diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch deleted file mode 100644 index affe9f0..0000000 --- a/0102-curl-7.36.0-debug.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 31 Oct 2012 11:38:30 +0100 -Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) - ---- - configure | 13 +++---------- - m4/curl-compilers.m4 | 13 +++---------- - 2 files changed, 6 insertions(+), 20 deletions(-) - -diff --git a/configure b/configure -index 8f079a3..53b4774 100755 ---- a/configure -+++ b/configure -@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; } - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - - OLDCPPFLAGS=$CPPFLAGS -diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 -index 0cbba7a..9175b5b 100644 ---- a/m4/curl-compilers.m4 -+++ b/m4/curl-compilers.m4 -@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - CURL_CHECK_DEF([_WIN32], [], [silent]) - else --- -1.7.1 - diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch deleted file mode 100644 index efdfd35..0000000 --- a/0105-curl-7.63.0-lib1560-valgrind.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 4 Feb 2019 17:32:56 +0100 -Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp - -... to prevent valgrind from reporting false positives on x86_64: - -Conditional jump or move depends on uninitialised value(s) - at 0x10BCAA: part2id (lib1560.c:489) - by 0x10BCAA: updateurl (lib1560.c:521) - by 0x10BCAA: set_parts (lib1560.c:630) - by 0x10BCAA: test (lib1560.c:802) - by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) - -Conditional jump or move depends on uninitialised value(s) - at 0x10BCC3: part2id (lib1560.c:491) - by 0x10BCC3: updateurl (lib1560.c:521) - by 0x10BCC3: set_parts (lib1560.c:630) - by 0x10BCC3: test (lib1560.c:802) - by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) ---- - tests/libtest/Makefile.inc | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc -index 080421b..ea3b806 100644 ---- a/tests/libtest/Makefile.inc -+++ b/tests/libtest/Makefile.inc -@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) - lib1559_LDADD = $(TESTUTIL_LIBS) - - lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) -+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp - lib1560_LDADD = $(TESTUTIL_LIBS) - - lib1564_SOURCES = lib1564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) --- -2.17.2 - diff --git a/0106-curl-fix-CVE-2019-15601.patch b/0106-curl-fix-CVE-2019-15601.patch deleted file mode 100644 index fb1067f..0000000 --- a/0106-curl-fix-CVE-2019-15601.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 7 Nov 2019 10:13:01 +0100 -Subject: [PATCH] file: on Windows, refuse paths that start with \\ -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... as that might cause an unexpected SMB connection to a given host -name. - -Reported-by: Fernando Muñoz -CVE-2019-15601 -Bug: https://curl.haxx.se/docs/CVE-2019-15601.html ---- - lib/file.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/file.c b/lib/file.c -index d349cd9..166931d 100644 ---- a/lib/file.c -+++ b/lib/file.c -@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) - { - char *real_path; - struct FILEPROTO *file = data->req.p.file; -- int fd; -+ int fd = -1; - #ifdef DOS_FILESYSTEM - size_t i; - char *actual_path; -@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) - return CURLE_URL_MALFORMAT; - } - -- fd = open_readonly(actual_path, O_RDONLY|O_BINARY); -+ if(strncmp("\\\\", actual_path, 2)) -+ /* refuse to open path that starts with two backslashes */ -+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY); - file->path = actual_path; - #else - if(memchr(real_path, 0, real_path_len)) { --- -1.8.3.1 - diff --git a/0101-curl-7.32.0-multilib.patch b/backport-0101-curl-7.32.0-multilib.patch similarity index 100% rename from 0101-curl-7.32.0-multilib.patch rename to backport-0101-curl-7.32.0-multilib.patch diff --git a/backport-CVE-2021-22925.patch b/backport-CVE-2021-22925.patch deleted file mode 100644 index f05caaa..0000000 --- a/backport-CVE-2021-22925.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 894f6ec730597eb243618d33cc84d71add8d6a8a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 12 Jun 2021 18:25:15 +0200 -Subject: [PATCH] telnet: fix option parser to not send uninitialized contents - -CVS-2021-22925 - -Reported-by: Red Hat Product Security -Bug: https://curl.se/docs/CVE-2021-22925.html ---- - lib/telnet.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/lib/telnet.c b/lib/telnet.c -index 1d3024ec4d3e..a81bb81c3675 100644 ---- a/lib/telnet.c -+++ b/lib/telnet.c -@@ -920,12 +920,17 @@ static void suboption(struct Curl_easy *data) - size_t tmplen = (strlen(v->data) + 1); - /* Add the variable only if it fits */ - if(len + tmplen < (int)sizeof(temp)-6) { -- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { -- msnprintf((char *)&temp[len], sizeof(temp) - len, -- "%c%s%c%s", CURL_NEW_ENV_VAR, varname, -- CURL_NEW_ENV_VALUE, varval); -- len += tmplen; -- } -+ int rv; -+ char sep[2] = ""; -+ varval[0] = 0; -+ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval); -+ if(rv == 1) -+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, -+ "%c%s", CURL_NEW_ENV_VAR, varname); -+ else if(rv >= 2) -+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, -+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname, -+ CURL_NEW_ENV_VALUE, varval); - } - } - msnprintf((char *)&temp[len], sizeof(temp) - len, diff --git a/backport-CVE-2021-22926.patch b/backport-CVE-2021-22926.patch deleted file mode 100644 index 69dae75..0000000 --- a/backport-CVE-2021-22926.patch +++ /dev/null @@ -1,70 +0,0 @@ -From fd9b40bf8dfd43edcbc0d254d613d95a11061c05 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 21 Jun 2021 10:35:09 +0200 -Subject: [PATCH] sectransp: check for client certs by name first, then file - -CVE-2021-22926 - -Bug: https://curl.se/docs/CVE-2021-22926.html - -Assisted-by: Daniel Gustafsson -Reported-by: Harry Sintonen ---- - lib/vtls/sectransp.c | 33 +++++++++++++++++++-------------- - 1 file changed, 19 insertions(+), 14 deletions(-) - -diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c -index 21ca0824bdf6..26b833dd2ac7 100644 ---- a/lib/vtls/sectransp.c -+++ b/lib/vtls/sectransp.c -@@ -32,6 +32,7 @@ - #include "curl_base64.h" - #include "strtok.h" - #include "multiif.h" -+#include "strcase.h" - - #ifdef USE_SECTRANSP - -@@ -1869,24 +1870,28 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, - bool is_cert_file = (!is_cert_data) && is_file(ssl_cert); - SecIdentityRef cert_and_key = NULL; - -- /* User wants to authenticate with a client cert. Look for it: -- If we detect that this is a file on disk, then let's load it. -- Otherwise, assume that the user wants to use an identity loaded -- from the Keychain. */ -- if(is_cert_file || is_cert_data) { -+ /* User wants to authenticate with a client cert. Look for it. Assume that -+ the user wants to use an identity loaded from the Keychain. If not, try -+ it as a file on disk */ -+ -+ if(!is_cert_data) -+ err = CopyIdentityWithLabel(ssl_cert, &cert_and_key); -+ else -+ err = !noErr; -+ if((err != noErr) && (is_cert_file || is_cert_data)) { - if(!SSL_SET_OPTION(cert_type)) -- infof(data, "WARNING: SSL: Certificate type not set, assuming " -- "PKCS#12 format.\n"); -- else if(strncmp(SSL_SET_OPTION(cert_type), "P12", -- strlen(SSL_SET_OPTION(cert_type))) != 0) -- infof(data, "WARNING: SSL: The Security framework only supports " -- "loading identities that are in PKCS#12 format.\n"); -+ infof(data, "SSL: Certificate type not set, assuming " -+ "PKCS#12 format."); -+ else if(!strcasecompare(SSL_SET_OPTION(cert_type), "P12")) { -+ failf(data, "SSL: The Security framework only supports " -+ "loading identities that are in PKCS#12 format."); -+ return CURLE_SSL_CERTPROBLEM; -+ } - - err = CopyIdentityFromPKCS12File(ssl_cert, ssl_cert_blob, -- SSL_SET_OPTION(key_passwd), &cert_and_key); -+ SSL_SET_OPTION(key_passwd), -+ &cert_and_key); - } -- else -- err = CopyIdentityWithLabel(ssl_cert, &cert_and_key); - - if(err == noErr && cert_and_key) { - SecCertificateRef cert = NULL; diff --git a/backport-CVE-2021-22945.patch b/backport-CVE-2021-22945.patch deleted file mode 100644 index f8e570d..0000000 --- a/backport-CVE-2021-22945.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001 -From: z2_ on hackerone <> -Date: Tue, 24 Aug 2021 09:50:33 +0200 -Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds - -CVE-2021-22945 - -Bug: https://curl.se/docs/CVE-2021-22945.html ---- - lib/mqtt.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/mqtt.c b/lib/mqtt.c -index f077e6c3dc44..fcd40b41e600 100644 ---- a/lib/mqtt.c -+++ b/lib/mqtt.c -@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, - mq->sendleftovers = sendleftovers; - mq->nsend = nsend; - } -+ else { -+ mq->sendleftovers = NULL; -+ mq->nsend = 0; -+ } - return result; - } - diff --git a/backport-CVE-2021-22946.patch b/backport-CVE-2021-22946.patch deleted file mode 100644 index 9128219..0000000 --- a/backport-CVE-2021-22946.patch +++ /dev/null @@ -1,325 +0,0 @@ -From 364f174724ef115c63d5e5dc1d3342c8a43b1cca Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Wed, 8 Sep 2021 11:56:22 +0200 -Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd - -In imap and pop3, check if TLS is required even when capabilities -request has failed. - -In ftp, ignore preauthentication (230 status of server greeting) if TLS -is required. - -Bug: https://curl.se/docs/CVE-2021-22946.html - -CVE-2021-22946 ---- - lib/ftp.c | 9 ++++--- - lib/imap.c | 24 ++++++++---------- - lib/pop3.c | 33 +++++++++++------------- - tests/data/Makefile.inc | 2 ++ - tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ - tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ - 7 files changed, 195 insertions(+), 36 deletions(-) - create mode 100644 tests/data/test984 - create mode 100644 tests/data/test985 - create mode 100644 tests/data/test986 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 1a699de59459..08d18ca7442b 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - /* we have now received a full FTP server response */ - switch(ftpc->state) { - case FTP_WAIT220: -- if(ftpcode == 230) -- /* 230 User logged in - already! */ -- return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ if(ftpcode == 230) { -+ /* 230 User logged in - already! Take as 220 if TLS required. */ -+ if(data->set.use_ssl <= CURLUSESSL_TRY || -+ conn->bits.ftp_use_control_ssl) -+ return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ } - else if(ftpcode != 220) { - failf(data, "Got a %03d ftp-server response when 220 was expected", - ftpcode); -diff --git a/lib/imap.c b/lib/imap.c -index 359fc692e56d..923b1d59bd1c 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -934,22 +934,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, - line += wordlen; - } - } -- else if(imapcode == IMAP_RESP_OK) { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(imapc->tls_supported) -- /* Switch to TLS connection now */ -- result = imap_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = imap_perform_authentication(data, conn); -- else { -- failf(data, "STARTTLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -+ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -+ /* PREAUTH is not compatible with STARTTLS. */ -+ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { -+ /* Switch to TLS connection now */ -+ result = imap_perform_starttls(data, conn); - } -- else -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) - result = imap_perform_authentication(data, conn); -+ else { -+ failf(data, "STARTTLS not available."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - else - result = imap_perform_authentication(data, conn); -diff --git a/lib/pop3.c b/lib/pop3.c -index d7b5283e1ed1..a331d71f7770 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -740,28 +740,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, - } - } - } -- else if(pop3code == '+') { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(pop3c->tls_supported) -- /* Switch to TLS connection now */ -- result = pop3_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = pop3_perform_authentication(data, conn); -- else { -- failf(data, "STLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -- } -- else -- result = pop3_perform_authentication(data, conn); -- } - else { - /* Clear text is supported when CAPA isn't recognised */ -- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; -+ if(pop3code != '+') -+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; - -- result = pop3_perform_authentication(data, conn); -+ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) -+ result = pop3_perform_authentication(data, conn); -+ else if(pop3code == '+' && pop3c->tls_supported) -+ /* Switch to TLS connection now */ -+ result = pop3_perform_starttls(data, conn); -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) -+ /* Fallback and carry on with authentication */ -+ result = pop3_perform_authentication(data, conn); -+ else { -+ failf(data, "STLS not supported."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - - return result; -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 59e1145fc800..8e05ee907401 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - test972 \ - \ -+test984 test985 test986 \ -+\ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ - test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ -diff --git a/tests/data/test984 b/tests/data/test984 -new file mode 100644 -index 000000000000..e573f23c15b4 ---- /dev/null -+++ b/tests/data/test984 -@@ -0,0 +1,56 @@ -+ -+ -+ -+IMAP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY CAPABILITY A001 BAD Not implemented -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+imap -+ -+ -+IMAP require STARTTLS with failing capabilities -+ -+ -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd -+ -+ -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+A001 CAPABILITY -+ -+ -+ -diff --git a/tests/data/test985 b/tests/data/test985 -new file mode 100644 -index 000000000000..d0db4aadf5db ---- /dev/null -+++ b/tests/data/test985 -@@ -0,0 +1,54 @@ -+ -+ -+ -+POP3 -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY CAPA -ERR Not implemented -+ -+ -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+pop3 -+ -+ -+POP3 require STARTTLS with failing capabilities -+ -+ -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+CAPA -+ -+ -+ -diff --git a/tests/data/test986 b/tests/data/test986 -new file mode 100644 -index 000000000000..a709437a49ff ---- /dev/null -+++ b/tests/data/test986 -@@ -0,0 +1,53 @@ -+ -+ -+ -+FTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY welcome 230 Welcome -+REPLY AUTH 500 unknown command -+ -+ -+ -+# Client-side -+ -+ -+SSL -+ -+ -+ftp -+ -+ -+FTP require STARTTLS while preauthenticated -+ -+ -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+ -+ -+--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+AUTH SSL -+AUTH TLS -+ -+ -+ diff --git a/backport-CVE-2021-22947.patch b/backport-CVE-2021-22947.patch deleted file mode 100644 index aba2b4a..0000000 --- a/backport-CVE-2021-22947.patch +++ /dev/null @@ -1,348 +0,0 @@ -From 8ef147c43646e91fdaad5d0e7b60351f842e5c68 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Tue, 7 Sep 2021 13:26:42 +0200 -Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response - pipelining - -If a server pipelines future responses within the STARTTLS response, the -former are preserved in the pingpong cache across TLS negotiation and -used as responses to the encrypted commands. - -This fix detects pipelined STARTTLS responses and rejects them with an -error. - -CVE-2021-22947 - -Bug: https://curl.se/docs/CVE-2021-22947.html ---- - lib/ftp.c | 3 +++ - lib/imap.c | 4 +++ - lib/pop3.c | 4 +++ - lib/smtp.c | 4 +++ - tests/data/Makefile.inc | 2 +- - tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ - tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ - tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ - 9 files changed, 236 insertions(+), 1 deletion(-) - create mode 100644 tests/data/test980 - create mode 100644 tests/data/test981 - create mode 100644 tests/data/test982 - create mode 100644 tests/data/test983 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 08d18ca7442b..0b9c9b7322b5 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - case FTP_AUTH: - /* we have gotten the response to a previous AUTH command */ - -+ if(pp->cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ -+ - /* RFC2228 (page 5) says: - * - * If the server is willing to accept the named security mechanism, -diff --git a/lib/imap.c b/lib/imap.c -index 923b1d59bd1c..6163899bbeb6 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -963,6 +963,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, - - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.imapc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(imapcode != IMAP_RESP_OK) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); -diff --git a/lib/pop3.c b/lib/pop3.c -index a331d71f7770..d3f3de6d49a9 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -771,6 +771,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.pop3c.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(pop3code != '+') { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); -diff --git a/lib/smtp.c b/lib/smtp.c -index 20dc85a5f23b..02ddaca0a279 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -834,6 +834,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.smtpc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(smtpcode != 220) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied, code %d", smtpcode); -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 8e05ee907401..787c3637510a 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - test972 \ - \ --test984 test985 test986 \ -+test980 test981 test982 test983 test984 test985 test986 \ - \ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ -diff --git a/tests/data/test980 b/tests/data/test980 -new file mode 100644 -index 000000000000..97567f85638a ---- /dev/null -+++ b/tests/data/test980 -@@ -0,0 +1,52 @@ -+ -+ -+ -+SMTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STARTTLS -+AUTH PLAIN -+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted -+REPLY AUTH 535 5.7.8 Authentication credentials invalid -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+smtp -+ -+ -+SMTP STARTTLS pipelined server response -+ -+ -+mail body -+ -+ -+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+EHLO %TESTNUMBER -+STARTTLS -+ -+ -+ -diff --git a/tests/data/test981 b/tests/data/test981 -new file mode 100644 -index 000000000000..2b98ce42ad4c ---- /dev/null -+++ b/tests/data/test981 -@@ -0,0 +1,59 @@ -+ -+ -+ -+IMAP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STARTTLS -+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted -+REPLY LOGIN A003 BAD Authentication credentials invalid -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+imap -+ -+ -+IMAP STARTTLS pipelined server response -+ -+ -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl -+ -+ -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+A001 CAPABILITY -+A002 STARTTLS -+ -+ -+ -diff --git a/tests/data/test982 b/tests/data/test982 -new file mode 100644 -index 000000000000..9e07cc0b3f1f ---- /dev/null -+++ b/tests/data/test982 -@@ -0,0 +1,57 @@ -+ -+ -+ -+POP3 -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STLS USER -+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated -+REPLY PASS -ERR Authentication credentials invalid -+ -+ -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+pop3 -+ -+ -+POP3 STARTTLS pipelined server response -+ -+ -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+CAPA -+STLS -+ -+ -+ -diff --git a/tests/data/test983 b/tests/data/test983 -new file mode 100644 -index 000000000000..300ec459c99b ---- /dev/null -+++ b/tests/data/test983 -@@ -0,0 +1,52 @@ -+ -+ -+ -+FTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete -+REPLY PASS 530 Login incorrect -+ -+ -+ -+# Client-side -+ -+ -+SSL -+ -+ -+ftp -+ -+ -+FTP STARTTLS pipelined server response -+ -+ -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+ -+ -+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+AUTH SSL -+ -+ -+ diff --git a/curl-7.77.0.tar.xz b/curl-7.77.0.tar.xz deleted file mode 100644 index 2fb0baf..0000000 Binary files a/curl-7.77.0.tar.xz and /dev/null differ diff --git a/curl-7.79.1.tar.xz b/curl-7.79.1.tar.xz new file mode 100644 index 0000000..bb9d086 Binary files /dev/null and b/curl-7.79.1.tar.xz differ diff --git a/curl.spec b/curl.spec index 0026cd5..2ebbdfc 100644 --- a/curl.spec +++ b/curl.spec @@ -1,29 +1,20 @@ #Global macro or variable %global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) %global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) -%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) +%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') %global _configure ../configure Name: curl -Version: 7.77.0 -Release: 3 +Version: 7.79.1 +Release: 1 Summary: Curl is used in command lines or scripts to transfer data License: MIT URL: https://curl.haxx.se/ Source: https://curl.haxx.se/download/curl-%{version}.tar.xz -Patch101: 0101-curl-7.32.0-multilib.patch -Patch102: 0102-curl-7.36.0-debug.patch -Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch -Patch106: 0106-curl-fix-CVE-2019-15601.patch -Patch107: backport-CVE-2021-22925.patch -Patch108: backport-CVE-2021-22926.patch -Patch109: backport-CVE-2021-22945.patch -Patch110: backport-CVE-2021-22946.patch -Patch111: backport-CVE-2021-22947.patch - +Patch1: backport-0101-curl-7.32.0-multilib.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel -BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel +BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel BuildRequires: libssh-devel make openldap-devel openssh-clients openssh-server BuildRequires: openssl-devel perl-interpreter pkgconfig python3-devel sed BuildRequires: stunnel zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip) @@ -69,7 +60,7 @@ Header files for libcurl. # make tests/*.py use Python 3 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py -printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED +printf "1112\n1455\n1184\n1801\n1900\n" >> tests/data/DISABLED # adapt test 323 for updated OpenSSL sed -e 's/^35$/35,52/' -i tests/data/test323 @@ -104,7 +95,6 @@ export common_configure_opts="--cache-file=../config.cache \ --enable-manual \ --with-brotli \ --with-libidn2 \ - --with-libmetalink \ --with-libpsl \ --with-libssh ) @@ -170,6 +160,11 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %changelog +* Thu Jan 20 2022 gaoxingwang - 7.79.1-1 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:update curl to 7.79.1 * Wed Sep 29 2021 yanglu - 7.77.0-3 - Type:CVE - CVE:CVE-2021-22945 CVE-2021-22946 CVE-2021-22947