz Domeradzki -Fixes #2365 -Closes #2375 - -Upstream-commit: 8b498a875c975294545581282289991bbcfeabf4 -Signed-off-by: Kamil Dudka ---- - lib/http.h | 5 ++--- - lib/http2.c | 33 +++++++++++++++++++++------------ - lib/multi.c | 9 +++------ - 3 files changed, 26 insertions(+), 21 deletions(-) - -diff --git a/lib/http.h b/lib/http.h -index d2781bc..2ce44bb 100644 ---- a/lib/http.h -+++ b/lib/http.h -@@ -7,7 +7,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -172,8 +172,6 @@ struct HTTP { - size_t pauselen; /* the number of bytes left in data */ - bool closed; /* TRUE on HTTP2 stream close */ - bool close_handled; /* TRUE if stream closure is handled by libcurl */ -- uint32_t error_code; /* HTTP/2 error code */ -- - char *mem; /* points to a buffer in memory to store received data */ - size_t len; /* size of the buffer 'mem' points to */ - size_t memlen; /* size of data copied to mem */ -@@ -226,6 +224,7 @@ struct http_conn { - /* list of settings that will be sent */ - nghttp2_settings_entry local_settings[3]; - size_t local_settings_num; -+ uint32_t error_code; /* HTTP/2 error code */ - #else - int unused; /* prevent a compiler warning */ - #endif -diff --git a/lib/http2.c b/lib/http2.c -index 6992879..13a79d1 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -204,7 +204,6 @@ void Curl_http2_setup_req(struct Curl_easy *data) - http->status_code = -1; - http->pausedata = NULL; - http->pauselen = 0; -- http->error_code = NGHTTP2_NO_ERROR; - http->closed = FALSE; - http->close_handled = FALSE; - http->mem = data->state.buffer; -@@ -217,6 +216,7 @@ void Curl_http2_setup_conn(struct connectdata *conn) - { - conn->proto.httpc.settings.max_concurrent_streams = - DEFAULT_MAX_CONCURRENT_STREAMS; -+ conn->proto.httpc.error_code = NGHTTP2_NO_ERROR; - } - - /* -@@ -777,6 +777,7 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, - (void)stream_id; - - if(stream_id) { -+ struct http_conn *httpc; - /* get the stream from the hash based on Stream ID, stream ID zero is for - connection-oriented stuff */ - data_s = nghttp2_session_get_stream_user_data(session, stream_id); -@@ -791,10 +792,11 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, - if(!stream) - return NGHTTP2_ERR_CALLBACK_FAILURE; - -- stream->error_code = error_code; - stream->closed = TRUE; - data_s->state.drain++; -- conn->proto.httpc.drain_total++; -+ httpc = &conn->proto.httpc; -+ httpc->drain_total++; -+ httpc->error_code = error_code; - - /* remove the entry from the hash as the stream is now gone */ - nghttp2_session_set_stream_user_data(session, stream_id, 0); -@@ -1225,13 +1227,14 @@ static int h2_session_send(struct Curl_easy *data, - * This function returns 0 if it succeeds, or -1 and error code will - * be assigned to *err. - */ --static int h2_process_pending_input(struct Curl_easy *data, -+static int h2_process_pending_input(struct connectdata *conn, - struct http_conn *httpc, - CURLcode *err) - { - ssize_t nread; - char *inbuf; - ssize_t rv; -+ struct Curl_easy *data = conn->data; - - nread = httpc->inbuflen - httpc->nread_inbuf; - inbuf = httpc->inbuf + httpc->nread_inbuf; -@@ -1269,7 +1272,13 @@ static int h2_process_pending_input(struct Curl_easy *data, - if(should_close_session(httpc)) { - DEBUGF(infof(data, - "h2_process_pending_input: nothing to do in this session\n")); -- *err = CURLE_HTTP2; -+ if(httpc->error_code) -+ *err = CURLE_HTTP2; -+ else { -+ /* not an error per se, but should still close the connection */ -+ connclose(conn, "GOAWAY received"); -+ *err = CURLE_OK; -+ } - return -1; - } - -@@ -1300,7 +1309,7 @@ CURLcode Curl_http2_done_sending(struct connectdata *conn) - that it can signal EOF to nghttp2 */ - (void)nghttp2_session_resume_data(h2, stream->stream_id); - -- (void)h2_process_pending_input(conn->data, httpc, &result); -+ (void)h2_process_pending_input(conn, httpc, &result); - } - } - return result; -@@ -1324,7 +1333,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, - data->state.drain = 0; - - if(httpc->pause_stream_id == 0) { -- if(h2_process_pending_input(data, httpc, err) != 0) { -+ if(h2_process_pending_input(conn, httpc, err) != 0) { - return -1; - } - } -@@ -1333,10 +1342,10 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, - - /* Reset to FALSE to prevent infinite loop in readwrite_data function. */ - stream->closed = FALSE; -- if(stream->error_code != NGHTTP2_NO_ERROR) { -+ if(httpc->error_code != NGHTTP2_NO_ERROR) { - failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)", -- stream->stream_id, Curl_http2_strerror(stream->error_code), -- stream->error_code); -+ stream->stream_id, Curl_http2_strerror(httpc->error_code), -+ httpc->error_code); - *err = CURLE_HTTP2_STREAM; - return -1; - } -@@ -1484,7 +1493,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, - /* We have paused nghttp2, but we have no pause data (see - on_data_chunk_recv). */ - httpc->pause_stream_id = 0; -- if(h2_process_pending_input(data, httpc, &result) != 0) { -+ if(h2_process_pending_input(conn, httpc, &result) != 0) { - *err = result; - return -1; - } -@@ -1514,7 +1523,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, - frames, then we have to call it again with 0-length data. - Without this, on_stream_close callback will not be called, - and stream could be hanged. */ -- if(h2_process_pending_input(data, httpc, &result) != 0) { -+ if(h2_process_pending_input(conn, httpc, &result) != 0) { - *err = result; - return -1; - } -diff --git a/lib/multi.c b/lib/multi.c -index 43823cc..50f4d87 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -535,11 +535,8 @@ static CURLcode multi_done(struct connectdata **connp, - result = CURLE_ABORTED_BY_CALLBACK; - } - -- if(conn->send_pipe.size + conn->recv_pipe.size != 0 && -- !data->set.reuse_forbid && -- !conn->bits.close) { -- /* Stop if pipeline is not empty and we do not have to close -- connection. */ -+ if(conn->send_pipe.size || conn->recv_pipe.size) { -+ /* Stop if pipeline is not empty . */ - data->easy_conn = NULL; - DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n")); - return CURLE_OK; --- -2.14.3 - diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch index e392a31..13f07df 100644 --- a/0102-curl-7.36.0-debug.patch +++ b/0102-curl-7.36.0-debug.patch @@ -12,7 +12,7 @@ diff --git a/configure b/configure index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -16523,18 +16523,11 @@ $as_echo "yes" >&6; } +@@ -16524,18 +16524,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/curl-7.58.0.tar.xz.asc b/curl-7.58.0.tar.xz.asc deleted file mode 100644 index 715eacb..0000000 --- a/curl-7.58.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlpoMGsACgkQXMkI/bce -EsIxtwgAnazhBf4KjF3bw1XNxgjkWVUwqLlLwEElg4tD6g/uYw9VeZQyy2wQGmgc -yKx2WrfqLDmE1gAqKgvGLdS6qvMtv0x/3gNjOy4/LVYBlVqP+k5p0XZhV3jcg929 -Hkv/Fgp1yvtks98CGEIp6xJSjlnL3x5VEsMslXO7dpfq+6gvnbBVBP7QUOb/CYDg -LHHAIZFSQuTeLKAvvl1koZAZnZ5zD3dtwL8rK4CVD0ugwJplJvGbvoIMNu9uagUZ -CpBV0Pyv0AUsMTohszyOovi/RizHWl8xTynreJh+sx++NZEX2KjsnISpZAxmD6r5 -dtt21mdhrRSsAXmHD8q5LnbrKosbvQ== -=ZqfQ ------END PGP SIGNATURE----- diff --git a/curl-7.59.0.tar.xz.asc b/curl-7.59.0.tar.xz.asc new file mode 100644 index 0000000..e74f7b2 --- /dev/null +++ b/curl-7.59.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlqoxTwACgkQXMkI/bce +EsJrHQf7B0ik8F5dfGYumYWkXHc9poJU+dJ0o6pwzg4QsP+4mwVTw/gnrXDm1hVk +iFPIAdgTkxiIDZi+6mDfZA9dZ8Aq38XbYjRIwXTW4KrjTtEFQXtwlEClrHrJyXfl ++2YC52BcY0D2JVDqUAB9cVSSgaHHf1jd4h32a8YMrwco4jP5rSxbmZe4psU2m8TC +skaZEoSIRJzg5oV+AgDSQMrq+fLsc5lIDKTl+7v6sjnGlcYeRC1SiBePyrh5g/o5 +w4JJH839MyjrYvi6MyCBHeyCFYDrxKvQw8zRwivfZ1oipM2SaSVq8c60PdR85Zw5 +/SNOU/7Qpvhua0GhAfaI/CTwwewy6w== +=OcVv +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 0d50f4d..0083ed1 100644 --- a/curl.spec +++ b/curl.spec @@ -1,13 +1,10 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.58.0 -Release: 8%{?dist} +Version: 7.59.0 +Release: 1%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz -# http2: mark the connection for close on GOAWAY -Patch1: 0001-curl-7.58.0-h2-goaway.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -154,7 +151,6 @@ be installed. %setup -q # upstream patches -%patch1 -p1 # Fedora patches %patch101 -p1 @@ -300,6 +296,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Mar 14 2018 Kamil Dudka - 7.59.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write + CVE-2018-1000121 - LDAP NULL pointer dereference + CVE-2018-1000122 - RTSP RTP buffer over-read + * Mon Mar 12 2018 Kamil Dudka - 7.58.0-8 - http2: mark the connection for close on GOAWAY diff --git a/sources b/sources index d1edf19..f353b13 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (curl-7.58.0.tar.xz) = 965affc74ab8f8c94d1b79ebb8012ca4c1a482c7a3282f2661f6382163e47e3ea657398c1a4202008d0c683a3d2266a05a64a26bd514a64a08e4fe83929dcae5 +SHA512 (curl-7.59.0.tar.xz) = 6982a5950b564d6b2a4f4b96296b6db3db24a096acc68aa96966821b57f66362f5a69d9f2da762b5d2b1011a4a47478ebacaf05e26604f78bb013098749dd8a6