Compare commits
16 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
b989ec64dd | ||
|
b57697f5e7 | ||
|
1d25e0a73d | ||
|
41c348c5d6 | ||
|
363f2e4047 | ||
|
70232dde43 | ||
|
999ed7944f | ||
|
dac11f1d10 | ||
|
8df27a6217 | ||
|
9de001fb26 | ||
|
b3c6d97e26 | ||
|
51f07044e3 | ||
|
3a4404c668 | ||
|
81eb511a57 | ||
|
2bcb05aea4 | ||
|
7576775e08 |
63
0001-curl-7.61.1-test320-gnutls.patch
Normal file
63
0001-curl-7.61.1-test320-gnutls.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 4 Oct 2018 15:34:13 +0200
|
||||||
|
Subject: [PATCH] test320: strip out more HTML when comparing
|
||||||
|
|
||||||
|
To make the test case work with different gnutls-serv versions better.
|
||||||
|
|
||||||
|
Reported-by: Kamil Dudka
|
||||||
|
Fixes #3093
|
||||||
|
Closes #3094
|
||||||
|
|
||||||
|
Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/test320 | 24 ++++--------------------
|
||||||
|
1 file changed, 4 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/data/test320 b/tests/data/test320
|
||||||
|
index 457a11eb2..87311d4f2 100644
|
||||||
|
--- a/tests/data/test320
|
||||||
|
+++ b/tests/data/test320
|
||||||
|
@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response
|
||||||
|
HTTP/1.0 200 OK
|
||||||
|
Content-type: text/html
|
||||||
|
|
||||||
|
-
|
||||||
|
-<HTML><BODY>
|
||||||
|
-<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GnuTLS</a></H1></CENTER>
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
|
||||||
|
-<p>Connected as user 'jsmith'.</p>
|
||||||
|
-<P>
|
||||||
|
-<TABLE border=1><TR><TD></TD></TR>
|
||||||
|
-<TR><TD>Key Exchange:</TD><TD>SRP</TD></TR>
|
||||||
|
-<TR><TD>Compression</TD><TD>NULL</TD></TR>
|
||||||
|
-<TR><TD>Cipher</TD><TD>AES-NNN-CBC</TD></TR>
|
||||||
|
-<TR><TD>MAC</TD><TD>SHA1</TD></TR>
|
||||||
|
-<TR><TD>Ciphersuite</TD><TD>SRP_SHA_AES_NNN_CBC_SHA1</TD></TR></p></TABLE>
|
||||||
|
-<hr><P>Your HTTP header was:<PRE>Host: %HOSTIP:%HTTPTLSPORT
|
||||||
|
+FINE
|
||||||
|
User-Agent: curl-test-suite
|
||||||
|
Accept: */*
|
||||||
|
|
||||||
|
-</PRE></P>
|
||||||
|
-</BODY></HTML>
|
||||||
|
-
|
||||||
|
</file>
|
||||||
|
<stripfile>
|
||||||
|
-s/^<p>Session ID:.*//
|
||||||
|
+s/^<p>Connected as user 'jsmith'.*/FINE/
|
||||||
|
s/Protocol version:.*[0-9]//
|
||||||
|
s/GNUTLS/GnuTLS/
|
||||||
|
s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/
|
||||||
|
+s/^<.*\n//
|
||||||
|
+s/^\n//
|
||||||
|
</stripfile>
|
||||||
|
</verify>
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -1,316 +0,0 @@
|
|||||||
From 37a36231c5e34ae31b1968481fad2e8d76613fbd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Stenberg <daniel@haxx.se>
|
|
||||||
Date: Wed, 13 Nov 2019 11:33:29 +0100
|
|
||||||
Subject: [PATCH] curl: fix -T globbing
|
|
||||||
|
|
||||||
Regression from e59371a4936f8 (7.67.0)
|
|
||||||
|
|
||||||
Added test 490, 491 and 492 to verify the functionality.
|
|
||||||
|
|
||||||
Reported-by: Kamil Dudka
|
|
||||||
Reported-by: Anderson Sasaki
|
|
||||||
|
|
||||||
Fixes #4588
|
|
||||||
Closes #4591
|
|
||||||
|
|
||||||
Upstream-commit: 7a46aeb0be3fa00826b0c47a8bc06eddff448659
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
src/tool_operate.c | 15 ++++---
|
|
||||||
tests/data/Makefile.inc | 2 +
|
|
||||||
tests/data/test490 | 68 +++++++++++++++++++++++++++++++
|
|
||||||
tests/data/test491 | 64 +++++++++++++++++++++++++++++
|
|
||||||
tests/data/test492 | 89 +++++++++++++++++++++++++++++++++++++++++
|
|
||||||
5 files changed, 232 insertions(+), 6 deletions(-)
|
|
||||||
create mode 100644 tests/data/test490
|
|
||||||
create mode 100644 tests/data/test491
|
|
||||||
create mode 100644 tests/data/test492
|
|
||||||
|
|
||||||
diff --git a/src/tool_operate.c b/src/tool_operate.c
|
|
||||||
index 3087d2d..4ecb1ed 100644
|
|
||||||
--- a/src/tool_operate.c
|
|
||||||
+++ b/src/tool_operate.c
|
|
||||||
@@ -829,12 +829,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
|
|
||||||
separator = ((!state->outfiles ||
|
|
||||||
!strcmp(state->outfiles, "-")) && urlnum > 1);
|
|
||||||
|
|
||||||
- /* Here's looping around each globbed URL */
|
|
||||||
-
|
|
||||||
- if(state->li >= urlnum) {
|
|
||||||
- state->li = 0;
|
|
||||||
- state->up++;
|
|
||||||
- }
|
|
||||||
if(state->up < state->infilenum) {
|
|
||||||
struct per_transfer *per;
|
|
||||||
struct OutStruct *outs;
|
|
||||||
@@ -1908,6 +1902,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
|
|
||||||
per->retrystart = tvnow();
|
|
||||||
|
|
||||||
state->li++;
|
|
||||||
+ /* Here's looping around each globbed URL */
|
|
||||||
+ if(state->li >= urlnum) {
|
|
||||||
+ state->li = 0;
|
|
||||||
+ state->urlnum = 0; /* forced reglob of URLs */
|
|
||||||
+ glob_cleanup(state->urls);
|
|
||||||
+ state->urls = NULL;
|
|
||||||
+ state->up++;
|
|
||||||
+ Curl_safefree(state->uploadfile); /* clear it to get the next */
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
/* Free this URL node data without destroying the
|
|
||||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
|
||||||
index 557f928..212900e 100644
|
|
||||||
--- a/tests/data/Makefile.inc
|
|
||||||
+++ b/tests/data/Makefile.inc
|
|
||||||
@@ -66,6 +66,8 @@ test393 test394 test395 \
|
|
||||||
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
|
|
||||||
test409 \
|
|
||||||
\
|
|
||||||
+test490 test491 test492 \
|
|
||||||
+\
|
|
||||||
test500 test501 test502 test503 test504 test505 test506 test507 test508 \
|
|
||||||
test509 test510 test511 test512 test513 test514 test515 test516 test517 \
|
|
||||||
test518 test519 test520 test521 test522 test523 test524 test525 test526 \
|
|
||||||
diff --git a/tests/data/test490 b/tests/data/test490
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..a3383a9
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/data/test490
|
|
||||||
@@ -0,0 +1,68 @@
|
|
||||||
+<testcase>
|
|
||||||
+<info>
|
|
||||||
+<keywords>
|
|
||||||
+HTTP
|
|
||||||
+HTTP PUT
|
|
||||||
+</keywords>
|
|
||||||
+</info>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Server-side
|
|
||||||
+<reply>
|
|
||||||
+<data>
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Server: test-server/fake
|
|
||||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
+ETag: "21025-dc7-39462498"
|
|
||||||
+Accept-Ranges: bytes
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+
|
|
||||||
+-foo-
|
|
||||||
+</data>
|
|
||||||
+</reply>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Client-side
|
|
||||||
+<client>
|
|
||||||
+<server>
|
|
||||||
+http
|
|
||||||
+</server>
|
|
||||||
+ <name>
|
|
||||||
+Two globbed HTTP PUTs
|
|
||||||
+ </name>
|
|
||||||
+ <command>
|
|
||||||
+http://%HOSTIP:%HTTPPORT/490 -T '{log/in490,log/in490}'
|
|
||||||
+</command>
|
|
||||||
+<file name="log/in490">
|
|
||||||
+surprise!
|
|
||||||
+</file>
|
|
||||||
+</client>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Verify data after the test has been "shot"
|
|
||||||
+<verify>
|
|
||||||
+<strip>
|
|
||||||
+^User-Agent:.*
|
|
||||||
+</strip>
|
|
||||||
+<protocol>
|
|
||||||
+PUT /490 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Content-Length: 10
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+surprise!
|
|
||||||
+PUT /490 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Content-Length: 10
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+surprise!
|
|
||||||
+</protocol>
|
|
||||||
+</verify>
|
|
||||||
+</testcase>
|
|
||||||
diff --git a/tests/data/test491 b/tests/data/test491
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..b49c06c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/data/test491
|
|
||||||
@@ -0,0 +1,64 @@
|
|
||||||
+<testcase>
|
|
||||||
+<info>
|
|
||||||
+<keywords>
|
|
||||||
+HTTP
|
|
||||||
+HTTP PUT
|
|
||||||
+</keywords>
|
|
||||||
+</info>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Server-side
|
|
||||||
+<reply>
|
|
||||||
+<data>
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Server: test-server/fake
|
|
||||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
+ETag: "21025-dc7-39462498"
|
|
||||||
+Accept-Ranges: bytes
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+
|
|
||||||
+-foo-
|
|
||||||
+</data>
|
|
||||||
+</reply>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Client-side
|
|
||||||
+<client>
|
|
||||||
+<server>
|
|
||||||
+http
|
|
||||||
+</server>
|
|
||||||
+ <name>
|
|
||||||
+Two globbed HTTP PUTs, the second upload file is missing
|
|
||||||
+ </name>
|
|
||||||
+ <command>
|
|
||||||
+http://%HOSTIP:%HTTPPORT/491 -T '{log/in491,log/bad491}'
|
|
||||||
+</command>
|
|
||||||
+<file name="log/in491">
|
|
||||||
+surprise!
|
|
||||||
+</file>
|
|
||||||
+</client>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Verify data after the test has been "shot"
|
|
||||||
+<verify>
|
|
||||||
+<strip>
|
|
||||||
+^User-Agent:.*
|
|
||||||
+</strip>
|
|
||||||
+<protocol>
|
|
||||||
+PUT /491 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Content-Length: 10
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+surprise!
|
|
||||||
+</protocol>
|
|
||||||
+<errorcode>
|
|
||||||
+26
|
|
||||||
+</errorcode>
|
|
||||||
+</verify>
|
|
||||||
+</testcase>
|
|
||||||
diff --git a/tests/data/test492 b/tests/data/test492
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..12edd8b
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/data/test492
|
|
||||||
@@ -0,0 +1,89 @@
|
|
||||||
+<testcase>
|
|
||||||
+<info>
|
|
||||||
+<keywords>
|
|
||||||
+HTTP
|
|
||||||
+HTTP PUT
|
|
||||||
+</keywords>
|
|
||||||
+</info>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Server-side
|
|
||||||
+<reply>
|
|
||||||
+<data>
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Server: test-server/fake
|
|
||||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
+ETag: "21025-dc7-39462498"
|
|
||||||
+Accept-Ranges: bytes
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+
|
|
||||||
+-foo-
|
|
||||||
+</data>
|
|
||||||
+</reply>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Client-side
|
|
||||||
+<client>
|
|
||||||
+<server>
|
|
||||||
+http
|
|
||||||
+</server>
|
|
||||||
+ <name>
|
|
||||||
+Two globbed HTTP PUTs to two globbed URLs
|
|
||||||
+ </name>
|
|
||||||
+ <command>
|
|
||||||
+'http://%HOSTIP:%HTTPPORT/{one,two}/' -T '{log/first492,log/second492}' -H "Testno: 492"
|
|
||||||
+</command>
|
|
||||||
+<file name="log/first492">
|
|
||||||
+first 492 contents
|
|
||||||
+</file>
|
|
||||||
+<file1 name="log/second492">
|
|
||||||
+second 492 contents
|
|
||||||
+</file1>
|
|
||||||
+</client>
|
|
||||||
+
|
|
||||||
+#
|
|
||||||
+# Verify data after the test has been "shot"
|
|
||||||
+<verify>
|
|
||||||
+<strip>
|
|
||||||
+^User-Agent:.*
|
|
||||||
+</strip>
|
|
||||||
+<protocol>
|
|
||||||
+PUT /one/first492 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Testno: 492
|
|
||||||
+Content-Length: 19
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+first 492 contents
|
|
||||||
+PUT /two/first492 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Testno: 492
|
|
||||||
+Content-Length: 19
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+first 492 contents
|
|
||||||
+PUT /one/second492 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Testno: 492
|
|
||||||
+Content-Length: 20
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+second 492 contents
|
|
||||||
+PUT /two/second492 HTTP/1.1
|
|
||||||
+Host: 127.0.0.1:8990
|
|
||||||
+Accept: */*
|
|
||||||
+Testno: 492
|
|
||||||
+Content-Length: 20
|
|
||||||
+Expect: 100-continue
|
|
||||||
+
|
|
||||||
+second 492 contents
|
|
||||||
+</protocol>
|
|
||||||
+</verify>
|
|
||||||
+</testcase>
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
28
0002-curl-7.61.1-tlsv1.0-man.patch
Normal file
28
0002-curl-7.61.1-tlsv1.0-man.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From c574e05b0035f0d78e6bf6040d3f80430112ab4f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Fri, 7 Sep 2018 16:50:45 +0200
|
||||||
|
Subject: [PATCH] docs/cmdline-opts: update the documentation of --tlsv1.0
|
||||||
|
|
||||||
|
... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
|
||||||
|
|
||||||
|
Closes #2955
|
||||||
|
|
||||||
|
Upstream-commit: 9ba22ce6b52751ed1e2abdd177b0a1d241819b4e
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
docs/cmdline-opts/tlsv1.0.d | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d
|
||||||
|
index 8789025e0..54e259682 100644
|
||||||
|
--- a/docs/cmdline-opts/tlsv1.0.d
|
||||||
|
+++ b/docs/cmdline-opts/tlsv1.0.d
|
||||||
|
@@ -3,4 +3,4 @@ Help: Use TLSv1.0
|
||||||
|
Protocols: TLS
|
||||||
|
Added: 7.34.0
|
||||||
|
---
|
||||||
|
-Forces curl to use TLS version 1.0 when connecting to a remote TLS server.
|
||||||
|
+Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server.
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
46
0003-curl-7.61.1-TLS-1.3-PHA.patch
Normal file
46
0003-curl-7.61.1-TLS-1.3-PHA.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From bb8ad3da3fb4ab3f6556daa1f67b259c12a3c7de Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christian Heimes <christian@python.org>
|
||||||
|
Date: Fri, 21 Sep 2018 10:37:43 +0200
|
||||||
|
Subject: [PATCH] OpenSSL: enable TLS 1.3 post-handshake auth
|
||||||
|
|
||||||
|
OpenSSL 1.1.1 requires clients to opt-in for post-handshake
|
||||||
|
authentication.
|
||||||
|
|
||||||
|
Fixes: https://github.com/curl/curl/issues/3026
|
||||||
|
Signed-off-by: Christian Heimes <christian@python.org>
|
||||||
|
|
||||||
|
Closes https://github.com/curl/curl/pull/3027
|
||||||
|
|
||||||
|
Upstream-commit: b939bc47b27cd57c6ebb852ad653933e4124b452
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vtls/openssl.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||||
|
index a487f55..78970d1 100644
|
||||||
|
--- a/lib/vtls/openssl.c
|
||||||
|
+++ b/lib/vtls/openssl.c
|
||||||
|
@@ -178,6 +178,7 @@ static unsigned long OpenSSL_version_num(void)
|
||||||
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
|
!defined(OPENSSL_IS_BORINGSSL))
|
||||||
|
#define HAVE_SSL_CTX_SET_CIPHERSUITES
|
||||||
|
+#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
@@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
||||||
|
+ /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
|
||||||
|
+ SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
||||||
|
char * const ssl_username = SSL_SET_OPTION(username);
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
81
0004-curl-7.61.1-CVE-2018-16842.patch
Normal file
81
0004-curl-7.61.1-CVE-2018-16842.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
From 27d6c92acdac671ddf8f77f72956b2181561f774 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Sun, 28 Oct 2018 01:33:23 +0200
|
||||||
|
Subject: [PATCH 1/2] voutf: fix bad arethmetic when outputting warnings to
|
||||||
|
stderr
|
||||||
|
|
||||||
|
CVE-2018-16842
|
||||||
|
Reported-by: Brian Carpenter
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
|
||||||
|
|
||||||
|
Upstream-commit: d530e92f59ae9bb2d47066c3c460b25d2ffeb211
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
src/tool_msgs.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/tool_msgs.c b/src/tool_msgs.c
|
||||||
|
index 9cce806..05bec39 100644
|
||||||
|
--- a/src/tool_msgs.c
|
||||||
|
+++ b/src/tool_msgs.c
|
||||||
|
@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
|
||||||
|
(void)fwrite(ptr, cut + 1, 1, config->errors);
|
||||||
|
fputs("\n", config->errors);
|
||||||
|
ptr += cut + 1; /* skip the space too */
|
||||||
|
- len -= cut;
|
||||||
|
+ len -= cut + 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
fputs(ptr, config->errors);
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 23f8c641b02e6c302d0e8cc5a5ee225a33b01f28 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Sun, 28 Oct 2018 10:43:57 +0100
|
||||||
|
Subject: [PATCH 2/2] test2080: verify the fix for CVE-2018-16842
|
||||||
|
|
||||||
|
Upstream-commit: 350306e4726b71b5b386fc30e3fecc039a807157
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/Makefile.inc | 4 ++--
|
||||||
|
tests/data/test2080 | Bin 0 -> 20659 bytes
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/data/test2080
|
||||||
|
|
||||||
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||||
|
index e045748..aa5fff0 100644
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -198,7 +198,7 @@ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
|
||||||
|
test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
|
||||||
|
test2064 test2065 test2066 test2067 test2068 test2069 \
|
||||||
|
\
|
||||||
|
-test2070 test2071 test2072 test2073 \
|
||||||
|
-test2074 test2075 \
|
||||||
|
+test2070 test2071 test2072 test2073 test2074 test2075 \
|
||||||
|
+test2080 \
|
||||||
|
\
|
||||||
|
test3000 test3001
|
||||||
|
diff --git a/tests/data/test2080 b/tests/data/test2080
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000000000000000000000000000..47e376ecb5d7879c0a98e392bff48ccc52e9db0a
|
||||||
|
GIT binary patch
|
||||||
|
literal 20659
|
||||||
|
zcmeI)Pj3@35QkyT{uI*`iBshYE(n>u@JB+F3kdG+t~asjwJY0gl}``eO+)FONU8ef
|
||||||
|
zl6Ca+%<OZ|nCeRHZE>A4K8~q<UAgUD%0ubY=PwtZRG;GL*UIRJ-;Lfy)u}p_A1>dz
|
||||||
|
zd{+G6l*#ToY+DU||F9%J1n*+KPxQ;7MapuoQ!&MMQSXmpqMh0_yS6g=;N;HNjilBk
|
||||||
|
zY$c?)mULZxib{;$g~jw~nrs|8b@sJI)_QmS_4(WLrNld}2Y0LEO$e>m->_NA&o$n!
|
||||||
|
z9^YDZ>cvMs2q1s}0tg_000PG)@a?$9VHyMwKmY**5I_I{1Q0m1z~!MEP#*yV5I_I{
|
||||||
|
z1Q0*~0R#|0009ILKmY**4ldvh-hl=PAb<b@2q1s}0tg`Rgaqum{m<+P&C93=Ab<b@
|
||||||
|
z2q1s}0tg_0z|jf3Ji3V(2mu5TK;StGoIK~3=iL!N0D=D{@VjlsoA=?(>-+Xw`j-8D
|
||||||
|
zzg+g?Rt8(G*s;1Sb>n1S94H%G<kGn)tFlRTrA%AW*RoyP3pi(fe!mc3WU^sQd2)l4
|
||||||
|
jB)+~1L0rx$OS-AbERTH}TH`mZ^*=|W_vMU!*i-li)g+9V
|
||||||
|
|
||||||
|
literal 0
|
||||||
|
HcmV?d00001
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
39
0005-curl-7.61.1-CVE-2018-16840.patch
Normal file
39
0005-curl-7.61.1-CVE-2018-16840.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 235f209a0e62edee654be441a50bb0c154edeaa5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 18 Oct 2018 15:07:15 +0200
|
||||||
|
Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
|
||||||
|
use-after-free
|
||||||
|
|
||||||
|
Regression from b46cfbc068 (7.59.0)
|
||||||
|
CVE-2018-16840
|
||||||
|
Reported-by: Brian Carpenter (Geeknik Labs)
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
|
||||||
|
|
||||||
|
Upstream-commit: 81d135d67155c5295b1033679c606165d4e28f3f
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/url.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index f159008..dcc1ecc 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data)
|
||||||
|
and detach this handle from there. */
|
||||||
|
curl_multi_remove_handle(data->multi, data);
|
||||||
|
|
||||||
|
- if(data->multi_easy)
|
||||||
|
+ if(data->multi_easy) {
|
||||||
|
/* when curl_easy_perform() is used, it creates its own multi handle to
|
||||||
|
use and this is the one */
|
||||||
|
curl_multi_cleanup(data->multi_easy);
|
||||||
|
+ data->multi_easy = NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Destroy the timeout list that is held in the easy handle. It is
|
||||||
|
/normally/ done by curl_multi_remove_handle() but this is "just in
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
31
0006-curl-7.61.1-CVE-2018-16839.patch
Normal file
31
0006-curl-7.61.1-CVE-2018-16839.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From ad9943254ded9a983af7d581e8a1f3317e8a8781 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 28 Sep 2018 16:08:16 +0200
|
||||||
|
Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
|
||||||
|
|
||||||
|
CVE-2018-16839
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
|
||||||
|
|
||||||
|
Upstream-commit: f3a24d7916b9173c69a3e0ee790102993833d6c5
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vauth/cleartext.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
|
||||||
|
index 5d61ce6..1367143 100644
|
||||||
|
--- a/lib/vauth/cleartext.c
|
||||||
|
+++ b/lib/vauth/cleartext.c
|
||||||
|
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
|
||||||
|
plen = strlen(passwdp);
|
||||||
|
|
||||||
|
/* Compute binary message length. Check for overflows. */
|
||||||
|
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
|
||||||
|
+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
plainlen = 2 * ulen + plen + 2;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
116
0007-curl-7.63.0-JO-preserve-local-file.patch
Normal file
116
0007-curl-7.63.0-JO-preserve-local-file.patch
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
From ff74657fb645e7175971128a171ef7d5ece40d77 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 17 Dec 2018 12:51:51 +0100
|
||||||
|
Subject: [PATCH] curl -J: do not append to the destination file
|
||||||
|
|
||||||
|
Reported-by: Kamil Dudka
|
||||||
|
Fixes #3380
|
||||||
|
Closes #3381
|
||||||
|
|
||||||
|
Upstream-commit: 4849267197682e69cfa056c2bd7a44acd123a917
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
src/tool_cb_hdr.c | 6 +++---
|
||||||
|
src/tool_cb_wrt.c | 9 ++++-----
|
||||||
|
src/tool_cb_wrt.h | 2 +-
|
||||||
|
src/tool_operate.c | 2 +-
|
||||||
|
4 files changed, 9 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
|
||||||
|
index 84b0d9c..3844904 100644
|
||||||
|
--- a/src/tool_cb_hdr.c
|
||||||
|
+++ b/src/tool_cb_hdr.c
|
||||||
|
@@ -148,12 +148,12 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
|
||||||
|
outs->filename = filename;
|
||||||
|
outs->alloc_filename = TRUE;
|
||||||
|
hdrcbdata->honor_cd_filename = FALSE; /* done now! */
|
||||||
|
- if(!tool_create_output_file(outs, TRUE))
|
||||||
|
+ if(!tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -162,7 +162,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
|
||||||
|
/* bold headers only happen for HTTP(S) and RTSP */
|
||||||
|
char *value = NULL;
|
||||||
|
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
|
||||||
|
if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output)
|
||||||
|
diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
|
||||||
|
index 2cb5e1b..195d6e7 100644
|
||||||
|
--- a/src/tool_cb_wrt.c
|
||||||
|
+++ b/src/tool_cb_wrt.c
|
||||||
|
@@ -32,8 +32,7 @@
|
||||||
|
#include "memdebug.h" /* keep this as LAST include */
|
||||||
|
|
||||||
|
/* create a local file for writing, return TRUE on success */
|
||||||
|
-bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
- bool append)
|
||||||
|
+bool tool_create_output_file(struct OutStruct *outs)
|
||||||
|
{
|
||||||
|
struct GlobalConfig *global = outs->config->global;
|
||||||
|
FILE *file;
|
||||||
|
@@ -43,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(outs->is_cd_filename && !append) {
|
||||||
|
+ if(outs->is_cd_filename) {
|
||||||
|
/* don't overwrite existing files */
|
||||||
|
file = fopen(outs->filename, "rb");
|
||||||
|
if(file) {
|
||||||
|
@@ -55,7 +54,7 @@ bool tool_create_output_file(struct OutStruct *outs,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* open file for writing */
|
||||||
|
- file = fopen(outs->filename, append?"ab":"wb");
|
||||||
|
+ file = fopen(outs->filename, "wb");
|
||||||
|
if(!file) {
|
||||||
|
warnf(global, "Failed to create the file %s: %s\n", outs->filename,
|
||||||
|
strerror(errno));
|
||||||
|
@@ -142,7 +141,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- if(!outs->stream && !tool_create_output_file(outs, FALSE))
|
||||||
|
+ if(!outs->stream && !tool_create_output_file(outs))
|
||||||
|
return failure;
|
||||||
|
|
||||||
|
if(is_tty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
|
||||||
|
diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h
|
||||||
|
index 51e002b..188d3ea 100644
|
||||||
|
--- a/src/tool_cb_wrt.h
|
||||||
|
+++ b/src/tool_cb_wrt.h
|
||||||
|
@@ -30,7 +30,7 @@
|
||||||
|
size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata);
|
||||||
|
|
||||||
|
/* create a local file for writing, return TRUE on success */
|
||||||
|
-bool tool_create_output_file(struct OutStruct *outs, bool append);
|
||||||
|
+bool tool_create_output_file(struct OutStruct *outs);
|
||||||
|
|
||||||
|
#endif /* HEADER_CURL_TOOL_CB_WRT_H */
|
||||||
|
|
||||||
|
diff --git a/src/tool_operate.c b/src/tool_operate.c
|
||||||
|
index e53a9d8..429e9cf 100644
|
||||||
|
--- a/src/tool_operate.c
|
||||||
|
+++ b/src/tool_operate.c
|
||||||
|
@@ -1581,7 +1581,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
||||||
|
/* do not create (or even overwrite) the file in case we get no
|
||||||
|
data because of unmet condition */
|
||||||
|
curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &cond_unmet);
|
||||||
|
- if(!cond_unmet && !tool_create_output_file(&outs, FALSE))
|
||||||
|
+ if(!cond_unmet && !tool_create_output_file(&outs))
|
||||||
|
result = CURLE_WRITE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
4776
0008-curl-7.61.1-CVE-2018-20483.patch
Normal file
4776
0008-curl-7.61.1-CVE-2018-20483.patch
Normal file
File diff suppressed because it is too large
Load Diff
36
0009-curl-7.61.1-CVE-2018-16890.patch
Normal file
36
0009-curl-7.61.1-CVE-2018-16890.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 81c0e81531623251a0e78f7779c049f530abe733 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Wed, 2 Jan 2019 20:33:08 +0100
|
||||||
|
Subject: [PATCH] NTLM: fix size check condition for type2 received data
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
|
||||||
|
Reported-by: Wenxiang Qian
|
||||||
|
CVE-2018-16890
|
||||||
|
|
||||||
|
Upstream-commit: b780b30d1377adb10bbe774835f49e9b237fb9bb
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vauth/ntlm.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
|
||||||
|
index cdb8d8f..b614cda 100644
|
||||||
|
--- a/lib/vauth/ntlm.c
|
||||||
|
+++ b/lib/vauth/ntlm.c
|
||||||
|
@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
|
||||||
|
target_info_len = Curl_read16_le(&buffer[40]);
|
||||||
|
target_info_offset = Curl_read32_le(&buffer[44]);
|
||||||
|
if(target_info_len > 0) {
|
||||||
|
- if(((target_info_offset + target_info_len) > size) ||
|
||||||
|
+ if((target_info_offset >= size) ||
|
||||||
|
+ ((target_info_offset + target_info_len) > size) ||
|
||||||
|
(target_info_offset < 48)) {
|
||||||
|
infof(data, "NTLM handshake failure (bad type-2 message). "
|
||||||
|
- "Target Info Offset Len is set incorrect by the peer\n");
|
||||||
|
+ "Target Info Offset Len is set incorrect by the peer\n");
|
||||||
|
return CURLE_BAD_CONTENT_ENCODING;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
41
0010-curl-7.61.1-CVE-2019-3822.patch
Normal file
41
0010-curl-7.61.1-CVE-2019-3822.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From ab22e3a00f04b458039c21111cfa448051e5777d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 3 Jan 2019 12:59:28 +0100
|
||||||
|
Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
|
||||||
|
Reported-by: Wenxiang Qian
|
||||||
|
CVE-2019-3822
|
||||||
|
|
||||||
|
Upstream-commit: 50c9484278c63b958655a717844f0721263939cc
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vauth/ntlm.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
|
||||||
|
index b614cda..a3a55d9 100644
|
||||||
|
--- a/lib/vauth/ntlm.c
|
||||||
|
+++ b/lib/vauth/ntlm.c
|
||||||
|
@@ -777,11 +777,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
|
||||||
|
});
|
||||||
|
|
||||||
|
#ifdef USE_NTRESPONSES
|
||||||
|
- if(size < (NTLM_BUFSIZE - ntresplen)) {
|
||||||
|
- DEBUGASSERT(size == (size_t)ntrespoff);
|
||||||
|
- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
|
||||||
|
- size += ntresplen;
|
||||||
|
+ /* ntresplen + size should not be risking an integer overflow here */
|
||||||
|
+ if(ntresplen + size > sizeof(ntlmbuf)) {
|
||||||
|
+ failf(data, "incoming NTLM message too big");
|
||||||
|
+ return CURLE_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
+ DEBUGASSERT(size == (size_t)ntrespoff);
|
||||||
|
+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
|
||||||
|
+ size += ntresplen;
|
||||||
|
|
||||||
|
DEBUG_OUT({
|
||||||
|
fprintf(stderr, "\n ntresp=");
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
50
0011-curl-7.61.1-CVE-2019-3823.patch
Normal file
50
0011-curl-7.61.1-CVE-2019-3823.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From d26f1025d0a0a6c602d758a2e0917759492473e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Gustafsson <daniel@yesql.se>
|
||||||
|
Date: Sat, 19 Jan 2019 00:42:47 +0100
|
||||||
|
Subject: [PATCH] smtp: avoid risk of buffer overflow in strtol
|
||||||
|
|
||||||
|
If the incoming len 5, but the buffer does not have a termination
|
||||||
|
after 5 bytes, the strtol() call may keep reading through the line
|
||||||
|
buffer until is exceeds its boundary. Fix by ensuring that we are
|
||||||
|
using a bounded read with a temporary buffer on the stack.
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
|
||||||
|
Reported-by: Brian Carpenter (Geeknik Labs)
|
||||||
|
CVE-2019-3823
|
||||||
|
|
||||||
|
Upstream-commit: 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/smtp.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/smtp.c b/lib/smtp.c
|
||||||
|
index ecf10a4..1b9f92d 100644
|
||||||
|
--- a/lib/smtp.c
|
||||||
|
+++ b/lib/smtp.c
|
||||||
|
@@ -5,7 +5,7 @@
|
||||||
|
* | (__| |_| | _ <| |___
|
||||||
|
* \___|\___/|_| \_\_____|
|
||||||
|
*
|
||||||
|
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
*
|
||||||
|
* This software is licensed as described in the file COPYING, which
|
||||||
|
* you should have received as part of this distribution. The terms
|
||||||
|
@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
|
||||||
|
Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
|
||||||
|
only send the response code instead as per Section 4.2. */
|
||||||
|
if(line[3] == ' ' || len == 5) {
|
||||||
|
+ char tmpline[6];
|
||||||
|
+
|
||||||
|
result = TRUE;
|
||||||
|
- *resp = curlx_sltosi(strtol(line, NULL, 10));
|
||||||
|
+ memset(tmpline, '\0', sizeof(tmpline));
|
||||||
|
+ memcpy(tmpline, line, (len == 5 ? 5 : 3));
|
||||||
|
+ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
|
||||||
|
|
||||||
|
/* Make sure real server never sends internal value */
|
||||||
|
if(*resp == 1)
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
76
0013-curl-7.61.1-zsh-completion.patch
Normal file
76
0013-curl-7.61.1-zsh-completion.patch
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
From 082034e2334b2d0795b2b324ff3e0635bb7d2b86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alessandro Ghedini <alessandro@ghedini.me>
|
||||||
|
Date: Tue, 5 Feb 2019 20:44:14 +0000
|
||||||
|
Subject: [PATCH 1/2] zsh.pl: update regex to better match curl -h output
|
||||||
|
|
||||||
|
The current regex fails to match '<...>' arguments properly (e.g. those
|
||||||
|
with spaces in them), which causes an completion script with wrong
|
||||||
|
descriptions for some options.
|
||||||
|
|
||||||
|
The problem can be reproduced as follows:
|
||||||
|
|
||||||
|
% curl --reso<TAB>
|
||||||
|
|
||||||
|
Upstream-commit: dbd32f3241b297b96ee11a51da1a661f528ca026
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
scripts/zsh.pl | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/scripts/zsh.pl b/scripts/zsh.pl
|
||||||
|
index 1257190..941b322 100755
|
||||||
|
--- a/scripts/zsh.pl
|
||||||
|
+++ b/scripts/zsh.pl
|
||||||
|
@@ -7,7 +7,7 @@ use warnings;
|
||||||
|
|
||||||
|
my $curl = $ARGV[0] || 'curl';
|
||||||
|
|
||||||
|
-my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s([^\s.]+)?\s+(.*)';
|
||||||
|
+my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s*(\<.+?\>)?\s+(.*)';
|
||||||
|
my @opts = parse_main_opts('--help', $regex);
|
||||||
|
|
||||||
|
my $opts_str;
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 45abc785e101346f19599aa5f9fa1617e525ec4d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alessandro Ghedini <alessandro@ghedini.me>
|
||||||
|
Date: Tue, 5 Feb 2019 21:06:26 +0000
|
||||||
|
Subject: [PATCH 2/2] zsh.pl: escape ':' character
|
||||||
|
|
||||||
|
':' is interpreted as separator by zsh, so if used as part of the argument
|
||||||
|
or option's description it needs to be escaped.
|
||||||
|
|
||||||
|
The problem can be reproduced as follows:
|
||||||
|
|
||||||
|
% curl -E <TAB>
|
||||||
|
|
||||||
|
Bug: https://bugs.debian.org/921452
|
||||||
|
|
||||||
|
Upstream-commit: b3cc8017b7364f588365be2b2629c49c142efdb7
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
scripts/zsh.pl | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/scripts/zsh.pl b/scripts/zsh.pl
|
||||||
|
index 941b322..0f9cbec 100755
|
||||||
|
--- a/scripts/zsh.pl
|
||||||
|
+++ b/scripts/zsh.pl
|
||||||
|
@@ -45,9 +45,12 @@ sub parse_main_opts {
|
||||||
|
|
||||||
|
my $option = '';
|
||||||
|
|
||||||
|
+ $arg =~ s/\:/\\\:/g if defined $arg;
|
||||||
|
+
|
||||||
|
$desc =~ s/'/'\\''/g if defined $desc;
|
||||||
|
$desc =~ s/\[/\\\[/g if defined $desc;
|
||||||
|
$desc =~ s/\]/\\\]/g if defined $desc;
|
||||||
|
+ $desc =~ s/\:/\\\:/g if defined $desc;
|
||||||
|
|
||||||
|
$option .= '{' . trim($short) . ',' if defined $short;
|
||||||
|
$option .= trim($long) if defined $long;
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
66
0014-curl-7.61.1-libssh-socket.patch
Normal file
66
0014-curl-7.61.1-libssh-socket.patch
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
From 095d4cf3b1c388b2871e3783f8c41b1e01200a25 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Felix=20H=C3=A4dicke?= <felixhaedicke@web.de>
|
||||||
|
Date: Wed, 23 Jan 2019 23:47:55 +0100
|
||||||
|
Subject: [PATCH] libssh: do not let libssh create socket
|
||||||
|
|
||||||
|
By default, libssh creates a new socket, instead of using the socket
|
||||||
|
created by curl for SSH connections.
|
||||||
|
|
||||||
|
Pass the socket created by curl to libssh using ssh_options_set() with
|
||||||
|
SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
|
||||||
|
instead of creating a new one.
|
||||||
|
|
||||||
|
This approach is very similar to what is done in the libssh2 code, where
|
||||||
|
the socket created by curl is passed to libssh2 when
|
||||||
|
libssh2_session_startup() is called.
|
||||||
|
|
||||||
|
Fixes #3491
|
||||||
|
Closes #3495
|
||||||
|
|
||||||
|
Upstream-commit: 15c94b310bf9e0c92d71fca5a88eb67a1e2548a6
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/ssh-libssh.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
|
||||||
|
index 7d59089..4110be2 100644
|
||||||
|
--- a/lib/ssh-libssh.c
|
||||||
|
+++ b/lib/ssh-libssh.c
|
||||||
|
@@ -549,6 +549,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
struct SSHPROTO *protop = data->req.protop;
|
||||||
|
struct ssh_conn *sshc = &conn->proto.sshc;
|
||||||
|
+ curl_socket_t sock = conn->sock[FIRSTSOCKET];
|
||||||
|
int rc = SSH_NO_ERROR, err;
|
||||||
|
char *new_readdir_line;
|
||||||
|
int seekerr = CURL_SEEKFUNC_OK;
|
||||||
|
@@ -792,7 +793,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
|
||||||
|
|
||||||
|
Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSH is connected */
|
||||||
|
|
||||||
|
- conn->sockfd = ssh_get_fd(sshc->ssh_session);
|
||||||
|
+ conn->sockfd = sock;
|
||||||
|
conn->writesockfd = CURL_SOCKET_BAD;
|
||||||
|
|
||||||
|
if(conn->handler->protocol == CURLPROTO_SFTP) {
|
||||||
|
@@ -2048,6 +2049,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
|
||||||
|
{
|
||||||
|
struct ssh_conn *ssh;
|
||||||
|
CURLcode result;
|
||||||
|
+ curl_socket_t sock = conn->sock[FIRSTSOCKET];
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
@@ -2076,6 +2078,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
|
||||||
|
return CURLE_FAILED_INIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock);
|
||||||
|
+
|
||||||
|
if(conn->user) {
|
||||||
|
infof(data, "User: %s\n", conn->user);
|
||||||
|
ssh_options_set(ssh->ssh_session, SSH_OPTIONS_USER, conn->user);
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
266
0016-curl-7.64.0-CVE-2019-5435.patch
Normal file
266
0016-curl-7.64.0-CVE-2019-5435.patch
Normal file
@ -0,0 +1,266 @@
|
|||||||
|
From 1202a02142791b453110c8b922cb57c0b11380ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 29 Apr 2019 08:00:49 +0200
|
||||||
|
Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size
|
||||||
|
|
||||||
|
This limits all accepted input strings passed to libcurl to be less than
|
||||||
|
CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls:
|
||||||
|
curl_easy_setopt() and curl_url_set().
|
||||||
|
|
||||||
|
The 8000000 number is arbitrary picked and is meant to detect mistakes
|
||||||
|
or abuse, not to limit actual practical use cases. By limiting the
|
||||||
|
acceptable string lengths we also reduce the risk of integer overflows
|
||||||
|
all over.
|
||||||
|
|
||||||
|
NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
|
||||||
|
|
||||||
|
Test 1559 verifies.
|
||||||
|
|
||||||
|
Closes #3805
|
||||||
|
|
||||||
|
Upstream-commit: 5fc28510a4664f46459d9a40187d81cc08571e60
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/setopt.c | 7 ++++
|
||||||
|
lib/urlapi.c | 8 ++++
|
||||||
|
lib/urldata.h | 4 ++
|
||||||
|
tests/data/Makefile.inc | 2 +-
|
||||||
|
tests/data/test1559 | 44 +++++++++++++++++++++
|
||||||
|
tests/libtest/Makefile.inc | 5 ++-
|
||||||
|
tests/libtest/lib1559.c | 78 ++++++++++++++++++++++++++++++++++++++
|
||||||
|
7 files changed, 146 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/data/test1559
|
||||||
|
create mode 100644 tests/libtest/lib1559.c
|
||||||
|
|
||||||
|
diff --git a/lib/setopt.c b/lib/setopt.c
|
||||||
|
index d98ca66..95e9fcb 100644
|
||||||
|
--- a/lib/setopt.c
|
||||||
|
+++ b/lib/setopt.c
|
||||||
|
@@ -60,6 +60,13 @@ CURLcode Curl_setstropt(char **charp, const char *s)
|
||||||
|
if(s) {
|
||||||
|
char *str = strdup(s);
|
||||||
|
|
||||||
|
+ if(str) {
|
||||||
|
+ size_t len = strlen(str);
|
||||||
|
+ if(len > CURL_MAX_INPUT_LENGTH) {
|
||||||
|
+ free(str);
|
||||||
|
+ return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
if(!str)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
diff --git a/lib/urlapi.c b/lib/urlapi.c
|
||||||
|
index 3af8e93..39af964 100644
|
||||||
|
--- a/lib/urlapi.c
|
||||||
|
+++ b/lib/urlapi.c
|
||||||
|
@@ -607,6 +607,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
|
||||||
|
************************************************************/
|
||||||
|
/* allocate scratch area */
|
||||||
|
urllen = strlen(url);
|
||||||
|
+ if(urllen > CURL_MAX_INPUT_LENGTH)
|
||||||
|
+ /* excessive input length */
|
||||||
|
+ return CURLUE_MALFORMED_INPUT;
|
||||||
|
+
|
||||||
|
path = u->scratch = malloc(urllen * 2 + 2);
|
||||||
|
if(!path)
|
||||||
|
return CURLUE_OUT_OF_MEMORY;
|
||||||
|
@@ -1249,6 +1253,10 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
|
||||||
|
const char *newp = part;
|
||||||
|
size_t nalloc = strlen(part);
|
||||||
|
|
||||||
|
+ if(nalloc > CURL_MAX_INPUT_LENGTH)
|
||||||
|
+ /* excessive input length */
|
||||||
|
+ return CURLUE_MALFORMED_INPUT;
|
||||||
|
+
|
||||||
|
if(urlencode) {
|
||||||
|
const char *i;
|
||||||
|
char *o;
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index ff3cc9a..d4a5ad8 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -79,6 +79,10 @@
|
||||||
|
*/
|
||||||
|
#define RESP_TIMEOUT (1800*1000)
|
||||||
|
|
||||||
|
+/* Max string intput length is a precaution against abuse and to detect junk
|
||||||
|
+ input easier and better. */
|
||||||
|
+#define CURL_MAX_INPUT_LENGTH 8000000
|
||||||
|
+
|
||||||
|
#include "cookie.h"
|
||||||
|
#include "psl.h"
|
||||||
|
#include "formdata.h"
|
||||||
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||||
|
index 3d13e3a..9ae1c6b 100644
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -178,7 +178,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \
|
||||||
|
test1540 \
|
||||||
|
test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \
|
||||||
|
\
|
||||||
|
-test1560 \
|
||||||
|
+test1559 test1560 \
|
||||||
|
\
|
||||||
|
test1590 \
|
||||||
|
test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 \
|
||||||
|
diff --git a/tests/data/test1559 b/tests/data/test1559
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..cbed6fb
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test1559
|
||||||
|
@@ -0,0 +1,44 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+CURLOPT_URL
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+<reply>
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+none
|
||||||
|
+</server>
|
||||||
|
+
|
||||||
|
+# require HTTP so that CURLOPT_POSTFIELDS works as assumed
|
||||||
|
+<features>
|
||||||
|
+http
|
||||||
|
+</features>
|
||||||
|
+<tool>
|
||||||
|
+lib1559
|
||||||
|
+</tool>
|
||||||
|
+
|
||||||
|
+<name>
|
||||||
|
+Set excessive URL lengths
|
||||||
|
+</name>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify that the test runs to completion without crashing
|
||||||
|
+<verify>
|
||||||
|
+<errorcode>
|
||||||
|
+0
|
||||||
|
+</errorcode>
|
||||||
|
+<stdout>
|
||||||
|
+CURLOPT_URL 10000000 bytes URL == 43
|
||||||
|
+CURLOPT_POSTFIELDS 10000000 bytes data == 0
|
||||||
|
+CURLUPART_URL 10000000 bytes URL == 3
|
||||||
|
+CURLUPART_SCHEME 10000000 bytes scheme == 3
|
||||||
|
+CURLUPART_USER 10000000 bytes user == 3
|
||||||
|
+</stdout>
|
||||||
|
+</verify>
|
||||||
|
+
|
||||||
|
+</testcase>
|
||||||
|
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
||||||
|
index 9270822..62e6c20 100644
|
||||||
|
--- a/tests/libtest/Makefile.inc
|
||||||
|
+++ b/tests/libtest/Makefile.inc
|
||||||
|
@@ -30,7 +30,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
|
||||||
|
lib1534 lib1535 lib1536 lib1537 lib1538 \
|
||||||
|
lib1540 \
|
||||||
|
lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \
|
||||||
|
- lib1560 \
|
||||||
|
+ lib1559 lib1560 \
|
||||||
|
lib1900 \
|
||||||
|
lib2033
|
||||||
|
|
||||||
|
@@ -508,6 +508,9 @@ lib1557_SOURCES = lib1557.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
lib1557_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
lib1557_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1557
|
||||||
|
|
||||||
|
+lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
+lib1559_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
+
|
||||||
|
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
lib1560_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
|
||||||
|
diff --git a/tests/libtest/lib1559.c b/tests/libtest/lib1559.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..2aa3615
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/libtest/lib1559.c
|
||||||
|
@@ -0,0 +1,78 @@
|
||||||
|
+/***************************************************************************
|
||||||
|
+ * _ _ ____ _
|
||||||
|
+ * Project ___| | | | _ \| |
|
||||||
|
+ * / __| | | | |_) | |
|
||||||
|
+ * | (__| |_| | _ <| |___
|
||||||
|
+ * \___|\___/|_| \_\_____|
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
|
+ *
|
||||||
|
+ * This software is licensed as described in the file COPYING, which
|
||||||
|
+ * you should have received as part of this distribution. The terms
|
||||||
|
+ * are also available at https://curl.haxx.se/docs/copyright.html.
|
||||||
|
+ *
|
||||||
|
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||||
|
+ * copies of the Software, and permit persons to whom the Software is
|
||||||
|
+ * furnished to do so, under the terms of the COPYING file.
|
||||||
|
+ *
|
||||||
|
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||||
|
+ * KIND, either express or implied.
|
||||||
|
+ *
|
||||||
|
+ ***************************************************************************/
|
||||||
|
+#include "test.h"
|
||||||
|
+
|
||||||
|
+#include "testutil.h"
|
||||||
|
+#include "warnless.h"
|
||||||
|
+#include "memdebug.h"
|
||||||
|
+
|
||||||
|
+#define EXCESSIVE 10*1000*1000
|
||||||
|
+int test(char *URL)
|
||||||
|
+{
|
||||||
|
+ CURLcode res = 0;
|
||||||
|
+ CURL *curl = NULL;
|
||||||
|
+ char *longurl = malloc(EXCESSIVE);
|
||||||
|
+ CURLU *u;
|
||||||
|
+ (void)URL;
|
||||||
|
+
|
||||||
|
+ memset(longurl, 'a', EXCESSIVE);
|
||||||
|
+ longurl[EXCESSIVE-1] = 0;
|
||||||
|
+
|
||||||
|
+ global_init(CURL_GLOBAL_ALL);
|
||||||
|
+ easy_init(curl);
|
||||||
|
+
|
||||||
|
+ res = curl_easy_setopt(curl, CURLOPT_URL, longurl);
|
||||||
|
+ printf("CURLOPT_URL %d bytes URL == %d\n",
|
||||||
|
+ EXCESSIVE, (int)res);
|
||||||
|
+
|
||||||
|
+ res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, longurl);
|
||||||
|
+ printf("CURLOPT_POSTFIELDS %d bytes data == %d\n",
|
||||||
|
+ EXCESSIVE, (int)res);
|
||||||
|
+
|
||||||
|
+ u = curl_url();
|
||||||
|
+ if(u) {
|
||||||
|
+ CURLUcode uc = curl_url_set(u, CURLUPART_URL, longurl, 0);
|
||||||
|
+ printf("CURLUPART_URL %d bytes URL == %d\n",
|
||||||
|
+ EXCESSIVE, (int)uc);
|
||||||
|
+ uc = curl_url_set(u, CURLUPART_SCHEME, longurl, CURLU_NON_SUPPORT_SCHEME);
|
||||||
|
+ printf("CURLUPART_SCHEME %d bytes scheme == %d\n",
|
||||||
|
+ EXCESSIVE, (int)uc);
|
||||||
|
+ uc = curl_url_set(u, CURLUPART_USER, longurl, 0);
|
||||||
|
+ printf("CURLUPART_USER %d bytes user == %d\n",
|
||||||
|
+ EXCESSIVE, (int)uc);
|
||||||
|
+ curl_url_cleanup(u);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(longurl);
|
||||||
|
+
|
||||||
|
+ curl_easy_cleanup(curl);
|
||||||
|
+ curl_global_cleanup();
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+test_cleanup:
|
||||||
|
+
|
||||||
|
+ curl_easy_cleanup(curl);
|
||||||
|
+ curl_global_cleanup();
|
||||||
|
+
|
||||||
|
+ return res; /* return the final return code */
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
31
0017-curl-7.64.0-CVE-2019-5436.patch
Normal file
31
0017-curl-7.64.0-CVE-2019-5436.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 55a27027d5f024a0ecc2c23c81ed99de6192c9f3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 3 May 2019 22:20:37 +0200
|
||||||
|
Subject: [PATCH] tftp: use the current blksize for recvfrom()
|
||||||
|
|
||||||
|
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
|
||||||
|
Reported-by: l00p3r on hackerone
|
||||||
|
CVE-2019-5436
|
||||||
|
|
||||||
|
Upstream-commit: 2576003415625d7b5f0e390902f8097830b82275
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/tftp.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/tftp.c b/lib/tftp.c
|
||||||
|
index 269b3cd..4f2a131 100644
|
||||||
|
--- a/lib/tftp.c
|
||||||
|
+++ b/lib/tftp.c
|
||||||
|
@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
|
||||||
|
state->sockfd = state->conn->sock[FIRSTSOCKET];
|
||||||
|
state->state = TFTP_STATE_START;
|
||||||
|
state->error = TFTP_ERR_NONE;
|
||||||
|
- state->blksize = TFTP_BLKSIZE_DEFAULT;
|
||||||
|
+ state->blksize = blksize;
|
||||||
|
state->requested_blksize = blksize;
|
||||||
|
|
||||||
|
((struct sockaddr *)&state->local_addr)->sa_family =
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
158
0018-curl-7.65.3-CVE-2019-5482.patch
Normal file
158
0018-curl-7.65.3-CVE-2019-5482.patch
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
From 63f9837b4ccf600da79314e8667f91bda69988fc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Vegas <>
|
||||||
|
Date: Sat, 31 Aug 2019 16:59:56 +0200
|
||||||
|
Subject: [PATCH 1/2] tftp: return error when packet is too small for options
|
||||||
|
|
||||||
|
Upstream-commit: 82f3ba3806a34fe94dcf9e5c9b88deda6679ca1b
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/tftp.c | 53 +++++++++++++++++++++++++++++++++--------------------
|
||||||
|
1 file changed, 33 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/tftp.c b/lib/tftp.c
|
||||||
|
index 289cda2..4532170 100644
|
||||||
|
--- a/lib/tftp.c
|
||||||
|
+++ b/lib/tftp.c
|
||||||
|
@@ -404,13 +404,14 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static size_t tftp_option_add(tftp_state_data_t *state, size_t csize,
|
||||||
|
- char *buf, const char *option)
|
||||||
|
+static CURLcode tftp_option_add(tftp_state_data_t *state, size_t *csize,
|
||||||
|
+ char *buf, const char *option)
|
||||||
|
{
|
||||||
|
- if(( strlen(option) + csize + 1) > (size_t)state->blksize)
|
||||||
|
- return 0;
|
||||||
|
+ if(( strlen(option) + *csize + 1) > (size_t)state->blksize)
|
||||||
|
+ return CURLE_TFTP_ILLEGAL;
|
||||||
|
strcpy(buf, option);
|
||||||
|
- return strlen(option) + 1;
|
||||||
|
+ *csize += strlen(option) + 1;
|
||||||
|
+ return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
static CURLcode tftp_connect_for_tx(tftp_state_data_t *state,
|
||||||
|
@@ -511,26 +512,38 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
|
||||||
|
else
|
||||||
|
strcpy(buf, "0"); /* the destination is large enough */
|
||||||
|
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes,
|
||||||
|
- TFTP_OPTION_TSIZE);
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes, buf);
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes,
|
||||||
|
+ TFTP_OPTION_TSIZE);
|
||||||
|
+ if(result == CURLE_OK)
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes, buf);
|
||||||
|
+
|
||||||
|
/* add blksize option */
|
||||||
|
snprintf(buf, sizeof(buf), "%d", state->requested_blksize);
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes,
|
||||||
|
- TFTP_OPTION_BLKSIZE);
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes, buf);
|
||||||
|
+ if(result == CURLE_OK)
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes,
|
||||||
|
+ TFTP_OPTION_BLKSIZE);
|
||||||
|
+ if(result == CURLE_OK)
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes, buf);
|
||||||
|
|
||||||
|
/* add timeout option */
|
||||||
|
snprintf(buf, sizeof(buf), "%d", state->retry_time);
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes,
|
||||||
|
- TFTP_OPTION_INTERVAL);
|
||||||
|
- sbytes += tftp_option_add(state, sbytes,
|
||||||
|
- (char *)state->spacket.data + sbytes, buf);
|
||||||
|
+ if(result == CURLE_OK)
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes,
|
||||||
|
+ TFTP_OPTION_INTERVAL);
|
||||||
|
+ if(result == CURLE_OK)
|
||||||
|
+ result = tftp_option_add(state, &sbytes,
|
||||||
|
+ (char *)state->spacket.data + sbytes, buf);
|
||||||
|
+
|
||||||
|
+ if(result != CURLE_OK) {
|
||||||
|
+ failf(data, "TFTP buffer too small for options");
|
||||||
|
+ free(filename);
|
||||||
|
+ return CURLE_TFTP_ILLEGAL;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* the typecase for the 3rd argument is mostly for systems that do
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
||||||
|
|
||||||
|
From b6b12a4cfe00c4850a1d6cee4cf267f00dee5987 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Vegas <>
|
||||||
|
Date: Sat, 31 Aug 2019 17:30:51 +0200
|
||||||
|
Subject: [PATCH 2/2] tftp: Alloc maximum blksize, and use default unless OACK
|
||||||
|
is received
|
||||||
|
|
||||||
|
Fixes potential buffer overflow from 'recvfrom()', should the server
|
||||||
|
return an OACK without blksize.
|
||||||
|
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
|
||||||
|
CVE-2019-5482
|
||||||
|
|
||||||
|
Upstream-commit: facb0e4662415b5f28163e853dc6742ac5fafb3d
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/tftp.c | 12 +++++++++---
|
||||||
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/tftp.c b/lib/tftp.c
|
||||||
|
index 4532170..5651b62 100644
|
||||||
|
--- a/lib/tftp.c
|
||||||
|
+++ b/lib/tftp.c
|
||||||
|
@@ -982,6 +982,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
|
||||||
|
{
|
||||||
|
tftp_state_data_t *state;
|
||||||
|
int blksize;
|
||||||
|
+ int need_blksize;
|
||||||
|
|
||||||
|
blksize = TFTP_BLKSIZE_DEFAULT;
|
||||||
|
|
||||||
|
@@ -996,15 +997,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
|
||||||
|
return CURLE_TFTP_ILLEGAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ need_blksize = blksize;
|
||||||
|
+ /* default size is the fallback when no OACK is received */
|
||||||
|
+ if(need_blksize < TFTP_BLKSIZE_DEFAULT)
|
||||||
|
+ need_blksize = TFTP_BLKSIZE_DEFAULT;
|
||||||
|
+
|
||||||
|
if(!state->rpacket.data) {
|
||||||
|
- state->rpacket.data = calloc(1, blksize + 2 + 2);
|
||||||
|
+ state->rpacket.data = calloc(1, need_blksize + 2 + 2);
|
||||||
|
|
||||||
|
if(!state->rpacket.data)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!state->spacket.data) {
|
||||||
|
- state->spacket.data = calloc(1, blksize + 2 + 2);
|
||||||
|
+ state->spacket.data = calloc(1, need_blksize + 2 + 2);
|
||||||
|
|
||||||
|
if(!state->spacket.data)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
@@ -1018,7 +1024,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
|
||||||
|
state->sockfd = state->conn->sock[FIRSTSOCKET];
|
||||||
|
state->state = TFTP_STATE_START;
|
||||||
|
state->error = TFTP_ERR_NONE;
|
||||||
|
- state->blksize = blksize;
|
||||||
|
+ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
|
||||||
|
state->requested_blksize = blksize;
|
||||||
|
|
||||||
|
((struct sockaddr *)&state->local_addr)->sa_family =
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
46
0019-curl-7.65.3-CVE-2019-5481.patch
Normal file
46
0019-curl-7.65.3-CVE-2019-5481.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 13de299b112a59c373b330f0539166ecc9a7627b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Tue, 3 Sep 2019 22:59:32 +0200
|
||||||
|
Subject: [PATCH] security:read_data fix bad realloc()
|
||||||
|
|
||||||
|
... that could end up a double-free
|
||||||
|
|
||||||
|
CVE-2019-5481
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
|
||||||
|
|
||||||
|
Upstream-commit: 9069838b30fb3b48af0123e39f664cea683254a5
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/security.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/security.c b/lib/security.c
|
||||||
|
index 550ea2d..c5e4e13 100644
|
||||||
|
--- a/lib/security.c
|
||||||
|
+++ b/lib/security.c
|
||||||
|
@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
|
||||||
|
struct krb5buffer *buf)
|
||||||
|
{
|
||||||
|
int len;
|
||||||
|
- void *tmp = NULL;
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
|
result = socket_read(fd, &len, sizeof(len));
|
||||||
|
@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
|
||||||
|
if(len) {
|
||||||
|
/* only realloc if there was a length */
|
||||||
|
len = ntohl(len);
|
||||||
|
- tmp = Curl_saferealloc(buf->data, len);
|
||||||
|
+ buf->data = Curl_saferealloc(buf->data, len);
|
||||||
|
}
|
||||||
|
- if(tmp == NULL)
|
||||||
|
+ if(!len || !buf->data)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
- buf->data = tmp;
|
||||||
|
result = socket_read(fd, buf->data, len);
|
||||||
|
if(result)
|
||||||
|
return result;
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
--prefix)
|
--prefix)
|
||||||
@@ -155,32 +155,17 @@ while test $# -gt 0; do
|
@@ -143,32 +143,17 @@ while test $# -gt 0; do
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--libs)
|
--libs)
|
||||||
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
|||||||
index 8f079a3..53b4774 100755
|
index 8f079a3..53b4774 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
|
@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; }
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
|||||||
index 0cbba7a..9175b5b 100644
|
index 0cbba7a..9175b5b 100644
|
||||||
--- a/m4/curl-compilers.m4
|
--- a/m4/curl-compilers.m4
|
||||||
+++ b/m4/curl-compilers.m4
|
+++ b/m4/curl-compilers.m4
|
||||||
@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
|
@ -1,22 +1,88 @@
|
|||||||
|
From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Thu, 15 Mar 2018 13:21:40 +0100
|
||||||
|
Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3
|
||||||
|
|
||||||
|
---
|
||||||
|
tests/http_pipe.py | 4 ++--
|
||||||
|
tests/runtests.pl | 2 +-
|
||||||
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/http_pipe.py b/tests/http_pipe.py
|
||||||
|
index bc32173..75ac165 100755
|
||||||
|
--- a/tests/http_pipe.py
|
||||||
|
+++ b/tests/http_pipe.py
|
||||||
|
@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler):
|
||||||
|
self.request.setblocking(True)
|
||||||
|
if not new_data:
|
||||||
|
return
|
||||||
|
- new_requests = self._request_parser.ParseAdditionalData(new_data)
|
||||||
|
+ new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8'))
|
||||||
|
self._response_builder.QueueRequests(
|
||||||
|
new_requests, self._request_parser.were_all_requests_http_1_1)
|
||||||
|
self._num_queued += len(new_requests)
|
||||||
|
self._last_queued_time = time.time()
|
||||||
|
elif fileno in wlist:
|
||||||
|
- num_bytes_sent = self.request.send(self._send_buffer[0:4096])
|
||||||
|
+ num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8'))
|
||||||
|
self._send_buffer = self._send_buffer[num_bytes_sent:]
|
||||||
|
time.sleep(0.05)
|
||||||
|
|
||||||
|
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||||
|
index d6aa5ca..4d395ef 100755
|
||||||
|
--- a/tests/runtests.pl
|
||||||
|
+++ b/tests/runtests.pl
|
||||||
|
@@ -1439,7 +1439,7 @@ sub runhttpserver {
|
||||||
|
elsif($alt eq "pipe") {
|
||||||
|
# basically the same, but another ID
|
||||||
|
$idnum = 3;
|
||||||
|
- $exe = "python $srcdir/http_pipe.py";
|
||||||
|
+ $exe = "python3 $srcdir/http_pipe.py";
|
||||||
|
$verbose_flag .= "1 ";
|
||||||
|
}
|
||||||
|
elsif($alt eq "unix") {
|
||||||
|
--
|
||||||
|
2.14.3
|
||||||
|
|
||||||
|
|
||||||
From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
|
From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
Date: Thu, 15 Mar 2018 14:49:56 +0100
|
Date: Thu, 15 Mar 2018 14:49:56 +0100
|
||||||
Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
|
Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3
|
||||||
|
|
||||||
Unfortunately, smbserver.py does not work with Python 3 because
|
Unfortunately, smbserver.py does not work with Python 3 because
|
||||||
there is no 'impacket' module available for Python 3:
|
there is no 'impacket' module available for Python 3:
|
||||||
|
|
||||||
https://github.com/CoreSecurity/impacket/issues/61
|
https://github.com/CoreSecurity/impacket/issues/61
|
||||||
---
|
---
|
||||||
tests/negtelnetserver.py | 4 ++--
|
tests/negtelnetserver.py | 12 ++++++------
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
tests/smbserver.py | 4 ++--
|
||||||
|
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
|
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
|
||||||
index 8cfd409..72ee771 100755
|
index 8cfd409..72ee771 100755
|
||||||
--- a/tests/negtelnetserver.py
|
--- a/tests/negtelnetserver.py
|
||||||
+++ b/tests/negtelnetserver.py
|
+++ b/tests/negtelnetserver.py
|
||||||
|
@@ -23,7 +23,7 @@ IDENT = "NTEL"
|
||||||
|
|
||||||
|
# The strings that indicate the test framework is checking our aliveness
|
||||||
|
VERIFIED_REQ = b"verifiedserver"
|
||||||
|
-VERIFIED_RSP = b"WE ROOLZ: {pid}"
|
||||||
|
+VERIFIED_RSP = "WE ROOLZ: {pid}"
|
||||||
|
|
||||||
|
|
||||||
|
def telnetserver(options):
|
||||||
|
@@ -34,7 +34,7 @@ def telnetserver(options):
|
||||||
|
if options.pidfile:
|
||||||
|
pid = os.getpid()
|
||||||
|
with open(options.pidfile, "w") as f:
|
||||||
|
- f.write(b"{0}".format(pid))
|
||||||
|
+ f.write("{0}".format(pid))
|
||||||
|
|
||||||
|
local_bind = (HOST, options.port)
|
||||||
|
log.info("Listening on %s", local_bind)
|
||||||
@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
|
@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
|
||||||
response_data = response.encode('ascii')
|
response_data = VERIFIED_RSP.format(pid=os.getpid())
|
||||||
else:
|
else:
|
||||||
log.debug("Received normal request - echoing back")
|
log.debug("Received normal request - echoing back")
|
||||||
- response_data = data.strip()
|
- response_data = data.strip()
|
||||||
@ -29,6 +95,46 @@ index 8cfd409..72ee771 100755
|
|||||||
|
|
||||||
except IOError:
|
except IOError:
|
||||||
log.exception("IOError hit during request")
|
log.exception("IOError hit during request")
|
||||||
|
@@ -132,7 +132,7 @@ class Negotiator(object):
|
||||||
|
return buffer
|
||||||
|
|
||||||
|
def byte_to_int(self, byte):
|
||||||
|
- return struct.unpack(b'B', byte)[0]
|
||||||
|
+ return int(byte)
|
||||||
|
|
||||||
|
def no_neg(self, byte, byte_int, buffer):
|
||||||
|
# Not negotiating anything thus far. Check to see if we
|
||||||
|
@@ -197,7 +197,7 @@ class Negotiator(object):
|
||||||
|
self.tcp.sendall(packed_message)
|
||||||
|
|
||||||
|
def pack(self, arr):
|
||||||
|
- return struct.pack(b'{0}B'.format(len(arr)), *arr)
|
||||||
|
+ return struct.pack('{0}B'.format(len(arr)), *arr)
|
||||||
|
|
||||||
|
def send_iac(self, arr):
|
||||||
|
message = [NegTokens.IAC]
|
||||||
|
diff --git a/tests/smbserver.py b/tests/smbserver.py
|
||||||
|
index 195ae39..b09cd44 100755
|
||||||
|
--- a/tests/smbserver.py
|
||||||
|
+++ b/tests/smbserver.py
|
||||||
|
@@ -24,7 +24,7 @@
|
||||||
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
# unicode_literals)
|
||||||
|
import argparse
|
||||||
|
-import ConfigParser
|
||||||
|
+import configparser
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import logging
|
||||||
|
@@ -58,7 +58,7 @@ def smbserver(options):
|
||||||
|
f.write("{0}".format(pid))
|
||||||
|
|
||||||
|
# Here we write a mini config for the server
|
||||||
|
- smb_config = ConfigParser.ConfigParser()
|
||||||
|
+ smb_config = configparser.ConfigParser()
|
||||||
|
smb_config.add_section("global")
|
||||||
|
smb_config.set("global", "server_name", "SERVICE")
|
||||||
|
smb_config.set("global", "server_os", "UNIX")
|
||||||
--
|
--
|
||||||
2.14.3
|
2.14.3
|
||||||
|
|
||||||
|
@ -14,8 +14,8 @@ index e441278..b0958b6 100644
|
|||||||
+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
|
+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
|
||||||
</command>
|
</command>
|
||||||
<precheck>
|
<precheck>
|
||||||
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
|
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
|
||||||
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
|
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
|
||||||
</precheck>
|
</precheck>
|
||||||
</client>
|
</client>
|
||||||
|
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Mon, 4 Feb 2019 17:32:56 +0100
|
|
||||||
Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
|
|
||||||
|
|
||||||
... to prevent valgrind from reporting false positives on x86_64:
|
|
||||||
|
|
||||||
Conditional jump or move depends on uninitialised value(s)
|
|
||||||
at 0x10BCAA: part2id (lib1560.c:489)
|
|
||||||
by 0x10BCAA: updateurl (lib1560.c:521)
|
|
||||||
by 0x10BCAA: set_parts (lib1560.c:630)
|
|
||||||
by 0x10BCAA: test (lib1560.c:802)
|
|
||||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
|
|
||||||
|
|
||||||
Conditional jump or move depends on uninitialised value(s)
|
|
||||||
at 0x10BCC3: part2id (lib1560.c:491)
|
|
||||||
by 0x10BCC3: updateurl (lib1560.c:521)
|
|
||||||
by 0x10BCC3: set_parts (lib1560.c:630)
|
|
||||||
by 0x10BCC3: test (lib1560.c:802)
|
|
||||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
|
|
||||||
---
|
|
||||||
tests/libtest/Makefile.inc | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
|
||||||
index 080421b..ea3b806 100644
|
|
||||||
--- a/tests/libtest/Makefile.inc
|
|
||||||
+++ b/tests/libtest/Makefile.inc
|
|
||||||
@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
|
||||||
lib1559_LDADD = $(TESTUTIL_LIBS)
|
|
||||||
|
|
||||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
|
||||||
+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
|
|
||||||
lib1560_LDADD = $(TESTUTIL_LIBS)
|
|
||||||
|
|
||||||
lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
11
curl-7.61.1.tar.xz.asc
Normal file
11
curl-7.61.1.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAluPblgACgkQXMkI/bce
|
||||||
|
EsJynAgArST/gB9eVYIQTTAdXxCOSnArBK/Ne/UNW83QIgOawj0HvEpj9+1SNfTi
|
||||||
|
EwC5YSwymyMuKGTDLNswTnJ0MripRKylekfu1QGGzmIOkqovTiHz60xiFuWYI3vy
|
||||||
|
fYuAAse5MJz64GCVFwOM4me8SgEjtb/hIbhiCLqilOyXnqtocDm4FPCMAYQ1mTFy
|
||||||
|
RJBbwgDLwtktfBDCQyMXTeETGuk3bTrtvSwRv8+Rq8qehOt5s58Fqeztv8EVNi+B
|
||||||
|
Qzsi5NXMulgl3C0P3dN/cC81+OL75ehuE91AFXUmbNOnlYNTOxHR2dioaXaEyhKb
|
||||||
|
51KLH2D0G75wlfMbgMhX/rguuXT2rg==
|
||||||
|
=vM6i
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
|
|
||||||
EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
|
|
||||||
kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
|
|
||||||
O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
|
|
||||||
s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
|
|
||||||
ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
|
|
||||||
3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
|
|
||||||
=5gov
|
|
||||||
-----END PGP SIGNATURE-----
|
|
210
curl.spec
210
curl.spec
@ -1,12 +1,62 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.67.0
|
Version: 7.61.1
|
||||||
Release: 2%{?dist}
|
Release: 12%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
# fix infinite loop on upload using a glob (#1771025)
|
# test320: update expected output for gnutls-3.6.4
|
||||||
Patch1: 0001-curl-7.67.0-upload-glob.patch
|
Patch1: 0001-curl-7.61.1-test320-gnutls.patch
|
||||||
|
|
||||||
|
# update the documentation of --tlsv1.0 in curl(1) man page
|
||||||
|
Patch2: 0002-curl-7.61.1-tlsv1.0-man.patch
|
||||||
|
|
||||||
|
# enable TLS 1.3 post-handshake auth in OpenSSL
|
||||||
|
Patch3: 0003-curl-7.61.1-TLS-1.3-PHA.patch
|
||||||
|
|
||||||
|
# fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
|
||||||
|
Patch4: 0004-curl-7.61.1-CVE-2018-16842.patch
|
||||||
|
# we need `git apply` to apply this patch
|
||||||
|
BuildRequires: git
|
||||||
|
|
||||||
|
# fix use-after-free in handle close (CVE-2018-16840)
|
||||||
|
Patch5: 0005-curl-7.61.1-CVE-2018-16840.patch
|
||||||
|
|
||||||
|
# SASL password overflow via integer overflow (CVE-2018-16839)
|
||||||
|
Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch
|
||||||
|
|
||||||
|
# curl -J: do not append to the destination file (#1658574)
|
||||||
|
Patch7: 0007-curl-7.63.0-JO-preserve-local-file.patch
|
||||||
|
|
||||||
|
# xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
||||||
|
Patch8: 0008-curl-7.61.1-CVE-2018-20483.patch
|
||||||
|
|
||||||
|
# fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
|
||||||
|
Patch9: 0009-curl-7.61.1-CVE-2018-16890.patch
|
||||||
|
|
||||||
|
# fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
|
||||||
|
Patch10: 0010-curl-7.61.1-CVE-2019-3822.patch
|
||||||
|
|
||||||
|
# fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
|
||||||
|
Patch11: 0011-curl-7.61.1-CVE-2019-3823.patch
|
||||||
|
|
||||||
|
# make zsh completion work again
|
||||||
|
Patch13: 0013-curl-7.61.1-zsh-completion.patch
|
||||||
|
|
||||||
|
# do not let libssh create a new socket for SCP/SFTP (#1669156)
|
||||||
|
Patch14: 0014-curl-7.61.1-libssh-socket.patch
|
||||||
|
|
||||||
|
# fix integer overflows in curl_url_set() (CVE-2019-5435)
|
||||||
|
Patch16: 0016-curl-7.64.0-CVE-2019-5435.patch
|
||||||
|
|
||||||
|
# fix TFTP receive buffer overflow (CVE-2019-5436)
|
||||||
|
Patch17: 0017-curl-7.64.0-CVE-2019-5436.patch
|
||||||
|
|
||||||
|
# fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
|
||||||
|
Patch18: 0018-curl-7.65.3-CVE-2019-5482.patch
|
||||||
|
|
||||||
|
# double free due to subsequent call of realloc() (CVE-2019-5481)
|
||||||
|
Patch19: 0019-curl-7.65.3-CVE-2019-5481.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
@ -20,9 +70,6 @@ Patch103: 0103-curl-7.59.0-python3.patch
|
|||||||
# use localhost6 instead of ip6-localhost in the curl test-suite
|
# use localhost6 instead of ip6-localhost in the curl test-suite
|
||||||
Patch104: 0104-curl-7.19.7-localhost6.patch
|
Patch104: 0104-curl-7.19.7-localhost6.patch
|
||||||
|
|
||||||
# prevent valgrind from reporting false positives on x86_64
|
|
||||||
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
|
||||||
|
|
||||||
Provides: curl-full = %{version}-%{release}
|
Provides: curl-full = %{version}-%{release}
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
URL: https://curl.haxx.se/
|
URL: https://curl.haxx.se/
|
||||||
@ -42,7 +89,6 @@ BuildRequires: openldap-devel
|
|||||||
BuildRequires: openssh-clients
|
BuildRequires: openssh-clients
|
||||||
BuildRequires: openssh-server
|
BuildRequires: openssh-server
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: perl-interpreter
|
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
BuildRequires: sed
|
BuildRequires: sed
|
||||||
@ -52,12 +98,6 @@ BuildRequires: zlib-devel
|
|||||||
# needed to compress content of tool_hugehelp.c after changing curl.1 man page
|
# needed to compress content of tool_hugehelp.c after changing curl.1 man page
|
||||||
BuildRequires: perl(IO::Compress::Gzip)
|
BuildRequires: perl(IO::Compress::Gzip)
|
||||||
|
|
||||||
# needed for generation of shell completions
|
|
||||||
BuildRequires: perl(Getopt::Long)
|
|
||||||
BuildRequires: perl(Pod::Usage)
|
|
||||||
BuildRequires: perl(strict)
|
|
||||||
BuildRequires: perl(warnings)
|
|
||||||
|
|
||||||
# gnutls-serv is used by the upstream test-suite
|
# gnutls-serv is used by the upstream test-suite
|
||||||
BuildRequires: gnutls-utils
|
BuildRequires: gnutls-utils
|
||||||
|
|
||||||
@ -73,8 +113,10 @@ BuildRequires: perl(File::Copy)
|
|||||||
BuildRequires: perl(File::Spec)
|
BuildRequires: perl(File::Spec)
|
||||||
BuildRequires: perl(IPC::Open2)
|
BuildRequires: perl(IPC::Open2)
|
||||||
BuildRequires: perl(MIME::Base64)
|
BuildRequires: perl(MIME::Base64)
|
||||||
|
BuildRequires: perl(strict)
|
||||||
BuildRequires: perl(Time::Local)
|
BuildRequires: perl(Time::Local)
|
||||||
BuildRequires: perl(Time::HiRes)
|
BuildRequires: perl(Time::HiRes)
|
||||||
|
BuildRequires: perl(warnings)
|
||||||
BuildRequires: perl(vars)
|
BuildRequires: perl(vars)
|
||||||
|
|
||||||
# The test-suite runs automatically through valgrind if valgrind is available
|
# The test-suite runs automatically through valgrind if valgrind is available
|
||||||
@ -83,7 +125,7 @@ BuildRequires: perl(vars)
|
|||||||
# to be less reliable, in order to avoid unnecessary build failures (see RHBZ
|
# to be less reliable, in order to avoid unnecessary build failures (see RHBZ
|
||||||
# #810992, #816175, and #886891). Nevertheless developers are free to install
|
# #810992, #816175, and #886891). Nevertheless developers are free to install
|
||||||
# valgrind manually to improve test coverage on any architecture.
|
# valgrind manually to improve test coverage on any architecture.
|
||||||
%ifarch x86_64
|
%ifarch x86_64 %{ix86}
|
||||||
BuildRequires: valgrind
|
BuildRequires: valgrind
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -175,13 +217,31 @@ be installed.
|
|||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
git init
|
||||||
|
git apply %{PATCH4}
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
%patch103 -p1
|
%patch103 -p1
|
||||||
%patch104 -p1
|
%patch104 -p1
|
||||||
%patch105 -p1
|
|
||||||
|
# upstream patches
|
||||||
|
%patch16 -p1
|
||||||
|
%patch17 -p1
|
||||||
|
%patch18 -p1
|
||||||
|
%patch19 -p1
|
||||||
|
|
||||||
# make tests/*.py use Python 3
|
# make tests/*.py use Python 3
|
||||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||||
@ -301,10 +361,6 @@ make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
|
|||||||
LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
|
LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" \
|
||||||
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
|
make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C scripts
|
||||||
|
|
||||||
# do not install /usr/share/fish/completions/curl.fish which is also installed
|
|
||||||
# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
|
|
||||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
|
|
||||||
|
|
||||||
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||||
|
|
||||||
%ldconfig_scriptlets -n libcurl
|
%ldconfig_scriptlets -n libcurl
|
||||||
@ -312,17 +368,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%ldconfig_scriptlets -n libcurl-minimal
|
%ldconfig_scriptlets -n libcurl-minimal
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc CHANGES
|
%doc CHANGES README*
|
||||||
%doc README
|
%doc docs/BUGS docs/FAQ docs/FEATURES
|
||||||
%doc docs/BUGS
|
%doc docs/MANUAL docs/RESOURCES
|
||||||
%doc docs/FAQ
|
%doc docs/TheArtOfHttpScripting docs/TODO
|
||||||
%doc docs/FEATURES
|
|
||||||
%doc docs/RESOURCES
|
|
||||||
%doc docs/TODO
|
|
||||||
%doc docs/TheArtOfHttpScripting
|
|
||||||
%{_bindir}/curl
|
%{_bindir}/curl
|
||||||
%{_mandir}/man1/curl.1*
|
%{_mandir}/man1/curl.1*
|
||||||
%{_datadir}/zsh
|
%{_datadir}/zsh/site-functions
|
||||||
|
|
||||||
%files -n libcurl
|
%files -n libcurl
|
||||||
%license COPYING
|
%license COPYING
|
||||||
@ -350,96 +402,38 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Nov 14 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-2
|
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-12
|
||||||
- fix infinite loop on upload using a glob (#1771025)
|
- double free due to subsequent call of realloc() (CVE-2019-5481)
|
||||||
|
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
|
||||||
|
|
||||||
* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
|
* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-11
|
||||||
- new upstream release
|
- fix TFTP receive buffer overflow (CVE-2019-5436)
|
||||||
|
- fix integer overflows in curl_url_set() (CVE-2019-5435)
|
||||||
|
|
||||||
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
|
* Mon Feb 18 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-10
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
- do not let libssh create a new socket for SCP/SFTP (#1669156)
|
||||||
CVE-2019-5481 - double free due to subsequent call of realloc()
|
|
||||||
CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
|
|
||||||
|
|
||||||
* Tue Aug 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-4
|
* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-9
|
||||||
- avoid reporting spurious error in the HTTP2 framing layer (#1690971)
|
|
||||||
|
|
||||||
* Thu Aug 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.3-3
|
|
||||||
- improve handling of gss_init_sec_context() failures
|
|
||||||
|
|
||||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.65.3-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Jul 20 2019 Paul Howarth <paul@city-fan.org> - 7.65.3-1
|
|
||||||
- new upstream release
|
|
||||||
|
|
||||||
* Wed Jul 17 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.2-1
|
|
||||||
- new upstream release
|
|
||||||
|
|
||||||
* Wed Jun 05 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.1-1
|
|
||||||
- new upstream release
|
|
||||||
|
|
||||||
* Thu May 30 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-2
|
|
||||||
- fix spurious timeout events with speed-limit (#1714893)
|
|
||||||
|
|
||||||
* Wed May 22 2019 Kamil Dudka <kdudka@redhat.com> - 7.65.0-1
|
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
|
||||||
CVE-2019-5436 - TFTP receive buffer overflow
|
|
||||||
CVE-2019-5435 - integer overflows in curl_url_set()
|
|
||||||
|
|
||||||
* Thu May 09 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-2
|
|
||||||
- do not treat failure of gss_init_sec_context() with --negotiate as fatal
|
|
||||||
|
|
||||||
* Wed Mar 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.1-1
|
|
||||||
- new upstream release
|
|
||||||
|
|
||||||
* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-6
|
|
||||||
- remove verbose "Expire in" ... messages (#1690971)
|
|
||||||
|
|
||||||
* Thu Mar 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-5
|
|
||||||
- avoid spurious "Could not resolve host: [host name]" error messages
|
|
||||||
|
|
||||||
* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
|
|
||||||
- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
|
|
||||||
|
|
||||||
* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
|
|
||||||
- prevent NetworkManager from leaking file descriptors (#1680198)
|
|
||||||
|
|
||||||
* Mon Feb 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-2
|
|
||||||
- make zsh completion work again
|
- make zsh completion work again
|
||||||
|
|
||||||
* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-1
|
* Wed Feb 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-8
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
|
||||||
CVE-2019-3823 - SMTP end-of-response out-of-bounds read
|
- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
|
||||||
CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
|
- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
|
||||||
CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
|
|
||||||
|
|
||||||
* Mon Feb 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-7
|
* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-7
|
||||||
- prevent valgrind from reporting false positives on x86_64
|
|
||||||
|
|
||||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.63.0-6
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-5
|
|
||||||
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
||||||
|
|
||||||
* Fri Jan 04 2019 Kamil Dudka <kdudka@redhat.com> - 7.63.0-4
|
* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-6
|
||||||
- replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
|
|
||||||
|
|
||||||
* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-3
|
|
||||||
- curl -J: do not append to the destination file (#1658574)
|
- curl -J: do not append to the destination file (#1658574)
|
||||||
|
|
||||||
* Fri Dec 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-2
|
* Thu Nov 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-5
|
||||||
- revert an upstream commit that broke `fedpkg new-sources` (#1659329)
|
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
|
||||||
|
|
||||||
* Wed Dec 12 2018 Kamil Dudka <kdudka@redhat.com> - 7.63.0-1
|
* Thu Nov 01 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-4
|
||||||
- new upstream release
|
- SASL password overflow via integer overflow (CVE-2018-16839)
|
||||||
|
- fix use-after-free in handle close (CVE-2018-16840)
|
||||||
* Wed Oct 31 2018 Kamil Dudka <kdudka@redhat.com> - 7.62.0-1
|
- fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
|
||||||
CVE-2018-16839 - SASL password overflow via integer overflow
|
|
||||||
CVE-2018-16840 - use-after-free in handle close
|
|
||||||
CVE-2018-16842 - warning message out-of-buffer read
|
|
||||||
|
|
||||||
* Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
|
* Thu Oct 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-3
|
||||||
- enable TLS 1.3 post-handshake auth in OpenSSL
|
- enable TLS 1.3 post-handshake auth in OpenSSL
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
|
SHA512 (curl-7.61.1.tar.xz) = e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a
|
||||||
|
Loading…
Reference in New Issue
Block a user