Compare commits
16 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
13ec13d953 | ||
|
36b153054a | ||
|
bb64ce4e2e | ||
|
ca9e2d56b2 | ||
|
1c9b12b033 | ||
|
a91699a8d3 | ||
|
8e287ada5e | ||
|
88c54d8197 | ||
|
0c9fbb7ebe | ||
|
c70c78b593 | ||
|
e955dd2f2b | ||
|
45d6457526 | ||
|
d6de9efc29 | ||
|
0b066134ee | ||
|
b7c5c6ea4b | ||
|
5dc5cd8084 |
111
0001-curl-7.43.0-f7dcc7c1.patch
Normal file
111
0001-curl-7.43.0-f7dcc7c1.patch
Normal file
@ -0,0 +1,111 @@
|
||||
From 2f8154c11e2cc139067973e47f1ffe5a302fb89d Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Thu, 30 Jul 2015 12:01:20 +0200
|
||||
Subject: [PATCH] http: move HTTP/2 cleanup code off http_disconnect()
|
||||
|
||||
Otherwise it would never be called for an HTTP/2 connection, which has
|
||||
its own disconnect handler.
|
||||
|
||||
I spotted this while debugging <https://bugzilla.redhat.com/1248389>
|
||||
where the http_disconnect() handler was called on an FTP session handle
|
||||
causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *)
|
||||
was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
|
||||
Curl_add_buffer_free() after printing the "Connection cache is full,
|
||||
closing the oldest one." message.
|
||||
|
||||
A previously working version of libcurl started to crash after it was
|
||||
recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
|
||||
actually used. This commit makes it work again although I suspect the
|
||||
root cause (reinterpreting session handle data of incompatible protocol)
|
||||
still has to be fixed. Otherwise the same will happen when mixing FTP
|
||||
and HTTP/2 connections and exceeding the connection cache limit.
|
||||
|
||||
Reported-by: Tomas Tomecek
|
||||
Bug: https://bugzilla.redhat.com/1248389
|
||||
|
||||
Upstream-commit: f7dcc7c11817f6eaee61b1cd84ffc1b2b1fcac43
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/http.c | 25 ++-----------------------
|
||||
lib/http2.c | 11 +++++++++++
|
||||
2 files changed, 13 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/lib/http.c b/lib/http.c
|
||||
index a1eef81..8d5b9a4 100644
|
||||
--- a/lib/http.c
|
||||
+++ b/lib/http.c
|
||||
@@ -86,7 +86,6 @@
|
||||
* Forward declarations.
|
||||
*/
|
||||
|
||||
-static CURLcode http_disconnect(struct connectdata *conn, bool dead);
|
||||
static int http_getsock_do(struct connectdata *conn,
|
||||
curl_socket_t *socks,
|
||||
int numsocks);
|
||||
@@ -117,7 +116,7 @@ const struct Curl_handler Curl_handler_http = {
|
||||
http_getsock_do, /* doing_getsock */
|
||||
ZERO_NULL, /* domore_getsock */
|
||||
ZERO_NULL, /* perform_getsock */
|
||||
- http_disconnect, /* disconnect */
|
||||
+ ZERO_NULL, /* disconnect */
|
||||
ZERO_NULL, /* readwrite */
|
||||
PORT_HTTP, /* defport */
|
||||
CURLPROTO_HTTP, /* protocol */
|
||||
@@ -141,7 +140,7 @@ const struct Curl_handler Curl_handler_https = {
|
||||
http_getsock_do, /* doing_getsock */
|
||||
ZERO_NULL, /* domore_getsock */
|
||||
ZERO_NULL, /* perform_getsock */
|
||||
- http_disconnect, /* disconnect */
|
||||
+ ZERO_NULL, /* disconnect */
|
||||
ZERO_NULL, /* readwrite */
|
||||
PORT_HTTPS, /* defport */
|
||||
CURLPROTO_HTTPS, /* protocol */
|
||||
@@ -168,21 +167,6 @@ CURLcode Curl_http_setup_conn(struct connectdata *conn)
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
-static CURLcode http_disconnect(struct connectdata *conn, bool dead_connection)
|
||||
-{
|
||||
-#ifdef USE_NGHTTP2
|
||||
- struct HTTP *http = conn->data->req.protop;
|
||||
- if(http) {
|
||||
- Curl_add_buffer_free(http->header_recvbuf);
|
||||
- http->header_recvbuf = NULL; /* clear the pointer */
|
||||
- }
|
||||
-#else
|
||||
- (void)conn;
|
||||
-#endif
|
||||
- (void)dead_connection;
|
||||
- return CURLE_OK;
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* checkheaders() checks the linked list of custom HTTP headers for a
|
||||
* particular header (prefix).
|
||||
diff --git a/lib/http2.c b/lib/http2.c
|
||||
index 1a2c486..eec0c9f 100644
|
||||
--- a/lib/http2.c
|
||||
+++ b/lib/http2.c
|
||||
@@ -79,6 +79,7 @@ static int http2_getsock(struct connectdata *conn,
|
||||
static CURLcode http2_disconnect(struct connectdata *conn,
|
||||
bool dead_connection)
|
||||
{
|
||||
+ struct HTTP *http = conn->data->req.protop;
|
||||
struct http_conn *c = &conn->proto.httpc;
|
||||
(void)dead_connection;
|
||||
|
||||
@@ -88,6 +89,11 @@ static CURLcode http2_disconnect(struct connectdata *conn,
|
||||
Curl_safefree(c->inbuf);
|
||||
Curl_hash_destroy(&c->streamsh);
|
||||
|
||||
+ if(http) {
|
||||
+ Curl_add_buffer_free(http->header_recvbuf);
|
||||
+ http->header_recvbuf = NULL; /* clear the pointer */
|
||||
+ }
|
||||
+
|
||||
DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n"));
|
||||
|
||||
return CURLE_OK;
|
||||
--
|
||||
2.4.6
|
||||
|
42
0002-curl-7.43.0-002d58f1.patch
Normal file
42
0002-curl-7.43.0-002d58f1.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From c90b930b8312bb31f62325a09125cf44dd58d506 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 10 Aug 2015 00:12:12 +0200
|
||||
Subject: [PATCH] test46: update cookie expire time
|
||||
|
||||
... since it went old and thus was expired and caused the test to fail!
|
||||
|
||||
Upstream-commit: 002d58f1e8d8e725ba6d676599838983561feff9
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/data/test46 | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/data/test46 b/tests/data/test46
|
||||
index b6f8f83..b6ebe80 100644
|
||||
--- a/tests/data/test46
|
||||
+++ b/tests/data/test46
|
||||
@@ -51,8 +51,8 @@ TZ=GMT
|
||||
|
||||
www.fake.come FALSE / FALSE 1022144953 cookiecliente si
|
||||
www.loser.com FALSE / FALSE 1139150993 UID 99
|
||||
-%HOSTIP FALSE / FALSE 1439150993 mooo indeed
|
||||
-#HttpOnly_%HOSTIP FALSE /want FALSE 1439150993 mooo2 indeed2
|
||||
+%HOSTIP FALSE / FALSE 1739150993 mooo indeed
|
||||
+#HttpOnly_%HOSTIP FALSE /want FALSE 1739150993 mooo2 indeed2
|
||||
%HOSTIP FALSE /want FALSE 0 empty
|
||||
</file>
|
||||
</client>
|
||||
@@ -76,8 +76,8 @@ Cookie: empty=; mooo2=indeed2; mooo=indeed
|
||||
|
||||
www.fake.come FALSE / FALSE 1022144953 cookiecliente si
|
||||
www.loser.com FALSE / FALSE 1139150993 UID 99
|
||||
-%HOSTIP FALSE / FALSE 1439150993 mooo indeed
|
||||
-#HttpOnly_%HOSTIP FALSE /want FALSE 1439150993 mooo2 indeed2
|
||||
+%HOSTIP FALSE / FALSE 1739150993 mooo indeed
|
||||
+#HttpOnly_%HOSTIP FALSE /want FALSE 1739150993 mooo2 indeed2
|
||||
%HOSTIP FALSE /want FALSE 0 empty
|
||||
%HOSTIP FALSE / FALSE 2054030187 ckyPersistent permanent
|
||||
%HOSTIP FALSE / FALSE 0 ckySession temporary
|
||||
--
|
||||
2.4.6
|
||||
|
71
0003-curl-7.43.0-958d2ffb.patch
Normal file
71
0003-curl-7.43.0-958d2ffb.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From 98dee5ab5a862a506beb8a7bf60c0aaec3b08a0f Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Fri, 18 Sep 2015 17:07:22 +0200
|
||||
Subject: [PATCH 1/2] nss: check return values of NSS functions
|
||||
|
||||
Upstream-commit: a9fd53887ba07cd8313a8b9706f2dc71d6b8ed1b
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 91727c7..1fa1c64 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1792,9 +1792,13 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
|
||||
|
||||
/* Force handshake on next I/O */
|
||||
- SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
|
||||
+ if(SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE)
|
||||
+ != SECSuccess)
|
||||
+ goto error;
|
||||
|
||||
- SSL_SetURL(connssl->handle, conn->host.name);
|
||||
+ /* propagate hostname to the TLS layer */
|
||||
+ if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
|
||||
+ goto error;
|
||||
|
||||
return CURLE_OK;
|
||||
|
||||
--
|
||||
2.5.2
|
||||
|
||||
|
||||
From d082ad368ecec7894d8e9e9a35336b2350c30ade Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Fri, 18 Sep 2015 17:10:05 +0200
|
||||
Subject: [PATCH 2/2] nss: prevent NSS from incorrectly re-using a session
|
||||
|
||||
Without this workaround, NSS re-uses a session cache entry despite the
|
||||
server name does not match. This causes SNI host name to differ from
|
||||
the actual host name. Consequently, certain servers (e.g. github.com)
|
||||
respond by 400 to such requests.
|
||||
|
||||
Bug: https://bugzilla.mozilla.org/1202264
|
||||
|
||||
Upstream-commit: 958d2ffb198166a062a0ff20d009c64972a2b374
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 1fa1c64..3d73ffe 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1800,6 +1800,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
+ /* prevent NSS from re-using the session for a different hostname */
|
||||
+ if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess)
|
||||
+ goto error;
|
||||
+
|
||||
return CURLE_OK;
|
||||
|
||||
error:
|
||||
--
|
||||
2.5.2
|
||||
|
137
0004-curl-7.43.0-CVE-2016-0755.patch
Normal file
137
0004-curl-7.43.0-CVE-2016-0755.patch
Normal file
@ -0,0 +1,137 @@
|
||||
From 43f8d61ef18639c8d8573c0c1d2bdfa56407bae6 Mon Sep 17 00:00:00 2001
|
||||
From: Isaac Boukris <iboukris@gmail.com>
|
||||
Date: Wed, 13 Jan 2016 11:05:51 +0200
|
||||
Subject: [PATCH] NTLM: Fix ConnectionExists to compare Proxy credentials
|
||||
|
||||
Proxy NTLM authentication should compare credentials when
|
||||
re-using a connection similar to host authentication, as it
|
||||
authenticate the connection.
|
||||
|
||||
Example:
|
||||
curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
|
||||
--proxy-ntlm --next -x http://proxy:port http://host/
|
||||
[-U fake_user:fake_pwd --proxy-ntlm]
|
||||
|
||||
CVE-2016-0755
|
||||
|
||||
Bug: http://curl.haxx.se/docs/adv_20160127A.html
|
||||
|
||||
Upstream-commit: d41dcba4e9b69d6b761e3460cc6ae7e8fd8f621f
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/url.c | 62 ++++++++++++++++++++++++++++++++++++++++----------------------
|
||||
1 file changed, 40 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index 17279bb..f32c8cf 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -3107,12 +3107,17 @@ ConnectionExists(struct SessionHandle *data,
|
||||
struct connectdata *check;
|
||||
struct connectdata *chosen = 0;
|
||||
bool canPipeline = IsPipeliningPossible(data, needle);
|
||||
+ struct connectbundle *bundle;
|
||||
+
|
||||
#ifdef USE_NTLM
|
||||
- bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) ||
|
||||
- (data->state.authhost.want & CURLAUTH_NTLM_WB)) &&
|
||||
- (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE;
|
||||
+ bool wantNTLMhttp = ((data->state.authhost.want &
|
||||
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
|
||||
+ (needle->handler->protocol & PROTO_FAMILY_HTTP));
|
||||
+ bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd &&
|
||||
+ ((data->state.authproxy.want &
|
||||
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
|
||||
+ (needle->handler->protocol & PROTO_FAMILY_HTTP)));
|
||||
#endif
|
||||
- struct connectbundle *bundle;
|
||||
|
||||
*force_reuse = FALSE;
|
||||
*waitpipe = FALSE;
|
||||
@@ -3152,9 +3157,6 @@ ConnectionExists(struct SessionHandle *data,
|
||||
curr = bundle->conn_list->head;
|
||||
while(curr) {
|
||||
bool match = FALSE;
|
||||
-#if defined(USE_NTLM)
|
||||
- bool credentialsMatch = FALSE;
|
||||
-#endif
|
||||
size_t pipeLen;
|
||||
|
||||
/*
|
||||
@@ -3262,21 +3264,14 @@ ConnectionExists(struct SessionHandle *data,
|
||||
continue;
|
||||
}
|
||||
|
||||
- if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST))
|
||||
-#ifdef USE_NTLM
|
||||
- || (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)
|
||||
-#endif
|
||||
- ) {
|
||||
- /* This protocol requires credentials per connection or is HTTP+NTLM,
|
||||
+ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
|
||||
+ /* This protocol requires credentials per connection,
|
||||
so verify that we're using the same name and password as well */
|
||||
if(!strequal(needle->user, check->user) ||
|
||||
!strequal(needle->passwd, check->passwd)) {
|
||||
/* one of them was different */
|
||||
continue;
|
||||
}
|
||||
-#if defined(USE_NTLM)
|
||||
- credentialsMatch = TRUE;
|
||||
-#endif
|
||||
}
|
||||
|
||||
if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||
|
||||
@@ -3335,20 +3330,43 @@ ConnectionExists(struct SessionHandle *data,
|
||||
possible. (Especially we must not reuse the same connection if
|
||||
partway through a handshake!) */
|
||||
if(wantNTLMhttp) {
|
||||
- if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) {
|
||||
- chosen = check;
|
||||
+ if(!strequal(needle->user, check->user) ||
|
||||
+ !strequal(needle->passwd, check->passwd))
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if(check->ntlm.state != NTLMSTATE_NONE) {
|
||||
+ /* Connection is using NTLM auth but we don't want NTLM */
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ /* Same for Proxy NTLM authentication */
|
||||
+ if(wantProxyNTLMhttp) {
|
||||
+ if(!strequal(needle->proxyuser, check->proxyuser) ||
|
||||
+ !strequal(needle->proxypasswd, check->proxypasswd))
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if(check->proxyntlm.state != NTLMSTATE_NONE) {
|
||||
+ /* Proxy connection is using NTLM auth but we don't want NTLM */
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ if(wantNTLMhttp || wantProxyNTLMhttp) {
|
||||
+ /* Credentials are already checked, we can use this connection */
|
||||
+ chosen = check;
|
||||
|
||||
+ if((wantNTLMhttp &&
|
||||
+ (check->ntlm.state != NTLMSTATE_NONE)) ||
|
||||
+ (wantProxyNTLMhttp &&
|
||||
+ (check->proxyntlm.state != NTLMSTATE_NONE))) {
|
||||
/* We must use this connection, no other */
|
||||
*force_reuse = TRUE;
|
||||
break;
|
||||
}
|
||||
- else if(credentialsMatch)
|
||||
- /* this is a backup choice */
|
||||
- chosen = check;
|
||||
+
|
||||
+ /* Continue look up for a better connection */
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
-
|
||||
if(canPipeline) {
|
||||
/* We can pipeline if we want to. Let's continue looking for
|
||||
the optimal connection to use, i.e the shortest pipe that is not
|
||||
--
|
||||
2.5.0
|
||||
|
63
0005-curl-7.43.0-ef0fdb83.patch
Normal file
63
0005-curl-7.43.0-ef0fdb83.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 635c0837cfb774053238a691378716286842d886 Mon Sep 17 00:00:00 2001
|
||||
From: Jay Satiro <raysatiro@yahoo.com>
|
||||
Date: Thu, 18 Jun 2015 19:35:04 -0400
|
||||
Subject: [PATCH] cookie: Fix bug in export if any-domain cookie is present
|
||||
|
||||
In 3013bb6 I had changed cookie export to ignore any-domain cookies,
|
||||
however the logic I used to do so was incorrect, and would lead to a
|
||||
busy loop in the case of exporting a cookie list that contained
|
||||
any-domain cookies. The result of that is worse though, because in that
|
||||
case the other cookies would not be written resulting in an empty file
|
||||
once the application is terminated to stop the busy loop.
|
||||
|
||||
Upstream-commit: ef0fdb83b89c87b63e94bf6ecdab5cd8c6458b2e
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/cookie.c | 9 ++-------
|
||||
1 file changed, 2 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||
index 94f2a8b..22730cf 100644
|
||||
--- a/lib/cookie.c
|
||||
+++ b/lib/cookie.c
|
||||
@@ -1274,9 +1274,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
|
||||
"# http://curl.haxx.se/docs/http-cookies.html\n"
|
||||
"# This file was generated by libcurl! Edit at your own risk.\n\n",
|
||||
out);
|
||||
- co = c->cookies;
|
||||
|
||||
- while(co) {
|
||||
+ for(co = c->cookies; co; co = co->next) {
|
||||
if(!co->domain)
|
||||
continue;
|
||||
format_ptr = get_netscape_format(co);
|
||||
@@ -1288,7 +1287,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
|
||||
}
|
||||
fprintf(out, "%s\n", format_ptr);
|
||||
free(format_ptr);
|
||||
- co=co->next;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1309,9 +1307,7 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
|
||||
(data->cookies->numcookies == 0))
|
||||
return NULL;
|
||||
|
||||
- c = data->cookies->cookies;
|
||||
-
|
||||
- while(c) {
|
||||
+ for(c = data->cookies->cookies; c; c = c->next) {
|
||||
if(!c->domain)
|
||||
continue;
|
||||
line = get_netscape_format(c);
|
||||
@@ -1326,7 +1322,6 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
|
||||
return NULL;
|
||||
}
|
||||
list = beg;
|
||||
- c = c->next;
|
||||
}
|
||||
|
||||
return list;
|
||||
--
|
||||
2.5.0
|
||||
|
73
0006-curl-7.43.0-effa575f.patch
Normal file
73
0006-curl-7.43.0-effa575f.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From d4211b7d47747af9d36796517167cce14ad5e47b Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 23 Feb 2016 10:31:52 +0100
|
||||
Subject: [PATCH] tests/sshserver.pl: use RSA instead of DSA for host auth
|
||||
|
||||
DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
|
||||
test cases to be skipped. Using RSA for host authentication works with
|
||||
both old and new versions of OpenSSH.
|
||||
|
||||
Reported-by: Karlson2k
|
||||
|
||||
Closes #676
|
||||
|
||||
Upstream-commit: effa575fc7f028ee71fda16209d3d81af336b730
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/sshhelp.pm | 4 ++--
|
||||
tests/sshserver.pl | 12 ++++++------
|
||||
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm
|
||||
index 914879b..6719f9f 100644
|
||||
--- a/tests/sshhelp.pm
|
||||
+++ b/tests/sshhelp.pm
|
||||
@@ -120,8 +120,8 @@ $sshlog = undef; # ssh client log file
|
||||
$sftplog = undef; # sftp client log file
|
||||
$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file
|
||||
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
|
||||
-$hstprvkeyf = 'curl_host_dsa_key'; # host private key file
|
||||
-$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
|
||||
+$hstprvkeyf = 'curl_host_rsa_key'; # host private key file
|
||||
+$hstpubkeyf = 'curl_host_rsa_key.pub'; # host public key file
|
||||
$cliprvkeyf = 'curl_client_key'; # client private key file
|
||||
$clipubkeyf = 'curl_client_key.pub'; # client public key file
|
||||
|
||||
diff --git a/tests/sshserver.pl b/tests/sshserver.pl
|
||||
index d8c2d6f..a99731a 100755
|
||||
--- a/tests/sshserver.pl
|
||||
+++ b/tests/sshserver.pl
|
||||
@@ -371,12 +371,12 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
|
||||
# Make sure all files are gone so ssh-keygen doesn't complain
|
||||
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
|
||||
logmsg 'generating host keys...' if($verbose);
|
||||
- if(system "\"$sshkeygen\" -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") {
|
||||
+ if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
|
||||
logmsg 'Could not generate host key';
|
||||
exit 1;
|
||||
}
|
||||
logmsg 'generating client keys...' if($verbose);
|
||||
- if(system "\"$sshkeygen\" -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") {
|
||||
+ if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
|
||||
logmsg 'Could not generate client key';
|
||||
exit 1;
|
||||
}
|
||||
@@ -729,11 +729,11 @@ if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
|
||||
if((! -e $knownhosts) || (! -s $knownhosts)) {
|
||||
logmsg 'generating ssh client known hosts file...' if($verbose);
|
||||
unlink($knownhosts);
|
||||
- if(open(DSAKEYFILE, "<$hstpubkeyf")) {
|
||||
- my @dsahostkey = do { local $/ = ' '; <DSAKEYFILE> };
|
||||
- if(close(DSAKEYFILE)) {
|
||||
+ if(open(RSAKEYFILE, "<$hstpubkeyf")) {
|
||||
+ my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
|
||||
+ if(close(RSAKEYFILE)) {
|
||||
if(open(KNOWNHOSTS, ">$knownhosts")) {
|
||||
- print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n";
|
||||
+ print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
|
||||
if(!close(KNOWNHOSTS)) {
|
||||
$error = "Error: cannot close file $knownhosts";
|
||||
}
|
||||
--
|
||||
2.5.0
|
||||
|
35
0007-curl-7.49.1-urlglob.patch
Normal file
35
0007-curl-7.49.1-urlglob.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 5a3eddc9c327dcc20620d8ae47b27f5085811c7e Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Fri, 3 Jun 2016 11:26:20 +0200
|
||||
Subject: [PATCH] tool_urlglob: fix off-by-one error in glob_parse()
|
||||
|
||||
... causing SIGSEGV while parsing URL with too many globs.
|
||||
Minimal example:
|
||||
|
||||
$ curl $(for i in $(seq 101); do printf '{a}'; done)
|
||||
|
||||
Reported-by: Romain Coltel
|
||||
Bug: https://bugzilla.redhat.com/1340757
|
||||
|
||||
Upstream-commit: 584d0121c353ed855115c39f6cbc009854018029
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/tool_urlglob.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
|
||||
index 70d17fe..a357b8b 100644
|
||||
--- a/src/tool_urlglob.c
|
||||
+++ b/src/tool_urlglob.c
|
||||
@@ -400,7 +400,7 @@ static CURLcode glob_parse(URLGlob *glob, char *pattern,
|
||||
}
|
||||
}
|
||||
|
||||
- if(++glob->size > GLOB_PATTERN_NUM)
|
||||
+ if(++glob->size >= GLOB_PATTERN_NUM)
|
||||
return GLOBERROR("too many globs", pos, CURLE_URL_MALFORMAT);
|
||||
}
|
||||
return res;
|
||||
--
|
||||
2.5.5
|
||||
|
34
0008-curl-7.47.1-CVE-2016-5421.patch
Normal file
34
0008-curl-7.47.1-CVE-2016-5421.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 31c621ee6dcc793cf3b11e4c062f396d3bdfb503 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Sun, 31 Jul 2016 01:09:04 +0200
|
||||
Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2016-5421
|
||||
Bug: https://curl.haxx.se/docs/adv_20160803C.html
|
||||
Reported-by: Marcelo Echeverria and Fernando Muñoz
|
||||
|
||||
Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/multi.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index b63f8bf..3ff5e86 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -1841,6 +1841,8 @@ static void close_all_connections(struct Curl_multi *multi)
|
||||
conn->data = multi->closure_handle;
|
||||
|
||||
sigpipe_ignore(conn->data, &pipe_st);
|
||||
+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
|
||||
+ pointer */
|
||||
/* This will remove the connection from the cache */
|
||||
(void)Curl_disconnect(conn, FALSE);
|
||||
sigpipe_restore(&pipe_st);
|
||||
--
|
||||
2.5.5
|
||||
|
73
0009-curl-7.47.1-CVE-2016-5419.patch
Normal file
73
0009-curl-7.47.1-CVE-2016-5419.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From 419fc844f483eefd4843a4c1ca30e8187923454a Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 1 Jul 2016 13:32:31 +0200
|
||||
Subject: [PATCH] TLS: switch off SSL session id when client cert is used
|
||||
|
||||
CVE-2016-5419
|
||||
Bug: https://curl.haxx.se/docs/adv_20160803A.html
|
||||
Reported-by: Bru Rom
|
||||
Contributions-by: Eric Rescorla and Ray Satiro
|
||||
|
||||
Upstream-commit: 247d890da88f9ee817079e246c59f3d7d12fde5f
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/url.c | 1 +
|
||||
lib/urldata.h | 1 +
|
||||
lib/vtls/vtls.c | 10 ++++++++++
|
||||
3 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index f32c8cf..be9cbea 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -5691,6 +5691,7 @@ static CURLcode create_conn(struct SessionHandle *data,
|
||||
data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
|
||||
data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
|
||||
data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST];
|
||||
+ data->set.ssl.clientcert = data->set.str[STRING_CERT];
|
||||
#ifdef USE_TLS_SRP
|
||||
data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
|
||||
data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index 05bda79..3abece7 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -346,6 +346,7 @@ struct ssl_config_data {
|
||||
char *CAfile; /* certificate to verify peer against */
|
||||
const char *CRLfile; /* CRL to check certificate revocation */
|
||||
const char *issuercert;/* optional issuer certificate filename */
|
||||
+ char *clientcert;
|
||||
char *random_file; /* path to file containing "random" data */
|
||||
char *egdsocket; /* path to file containing the EGD daemon socket */
|
||||
char *cipher_list; /* list of ciphers to use */
|
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
||||
index 42a2b58..879918b 100644
|
||||
--- a/lib/vtls/vtls.c
|
||||
+++ b/lib/vtls/vtls.c
|
||||
@@ -156,6 +156,15 @@ Curl_clone_ssl_config(struct ssl_config_data *source,
|
||||
else
|
||||
dest->random_file = NULL;
|
||||
|
||||
+ if(source->clientcert) {
|
||||
+ dest->clientcert = strdup(source->clientcert);
|
||||
+ if(!dest->clientcert)
|
||||
+ return FALSE;
|
||||
+ dest->sessionid = FALSE;
|
||||
+ }
|
||||
+ else
|
||||
+ dest->clientcert = NULL;
|
||||
+
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -166,6 +175,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc)
|
||||
Curl_safefree(sslc->cipher_list);
|
||||
Curl_safefree(sslc->egdsocket);
|
||||
Curl_safefree(sslc->random_file);
|
||||
+ Curl_safefree(sslc->clientcert);
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
2.5.5
|
||||
|
75
0010-curl-7.47.1-CVE-2016-5420.patch
Normal file
75
0010-curl-7.47.1-CVE-2016-5420.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From 871472d6249864f8e91031045833349032caca74 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Sun, 31 Jul 2016 00:51:48 +0200
|
||||
Subject: [PATCH 1/2] TLS: only reuse connections with the same client cert
|
||||
|
||||
CVE-2016-5420
|
||||
Bug: https://curl.haxx.se/docs/adv_20160803B.html
|
||||
|
||||
Upstream-commit: 11ec5ad4352bba384404c56e77c7fab9382fd22d
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/vtls.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
||||
index 879918b..08e2405 100644
|
||||
--- a/lib/vtls/vtls.c
|
||||
+++ b/lib/vtls/vtls.c
|
||||
@@ -99,6 +99,7 @@ Curl_ssl_config_matches(struct ssl_config_data* data,
|
||||
(data->verifyhost == needle->verifyhost) &&
|
||||
safe_strequal(data->CApath, needle->CApath) &&
|
||||
safe_strequal(data->CAfile, needle->CAfile) &&
|
||||
+ safe_strequal(data->clientcert, needle->clientcert) &&
|
||||
safe_strequal(data->random_file, needle->random_file) &&
|
||||
safe_strequal(data->egdsocket, needle->egdsocket) &&
|
||||
safe_strequal(data->cipher_list, needle->cipher_list))
|
||||
--
|
||||
2.5.5
|
||||
|
||||
|
||||
From 2430e5ed89222f09e6042c9da89472a4e54b0af7 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 22 Aug 2016 10:24:35 +0200
|
||||
Subject: [PATCH 2/2] nss: refuse previously loaded certificate from file
|
||||
|
||||
... when we are not asked to use a certificate from file
|
||||
|
||||
Upstream-commit: 7700fcba64bf5806de28f6c1c7da3b4f0b38567d
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index 722ea88..35fa50d 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1005,10 +1005,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
||||
struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
|
||||
struct SessionHandle *data = connssl->data;
|
||||
const char *nickname = connssl->client_nickname;
|
||||
+ static const char pem_slotname[] = "PEM Token #1";
|
||||
|
||||
if(connssl->obj_clicert) {
|
||||
/* use the cert/key provided by PEM reader */
|
||||
- static const char pem_slotname[] = "PEM Token #1";
|
||||
SECItem cert_der = { 0, NULL, 0 };
|
||||
void *proto_win = SSL_RevealPinArg(sock);
|
||||
struct CERTCertificateStr *cert;
|
||||
@@ -1070,6 +1070,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
||||
if(NULL == nickname)
|
||||
nickname = "[unknown]";
|
||||
|
||||
+ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
|
||||
+ failf(data, "NSS: refusing previously loaded certificate from file: %s",
|
||||
+ nickname);
|
||||
+ return SECFailure;
|
||||
+ }
|
||||
+
|
||||
if(NULL == *pRetKey) {
|
||||
failf(data, "NSS: private key not found for certificate: %s", nickname);
|
||||
return SECFailure;
|
||||
--
|
||||
2.7.4
|
||||
|
97
0011-curl-7.47.1-find-slot-race.patch
Normal file
97
0011-curl-7.47.1-find-slot-race.patch
Normal file
@ -0,0 +1,97 @@
|
||||
From 5812a71c283936b85a77bd2745d4c6bb673cb55f Mon Sep 17 00:00:00 2001
|
||||
From: Peter Wang <novalazy@gmail.com>
|
||||
Date: Fri, 26 Aug 2016 16:28:39 +1000
|
||||
Subject: [PATCH] nss: work around race condition in PK11_FindSlotByName()
|
||||
|
||||
Serialise the call to PK11_FindSlotByName() to avoid spurious errors in
|
||||
a multi-threaded environment. The underlying cause is a race condition
|
||||
in nssSlot_IsTokenPresent().
|
||||
|
||||
Bug: https://bugzilla.mozilla.org/1297397
|
||||
|
||||
Closes #985
|
||||
|
||||
Upstream-commit: 3a5d5de9ef52ebe8ca2bda2165edc1b34c242e54
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/vtls/nss.c | 22 +++++++++++++++++++---
|
||||
1 file changed, 19 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index e467360..1465c03 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -81,6 +81,7 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
|
||||
|
||||
PRLock * nss_initlock = NULL;
|
||||
PRLock * nss_crllock = NULL;
|
||||
+PRLock *nss_findslot_lock = NULL;
|
||||
struct curl_llist *nss_crl_list = NULL;
|
||||
NSSInitContext * nss_context = NULL;
|
||||
|
||||
@@ -334,6 +335,19 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+/* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition
|
||||
+ * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more
|
||||
+ * details, go to <https://bugzilla.mozilla.org/1297397>.
|
||||
+ */
|
||||
+static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name)
|
||||
+{
|
||||
+ PK11SlotInfo *slot;
|
||||
+ PR_Lock(nss_initlock);
|
||||
+ slot = PK11_FindSlotByName(slot_name);
|
||||
+ PR_Unlock(nss_initlock);
|
||||
+ return slot;
|
||||
+}
|
||||
+
|
||||
/* Call PK11_CreateGenericObject() with the given obj_class and filename. If
|
||||
* the call succeeds, append the object handle to the list of objects so that
|
||||
* the object can be destroyed in Curl_nss_close(). */
|
||||
@@ -356,7 +370,7 @@ static CURLcode nss_create_object(struct ssl_connect_data *ssl,
|
||||
if(!slot_name)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
- slot = PK11_FindSlotByName(slot_name);
|
||||
+ slot = nss_find_slot_by_name(slot_name);
|
||||
free(slot_name);
|
||||
if(!slot)
|
||||
return result;
|
||||
@@ -557,7 +571,7 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
||||
return result;
|
||||
}
|
||||
|
||||
- slot = PK11_FindSlotByName("PEM Token #1");
|
||||
+ slot = nss_find_slot_by_name("PEM Token #1");
|
||||
if(!slot)
|
||||
return CURLE_SSL_CERTPROBLEM;
|
||||
|
||||
@@ -1014,7 +1028,7 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
||||
struct CERTCertificateStr *cert;
|
||||
struct SECKEYPrivateKeyStr *key;
|
||||
|
||||
- PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
|
||||
+ PK11SlotInfo *slot = nss_find_slot_by_name(pem_slotname);
|
||||
if(NULL == slot) {
|
||||
failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
|
||||
return SECFailure;
|
||||
@@ -1250,6 +1264,7 @@ int Curl_nss_init(void)
|
||||
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
|
||||
nss_initlock = PR_NewLock();
|
||||
nss_crllock = PR_NewLock();
|
||||
+ nss_findslot_lock = PR_NewLock();
|
||||
}
|
||||
|
||||
/* We will actually initialize NSS later */
|
||||
@@ -1304,6 +1319,7 @@ void Curl_nss_cleanup(void)
|
||||
|
||||
PR_DestroyLock(nss_initlock);
|
||||
PR_DestroyLock(nss_crllock);
|
||||
+ PR_DestroyLock(nss_findslot_lock);
|
||||
nss_initlock = NULL;
|
||||
|
||||
initialized = 0;
|
||||
--
|
||||
2.7.4
|
||||
|
94
0012-curl-7.47.1-CVE-2016-7167.patch
Normal file
94
0012-curl-7.47.1-CVE-2016-7167.patch
Normal file
@ -0,0 +1,94 @@
|
||||
From 7959c5713bbec03c9284a14b1fdd7379520199bc Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 8 Sep 2016 22:59:54 +0200
|
||||
Subject: [PATCH 1/2] curl_easy_escape: deny negative string lengths as input
|
||||
|
||||
CVE-2016-7167
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20160914.html
|
||||
|
||||
Upstream-commit: 826a9ced2bed217155e34065ef4048931f327b1e
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/escape.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/escape.c b/lib/escape.c
|
||||
index 40338a9..c6aa3b9 100644
|
||||
--- a/lib/escape.c
|
||||
+++ b/lib/escape.c
|
||||
@@ -78,15 +78,21 @@ char *curl_unescape(const char *string, int length)
|
||||
|
||||
char *curl_easy_escape(CURL *handle, const char *string, int inlength)
|
||||
{
|
||||
- size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
|
||||
+ size_t alloc;
|
||||
char *ns;
|
||||
char *testing_ptr = NULL;
|
||||
unsigned char in; /* we need to treat the characters unsigned */
|
||||
- size_t newlen = alloc;
|
||||
+ size_t newlen;
|
||||
size_t strindex=0;
|
||||
size_t length;
|
||||
CURLcode result;
|
||||
|
||||
+ if(inlength < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ alloc = (inlength?(size_t)inlength:strlen(string))+1;
|
||||
+ newlen = alloc;
|
||||
+
|
||||
ns = malloc(alloc);
|
||||
if(!ns)
|
||||
return NULL;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
||||
From 6a280152e3893938e5d26f5d535613eefab80b5a Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 13 Sep 2016 23:00:50 +0200
|
||||
Subject: [PATCH 2/2] curl_easy_unescape: deny negative string lengths as input
|
||||
|
||||
CVE-2016-7167
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20160914.html
|
||||
|
||||
Upstream-commit: 01cf1308ee2e792c77bb1d2c9218c56a30fd40ae
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/escape.c | 18 ++++++++++--------
|
||||
1 file changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/escape.c b/lib/escape.c
|
||||
index c6aa3b9..808ac6c 100644
|
||||
--- a/lib/escape.c
|
||||
+++ b/lib/escape.c
|
||||
@@ -217,14 +217,16 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
|
||||
int *olen)
|
||||
{
|
||||
char *str = NULL;
|
||||
- size_t inputlen = length;
|
||||
- size_t outputlen;
|
||||
- CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
|
||||
- FALSE);
|
||||
- if(res)
|
||||
- return NULL;
|
||||
- if(olen)
|
||||
- *olen = curlx_uztosi(outputlen);
|
||||
+ if(length >= 0) {
|
||||
+ size_t inputlen = length;
|
||||
+ size_t outputlen;
|
||||
+ CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
|
||||
+ FALSE);
|
||||
+ if(res)
|
||||
+ return NULL;
|
||||
+ if(olen)
|
||||
+ *olen = curlx_uztosi(outputlen);
|
||||
+ }
|
||||
return str;
|
||||
}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
96
curl.spec
96
curl.spec
@ -1,12 +1,48 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.43.0
|
||||
Release: 1%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
Source2: curlbuild.h
|
||||
|
||||
# prevent dnf from crashing when using both FTP and HTTP (#1248389)
|
||||
Patch1: 0001-curl-7.43.0-f7dcc7c1.patch
|
||||
|
||||
# prevent test46 from failing due to expired cookie
|
||||
Patch2: 0002-curl-7.43.0-002d58f1.patch
|
||||
|
||||
# prevent NSS from incorrectly re-using a session (#1104597)
|
||||
Patch3: 0003-curl-7.43.0-958d2ffb.patch
|
||||
|
||||
# match credentials when re-using a proxy connection (CVE-2016-0755)
|
||||
Patch4: 0004-curl-7.43.0-CVE-2016-0755.patch
|
||||
|
||||
# cookie: fix bug in export if any-domain cookie is present (#1311907)
|
||||
Patch5: 0005-curl-7.43.0-ef0fdb83.patch
|
||||
|
||||
# tests/sshserver.pl: use RSA instead of DSA for host auth
|
||||
Patch6: 0006-curl-7.43.0-effa575f.patch
|
||||
|
||||
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
Patch7: 0007-curl-7.49.1-urlglob.patch
|
||||
|
||||
# fix use of connection struct after free (CVE-2016-5421)
|
||||
Patch8: 0008-curl-7.47.1-CVE-2016-5421.patch
|
||||
|
||||
# fix TLS session resumption client cert bypass (CVE-2016-5419)
|
||||
Patch9: 0009-curl-7.47.1-CVE-2016-5419.patch
|
||||
|
||||
# fix re-using connections with wrong client cert (CVE-2016-5420)
|
||||
Patch10: 0010-curl-7.47.1-CVE-2016-5420.patch
|
||||
|
||||
# work around race condition in PK11_FindSlotByName()
|
||||
Patch11: 0011-curl-7.47.1-find-slot-race.patch
|
||||
|
||||
# reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)
|
||||
Patch12: 0012-curl-7.47.1-CVE-2016-7167.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -26,6 +62,7 @@ BuildRequires: groff
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libidn-devel
|
||||
BuildRequires: libmetalink-devel
|
||||
BuildRequires: libnghttp2-devel
|
||||
BuildRequires: libssh2-devel
|
||||
BuildRequires: nss-devel
|
||||
BuildRequires: openldap-devel
|
||||
@ -51,7 +88,12 @@ BuildRequires: perl(Time::HiRes)
|
||||
BuildRequires: perl(warnings)
|
||||
BuildRequires: perl(vars)
|
||||
|
||||
# require valgrind to boost test coverage on i386 and x86_64
|
||||
# The test-suite runs automatically trough valgrind if valgrind is available
|
||||
# on the system. By not installing valgrind into mock's chroot, we disable
|
||||
# this feature for production builds on architectures where valgrind is known
|
||||
# to be less reliable, in order to avoid unnecessary build failures (see RHBZ
|
||||
# #810992, #816175, and #886891). Nevertheless developers are free to install
|
||||
# valgrind manually to improve test coverage on any architecture.
|
||||
%ifarch %{ix86} x86_64
|
||||
BuildRequires: valgrind
|
||||
%endif
|
||||
@ -111,6 +153,18 @@ documentation of the library, too.
|
||||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -125,8 +179,9 @@ cd tests/data/
|
||||
sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test{309,1028,1055,1056}
|
||||
cd -
|
||||
|
||||
# disable test 1112 (#565305)
|
||||
printf "1112\n" >> tests/data/DISABLED
|
||||
# disable test 1112 (#565305) and test 1801
|
||||
# <https://github.com/bagder/curl/commit/21e82bd6#commitcomment-12226582>
|
||||
printf "1112\n1801\n" >> tests/data/DISABLED
|
||||
|
||||
# disable test 1319 on ppc64 (server times out)
|
||||
%ifarch ppc64
|
||||
@ -146,6 +201,7 @@ echo "1319" >> tests/data/DISABLED
|
||||
--with-libidn \
|
||||
--with-libmetalink \
|
||||
--with-libssh2 \
|
||||
--with-nghttp2 \
|
||||
--without-ssl --with-nss
|
||||
# --enable-debug
|
||||
# use ^^^ to turn off optimizations, etc.
|
||||
@ -228,6 +284,38 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Wed Sep 14 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-10
|
||||
- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)
|
||||
|
||||
* Fri Aug 26 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-9
|
||||
- work around race condition in PK11_FindSlotByName()
|
||||
- fix incorrect use of a previously loaded certificate from file
|
||||
(related to CVE-2016-5420)
|
||||
|
||||
* Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-8
|
||||
- fix re-using connections with wrong client cert (CVE-2016-5420)
|
||||
- fix TLS session resumption client cert bypass (CVE-2016-5419)
|
||||
- fix use of connection struct after free (CVE-2016-5421)
|
||||
|
||||
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-7
|
||||
- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
|
||||
* Thu Feb 25 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-6
|
||||
- cookie: fix bug in export if any-domain cookie is present (#1311907)
|
||||
|
||||
* Wed Jan 27 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-5
|
||||
- match credentials when re-using a proxy connection (CVE-2016-0755)
|
||||
|
||||
* Fri Sep 18 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-4
|
||||
- prevent NSS from incorrectly re-using a session (#1104597)
|
||||
|
||||
* Thu Aug 27 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-3
|
||||
- prevent test46 from failing due to expired cookie
|
||||
|
||||
* Thu Jul 30 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-2
|
||||
- prevent dnf from crashing when using both FTP and HTTP (#1248389)
|
||||
- build support for the HTTP/2 protocol
|
||||
|
||||
* Wed Jun 17 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-1
|
||||
- new upstream release (fixes CVE-2015-3236 and CVE-2015-3237)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user