Compare commits
114 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
d1233ad4cd | ||
|
eeb37e29bd | ||
|
2298078d54 | ||
|
c667b141d6 | ||
|
e0bf66ef6c | ||
|
da9af16256 | ||
|
91c50ee6d4 | ||
|
8559ecc1d9 | ||
|
863394fd95 | ||
|
22186831fb | ||
|
a5c984a590 | ||
|
6e794d5beb | ||
|
901da63160 | ||
|
b6ccff47ac | ||
|
3c7950da77 | ||
|
9dd5d73f3b | ||
|
8fd906c559 | ||
|
bbad3e0a62 | ||
|
0ed971f14f | ||
|
7594f15bce | ||
|
902ddefeb5 | ||
|
95008127cf | ||
|
e97fdf9b7f | ||
|
9ace613273 | ||
|
2bdb624139 | ||
|
3c5dec6602 | ||
|
9221f774a1 | ||
|
1a6a3b20a6 | ||
|
da8449decd | ||
|
32b0144f20 | ||
|
49f5a42f96 | ||
|
c30a9c7fdb | ||
|
c91c27bce9 | ||
|
a94ce82de0 | ||
|
34a4d8f848 | ||
|
9be316eea1 | ||
|
2346b66a23 | ||
|
800bb58ef3 | ||
|
84125cbefe | ||
|
ece57c4aa4 | ||
|
20b63790e4 | ||
|
e7b6b91818 | ||
|
8bff7e0d6b | ||
|
023b327acc | ||
|
178b0fc823 | ||
|
35134a4aee | ||
|
3fb6e23557 | ||
|
85286dc2b3 | ||
|
bcdea58703 | ||
|
072eac2fb6 | ||
|
a89a46eca8 | ||
|
d41d215108 | ||
|
9f5f0d1189 | ||
|
befa5428f0 | ||
|
4f55f71cfe | ||
|
e51a34d6cc | ||
|
09c874db53 | ||
|
5a0fa9250b | ||
|
a1b38730ce | ||
|
6402b496fc | ||
|
bdef0a1bf6 | ||
|
43b81665b0 | ||
|
bdc6ab544b | ||
|
a16f4de7a2 | ||
|
5012445aca | ||
|
960515d8a1 | ||
|
1bbb30f4f6 | ||
|
b76e2f2c65 | ||
|
bf966a954e | ||
|
3ad2894efb | ||
|
cbbefe6fb9 | ||
|
93c55561d3 | ||
|
ed352e927e | ||
|
5d4a9257c3 | ||
|
c4a2596b22 | ||
|
46c8abb050 | ||
|
c7e4ac606d | ||
|
b2dab7f315 | ||
|
57a73689a9 | ||
|
0480ac07c5 | ||
|
8eae4647c3 | ||
|
019e1c424c | ||
|
a12eed4ad5 | ||
|
46ef14b039 | ||
|
8e0d8e3815 | ||
|
ffdd721180 | ||
|
574639b8f6 | ||
|
46042daf78 | ||
|
0aa4c628e2 | ||
|
4af228aa7a | ||
|
6ec12398a3 | ||
|
a042788c8a | ||
|
03b8614ff6 | ||
|
44f7d8692a | ||
|
18e7a55066 | ||
|
0aa20e6c92 | ||
|
e4d662f774 | ||
|
f7041f17bf | ||
|
3be7c46fde | ||
|
9549974a4c | ||
|
1e77c47734 | ||
|
0f99fceebe | ||
|
db1a758364 | ||
|
9b62c3eaeb | ||
|
0d44d984ff | ||
|
a5dd610a20 | ||
|
d469b84593 | ||
|
4832a02ce4 | ||
|
c870f5feb8 | ||
|
c1fbf35cce | ||
|
efea9223f3 | ||
|
8afeb9390f | ||
|
9ec0774d38 | ||
|
00369df034 |
@ -1,33 +0,0 @@
|
||||
From a57cd03551cb373bd69278d7281026ac147bb4b4 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 7 Nov 2016 12:54:40 +0100
|
||||
Subject: [PATCH 1/2] ssh: check md5 fingerprints case insensitively
|
||||
(regression)
|
||||
|
||||
Revert the change from ce8d09483eea but use the new function
|
||||
|
||||
Reported-by: Kamil Dudka
|
||||
Bug: https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146
|
||||
|
||||
Upstream-commit: 50aded1cd4bb751cad52c39c4fa1f06ebc5e133e
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/ssh.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ssh.c b/lib/ssh.c
|
||||
index 43c8283..0df030d 100644
|
||||
--- a/lib/ssh.c
|
||||
+++ b/lib/ssh.c
|
||||
@@ -676,7 +676,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
|
||||
* against a known fingerprint, if available.
|
||||
*/
|
||||
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
|
||||
- if(!fingerprint || strcmp(md5buffer, pubkey_md5)) {
|
||||
+ if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
|
||||
if(fingerprint)
|
||||
failf(data,
|
||||
"Denied establishing ssh session: mismatch md5 fingerprint. "
|
||||
--
|
||||
2.7.4
|
||||
|
316
0001-curl-7.67.0-upload-glob.patch
Normal file
316
0001-curl-7.67.0-upload-glob.patch
Normal file
@ -0,0 +1,316 @@
|
||||
From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Wed, 13 Nov 2019 11:33:29 +0100
|
||||
Subject: [PATCH] curl: fix -T globbing
|
||||
|
||||
Regression from e59371a4936f8 (7.67.0)
|
||||
|
||||
Added test 490, 491 and 492 to verify the functionality.
|
||||
|
||||
Reported-by: Kamil Dudka
|
||||
Reported-by: Anderson Sasaki
|
||||
|
||||
Fixes #4588
|
||||
Closes #4591
|
||||
|
||||
Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/tool_operate.c | 15 ++++---
|
||||
tests/data/Makefile.inc | 2 +
|
||||
tests/data/test490 | 68 +++++++++++++++++++++++++++++++
|
||||
tests/data/test491 | 64 +++++++++++++++++++++++++++++
|
||||
tests/data/test492 | 89 +++++++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 232 insertions(+), 6 deletions(-)
|
||||
create mode 100644 tests/data/test490
|
||||
create mode 100644 tests/data/test491
|
||||
create mode 100644 tests/data/test492
|
||||
|
||||
diff --git a/src/tool_operate.c b/src/tool_operate.c
|
||||
index 3087d2d..4ecb1ed 100644
|
||||
--- a/src/tool_operate.c
|
||||
+++ b/src/tool_operate.c
|
||||
@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
|
||||
separator = ((!state->outfiles ||
|
||||
!strcmp(state->outfiles, "-")) && urlnum > 1);
|
||||
|
||||
- /* Here's looping around each globbed URL */
|
||||
-
|
||||
- if(state->li >= urlnum) {
|
||||
- state->li = 0;
|
||||
- state->up++;
|
||||
- }
|
||||
if(state->up < state->infilenum) {
|
||||
struct per_transfer *per;
|
||||
struct OutStruct *outs;
|
||||
@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
|
||||
per->retrystart = tvnow();
|
||||
|
||||
state->li++;
|
||||
+ /* Here's looping around each globbed URL */
|
||||
+ if(state->li >= urlnum) {
|
||||
+ state->li = 0;
|
||||
+ state->urlnum = 0; /* forced reglob of URLs */
|
||||
+ glob_cleanup(state->urls);
|
||||
+ state->urls = NULL;
|
||||
+ state->up++;
|
||||
+ Curl_safefree(state->uploadfile); /* clear it to get the next */
|
||||
+ }
|
||||
}
|
||||
else {
|
||||
/* Free this URL node data without destroying the
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index 557f928..212900e 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -66,6 +66,8 @@ test393 test394 test395 \
|
||||
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
|
||||
test409 \
|
||||
\
|
||||
+test490 test491 test492 \
|
||||
+\
|
||||
test500 test501 test502 test503 test504 test505 test506 test507 test508 \
|
||||
test509 test510 test511 test512 test513 test514 test515 test516 test517 \
|
||||
test518 test519 test520 test521 test522 test523 test524 test525 test526 \
|
||||
diff --git a/tests/data/test490 b/tests/data/test490
|
||||
new file mode 100644
|
||||
index 0000000..a3383a9
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test490
|
||||
@@ -0,0 +1,68 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+HTTP PUT
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+#
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data>
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 6
|
||||
+Connection: close
|
||||
+Content-Type: text/html
|
||||
+Funny-head: yesyes
|
||||
+
|
||||
+-foo-
|
||||
+</data>
|
||||
+</reply>
|
||||
+
|
||||
+#
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+ <name>
|
||||
+Two globbed HTTP PUTs
|
||||
+ </name>
|
||||
+ <command>
|
||||
+http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
|
||||
+</command>
|
||||
+<file name="log/in490">
|
||||
+surprise!
|
||||
+</file>
|
||||
+</client>
|
||||
+
|
||||
+#
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+<strip>
|
||||
+^User-Agent:.*
|
||||
+</strip>
|
||||
+<protocol>
|
||||
+PUT /490 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Content-Length: 10
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+surprise!
|
||||
+PUT /490 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Content-Length: 10
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+surprise!
|
||||
+</protocol>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
diff --git a/tests/data/test491 b/tests/data/test491
|
||||
new file mode 100644
|
||||
index 0000000..b49c06c
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test491
|
||||
@@ -0,0 +1,64 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+HTTP PUT
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+#
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data>
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 6
|
||||
+Connection: close
|
||||
+Content-Type: text/html
|
||||
+Funny-head: yesyes
|
||||
+
|
||||
+-foo-
|
||||
+</data>
|
||||
+</reply>
|
||||
+
|
||||
+#
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+ <name>
|
||||
+Two globbed HTTP PUTs, the second upload file is missing
|
||||
+ </name>
|
||||
+ <command>
|
||||
+http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
|
||||
+</command>
|
||||
+<file name="log/in491">
|
||||
+surprise!
|
||||
+</file>
|
||||
+</client>
|
||||
+
|
||||
+#
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+<strip>
|
||||
+^User-Agent:.*
|
||||
+</strip>
|
||||
+<protocol>
|
||||
+PUT /491 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Content-Length: 10
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+surprise!
|
||||
+</protocol>
|
||||
+<errorcode>
|
||||
+26
|
||||
+</errorcode>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
diff --git a/tests/data/test492 b/tests/data/test492
|
||||
new file mode 100644
|
||||
index 0000000..12edd8b
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test492
|
||||
@@ -0,0 +1,89 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+HTTP PUT
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+#
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data>
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 6
|
||||
+Connection: close
|
||||
+Content-Type: text/html
|
||||
+Funny-head: yesyes
|
||||
+
|
||||
+-foo-
|
||||
+</data>
|
||||
+</reply>
|
||||
+
|
||||
+#
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+ <name>
|
||||
+Two globbed HTTP PUTs to two globbed URLs
|
||||
+ </name>
|
||||
+ <command>
|
||||
+'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
|
||||
+</command>
|
||||
+<file name="log/first492">
|
||||
+first 492 contents
|
||||
+</file>
|
||||
+<file1 name="log/second492">
|
||||
+second 492 contents
|
||||
+</file1>
|
||||
+</client>
|
||||
+
|
||||
+#
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+<strip>
|
||||
+^User-Agent:.*
|
||||
+</strip>
|
||||
+<protocol>
|
||||
+PUT /one/first492 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Testno: 492
|
||||
+Content-Length: 19
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+first 492 contents
|
||||
+PUT /two/first492 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Testno: 492
|
||||
+Content-Length: 19
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+first 492 contents
|
||||
+PUT /one/second492 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Testno: 492
|
||||
+Content-Length: 20
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+second 492 contents
|
||||
+PUT /two/second492 HTTP/1.1
|
||||
+Host: 127.0.0.1:8990
|
||||
+Accept: */*
|
||||
+Testno: 492
|
||||
+Content-Length: 20
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+second 492 contents
|
||||
+</protocol>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,91 +0,0 @@
|
||||
From 93d20cffd3b6b8dc9705f3252c09c9269d8ac705 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 11 Nov 2016 08:09:04 +0100
|
||||
Subject: [PATCH 2/2] URL-parser: for file://[host]/ URLs, the [host] must be
|
||||
localhost
|
||||
|
||||
Previously, the [host] part was just ignored which made libcurl accept
|
||||
strange URLs misleading users. like "file://etc/passwd" which might've
|
||||
looked like it refers to "/etc/passwd" but is just "/passwd" since the
|
||||
"etc" is an ignored host name.
|
||||
|
||||
Reported-by: Mike Crowe
|
||||
Assisted-by: Kamil Dudka
|
||||
|
||||
Upstream-commit: 346340808c89db33803ef7461dee191ff7c3d07f
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/url.c | 55 ++++++++++++++++++++++++++++++-------------------------
|
||||
1 file changed, 30 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index b997f41..9a8f6e3 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -4065,33 +4065,38 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
|
||||
* the URL protocols specified in RFC 1738
|
||||
*/
|
||||
if(path[0] != '/') {
|
||||
- /* the URL included a host name, we ignore host names in file:// URLs
|
||||
- as the standards don't define what to do with them */
|
||||
- char *ptr=strchr(path, '/');
|
||||
- if(ptr) {
|
||||
- /* there was a slash present
|
||||
-
|
||||
- RFC1738 (section 3.1, page 5) says:
|
||||
-
|
||||
- The rest of the locator consists of data specific to the scheme,
|
||||
- and is known as the "url-path". It supplies the details of how the
|
||||
- specified resource can be accessed. Note that the "/" between the
|
||||
- host (or port) and the url-path is NOT part of the url-path.
|
||||
-
|
||||
- As most agents use file://localhost/foo to get '/foo' although the
|
||||
- slash preceding foo is a separator and not a slash for the path,
|
||||
- a URL as file://localhost//foo must be valid as well, to refer to
|
||||
- the same file with an absolute path.
|
||||
- */
|
||||
+ /* the URL includes a host name, it must match "localhost" or
|
||||
+ "127.0.0.1" to be valid */
|
||||
+ char *ptr;
|
||||
+ if(!checkprefix("localhost/", path) &&
|
||||
+ !checkprefix("127.0.0.1/", path)) {
|
||||
+ failf(data, "Valid host name with slash missing in URL");
|
||||
+ return CURLE_URL_MALFORMAT;
|
||||
+ }
|
||||
+ ptr = &path[9]; /* now points to the slash after the host */
|
||||
|
||||
- if(ptr[1] && ('/' == ptr[1]))
|
||||
- /* if there was two slashes, we skip the first one as that is then
|
||||
- used truly as a separator */
|
||||
- ptr++;
|
||||
+ /* there was a host name and slash present
|
||||
|
||||
- /* This cannot be made with strcpy, as the memory chunks overlap! */
|
||||
- memmove(path, ptr, strlen(ptr)+1);
|
||||
- }
|
||||
+ RFC1738 (section 3.1, page 5) says:
|
||||
+
|
||||
+ The rest of the locator consists of data specific to the scheme,
|
||||
+ and is known as the "url-path". It supplies the details of how the
|
||||
+ specified resource can be accessed. Note that the "/" between the
|
||||
+ host (or port) and the url-path is NOT part of the url-path.
|
||||
+
|
||||
+ As most agents use file://localhost/foo to get '/foo' although the
|
||||
+ slash preceding foo is a separator and not a slash for the path,
|
||||
+ a URL as file://localhost//foo must be valid as well, to refer to
|
||||
+ the same file with an absolute path.
|
||||
+ */
|
||||
+
|
||||
+ if('/' == ptr[1])
|
||||
+ /* if there was two slashes, we skip the first one as that is then
|
||||
+ used truly as a separator */
|
||||
+ ptr++;
|
||||
+
|
||||
+ /* This cannot be made with strcpy, as the memory chunks overlap! */
|
||||
+ memmove(path, ptr, strlen(ptr)+1);
|
||||
}
|
||||
|
||||
protop = "file"; /* protocol string */
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,285 +0,0 @@
|
||||
From 53782619bae773a4034bc53b3b0bd858f90190dc Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 27 Oct 2016 14:27:25 +0200
|
||||
Subject: [PATCH 1/4] nss: map CURL_SSLVERSION_DEFAULT to NSS default
|
||||
|
||||
... but make sure we use at least TLSv1.0 according to libcurl API
|
||||
|
||||
Reported-by: Cure53
|
||||
Reviewed-by: Ray Satiro
|
||||
|
||||
Upstream-commit: 5d45ced7a45ea38e32f1cbf73d7c63a3e4f241e7
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 14 +++++++++++++-
|
||||
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index dff1575..5abb574 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1489,10 +1489,18 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
||||
struct Curl_easy *data)
|
||||
{
|
||||
switch(data->set.ssl.version) {
|
||||
- default:
|
||||
case CURL_SSLVERSION_DEFAULT:
|
||||
+ /* map CURL_SSLVERSION_DEFAULT to NSS default */
|
||||
+ if(SSL_VersionRangeGetDefault(ssl_variant_stream, sslver) != SECSuccess)
|
||||
+ return CURLE_SSL_CONNECT_ERROR;
|
||||
+ /* ... but make sure we use at least TLSv1.0 according to libcurl API */
|
||||
+ if(sslver->min < SSL_LIBRARY_VERSION_TLS_1_0)
|
||||
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
+ return CURLE_OK;
|
||||
+
|
||||
case CURL_SSLVERSION_TLSv1:
|
||||
sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
+ /* TODO: set sslver->max to SSL_LIBRARY_VERSION_TLS_1_3 once stable */
|
||||
#ifdef SSL_LIBRARY_VERSION_TLS_1_2
|
||||
sslver->max = SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
#elif defined SSL_LIBRARY_VERSION_TLS_1_1
|
||||
@@ -1532,6 +1540,10 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
||||
return CURLE_OK;
|
||||
#endif
|
||||
break;
|
||||
+
|
||||
+ default:
|
||||
+ /* unsupported SSL/TLS version */
|
||||
+ break;
|
||||
}
|
||||
|
||||
failf(data, "TLS minor version cannot be set");
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
||||
From 6a42abb03de6e5afe859313b236f2b776ca51722 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 27 Oct 2016 14:57:11 +0200
|
||||
Subject: [PATCH 2/4] vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
|
||||
|
||||
Fully implemented with the NSS backend only for now.
|
||||
|
||||
Reviewed-by: Ray Satiro
|
||||
|
||||
Upstream-commit: 6ad3add60654182a747f5971afb40817488ef0e8
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 2 ++
|
||||
docs/libcurl/symbols-in-versions | 1 +
|
||||
include/curl/curl.h | 1 +
|
||||
lib/vtls/nss.c | 8 ++++++++
|
||||
4 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
index 2f40e46..1854af0 100644
|
||||
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
@@ -48,6 +48,8 @@ TLSv1.0 (Added in 7.34.0)
|
||||
TLSv1.1 (Added in 7.34.0)
|
||||
.IP CURL_SSLVERSION_TLSv1_2
|
||||
TLSv1.2 (Added in 7.34.0)
|
||||
+.IP CURL_SSLVERSION_TLSv1_3
|
||||
+TLSv1.3 (Added in 7.51.1)
|
||||
.RE
|
||||
.SH DEFAULT
|
||||
CURL_SSLVERSION_DEFAULT
|
||||
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
|
||||
index f6365ae..a77fde4 100644
|
||||
--- a/docs/libcurl/symbols-in-versions
|
||||
+++ b/docs/libcurl/symbols-in-versions
|
||||
@@ -773,6 +773,7 @@ CURL_SSLVERSION_TLSv1 7.9.2
|
||||
CURL_SSLVERSION_TLSv1_0 7.34.0
|
||||
CURL_SSLVERSION_TLSv1_1 7.34.0
|
||||
CURL_SSLVERSION_TLSv1_2 7.34.0
|
||||
+CURL_SSLVERSION_TLSv1_3 7.51.1
|
||||
CURL_TIMECOND_IFMODSINCE 7.9.7
|
||||
CURL_TIMECOND_IFUNMODSINCE 7.9.7
|
||||
CURL_TIMECOND_LASTMOD 7.9.7
|
||||
diff --git a/include/curl/curl.h b/include/curl/curl.h
|
||||
index 9c09cb9..03fcfeb 100644
|
||||
--- a/include/curl/curl.h
|
||||
+++ b/include/curl/curl.h
|
||||
@@ -1805,6 +1805,7 @@ enum {
|
||||
CURL_SSLVERSION_TLSv1_0,
|
||||
CURL_SSLVERSION_TLSv1_1,
|
||||
CURL_SSLVERSION_TLSv1_2,
|
||||
+ CURL_SSLVERSION_TLSv1_3,
|
||||
|
||||
CURL_SSLVERSION_LAST /* never use, keep last */
|
||||
};
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 5abb574..5e52727 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1541,6 +1541,14 @@ static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
||||
#endif
|
||||
break;
|
||||
|
||||
+ case CURL_SSLVERSION_TLSv1_3:
|
||||
+#ifdef SSL_LIBRARY_VERSION_TLS_1_3
|
||||
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_3;
|
||||
+ sslver->max = SSL_LIBRARY_VERSION_TLS_1_3;
|
||||
+ return CURLE_OK;
|
||||
+#endif
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
/* unsupported SSL/TLS version */
|
||||
break;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
||||
From d930268ab522ac7ea7ccd83671d22f57148f3d21 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 27 Oct 2016 14:58:43 +0200
|
||||
Subject: [PATCH 3/4] curl: introduce the --tlsv1.3 option to force TLS 1.3
|
||||
|
||||
Fully implemented with the NSS backend only for now.
|
||||
|
||||
Reviewed-by: Ray Satiro
|
||||
|
||||
Upstream-commit: a110a03b43057879643046538c79cc9dd20d399a
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
docs/curl.1 | 10 +++++++---
|
||||
src/tool_getparam.c | 5 +++++
|
||||
src/tool_help.c | 1 +
|
||||
src/tool_setopt.c | 1 +
|
||||
4 files changed, 14 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/docs/curl.1 b/docs/curl.1
|
||||
index f5375ed..e9c6150 100644
|
||||
--- a/docs/curl.1
|
||||
+++ b/docs/curl.1
|
||||
@@ -176,9 +176,9 @@ HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
|
||||
.IP "-1, --tlsv1"
|
||||
(SSL)
|
||||
Forces curl to use TLS version 1.x when negotiating with a remote TLS server.
|
||||
-You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to
|
||||
-control the TLS version more precisely (if the SSL backend in use supports such
|
||||
-a level of control).
|
||||
+You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, \fI--tlsv1.2\fP, and
|
||||
+\fI--tlsv1.3\fP to control the TLS version more precisely (if the SSL backend
|
||||
+in use supports such a level of control).
|
||||
.IP "-2, --sslv2"
|
||||
(SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
|
||||
server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
|
||||
@@ -1820,6 +1820,10 @@ Forces curl to use TLS version 1.1 when negotiating with a remote TLS server.
|
||||
(SSL)
|
||||
Forces curl to use TLS version 1.2 when negotiating with a remote TLS server.
|
||||
(Added in 7.34.0)
|
||||
+.IP "--tlsv1.3"
|
||||
+(SSL)
|
||||
+Forces curl to use TLS version 1.3 when negotiating with a remote TLS server.
|
||||
+(Added in 7.51.1)
|
||||
.IP "--tr-encoding"
|
||||
(HTTP) Request a compressed Transfer-Encoding response using one of the
|
||||
algorithms curl supports, and uncompress the data while receiving it.
|
||||
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
|
||||
index 95dd455..2d16e06 100644
|
||||
--- a/src/tool_getparam.c
|
||||
+++ b/src/tool_getparam.c
|
||||
@@ -190,6 +190,7 @@ static const struct LongShort aliases[]= {
|
||||
{"10", "tlsv1.0", FALSE},
|
||||
{"11", "tlsv1.1", FALSE},
|
||||
{"12", "tlsv1.2", FALSE},
|
||||
+ {"13", "tlsv1.3", FALSE},
|
||||
{"2", "sslv2", FALSE},
|
||||
{"3", "sslv3", FALSE},
|
||||
{"4", "ipv4", FALSE},
|
||||
@@ -1061,6 +1062,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
/* TLS version 1.2 */
|
||||
config->ssl_version = CURL_SSLVERSION_TLSv1_2;
|
||||
break;
|
||||
+ case '3':
|
||||
+ /* TLS version 1.3 */
|
||||
+ config->ssl_version = CURL_SSLVERSION_TLSv1_3;
|
||||
+ break;
|
||||
}
|
||||
break;
|
||||
case '2':
|
||||
diff --git a/src/tool_help.c b/src/tool_help.c
|
||||
index fb428c9..9890cc8 100644
|
||||
--- a/src/tool_help.c
|
||||
+++ b/src/tool_help.c
|
||||
@@ -232,6 +232,7 @@ static const char *const helptext[] = {
|
||||
" --tlsv1.0 Use TLSv1.0 (SSL)",
|
||||
" --tlsv1.1 Use TLSv1.1 (SSL)",
|
||||
" --tlsv1.2 Use TLSv1.2 (SSL)",
|
||||
+ " --tlsv1.3 Use TLSv1.3 (SSL)",
|
||||
" --trace FILE Write a debug trace to FILE",
|
||||
" --trace-ascii FILE Like --trace, but without hex output",
|
||||
" --trace-time Add time stamps to trace/verbose output",
|
||||
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
|
||||
index c854225..f3de09d 100644
|
||||
--- a/src/tool_setopt.c
|
||||
+++ b/src/tool_setopt.c
|
||||
@@ -83,6 +83,7 @@ const NameValue setopt_nv_CURL_SSLVERSION[] = {
|
||||
NV(CURL_SSLVERSION_TLSv1_0),
|
||||
NV(CURL_SSLVERSION_TLSv1_1),
|
||||
NV(CURL_SSLVERSION_TLSv1_2),
|
||||
+ NV(CURL_SSLVERSION_TLSv1_3),
|
||||
NVEND,
|
||||
};
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
||||
From 2fce531638a12f44ea1fbc52e86ca795a3a4e4e2 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 15 Nov 2016 12:21:00 +0100
|
||||
Subject: [PATCH 4/4] docs: the next release will be 7.52.0
|
||||
|
||||
Upstream-commit: cfd69c133984a5df3de63b4f8c5f64885c6e33ae
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
docs/curl.1 | 2 +-
|
||||
docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 2 +-
|
||||
docs/libcurl/symbols-in-versions | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/docs/curl.1 b/docs/curl.1
|
||||
index e9c6150..05d1a8d 100644
|
||||
--- a/docs/curl.1
|
||||
+++ b/docs/curl.1
|
||||
@@ -1823,7 +1823,7 @@ Forces curl to use TLS version 1.2 when negotiating with a remote TLS server.
|
||||
.IP "--tlsv1.3"
|
||||
(SSL)
|
||||
Forces curl to use TLS version 1.3 when negotiating with a remote TLS server.
|
||||
-(Added in 7.51.1)
|
||||
+(Added in 7.52.0)
|
||||
.IP "--tr-encoding"
|
||||
(HTTP) Request a compressed Transfer-Encoding response using one of the
|
||||
algorithms curl supports, and uncompress the data while receiving it.
|
||||
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
index 1854af0..77dfcd4 100644
|
||||
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
|
||||
@@ -49,7 +49,7 @@ TLSv1.1 (Added in 7.34.0)
|
||||
.IP CURL_SSLVERSION_TLSv1_2
|
||||
TLSv1.2 (Added in 7.34.0)
|
||||
.IP CURL_SSLVERSION_TLSv1_3
|
||||
-TLSv1.3 (Added in 7.51.1)
|
||||
+TLSv1.3 (Added in 7.52.0)
|
||||
.RE
|
||||
.SH DEFAULT
|
||||
CURL_SSLVERSION_DEFAULT
|
||||
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
|
||||
index a77fde4..ef730c8 100644
|
||||
--- a/docs/libcurl/symbols-in-versions
|
||||
+++ b/docs/libcurl/symbols-in-versions
|
||||
@@ -773,7 +773,7 @@ CURL_SSLVERSION_TLSv1 7.9.2
|
||||
CURL_SSLVERSION_TLSv1_0 7.34.0
|
||||
CURL_SSLVERSION_TLSv1_1 7.34.0
|
||||
CURL_SSLVERSION_TLSv1_2 7.34.0
|
||||
-CURL_SSLVERSION_TLSv1_3 7.51.1
|
||||
+CURL_SSLVERSION_TLSv1_3 7.52.0
|
||||
CURL_TIMECOND_IFMODSINCE 7.9.7
|
||||
CURL_TIMECOND_IFUNMODSINCE 7.9.7
|
||||
CURL_TIMECOND_LASTMOD 7.9.7
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,283 +0,0 @@
|
||||
From 7ad1cdfb256f7e1b84fc960a8ca1403cca5d930f Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 8 Nov 2016 15:30:33 +0100
|
||||
Subject: [PATCH 1/2] printf: fix ".*f" handling
|
||||
|
||||
It would always use precision 1 instead of reading it from the argument
|
||||
list as intended.
|
||||
|
||||
Reported-by: Ray Satiro
|
||||
|
||||
Bug: #1113
|
||||
|
||||
Upstream-commit: 5dd1b65f79bc6dc75b752c53f3fa853b2a3b6d69
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/mprintf.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/lib/mprintf.c b/lib/mprintf.c
|
||||
index 2c88aa8..e1ad537 100644
|
||||
--- a/lib/mprintf.c
|
||||
+++ b/lib/mprintf.c
|
||||
@@ -303,7 +303,6 @@ static int dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
|
||||
flags |= FLAGS_ALT;
|
||||
break;
|
||||
case '.':
|
||||
- flags |= FLAGS_PREC;
|
||||
if('*' == *fmt) {
|
||||
/* The precision is picked from a specified parameter */
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
||||
From 3162df571802b2c94d9969b6b269cd0d50c6650d Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 8 Nov 2016 15:32:37 +0100
|
||||
Subject: [PATCH 2/2] printf: fix floating point buffer overflow issues
|
||||
|
||||
... and add a bunch of floating point printf tests
|
||||
|
||||
Upstream-commit: 3ab3c16db6a5674f53cf23d56512a405fde0b2c9
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/mprintf.c | 20 +++++++-
|
||||
tests/data/test557 | 1 +
|
||||
tests/libtest/lib557.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++--
|
||||
3 files changed, 152 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/lib/mprintf.c b/lib/mprintf.c
|
||||
index e1ad537..e3a690b 100644
|
||||
--- a/lib/mprintf.c
|
||||
+++ b/lib/mprintf.c
|
||||
@@ -92,7 +92,8 @@
|
||||
# define mp_uintmax_t unsigned long
|
||||
#endif
|
||||
|
||||
-#define BUFFSIZE 256 /* buffer for long-to-str and float-to-str calcs */
|
||||
+#define BUFFSIZE 326 /* buffer for long-to-str and float-to-str calcs, should
|
||||
+ fit negative DBL_MAX (317 letters) */
|
||||
#define MAX_PARAMETERS 128 /* lame static limit */
|
||||
|
||||
#ifdef __AMIGA__
|
||||
@@ -916,12 +917,25 @@ static int dprintf_formatf(
|
||||
*fptr = 0;
|
||||
|
||||
if(width >= 0) {
|
||||
+ if(width >= (long)sizeof(work))
|
||||
+ width = sizeof(work)-1;
|
||||
/* RECURSIVE USAGE */
|
||||
len = curl_msnprintf(fptr, left, "%ld", width);
|
||||
fptr += len;
|
||||
left -= len;
|
||||
}
|
||||
if(prec >= 0) {
|
||||
+ /* for each digit in the integer part, we can have one less
|
||||
+ precision */
|
||||
+ size_t maxprec = sizeof(work) - 2;
|
||||
+ double val = p->data.dnum;
|
||||
+ while(val >= 10.0) {
|
||||
+ val /= 10;
|
||||
+ maxprec--;
|
||||
+ }
|
||||
+
|
||||
+ if(prec > (long)maxprec)
|
||||
+ prec = maxprec-1;
|
||||
/* RECURSIVE USAGE */
|
||||
len = curl_msnprintf(fptr, left, ".%ld", prec);
|
||||
fptr += len;
|
||||
@@ -941,7 +955,9 @@ static int dprintf_formatf(
|
||||
/* NOTE NOTE NOTE!! Not all sprintf implementations return number of
|
||||
output characters */
|
||||
(sprintf)(work, formatbuf, p->data.dnum);
|
||||
-
|
||||
+#ifdef CURLDEBUG
|
||||
+ assert(strlen(work) <= sizeof(work));
|
||||
+#endif
|
||||
for(fptr=work; *fptr; fptr++)
|
||||
OUTCHAR(*fptr);
|
||||
}
|
||||
diff --git a/tests/data/test557 b/tests/data/test557
|
||||
index 8d0944a..ad9350f 100644
|
||||
--- a/tests/data/test557
|
||||
+++ b/tests/data/test557
|
||||
@@ -40,6 +40,7 @@ All curl_mprintf() unsigned long tests OK!
|
||||
All curl_mprintf() signed long tests OK!
|
||||
All curl_mprintf() curl_off_t tests OK!
|
||||
All curl_mprintf() strings tests OK!
|
||||
+All float strings tests OK!
|
||||
</stdout>
|
||||
</verify>
|
||||
|
||||
diff --git a/tests/libtest/lib557.c b/tests/libtest/lib557.c
|
||||
index 683ca08..8c62a0e 100644
|
||||
--- a/tests/libtest/lib557.c
|
||||
+++ b/tests/libtest/lib557.c
|
||||
@@ -1374,16 +1374,31 @@ static int test_curl_off_t_formatting(void)
|
||||
return failed;
|
||||
}
|
||||
|
||||
-static int string_check(char *buf, const char *buf2)
|
||||
+static int _string_check(int linenumber, char *buf, const char *buf2)
|
||||
{
|
||||
if(strcmp(buf, buf2)) {
|
||||
/* they shouldn't differ */
|
||||
- printf("sprintf failed:\nwe '%s'\nsystem: '%s'\n",
|
||||
- buf, buf2);
|
||||
+ printf("sprintf line %d failed:\nwe '%s'\nsystem: '%s'\n",
|
||||
+ linenumber, buf, buf2);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
+#define string_check(x,y) _string_check(__LINE__, x, y)
|
||||
+
|
||||
+static int _strlen_check(int linenumber, char *buf, size_t len)
|
||||
+{
|
||||
+ size_t buflen = strlen(buf);
|
||||
+ if(len != buflen) {
|
||||
+ /* they shouldn't differ */
|
||||
+ printf("sprintf strlen:%d failed:\nwe '%d'\nsystem: '%d'\n",
|
||||
+ linenumber, buflen, len);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#define strlen_check(x,y) _strlen_check(__LINE__, x, y)
|
||||
|
||||
/*
|
||||
* The output strings in this test need to have been verified with a system
|
||||
@@ -1523,6 +1538,119 @@ static int test_weird_arguments(void)
|
||||
return errors;
|
||||
}
|
||||
|
||||
+/* DBL_MAX value from Linux */
|
||||
+#define MAXIMIZE -179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368.000000
|
||||
+
|
||||
+static int test_float_formatting(void)
|
||||
+{
|
||||
+ int errors = 0;
|
||||
+ char buf[512]; /* larger than max float size */
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%f", 9.0);
|
||||
+ errors += string_check(buf, "9.000000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.1f", 9.1);
|
||||
+ errors += string_check(buf, "9.1");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.2f", 9.1);
|
||||
+ errors += string_check(buf, "9.10");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.0f", 9.1);
|
||||
+ errors += string_check(buf, "9");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%0f", 9.1);
|
||||
+ errors += string_check(buf, "9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%10f", 9.1);
|
||||
+ errors += string_check(buf, " 9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%10.3f", 9.1);
|
||||
+ errors += string_check(buf, " 9.100");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%-10.3f", 9.1);
|
||||
+ errors += string_check(buf, "9.100 ");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%-10.3f", 9.123456);
|
||||
+ errors += string_check(buf, "9.123 ");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.-2f", 9.1);
|
||||
+ errors += string_check(buf, "9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", 10, 9.1);
|
||||
+ errors += string_check(buf, " 9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", 3, 9.1);
|
||||
+ errors += string_check(buf, "9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", 6, 9.2987654);
|
||||
+ errors += string_check(buf, "9.298765");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", 6, 9.298765);
|
||||
+ errors += string_check(buf, "9.298765");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", 6, 9.29876);
|
||||
+ errors += string_check(buf, "9.298760");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 6, 9.2987654);
|
||||
+ errors += string_check(buf, "9.298765");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 5, 9.2987654);
|
||||
+ errors += string_check(buf, "9.29877");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 4, 9.2987654);
|
||||
+ errors += string_check(buf, "9.2988");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 3, 9.2987654);
|
||||
+ errors += string_check(buf, "9.299");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 2, 9.2987654);
|
||||
+ errors += string_check(buf, "9.30");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 1, 9.2987654);
|
||||
+ errors += string_check(buf, "9.3");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", 0, 9.2987654);
|
||||
+ errors += string_check(buf, "9");
|
||||
+
|
||||
+ /* very large precisions easily turn into system specific outputs so we only
|
||||
+ check the output buffer length here as we know the internal limit */
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%.*f", (1<<30), 9.2987654);
|
||||
+ errors += strlen_check(buf, 325);
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%10000.10000f", 9.2987654);
|
||||
+ errors += strlen_check(buf, 325);
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%240.10000f",
|
||||
+ 123456789123456789123456789.2987654);
|
||||
+ errors += strlen_check(buf, 325);
|
||||
+
|
||||
+ /* 1<<31 turns negative (-2147483648) when used signed */
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", (1<<31), 9.1);
|
||||
+ errors += string_check(buf, "9.100000");
|
||||
+
|
||||
+ /* curl_msnprintf() limits a single float output to 325 bytes maximum
|
||||
+ width */
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%*f", (1<<30), 9.1);
|
||||
+ errors += string_check(buf, " 9.100000");
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%100000f", 9.1);
|
||||
+ errors += string_check(buf, " 9.100000");
|
||||
+
|
||||
+ curl_msnprintf(buf, sizeof(buf), "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 317);
|
||||
+
|
||||
+ curl_msnprintf(buf, 2, "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 1);
|
||||
+ curl_msnprintf(buf, 3, "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 2);
|
||||
+ curl_msnprintf(buf, 4, "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 3);
|
||||
+ curl_msnprintf(buf, 5, "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 4);
|
||||
+ curl_msnprintf(buf, 6, "%f", MAXIMIZE);
|
||||
+ errors += strlen_check(buf, 5);
|
||||
+
|
||||
+ if(!errors)
|
||||
+ printf("All float strings tests OK!\n");
|
||||
+ else
|
||||
+ printf("test_float_formatting Failed!\n");
|
||||
+
|
||||
+ return errors;
|
||||
+}
|
||||
+
|
||||
|
||||
int test(char *URL)
|
||||
{
|
||||
@@ -1547,6 +1675,8 @@ int test(char *URL)
|
||||
|
||||
errors += test_string_formatting();
|
||||
|
||||
+ errors += test_float_formatting();
|
||||
+
|
||||
if(errors)
|
||||
return TEST_ERR_MAJOR_BAD;
|
||||
else
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,225 +0,0 @@
|
||||
From eb160abce0ac45a8e070d9fa995c61a416a58ddd Mon Sep 17 00:00:00 2001
|
||||
From: Dan Fandrich <dan@coneharvesters.com>
|
||||
Date: Sat, 11 Mar 2017 10:59:34 +0100
|
||||
Subject: [PATCH 1/2] tool_writeout: fixed a buffer read overrun on --write-out
|
||||
|
||||
If a % ended the statement, the string's trailing NUL would be skipped
|
||||
and memory past the end of the buffer would be accessed and potentially
|
||||
displayed as part of the --write-out output. Added tests 1440 and 1441
|
||||
to check for this kind of condition.
|
||||
|
||||
Reported-by: Brian Carpenter
|
||||
|
||||
Upstream-commit: 1890d59905414ab84a35892b2e45833654aa5c13
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/tool_writeout.c | 2 +-
|
||||
tests/data/Makefile.inc | 2 +-
|
||||
tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
|
||||
tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
|
||||
4 files changed, 64 insertions(+), 2 deletions(-)
|
||||
create mode 100644 tests/data/test1440
|
||||
create mode 100644 tests/data/test1441
|
||||
|
||||
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
|
||||
index 2fb7774..7843182 100644
|
||||
--- a/src/tool_writeout.c
|
||||
+++ b/src/tool_writeout.c
|
||||
@@ -109,7 +109,7 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
|
||||
double doubleinfo;
|
||||
|
||||
while(ptr && *ptr) {
|
||||
- if('%' == *ptr) {
|
||||
+ if('%' == *ptr && ptr[1]) {
|
||||
if('%' == ptr[1]) {
|
||||
/* an escaped %-letter */
|
||||
fputc('%', stream);
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index 8251ab9..2e70895 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -148,7 +148,7 @@ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
|
||||
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
|
||||
test1424 \
|
||||
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
|
||||
-test1436 test1437 \
|
||||
+test1436 test1437 test1440 test1441 \
|
||||
\
|
||||
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
|
||||
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
|
||||
diff --git a/tests/data/test1440 b/tests/data/test1440
|
||||
new file mode 100644
|
||||
index 0000000..7ed0c4d
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test1440
|
||||
@@ -0,0 +1,31 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+--write-out
|
||||
+</keywords>
|
||||
+</info>
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+file
|
||||
+</server>
|
||||
+
|
||||
+<name>
|
||||
+Check --write-out with trailing %{
|
||||
+</name>
|
||||
+<command>
|
||||
+file://localhost/%PWD/log/ --write-out '%{'
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+# Verify data
|
||||
+<verify>
|
||||
+<stdout nonewline="yes">
|
||||
+%{
|
||||
+</stdout>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
diff --git a/tests/data/test1441 b/tests/data/test1441
|
||||
new file mode 100644
|
||||
index 0000000..6e253a6
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test1441
|
||||
@@ -0,0 +1,31 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+--write-out
|
||||
+</keywords>
|
||||
+</info>
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+file
|
||||
+</server>
|
||||
+
|
||||
+<name>
|
||||
+Check --write-out with trailing %
|
||||
+</name>
|
||||
+<command>
|
||||
+file://localhost/%PWD/log/ --write-out '%'
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+# Verify data
|
||||
+<verify>
|
||||
+<stdout nonewline="yes">
|
||||
+%
|
||||
+</stdout>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.9.3
|
||||
|
||||
|
||||
From 67bee1434a17065da7db3fc2915c494f289f46de Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 24 Mar 2017 10:14:21 +0100
|
||||
Subject: [PATCH 2/2] curl: check for end of input in writeout backslash
|
||||
handling
|
||||
|
||||
Reported-by: Brian Carpenter
|
||||
|
||||
Added test 1442 to verify
|
||||
|
||||
Upstream-commit: 8e65877870c1fac920b65219adec720df810aab9
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/tool_writeout.c | 4 ++--
|
||||
tests/data/Makefile.inc | 2 +-
|
||||
tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 38 insertions(+), 3 deletions(-)
|
||||
create mode 100644 tests/data/test1442
|
||||
|
||||
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
|
||||
index 7843182..5d92bd2 100644
|
||||
--- a/src/tool_writeout.c
|
||||
+++ b/src/tool_writeout.c
|
||||
@@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -320,7 +320,7 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
|
||||
}
|
||||
}
|
||||
}
|
||||
- else if('\\' == *ptr) {
|
||||
+ else if('\\' == *ptr && ptr[1]) {
|
||||
switch(ptr[1]) {
|
||||
case 'r':
|
||||
fputc('\r', stream);
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index 2e70895..267ff6a 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -148,7 +148,7 @@ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
|
||||
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
|
||||
test1424 \
|
||||
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
|
||||
-test1436 test1437 test1440 test1441 \
|
||||
+test1436 test1437 test1440 test1441 test1442 \
|
||||
\
|
||||
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
|
||||
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
|
||||
diff --git a/tests/data/test1442 b/tests/data/test1442
|
||||
new file mode 100644
|
||||
index 0000000..255a4c9
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test1442
|
||||
@@ -0,0 +1,35 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+--write-out
|
||||
+FILE
|
||||
+</keywords>
|
||||
+</info>
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+file
|
||||
+</server>
|
||||
+
|
||||
+<name>
|
||||
+Check --write-out with trailing \
|
||||
+</name>
|
||||
+<command>
|
||||
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+# Verify data
|
||||
+<verify>
|
||||
+<errorcode>
|
||||
+37
|
||||
+</errorcode>
|
||||
+<stdout nonewline="yes">
|
||||
+\
|
||||
+</stdout>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.9.3
|
||||
|
@ -1,65 +0,0 @@
|
||||
From e7e5ada376af33d00b75c1f80f4b2d0438cb91f6 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Sun, 25 Dec 2016 11:01:17 +0100
|
||||
Subject: [PATCH] docs/ciphers: link to our own new page about ciphers
|
||||
|
||||
... as the former ones always go stale!
|
||||
|
||||
Upstream-commit: 209b2302272b86c2bbe4d3d2b62e1695655f8670
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
docs/curl.1 | 6 +-----
|
||||
docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 | 8 ++------
|
||||
2 files changed, 3 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/docs/curl.1 b/docs/curl.1
|
||||
index 05d1a8d..915e3d1 100644
|
||||
--- a/docs/curl.1
|
||||
+++ b/docs/curl.1
|
||||
@@ -292,11 +292,7 @@ If this option is used several times, the last one will be used.
|
||||
.IP "--ciphers <list of ciphers>"
|
||||
(SSL) Specifies which ciphers to use in the connection. The list of ciphers
|
||||
must specify valid ciphers. Read up on SSL cipher list details on this URL:
|
||||
-\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP
|
||||
-
|
||||
-NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS
|
||||
-ciphers is in the NSSCipherSuite entry at this URL:
|
||||
-\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
|
||||
+\fIhttps://curl.haxx.se/docs/ssl-ciphers.html\fP
|
||||
|
||||
If this option is used several times, the last one will be used.
|
||||
.IP "--compressed"
|
||||
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
|
||||
index 71833b5..f6b9459 100644
|
||||
--- a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
|
||||
+++ b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
|
||||
@@ -5,7 +5,7 @@
|
||||
.\" * | (__| |_| | _ <| |___
|
||||
.\" * \___|\___/|_| \_\_____|
|
||||
.\" *
|
||||
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" *
|
||||
.\" * This software is licensed as described in the file COPYING, which
|
||||
.\" * you should have received as part of this distribution. The terms
|
||||
@@ -40,16 +40,12 @@ compile OpenSSL.
|
||||
|
||||
You'll find more details about cipher lists on this URL:
|
||||
|
||||
- https://www.openssl.org/docs/apps/ciphers.html
|
||||
+ https://curl.haxx.se/docs/ssl-ciphers.html
|
||||
|
||||
For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5',
|
||||
\'rsa_aes_128_sha\', etc. With NSS you don't add/remove ciphers. If one uses
|
||||
this option then all known ciphers are disabled and only those passed in are
|
||||
enabled.
|
||||
-
|
||||
-You'll find more details about the NSS cipher lists on this URL:
|
||||
-
|
||||
- http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives
|
||||
.SH DEFAULT
|
||||
NULL, use internal default
|
||||
.SH PROTOCOLS
|
||||
--
|
||||
2.9.4
|
||||
|
@ -1,104 +0,0 @@
|
||||
From fe9bc87820bd2afa72d014d5316b0287e70587e6 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 20 Jul 2017 08:05:59 +0200
|
||||
Subject: [PATCH 1/2] nss: unify the coding style of nss_send() and nss_recv()
|
||||
|
||||
No changes in behavior intended by this commit.
|
||||
|
||||
Upstream-commit: c89eb6d0f87a3620074bc04a6af255e5dc3a523e
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 17 +++++++++++------
|
||||
1 file changed, 11 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 4e5f4b3..ab4ddff 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -2013,8 +2013,10 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
||||
size_t len, /* amount to write */
|
||||
CURLcode *curlcode)
|
||||
{
|
||||
- ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
|
||||
- PR_INTERVAL_NO_WAIT);
|
||||
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
+ ssize_t rc;
|
||||
+
|
||||
+ rc = PR_Send(connssl->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
|
||||
if(rc < 0) {
|
||||
PRInt32 err = PR_GetError();
|
||||
if(err == PR_WOULD_BLOCK_ERROR)
|
||||
@@ -2038,14 +2040,17 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
||||
return rc; /* number of bytes */
|
||||
}
|
||||
|
||||
-static ssize_t nss_recv(struct connectdata * conn, /* connection data */
|
||||
- int num, /* socketindex */
|
||||
+static ssize_t nss_recv(struct connectdata *conn, /* connection data */
|
||||
+ int sockindex, /* socketindex */
|
||||
char *buf, /* store read data here */
|
||||
size_t buffersize, /* max amount to read */
|
||||
CURLcode *curlcode)
|
||||
{
|
||||
- ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
|
||||
- PR_INTERVAL_NO_WAIT);
|
||||
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
+ ssize_t nread;
|
||||
+
|
||||
+ nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0,
|
||||
+ PR_INTERVAL_NO_WAIT);
|
||||
if(nread < 0) {
|
||||
/* failed SSL read */
|
||||
PRInt32 err = PR_GetError();
|
||||
--
|
||||
2.9.4
|
||||
|
||||
|
||||
From f6c464a55a2319901c4f22d0d65cc437f691f55c Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Wed, 19 Jul 2017 18:02:26 +0200
|
||||
Subject: [PATCH 2/2] nss: fix a possible use-after-free in SelectClientCert()
|
||||
|
||||
... causing a SIGSEGV in showit() in case the handle used to initiate
|
||||
the connection has already been freed.
|
||||
|
||||
This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.
|
||||
|
||||
Reported-by: Rob Sanders
|
||||
Bug: https://bugzilla.redhat.com/1436158
|
||||
|
||||
Upstream-commit: 42a4cd4c78b3feb5ca07286479129116e125a730
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index ab4ddff..4c90400 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -2016,6 +2016,10 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
ssize_t rc;
|
||||
|
||||
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
|
||||
+ handle stored in nss_setup_connect() could have already been freed. */
|
||||
+ connssl->data = conn->data;
|
||||
+
|
||||
rc = PR_Send(connssl->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
|
||||
if(rc < 0) {
|
||||
PRInt32 err = PR_GetError();
|
||||
@@ -2049,6 +2053,10 @@ static ssize_t nss_recv(struct connectdata *conn, /* connection data */
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
ssize_t nread;
|
||||
|
||||
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
|
||||
+ handle stored in nss_setup_connect() could have already been freed. */
|
||||
+ connssl->data = conn->data;
|
||||
+
|
||||
nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0,
|
||||
PR_INTERVAL_NO_WAIT);
|
||||
if(nread < 0) {
|
||||
--
|
||||
2.9.4
|
||||
|
@ -1,95 +0,0 @@
|
||||
From 8846a6507283f2bfe439cc3679ac81aca5ee3447 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 1 Aug 2017 17:16:07 +0200
|
||||
Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
|
||||
range
|
||||
|
||||
Added test 1289 to verify.
|
||||
|
||||
CVE-2017-1000101
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20170809A.html
|
||||
Reported-by: Brian Carpenter
|
||||
|
||||
Upstream-commit: 453e7a7a03a2cec749abd3878a48e728c515cca7
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/tool_urlglob.c | 5 ++++-
|
||||
tests/data/Makefile.inc | 2 +-
|
||||
tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 40 insertions(+), 2 deletions(-)
|
||||
create mode 100644 tests/data/test1289
|
||||
|
||||
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
|
||||
index d002f27..caf2385 100644
|
||||
--- a/src/tool_urlglob.c
|
||||
+++ b/src/tool_urlglob.c
|
||||
@@ -269,7 +269,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
|
||||
}
|
||||
errno = 0;
|
||||
max_n = strtoul(pattern, &endp, 10);
|
||||
- if(errno || (*endp == ':')) {
|
||||
+ if(errno)
|
||||
+ /* overflow */
|
||||
+ endp = NULL;
|
||||
+ else if(*endp == ':') {
|
||||
pattern = endp+1;
|
||||
errno = 0;
|
||||
step_n = strtoul(pattern, &endp, 10);
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index ecfedc9..be69e7c 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -128,7 +128,7 @@ test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \
|
||||
test1228 test1229 test1230 test1231 test1232 test1233 test1234 test1235 \
|
||||
test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
|
||||
test1244 test1245 test1246 \
|
||||
-\
|
||||
+test1289 \
|
||||
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
|
||||
test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
|
||||
test1316 test1317 test1318 test1319 test1320 test1321 test1322 \
|
||||
diff --git a/tests/data/test1289 b/tests/data/test1289
|
||||
new file mode 100644
|
||||
index 0000000..d679cc0
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test1289
|
||||
@@ -0,0 +1,35 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+HTTP GET
|
||||
+globbing
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+#
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+<name>
|
||||
+globbing with overflow and bad syntxx
|
||||
+</name>
|
||||
+<command>
|
||||
+http://ur%20[0-60000000000000000000
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+# curl: (3) [globbing] bad range in column
|
||||
+<errorcode>
|
||||
+3
|
||||
+</errorcode>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.9.4
|
||||
|
@ -1,49 +0,0 @@
|
||||
From d30858296331b3ab1dc57043eef66fddf87637c3 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 1 Aug 2017 17:16:46 +0200
|
||||
Subject: [PATCH] tftp: reject file name lengths that don't fit
|
||||
|
||||
... and thereby avoid telling send() to send off more bytes than the
|
||||
size of the buffer!
|
||||
|
||||
CVE-2017-1000100
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20170809B.html
|
||||
Reported-by: Even Rouault
|
||||
|
||||
Credit to OSS-Fuzz for the discovery
|
||||
|
||||
Upstream-commit: 358b2b131ad6c095696f20dcfa62b8305263f898
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/tftp.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/tftp.c b/lib/tftp.c
|
||||
index f2f8347..92b3edf 100644
|
||||
--- a/lib/tftp.c
|
||||
+++ b/lib/tftp.c
|
||||
@@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -490,6 +490,11 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
+ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
|
||||
+ failf(data, "TFTP file name too long\n");
|
||||
+ return CURLE_TFTP_ILLEGAL; /* too long file name field */
|
||||
+ }
|
||||
+
|
||||
snprintf((char *)state->spacket.data+2,
|
||||
state->blksize,
|
||||
"%s%c%s%c", filename, '\0', mode, '\0');
|
||||
--
|
||||
2.9.4
|
||||
|
@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
|
||||
index 150004d..95d0759 100644
|
||||
--- a/curl-config.in
|
||||
+++ b/curl-config.in
|
||||
@@ -75,7 +75,7 @@ while test $# -gt 0; do
|
||||
@@ -76,7 +76,7 @@ while test $# -gt 0; do
|
||||
;;
|
||||
|
||||
--cc)
|
||||
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
|
||||
;;
|
||||
|
||||
--prefix)
|
||||
@@ -142,29 +142,14 @@ while test $# -gt 0; do
|
||||
@@ -155,32 +155,17 @@ while test $# -gt 0; do
|
||||
;;
|
||||
|
||||
--libs)
|
||||
@ -38,6 +38,9 @@ index 150004d..95d0759 100644
|
||||
- fi
|
||||
+ echo -lcurl
|
||||
;;
|
||||
--ssl-backends)
|
||||
echo "@SSL_BACKENDS@"
|
||||
;;
|
||||
|
||||
--static-libs)
|
||||
- if test "X@ENABLE_STATIC@" != "Xno" ; then
|
||||
@ -58,8 +61,8 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
|
||||
index 14a9d2b..ffcc004 100644
|
||||
--- a/docs/curl-config.1
|
||||
+++ b/docs/curl-config.1
|
||||
@@ -65,7 +65,9 @@ be listed using uppercase and are separated by newlines. There may be none,
|
||||
one, or several protocols in the list. (Added in 7.13.0)
|
||||
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
|
||||
comma-separated. (Added in 7.58.0)
|
||||
.IP "--static-libs"
|
||||
Shows the complete set of libs and other linker options you will need in order
|
||||
-to link your application with libcurl statically. (Added in 7.17.1)
|
||||
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
||||
index 8f079a3..53b4774 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -16620,18 +16620,11 @@ $as_echo "yes" >&6; }
|
||||
@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
|
||||
gccvhi=`echo $gccver | cut -d . -f1`
|
||||
gccvlo=`echo $gccver | cut -d . -f2`
|
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||
@ -27,7 +27,7 @@ index 8f079a3..53b4774 100755
|
||||
+ flags_dbg_all=""
|
||||
flags_dbg_yes="-g"
|
||||
flags_dbg_off=""
|
||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
|
||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
|
||||
- flags_opt_yes="-O2"
|
||||
+ flags_opt_all=""
|
||||
+ flags_opt_yes=""
|
||||
@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
||||
index 0cbba7a..9175b5b 100644
|
||||
--- a/m4/curl-compilers.m4
|
||||
+++ b/m4/curl-compilers.m4
|
||||
@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
||||
@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
||||
gccvhi=`echo $gccver | cut -d . -f1`
|
||||
gccvlo=`echo $gccver | cut -d . -f2`
|
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||
@ -53,7 +53,7 @@ index 0cbba7a..9175b5b 100644
|
||||
+ flags_dbg_all=""
|
||||
flags_dbg_yes="-g"
|
||||
flags_dbg_off=""
|
||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
|
||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
|
||||
- flags_opt_yes="-O2"
|
||||
+ flags_opt_all=""
|
||||
+ flags_opt_yes=""
|
||||
|
34
0103-curl-7.59.0-python3.patch
Normal file
34
0103-curl-7.59.0-python3.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 15 Mar 2018 14:49:56 +0100
|
||||
Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
|
||||
|
||||
Unfortunately, smbserver.py does not work with Python 3 because
|
||||
there is no 'impacket' module available for Python 3:
|
||||
|
||||
https://github.com/CoreSecurity/impacket/issues/61
|
||||
---
|
||||
tests/negtelnetserver.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
|
||||
index 8cfd409..72ee771 100755
|
||||
--- a/tests/negtelnetserver.py
|
||||
+++ b/tests/negtelnetserver.py
|
||||
@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
|
||||
response_data = response.encode('ascii')
|
||||
else:
|
||||
log.debug("Received normal request - echoing back")
|
||||
- response_data = data.strip()
|
||||
+ response_data = data.decode('utf8').strip()
|
||||
|
||||
if response_data:
|
||||
log.debug("Sending %r", response_data)
|
||||
- self.request.sendall(response_data)
|
||||
+ self.request.sendall(response_data.encode('utf8'))
|
||||
|
||||
except IOError:
|
||||
log.exception("IOError hit during request")
|
||||
--
|
||||
2.14.3
|
||||
|
@ -14,8 +14,8 @@ index e441278..b0958b6 100644
|
||||
+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
|
||||
</command>
|
||||
<precheck>
|
||||
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
|
||||
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
|
||||
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
|
||||
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
|
||||
</precheck>
|
||||
</client>
|
||||
|
||||
|
39
0105-curl-7.63.0-lib1560-valgrind.patch
Normal file
39
0105-curl-7.63.0-lib1560-valgrind.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 4 Feb 2019 17:32:56 +0100
|
||||
Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
|
||||
|
||||
... to prevent valgrind from reporting false positives on x86_64:
|
||||
|
||||
Conditional jump or move depends on uninitialised value(s)
|
||||
at 0x10BCAA: part2id (lib1560.c:489)
|
||||
by 0x10BCAA: updateurl (lib1560.c:521)
|
||||
by 0x10BCAA: set_parts (lib1560.c:630)
|
||||
by 0x10BCAA: test (lib1560.c:802)
|
||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
|
||||
|
||||
Conditional jump or move depends on uninitialised value(s)
|
||||
at 0x10BCC3: part2id (lib1560.c:491)
|
||||
by 0x10BCC3: updateurl (lib1560.c:521)
|
||||
by 0x10BCC3: set_parts (lib1560.c:630)
|
||||
by 0x10BCC3: test (lib1560.c:802)
|
||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
|
||||
---
|
||||
tests/libtest/Makefile.inc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
||||
index 080421b..ea3b806 100644
|
||||
--- a/tests/libtest/Makefile.inc
|
||||
+++ b/tests/libtest/Makefile.inc
|
||||
@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib1559_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
|
||||
lib1560_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
--
|
||||
2.17.2
|
||||
|
@ -1,10 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABCgAGBQJYGY4MAAoJEFzJCP23HhLCNkQH/0AjH+fRd4vuv9/AoO2CjZGf
|
||||
JEXOPF2ZfKeBKc14dPfxhNj/klX3JvmLG9Z1jZLySWYl1/be0CM0LSoxh11rtioO
|
||||
FiScVNNdUOUnJ6b8m0qVoX1wx9lCn3pjVKGzkfCx4pZ3eZDhtSRBbKNe+92fSOTk
|
||||
nnMEDDj9q9C++yO8EMifDBfyX2u+JCpvnUu3EFa/znRjZB88Uyrc9Li+fl4aBfo1
|
||||
IyH8EGmM0QkYBuGZhQBGg6mYg8LkG0JROHpk+j3lh9hZNA2An7tIEhbqoktaLW2i
|
||||
Ude6R2g2/AdqfZrifY3fBXHc4d0XO4T7GIGREmo4TKDHTLDthKSNTTHt2a9dpiI=
|
||||
=v+YR
|
||||
-----END PGP SIGNATURE-----
|
11
curl-7.67.0.tar.xz.asc
Normal file
11
curl-7.67.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
|
||||
EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
|
||||
kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
|
||||
O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
|
||||
s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
|
||||
ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
|
||||
3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
|
||||
=5gov
|
||||
-----END PGP SIGNATURE-----
|
596
curl.spec
596
curl.spec
@ -1,37 +1,12 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.51.0
|
||||
Release: 9%{?dist}
|
||||
Version: 7.67.0
|
||||
Release: 2%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
# ssh: check md5 fingerprints case insensitively
|
||||
Patch1: 0001-curl-7.51.0-ssh-md5.patch
|
||||
|
||||
# stricter host name checking for file:// URLs
|
||||
Patch2: 0002-curl-7.51.0-file-host.patch
|
||||
|
||||
# map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 (#1396719)
|
||||
Patch3: 0003-curl-7.51.0-tls-version.patch
|
||||
|
||||
# fix floating point buffer overflow issues (CVE-2016-9586)
|
||||
Patch4: 0004-curl-7.51.0-CVE-2016-9586.patch
|
||||
|
||||
# fix out of bounds read in curl --write-out (CVE-2017-7407)
|
||||
Patch5: 0005-curl-7.51.0-CVE-2017-7407.patch
|
||||
|
||||
# fix links to documentation of TLS cipher-suites (#1463532)
|
||||
Patch6: 0006-curl-7.51.0-ciphers-man-page.patch
|
||||
|
||||
# nss: fix a possible use-after-free in SelectClientCert() (#1436158)
|
||||
Patch7: 0007-curl-7.54.1-nss-cc-use-after-free.patch
|
||||
|
||||
# do not continue parsing of glob after range overflow (CVE-2017-1000101)
|
||||
Patch9: 0009-curl-7.54.1-CVE-2017-1000101.patch
|
||||
|
||||
# tftp: reject file name lengths that do not fit buffer (CVE-2017-1000100)
|
||||
Patch10: 0010-curl-7.54.1-CVE-2017-1000100.patch
|
||||
# fix infinite loop on upload using a glob (#1771025)
|
||||
Patch1: 0001-curl-7.67.0-upload-glob.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
@ -39,30 +14,53 @@ Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
# prevent configure script from discarding -g in CFLAGS (#496778)
|
||||
Patch102: 0102-curl-7.36.0-debug.patch
|
||||
|
||||
# migrate tests/http_pipe.py to Python 3
|
||||
Patch103: 0103-curl-7.59.0-python3.patch
|
||||
|
||||
# use localhost6 instead of ip6-localhost in the curl test-suite
|
||||
Patch104: 0104-curl-7.19.7-localhost6.patch
|
||||
|
||||
# prevent valgrind from reporting false positives on x86_64
|
||||
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
||||
|
||||
Provides: curl-full = %{version}-%{release}
|
||||
Provides: webclient
|
||||
URL: http://curl.haxx.se/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
|
||||
URL: https://curl.haxx.se/
|
||||
BuildRequires: automake
|
||||
BuildRequires: brotli-devel
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: groff
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libidn2-devel
|
||||
BuildRequires: libmetalink-devel
|
||||
BuildRequires: libnghttp2-devel
|
||||
BuildRequires: libpsl-devel
|
||||
BuildRequires: libssh2-devel
|
||||
BuildRequires: multilib-rpm-config
|
||||
BuildRequires: nss-devel
|
||||
BuildRequires: libssh-devel
|
||||
BuildRequires: make
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: openssh-clients
|
||||
BuildRequires: openssh-server
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: python
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: sed
|
||||
BuildRequires: stunnel
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
# needed to compress content of tool_hugehelp.c after changing curl.1 man page
|
||||
BuildRequires: perl(IO::Compress::Gzip)
|
||||
|
||||
# needed for generation of shell completions
|
||||
BuildRequires: perl(Getopt::Long)
|
||||
BuildRequires: perl(Pod::Usage)
|
||||
BuildRequires: perl(strict)
|
||||
BuildRequires: perl(warnings)
|
||||
|
||||
# gnutls-serv is used by the upstream test-suite
|
||||
BuildRequires: gnutls-utils
|
||||
|
||||
# nghttpx (an HTTP/2 proxy) is used by the upstream test-suite
|
||||
BuildRequires: nghttp2
|
||||
|
||||
@ -75,27 +73,34 @@ BuildRequires: perl(File::Copy)
|
||||
BuildRequires: perl(File::Spec)
|
||||
BuildRequires: perl(IPC::Open2)
|
||||
BuildRequires: perl(MIME::Base64)
|
||||
BuildRequires: perl(strict)
|
||||
BuildRequires: perl(Time::Local)
|
||||
BuildRequires: perl(Time::HiRes)
|
||||
BuildRequires: perl(warnings)
|
||||
BuildRequires: perl(vars)
|
||||
|
||||
# The test-suite runs automatically trough valgrind if valgrind is available
|
||||
# The test-suite runs automatically through valgrind if valgrind is available
|
||||
# on the system. By not installing valgrind into mock's chroot, we disable
|
||||
# this feature for production builds on architectures where valgrind is known
|
||||
# to be less reliable, in order to avoid unnecessary build failures (see RHBZ
|
||||
# #810992, #816175, and #886891). Nevertheless developers are free to install
|
||||
# valgrind manually to improve test coverage on any architecture.
|
||||
%ifarch %{ix86} x86_64
|
||||
%ifarch x86_64
|
||||
BuildRequires: valgrind
|
||||
%endif
|
||||
|
||||
Requires: libcurl%{?_isa} = %{version}-%{release}
|
||||
# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
|
||||
Requires: libcurl%{?_isa} >= %{version}-%{release}
|
||||
|
||||
# require at least the version of libssh2 that we were built against,
|
||||
# require at least the version of libpsl that we were built against,
|
||||
# to ensure that we have the necessary symbols available (#1631804)
|
||||
%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0)
|
||||
|
||||
# require at least the version of libssh that we were built against,
|
||||
# to ensure that we have the necessary symbols available (#525002, #642796)
|
||||
%global libssh2_version %(pkg-config --modversion libssh2 2>/dev/null || echo 0)
|
||||
%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0)
|
||||
|
||||
# require at least the version of openssl-libs that we were built against,
|
||||
# to ensure that we have the necessary symbols available (#1462184, #1462211)
|
||||
%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
|
||||
|
||||
%description
|
||||
curl is a command line tool for transferring data with URL syntax, supporting
|
||||
@ -107,12 +112,11 @@ resume, proxy tunneling and a busload of other useful tricks.
|
||||
|
||||
%package -n libcurl
|
||||
Summary: A library for getting files from web servers
|
||||
Group: Development/Libraries
|
||||
Requires: libssh2%{?_isa} >= %{libssh2_version}
|
||||
|
||||
# libnsspem.so is no longer included in the nss package (#1347336)
|
||||
BuildRequires: nss-pem
|
||||
Requires: nss-pem%{?_isa}
|
||||
Requires: libpsl%{?_isa} >= %{libpsl_version}
|
||||
Requires: libssh%{?_isa} >= %{libssh_version}
|
||||
Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
|
||||
Provides: libcurl-full = %{version}-%{release}
|
||||
Provides: libcurl-full%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description -n libcurl
|
||||
libcurl is a free and easy-to-use client-side URL transfer library, supporting
|
||||
@ -124,19 +128,8 @@ resume, http proxy tunneling and more.
|
||||
|
||||
%package -n libcurl-devel
|
||||
Summary: Files needed for building applications with libcurl
|
||||
Group: Development/Libraries
|
||||
Requires: libcurl%{?_isa} = %{version}-%{release}
|
||||
|
||||
# From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package
|
||||
%if 0%{?fedora} < 14
|
||||
Requires: %{_datadir}/aclocal
|
||||
%endif
|
||||
|
||||
# From Fedora 11, RHEL-6, pkgconfig dependency is auto-detected
|
||||
%if 0%{?fedora} < 11 && 0%{?rhel} < 6
|
||||
Requires: pkgconfig
|
||||
%endif
|
||||
|
||||
Provides: curl-devel = %{version}-%{release}
|
||||
Provides: curl-devel%{?_isa} = %{version}-%{release}
|
||||
Obsoletes: curl-devel < %{version}-%{release}
|
||||
@ -146,66 +139,126 @@ The libcurl-devel package includes header files and libraries necessary for
|
||||
developing programs which use the libcurl library. It contains the API
|
||||
documentation of the library, too.
|
||||
|
||||
%package -n curl-minimal
|
||||
Summary: Conservatively configured build of curl for minimal installations
|
||||
Provides: curl = %{version}-%{release}
|
||||
Conflicts: curl
|
||||
RemovePathPostfixes: .minimal
|
||||
|
||||
# using an older version of libcurl could result in CURLE_UNKNOWN_OPTION
|
||||
Requires: libcurl%{?_isa} >= %{version}-%{release}
|
||||
|
||||
%description -n curl-minimal
|
||||
This is a replacement of the 'curl' package for minimal installations. It
|
||||
comes with a limited set of features compared to the 'curl' package. On the
|
||||
other hand, the package is smaller and requires fewer run-time dependencies to
|
||||
be installed.
|
||||
|
||||
%package -n libcurl-minimal
|
||||
Summary: Conservatively configured build of libcurl for minimal installations
|
||||
Requires: openssl-libs%{?_isa} >= 1:%{openssl_version}
|
||||
Provides: libcurl = %{version}-%{release}
|
||||
Provides: libcurl%{?_isa} = %{version}-%{release}
|
||||
Conflicts: libcurl
|
||||
RemovePathPostfixes: .minimal
|
||||
# needed for RemovePathPostfixes to work with shared libraries
|
||||
%undefine __brp_ldconfig
|
||||
|
||||
%description -n libcurl-minimal
|
||||
This is a replacement of the 'libcurl' package for minimal installations. It
|
||||
comes with a limited set of features compared to the 'libcurl' package. On the
|
||||
other hand, the package is smaller and requires fewer run-time dependencies to
|
||||
be installed.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
|
||||
# make tests/*.py use Python 3
|
||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||
|
||||
# regenerate Makefile.in files
|
||||
aclocal -I m4
|
||||
automake
|
||||
|
||||
# disable test 1112 (#565305) and test 1801
|
||||
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
|
||||
# with errno 98: Address already in use' in Koji environment), and test 1801
|
||||
# <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
|
||||
printf "1112\n1801\n" >> tests/data/DISABLED
|
||||
# and test 1900, which is flaky and covers a deprecated feature of libcurl
|
||||
# <https://github.com/curl/curl/pull/2705>
|
||||
printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
|
||||
|
||||
# disable test 1319 on ppc64 (server times out)
|
||||
%ifarch ppc64
|
||||
echo "1319" >> tests/data/DISABLED
|
||||
%endif
|
||||
|
||||
# temporarily disable failing libidn2 test-cases
|
||||
printf "1034\n1035\n2046\n2047\n" >> tests/data/DISABLED
|
||||
# temporarily disable test 582 on s390x (client times out)
|
||||
%ifarch s390x
|
||||
echo "582" >> tests/data/DISABLED
|
||||
%endif
|
||||
|
||||
# adapt test 323 for updated OpenSSL
|
||||
sed -e 's/^35$/35,52/' -i tests/data/test323
|
||||
|
||||
%build
|
||||
[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
|
||||
%configure --disable-static \
|
||||
mkdir build-{full,minimal}
|
||||
export common_configure_opts=" \
|
||||
--cache-file=../config.cache \
|
||||
--disable-static \
|
||||
--enable-symbol-hiding \
|
||||
--enable-ipv6 \
|
||||
--enable-ldaps \
|
||||
--enable-manual \
|
||||
--enable-threaded-resolver \
|
||||
--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \
|
||||
--with-gssapi${KRB5_PREFIX} \
|
||||
--with-libidn2 \
|
||||
--with-libmetalink \
|
||||
--with-libpsl \
|
||||
--with-libssh2 \
|
||||
--with-gssapi \
|
||||
--with-nghttp2 \
|
||||
--without-ssl --with-nss
|
||||
# --enable-debug
|
||||
# use ^^^ to turn off optimizations, etc.
|
||||
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
|
||||
|
||||
# Remove bogus rpath
|
||||
sed -i \
|
||||
-e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \
|
||||
-e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||
%global _configure ../configure
|
||||
|
||||
make %{?_smp_mflags} V=1
|
||||
# configure minimal build
|
||||
(
|
||||
cd build-minimal
|
||||
%configure $common_configure_opts \
|
||||
--disable-ldap \
|
||||
--disable-ldaps \
|
||||
--disable-manual \
|
||||
--without-brotli \
|
||||
--without-libidn2 \
|
||||
--without-libmetalink \
|
||||
--without-libpsl \
|
||||
--without-libssh
|
||||
)
|
||||
|
||||
# configure full build
|
||||
(
|
||||
cd build-full
|
||||
%configure $common_configure_opts \
|
||||
--enable-ldap \
|
||||
--enable-ldaps \
|
||||
--enable-manual \
|
||||
--with-brotli \
|
||||
--with-libidn2 \
|
||||
--with-libmetalink \
|
||||
--with-libpsl \
|
||||
--with-libssh
|
||||
)
|
||||
|
||||
# avoid using rpath
|
||||
sed -e 's/^runpath_var=.*/runpath_var=/' \
|
||||
-e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \
|
||||
-i build-{full,minimal}/libtool
|
||||
|
||||
make %{?_smp_mflags} V=1 -C build-minimal
|
||||
make %{?_smp_mflags} V=1 -C build-full
|
||||
|
||||
%check
|
||||
# we have to override LD_LIBRARY_PATH because we eliminated rpath
|
||||
@ -213,15 +266,34 @@ LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH"
|
||||
export LD_LIBRARY_PATH
|
||||
|
||||
# compile upstream test-cases
|
||||
cd tests
|
||||
cd build-full/tests
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
# relax crypto policy for the test-suite to make it pass again (#1610888)
|
||||
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX
|
||||
export OPENSSL_CONF=
|
||||
|
||||
# run the upstream test-suite
|
||||
./runtests.pl -a -p -v '!flaky'
|
||||
srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky'
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
# install and rename the library that will be packaged as libcurl-minimal
|
||||
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/lib
|
||||
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
|
||||
for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do
|
||||
mv -v $i $i.minimal
|
||||
done
|
||||
|
||||
# install and rename the executable that will be packaged as curl-minimal
|
||||
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C build-minimal/src
|
||||
mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
|
||||
|
||||
# install libcurl.m4
|
||||
install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
|
||||
install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
|
||||
|
||||
# install the executable and library that will be packaged as curl and libcurl
|
||||
cd build-full
|
||||
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
|
||||
|
||||
# install zsh completion for curl
|
||||
@ -229,34 +301,33 @@ make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
|
||||
LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
|
||||
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
|
||||
|
||||
# do not install /usr/share/fish/completions/curl.fish which is also installed
|
||||
# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
|
||||
|
||||
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
|
||||
install -d $RPM_BUILD_ROOT%{_datadir}/aclocal
|
||||
install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
|
||||
%ldconfig_scriptlets -n libcurl
|
||||
|
||||
# Make libcurl-devel multilib-ready (bug #488922)
|
||||
%multilib_fix_c_header --file %{_includedir}/curl/curlbuild.h
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post -n libcurl -p /sbin/ldconfig
|
||||
|
||||
%postun -n libcurl -p /sbin/ldconfig
|
||||
%ldconfig_scriptlets -n libcurl-minimal
|
||||
|
||||
%files
|
||||
%doc CHANGES README*
|
||||
%doc docs/BUGS docs/FAQ docs/FEATURES
|
||||
%doc docs/MANUAL docs/RESOURCES
|
||||
%doc docs/TheArtOfHttpScripting docs/TODO
|
||||
%doc CHANGES
|
||||
%doc README
|
||||
%doc docs/BUGS
|
||||
%doc docs/FAQ
|
||||
%doc docs/FEATURES
|
||||
%doc docs/RESOURCES
|
||||
%doc docs/TODO
|
||||
%doc docs/TheArtOfHttpScripting
|
||||
%{_bindir}/curl
|
||||
%{_mandir}/man1/curl.1*
|
||||
%{_datadir}/zsh/site-functions
|
||||
%{_datadir}/zsh
|
||||
|
||||
%files -n libcurl
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%{_libdir}/libcurl.so.*
|
||||
%{_libdir}/libcurl.so.4
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9]
|
||||
|
||||
%files -n libcurl-devel
|
||||
%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
|
||||
@ -269,25 +340,306 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man3/*
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%files -n curl-minimal
|
||||
%{_bindir}/curl.minimal
|
||||
%{_mandir}/man1/curl.1*
|
||||
|
||||
%files -n libcurl-minimal
|
||||
%license COPYING
|
||||
%{_libdir}/libcurl.so.4.minimal
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Wed Aug 09 2017 Kamil Dudka <kdudka@redhat.com> 7.51.0-9
|
||||
- tftp: reject file name lengths that do not fit buffer (CVE-2017-1000100)
|
||||
- do not continue parsing of glob after range overflow (CVE-2017-1000101)
|
||||
* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
|
||||
- fix infinite loop on upload using a glob (#1771025)
|
||||
|
||||
* Thu Jul 20 2017 Kamil Dudka <kdudka@redhat.com> 7.51.0-8
|
||||
- nss: fix a possible use-after-free in SelectClientCert() (#1436158)
|
||||
* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Jun 21 2017 Kamil Dudka <kdudka@redhat.com> 7.51.0-7
|
||||
- fix links to documentation of TLS cipher-suites (#1463532)
|
||||
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2019-5481 - double free due to subsequent call of realloc()
|
||||
CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
|
||||
|
||||
* Fri Apr 07 2017 Kamil Dudka <kdudka@redhat.com> 7.51.0-6
|
||||
* Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
|
||||
- avoid reporting spurious error in the HTTP2 framing layer (#1690971)
|
||||
|
||||
* Thu Aug 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-3
|
||||
- improve handling of gss_init_sec_context() failures
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.65.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sat Jul 20 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Jul 17 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.2-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Jun 05 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.1-1
|
||||
- new upstream release
|
||||
|
||||
* Thu May 30 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-2
|
||||
- fix spurious timeout events with speed-limit (#1714893)
|
||||
|
||||
* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2019-5436 - TFTP receive buffer overflow
|
||||
CVE-2019-5435 - integer overflows in curl_url_set()
|
||||
|
||||
* Thu May 09 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-2
|
||||
- do not treat failure of gss_init_sec_context() with --negotiate as fatal
|
||||
|
||||
* Wed Mar 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-1
|
||||
- new upstream release
|
||||
|
||||
* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-6
|
||||
- remove verbose "Expire in" ... messages (#1690971)
|
||||
|
||||
* Thu Mar 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-5
|
||||
- avoid spurious "Could not resolve host: [host name]" error messages
|
||||
|
||||
* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
|
||||
- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
|
||||
|
||||
* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
|
||||
- prevent NetworkManager from leaking file descriptors (#1680198)
|
||||
|
||||
* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-2
|
||||
- make zsh completion work again
|
||||
|
||||
* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2019-3823 - SMTP end-of-response out-of-bounds read
|
||||
CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
|
||||
CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
|
||||
|
||||
* Mon Feb 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-7
|
||||
- prevent valgrind from reporting false positives on x86_64
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.63.0-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-5
|
||||
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
||||
|
||||
* Fri Jan 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-4
|
||||
- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
|
||||
|
||||
* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-3
|
||||
- curl -J: do not append to the destination file (#1658574)
|
||||
|
||||
* Fri Dec 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-2
|
||||
- revert an upstream commit that broke `fedpkg new-sources` (#1659329)
|
||||
|
||||
* Wed Dec 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Oct 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.62.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2018-16839 - SASL password overflow via integer overflow
|
||||
CVE-2018-16840 - use-after-free in handle close
|
||||
CVE-2018-16842 - warning message out-of-buffer read
|
||||
|
||||
* Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
|
||||
- enable TLS 1.3 post-handshake auth in OpenSSL
|
||||
- update the documentation of --tlsv1.0 in curl(1) man page
|
||||
|
||||
* Thu Oct 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-2
|
||||
- enforce versioned libpsl dependency for libcurl (#1631804)
|
||||
- test320: update expected output for gnutls-3.6.4
|
||||
- drop 0105-curl-7.61.0-tests-ssh-keygen.patch no longer needed (#1622594)
|
||||
|
||||
* Wed Sep 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-1
|
||||
- new upstream release, which fixes the following vulnerability
|
||||
CVE-2018-14618 - NTLM password overflow via integer overflow
|
||||
|
||||
* Tue Sep 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-8
|
||||
- make the --tls13-ciphers option work
|
||||
|
||||
* Mon Aug 27 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-7
|
||||
- tests: make ssh-keygen always produce PEM format (#1622594)
|
||||
|
||||
* Wed Aug 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-6
|
||||
- scp/sftp: fix infinite connect loop on invalid private key (#1595135)
|
||||
|
||||
* Thu Aug 09 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-5
|
||||
- ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544)
|
||||
|
||||
* Tue Aug 07 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-4
|
||||
- relax crypto policy for the test-suite to make it pass again (#1610888)
|
||||
|
||||
* Tue Jul 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-3
|
||||
- disable flaky test 1900, which covers deprecated HTTP pipelining
|
||||
- adapt test 323 for updated OpenSSL
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.61.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jul 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-1
|
||||
- new upstream release, which fixes the following vulnerability
|
||||
CVE-2018-0500 - SMTP send heap buffer overflow
|
||||
|
||||
* Tue Jul 10 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-3
|
||||
- enable support for brotli compression in libcurl-full
|
||||
|
||||
* Wed Jul 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-2
|
||||
- do not hard-wire path of the Python 3 interpreter
|
||||
|
||||
* Wed May 16 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2018-1000300 - FTP shutdown response buffer overflow
|
||||
CVE-2018-1000301 - RTSP bad headers buffer over-read
|
||||
|
||||
* Thu Mar 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
|
||||
- make the test-suite use Python 3
|
||||
|
||||
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-2
|
||||
- ftp: fix typo in recursive callback detection for seeking
|
||||
|
||||
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
|
||||
CVE-2018-1000121 - LDAP NULL pointer dereference
|
||||
CVE-2018-1000122 - RTSP RTP buffer over-read
|
||||
|
||||
* Mon Mar 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-8
|
||||
- http2: mark the connection for close on GOAWAY
|
||||
|
||||
* Mon Feb 19 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-7
|
||||
- Add explicity-used build requirements
|
||||
- Fix libcurl soname version number in %%files list to avoid accidental soname
|
||||
bumps
|
||||
|
||||
* Thu Feb 15 2018 Paul Howarth <paul@city-fan.org> - 7.58.0-6
|
||||
- switch to %%ldconfig_scriptlets
|
||||
- drop legacy BuildRoot: and Group: tags
|
||||
- enforce versioned libssh dependency for libcurl
|
||||
|
||||
* Tue Feb 13 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-5
|
||||
- drop temporary workaround for #1540549
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.58.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Wed Jan 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-3
|
||||
- temporarily work around internal compiler error on x86_64 (#1540549)
|
||||
- disable brp-ldconfig to make RemovePathPostfixes work with shared libs again
|
||||
|
||||
* Wed Jan 24 2018 Andreas Schneider <asn@redhat.com> - 7.58.0-2
|
||||
- use libssh (instead of libssh2) to implement SCP/SFTP in libcurl (#1531483)
|
||||
|
||||
* Wed Jan 24 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
|
||||
CVE-2018-1000007 - curl: HTTP authentication leak in redirects
|
||||
|
||||
* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
|
||||
CVE-2017-8817 - curl: FTP wildcard out of bounds read
|
||||
CVE-2017-8818 - curl: SSL out of buffer access
|
||||
|
||||
* Mon Oct 23 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.1-1
|
||||
- new upstream release (fixes CVE-2017-1000257)
|
||||
|
||||
* Wed Oct 04 2017 Kamil Dudka <kdudka@redhat.com> - 7.56.0-1
|
||||
- new upstream release (fixes CVE-2017-1000254)
|
||||
|
||||
* Mon Aug 28 2017 Kamil Dudka <kdudka@redhat.com> - 7.55.1-5
|
||||
- apply the patch for the previous commit and fix its name (#1485702)
|
||||
|
||||
* Mon Aug 28 2017 Bastien Nocera <bnocera@redhat.com> - 7.55.1-4
|
||||
- Fix NetworkManager connectivity check not working (#1485702)
|
||||
|
||||
* Tue Aug 22 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-3
|
||||
- utilize system wide crypto policies for TLS (#1483972)
|
||||
|
||||
* Tue Aug 15 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-2
|
||||
- make zsh completion work again
|
||||
|
||||
* Mon Aug 14 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Aug 09 2017 Kamil Dudka <kdudka@redhat.com> 7.55.0-1
|
||||
- drop multilib fix for libcurl header files no longer needed
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2017-1000099 - FILE buffer read out of bounds
|
||||
CVE-2017-1000100 - TFTP sends more than buffer size
|
||||
CVE-2017-1000101 - URL globbing out of bounds read
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Fri Jul 28 2017 Florian Weimer <fweimer@redhat.com> - 7.54.1-7
|
||||
- Rebuild with fixed binutils (#1475636)
|
||||
|
||||
* Fri Jul 28 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 7.54.1-6
|
||||
- Enable separate debuginfo back
|
||||
|
||||
* Thu Jul 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-5
|
||||
- rebuild to fix broken linkage of cmake on ppc64le
|
||||
|
||||
* Wed Jul 26 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-4
|
||||
- avoid build failure caused broken RPM code that produces debuginfo packages
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Mon Jun 19 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-2
|
||||
- enforce versioned openssl-libs dependency for libcurl (#1462184)
|
||||
|
||||
* Wed Jun 14 2017 Kamil Dudka <kdudka@redhat.com> 7.54.1-1
|
||||
- new upstream release
|
||||
|
||||
* Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-5
|
||||
- add *-full provides for curl and libcurl to make them explicitly installable
|
||||
|
||||
* Thu May 04 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-4
|
||||
- make curl-minimal require a new enough version of libcurl
|
||||
|
||||
* Thu Apr 27 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-3
|
||||
- switch the TLS backend back to OpenSSL (#1445153)
|
||||
|
||||
* Tue Apr 25 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-2
|
||||
- nss: use libnssckbi.so as the default source of trust
|
||||
- nss: do not leak PKCS #11 slot while loading a key (#1444860)
|
||||
|
||||
* Thu Apr 20 2017 Kamil Dudka <kdudka@redhat.com> 7.54.0-1
|
||||
- new upstream release (fixes CVE-2017-7468)
|
||||
|
||||
* Thu Apr 13 2017 Paul Howarth <paul@city-fan.org> 7.53.1-7
|
||||
- add %%post and %%postun scriptlets for libcurl-minimal
|
||||
- libcurl-minimal provides both libcurl and libcurl%%{?_isa}
|
||||
- remove some legacy spec file cruft
|
||||
|
||||
* Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-6
|
||||
- provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
|
||||
|
||||
* Mon Apr 10 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-5
|
||||
- disable upstream test 2033 (flaky test for HTTP/1 pipelining)
|
||||
|
||||
* Fri Apr 07 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-4
|
||||
- fix out of bounds read in curl --write-out (CVE-2017-7407)
|
||||
|
||||
* Tue Apr 04 2017 Kamil Dudka <kdudka@redhat.com> 7.51.0-5
|
||||
* Mon Mar 06 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-3
|
||||
- make the dependency on nss-pem arch-specific (#1428550)
|
||||
|
||||
* Fri Dec 23 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-4
|
||||
- fix floating point buffer overflow issues (CVE-2016-9586)
|
||||
* Thu Mar 02 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-2
|
||||
- re-enable valgrind on ix86 because sqlite is fixed (#1428286)
|
||||
|
||||
* Fri Feb 24 2017 Kamil Dudka <kdudka@redhat.com> 7.53.1-1
|
||||
- new upstream release
|
||||
|
||||
* Wed Feb 22 2017 Kamil Dudka <kdudka@redhat.com> 7.53.0-1
|
||||
- do not use valgrind on ix86 until sqlite is rebuilt by patched GCC (#1423434)
|
||||
- new upstream release (fixes CVE-2017-2629)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.52.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Fri Dec 23 2016 Kamil Dudka <kdudka@redhat.com> 7.52.1-1
|
||||
- new upstream release (fixes CVE-2016-9586)
|
||||
|
||||
* Mon Nov 21 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-3
|
||||
- map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 (#1396719)
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
0f876ef6d5776d96b08510461d57db1b curl-7.51.0.tar.lzma
|
||||
SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
|
||||
|
63
tests/non-root-user-download/Makefile
Normal file
63
tests/non-root-user-download/Makefile
Normal file
@ -0,0 +1,63 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/curl/Sanity/non-root-user-download
|
||||
# Description: various download methods with non-root user
|
||||
# Author: Karel Srot <ksrot@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/curl/Sanity/non-root-user-download
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: various download methods with non-root user" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: curl" >> $(METADATA)
|
||||
@echo "Requires: curl" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
3
tests/non-root-user-download/PURPOSE
Normal file
3
tests/non-root-user-download/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
||||
PURPOSE of /CoreOS/curl/Sanity/non-root-user-download
|
||||
Description: various download methods with non-root user
|
||||
Author: Karel Srot <ksrot@redhat.com>
|
92
tests/non-root-user-download/runtest.sh
Normal file
92
tests/non-root-user-download/runtest.sh
Normal file
@ -0,0 +1,92 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/curl/Sanity/non-root-user-download
|
||||
# Description: various download methods with non-root user
|
||||
# Author: Karel Srot <ksrot@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="curl"
|
||||
|
||||
FTP_URL=ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
|
||||
HTTP_URL=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM
|
||||
CONTENT=a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed
|
||||
PASSWORD=pAssw0rd
|
||||
OPTIONS=""
|
||||
rlIsRHEL 7 && OPTIONS="--insecure"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "useradd -m curltester" 0 "Adding the test user"
|
||||
rlRun "echo $PASSWORD | passwd --stdin curltester" 0 "Setting the password for the test user"
|
||||
rlRun "su - curltester -c 'echo $CONTENT > ~/testfile'" 0 "Creating ~curltester/testfile"
|
||||
[ -d $HOME/.ssh ] || ( mkdir $HOME/.ssh && restorecon HOME/.ssh )
|
||||
rlFileBackup $HOME/.ssh/known_hosts /etc/hosts
|
||||
ssh-keygen -F localhost -f $HOME/.ssh/known_hosts || rlRun "ssh-keyscan localhost >> $HOME/.ssh/known_hosts"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "http download"
|
||||
rlRun "su - curltester -c 'curl $HTTP_URL' &> http.log"
|
||||
cat http.log
|
||||
rlAssertGrep "$CONTENT" http.log
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "ftp download"
|
||||
rlRun "su - curltester -c 'curl $FTP_URL' &> ftp.log"
|
||||
cat ftp.log
|
||||
rlAssertGrep "$CONTENT" ftp.log
|
||||
rlPhaseEnd
|
||||
|
||||
if ! rlIsRHEL 5; then
|
||||
# scp sftp not supported on RHEL5
|
||||
|
||||
rlPhaseStartTest "scp download"
|
||||
rlRun "curl -u curltester:$PASSWORD $OPTIONS scp://localhost/home/curltester/testfile &> scp.log"
|
||||
cat scp.log
|
||||
rlAssertGrep "$CONTENT" scp.log
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "sftp download"
|
||||
rlRun "curl -u curltester:$PASSWORD $OPTIONS sftp://localhost/home/curltester/testfile &> sftp.log"
|
||||
cat sftp.log
|
||||
rlAssertGrep "$CONTENT" sftp.log
|
||||
rlPhaseEnd
|
||||
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -f $HOME/.ssh/known_hosts"
|
||||
rlFileRestore
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlRun "userdel -r --force curltester"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
64
tests/non-root-user-download/runtest.yml
Normal file
64
tests/non-root-user-download/runtest.yml
Normal file
@ -0,0 +1,64 @@
|
||||
- hosts: '{{ hosts | default("localhost") }}'
|
||||
vars:
|
||||
package: "curl"
|
||||
tasks:
|
||||
- name: "Set Content variables"
|
||||
set_fact:
|
||||
content: "a276e06d244e04b765f0a35532d9036ad84f340b0bdcc32e0233a8fbc31d5bed"
|
||||
password: "pAssw0rd"
|
||||
crypt_password: "$6$/5GE87XLYLLfB3qx$w84Kct34UZG/4buTSXWkaaVIsw2xGXSAdmnS2QYdG8TtRgTsBnHdFdSkhoy.tKIE6A6LKlxczIZjQbpB19k7B1"
|
||||
- name: "Create user curltester"
|
||||
user:
|
||||
name: "curltester"
|
||||
password: "{{ crypt_password }}"
|
||||
- name: "Copy testfile"
|
||||
copy:
|
||||
dest: "/home/curltester/testfile"
|
||||
content: "{{ content }}"
|
||||
- block:
|
||||
- name: "http download"
|
||||
command: "curl https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
|
||||
args:
|
||||
warn: false
|
||||
register: http
|
||||
become: yes
|
||||
become_user: curltester
|
||||
- name: "Compare http output"
|
||||
fail:
|
||||
msg: "{{ content }} not in {{ http.stdout }}"
|
||||
when: content not in http.stdout
|
||||
- name: "ftp download"
|
||||
command: "curl ftp://ftp.scientificlinux.org/linux/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-CHECKSUM"
|
||||
args:
|
||||
warn: false
|
||||
register: ftp
|
||||
become: yes
|
||||
become_user: curltester
|
||||
- name: "Compare ftp output"
|
||||
fail:
|
||||
msg: "{{ content }} not in {{ ftp.stdout }}"
|
||||
when: content not in ftp.stdout
|
||||
- name: "scp download"
|
||||
command: "curl -u curltester:{{ password }} --insecure scp://localhost/home/curltester/testfile"
|
||||
args:
|
||||
warn: false
|
||||
register: scp
|
||||
- name: "Compare scp output"
|
||||
fail:
|
||||
msg: "{{ content }} not in {{ scp.stdout }}"
|
||||
when: content not in scp.stdout
|
||||
- name: "sftp download"
|
||||
command: "curl -u curltester:{{ password }} --insecure sftp://localhost/home/curltester/testfile"
|
||||
args:
|
||||
warn: false
|
||||
register: sftp
|
||||
- name: "Compare sftp output"
|
||||
fail:
|
||||
msg: "{{ content }} not in {{ sftp.stdout }}"
|
||||
when: content not in sftp.stdout
|
||||
always:
|
||||
- name: "Remove user curltester"
|
||||
user:
|
||||
name: "curltester"
|
||||
remove: yes
|
||||
state: absent
|
63
tests/scp-and-sftp-download-test/Makefile
Normal file
63
tests/scp-and-sftp-download-test/Makefile
Normal file
@ -0,0 +1,63 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/curl/Sanity/scp-and-sftp-download-test
|
||||
# Description: downloads test file through scp and sftp
|
||||
# Author: Karel Srot <ksrot@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/curl/Sanity/scp-and-sftp-download-test
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: downloads test file through scp and sftp" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: curl" >> $(METADATA)
|
||||
@echo "Requires: curl openssh" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
12
tests/scp-and-sftp-download-test/PURPOSE
Normal file
12
tests/scp-and-sftp-download-test/PURPOSE
Normal file
@ -0,0 +1,12 @@
|
||||
PURPOSE of /CoreOS/curl/Sanity/scp-and-sftp-download-test
|
||||
Description: downloads test file through scp and sftp
|
||||
Author: Karel Srot <ksrot@redhat.com>
|
||||
|
||||
Test scenario:
|
||||
- scp download
|
||||
- sftp download
|
||||
- scp upload
|
||||
- sftp upload
|
||||
|
||||
When PUBKEY_PARAM global variable is set to 'empty' or 'none', scenarios are executed
|
||||
with empty --pubkey parameter (--pubkey "") or with the paramiter omitted
|
130
tests/scp-and-sftp-download-test/runtest.sh
Normal file
130
tests/scp-and-sftp-download-test/runtest.sh
Normal file
@ -0,0 +1,130 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/curl/Sanity/scp-and-sftp-download-test
|
||||
# Description: downloads test file through scp and sftp
|
||||
# Author: Karel Srot <ksrot@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/lib/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="curl"
|
||||
|
||||
# GLOBAL/ENVIRONMENT VARIABLE:
|
||||
# PUBKEY_PARAM
|
||||
|
||||
if [ "$PUBKEY_PARAM" == 'none' ]; then
|
||||
PUBKEY_PARAM=""
|
||||
elif [ "$PUBKEY_PARAM" == 'empty' ]; then
|
||||
PUBKEY_PARAM="--pubkey ''"
|
||||
else
|
||||
PUBKEY_PARAM='--pubkey /root/.ssh/id_rsa.pub'
|
||||
fi
|
||||
|
||||
FILESIZE=200 #MB
|
||||
OPTIONS=""
|
||||
rlIsRHEL 7 && OPTIONS="--insecure"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlFileBackup --clean /root/.ssh/known_hosts /root/.ssh
|
||||
rlFileBackup --clean /etc/ssh/sshd_config
|
||||
rlRun "useradd -m curltestuser"
|
||||
|
||||
# In FIPS-140 we need to explicitly allow one of libssh2-implemented
|
||||
# Kex algorithms (eg. DH14-SHA1).
|
||||
rlRun "echo 'KexAlgorithms +diffie-hellman-group14-sha1' >> /etc/ssh/sshd_config" 0
|
||||
rlServiceStop "sshd"
|
||||
rlRun "service sshd start && sleep 5" 0
|
||||
|
||||
# file for download test
|
||||
rlRun "su - curltestuser -c 'dd if=/dev/zero of=testfile bs=1M count=200'" 0 "Creating $FILESIZE MB large test file"
|
||||
SUM=`sha256sum /home/curltestuser/testfile | cut -d ' ' -f 1`
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "rm -vf /root/.ssh/*"
|
||||
rlRun "ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''" 0 "Generate ssh key"
|
||||
rlRun "mkdir /home/curltestuser/.ssh && cat /root/.ssh/id_rsa.pub > /home/curltestuser/.ssh/authorized_keys && chown -R curltestuser.curltestuser /home/curltestuser/.ssh/" 0 "Save the key to .ssh/authorized_keys"
|
||||
|
||||
# this is a workaround as libssh2 is not able to use newer hashes
|
||||
#rlRun "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/root/.ssh/known_hosts curltestuser@localhost 'exit'" 0 "First ssh login to add localhost to known_hosts"
|
||||
rlRun "ssh-keyscan localhost >>/root/.ssh/known_hosts"
|
||||
|
||||
# files for upload test
|
||||
rlRun "dd if=/dev/zero of=uploadfile1 bs=1M count=50" 0 "Creating 50 MB large test file"
|
||||
UPSUM1=`sha256sum uploadfile1 | cut -d ' ' -f 1`
|
||||
rlRun "dd if=/dev/zero of=uploadfile2 bs=1M count=20" 0 "Creating 20 MB large test file"
|
||||
UPSUM2=`sha256sum uploadfile2 | cut -d ' ' -f 1`
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "scp download test"
|
||||
rlRun "curl -o ./scp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS scp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
|
||||
rlAssertExists scp_file
|
||||
SCPSUM=`sha256sum ./scp_file | cut -d ' ' -f 1`
|
||||
rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SCPSUM
|
||||
rm -f ./scp_file
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "sftp download test"
|
||||
rlRun "curl -o ./sftp_file -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS sftp://localhost/home/curltestuser/testfile" 0 "Initiate curl scp download"
|
||||
rlAssertExists sftp_file
|
||||
SFTPSUM=`sha256sum ./sftp_file | cut -d ' ' -f 1`
|
||||
rlAssertEquals "Checking that whole file was properly downloaded" $SUM $SFTPSUM
|
||||
rm -f ./sftp_file
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "scp upload test"
|
||||
rlRun "curl -T '{uploadfile1,uploadfile2}' scp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl scp upload"
|
||||
rlAssertExists /home/curltestuser/uploadfile1
|
||||
rlAssertExists /home/curltestuser/uploadfile2
|
||||
SCPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
|
||||
SCPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
|
||||
rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SCPUPSUM1}
|
||||
rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SCPUPSUM2}
|
||||
rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "sftp upload test"
|
||||
rlRun "curl -T '{uploadfile1,uploadfile2}' sftp://localhost/home/curltestuser/ -u curltestuser: --key /root/.ssh/id_rsa $PUBKEY_PARAM $OPTIONS" 0 "Initiate curl sftp upload"
|
||||
rlAssertExists /home/curltestuser/uploadfile1
|
||||
rlAssertExists /home/curltestuser/uploadfile2
|
||||
SFTPUPSUM1=`sha256sum /home/curltestuser/uploadfile1 | cut -d ' ' -f 1`
|
||||
SFTPUPSUM2=`sha256sum /home/curltestuser/uploadfile2 | cut -d ' ' -f 1`
|
||||
rlAssertEquals "Checking that 1st file was properly uploaded" ${UPSUM1} ${SFTPUPSUM1}
|
||||
rlAssertEquals "Checking that 2nd file was properly uploaded" ${UPSUM2} ${SFTPUPSUM2}
|
||||
rm -f /home/curltestuser/uploadfile1 /home/curltestuser/uploadfile2
|
||||
rlPhaseEnd
|
||||
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "userdel -r --force curltestuser"
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlFileRestore
|
||||
rlServiceRestore "sshd"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
26
tests/tests.yml
Normal file
26
tests/tests.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
# Tests for Classic
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- scp-and-sftp-download-test
|
||||
- non-root-user-download
|
||||
required_packages:
|
||||
- findutils # non-root-user-download needs find command
|
||||
# scp-and-sftp-download-test needs find command
|
||||
- passwd # non-root-user-download needs passwd command
|
||||
- openssh-clients # non-root-user-download needs ssh-keyscan command
|
||||
|
||||
# Tests for Atomic
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- atomic
|
||||
tests:
|
||||
- scp-and-sftp-download-test
|
||||
- non-root-user-download
|
||||
|
Loading…
Reference in New Issue
Block a user