commit 46341a033c7f45c2ce0fa7ae32b0755a57a6607d Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:36:29 2019 -0400 Package init diff --git a/0001-curl-7.61.1-test320-gnutls.patch b/0001-curl-7.61.1-test320-gnutls.patch new file mode 100644 index 0000000..a9cbaac --- /dev/null +++ b/0001-curl-7.61.1-test320-gnutls.patch @@ -0,0 +1,63 @@ +From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 4 Oct 2018 15:34:13 +0200 +Subject: [PATCH] test320: strip out more HTML when comparing + +To make the test case work with different gnutls-serv versions better. + +Reported-by: Kamil Dudka +Fixes #3093 +Closes #3094 + +Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3 +Signed-off-by: Kamil Dudka +--- + tests/data/test320 | 24 ++++-------------------- + 1 file changed, 4 insertions(+), 20 deletions(-) + +diff --git a/tests/data/test320 b/tests/data/test320 +index 457a11eb2..87311d4f2 100644 +--- a/tests/data/test320 ++++ b/tests/data/test320 +@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response + HTTP/1.0 200 OK + Content-type: text/html + +- +- +-

This is GnuTLS

+- +- +- +-

If your browser supports session resuming, then you should see the same session ID, when you press the reload button.

Connected as user 'jsmith'.

+- +- +- +- +- +-
Key Exchange: SRP
Compression NULL
Cipher AES-NNN-CBC
MAC SHA1
Ciphersuite SRP_SHA_AES_NNN_CBC_SHA1
+-

Your HTTP header was:

Host: %HOSTIP:%HTTPTLSPORT
++FINE
+ User-Agent: curl-test-suite
+ Accept: */*
+ 
+-

+- +- + + +-s/^

Session ID:.*// ++s/^

Connected as user 'jsmith'.*/FINE/ + s/Protocol version:.*[0-9]// + s/GNUTLS/GnuTLS/ + s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/ ++s/^<.*\n// ++s/^\n// + + + +-- +2.17.1 + diff --git a/0001-fix-double-free-when-multi-perform.patch b/0001-fix-double-free-when-multi-perform.patch new file mode 100644 index 0000000..ad0d61b --- /dev/null +++ b/0001-fix-double-free-when-multi-perform.patch @@ -0,0 +1,24 @@ +From 8df95297b910daa93627eb3edb89f863e6867b93 Mon Sep 17 00:00:00 2001 +From: wangjia +Date: Sat, 30 Mar 2019 01:14:21 -0400 +Subject: [PATCH] fix double free when multi perform + +--- + lib/multi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/multi.c b/lib/multi.c +index 49b8b19..228a3da 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -2034,7 +2034,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + else if(comeback) + rc = CURLM_CALL_MULTI_PERFORM; + +- free(newurl); + break; + } + +-- +2.19.1 + diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch new file mode 100644 index 0000000..532980e --- /dev/null +++ b/0101-curl-7.32.0-multilib.patch @@ -0,0 +1,89 @@ +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 12 Apr 2013 12:04:05 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script + +--- + curl-config.in | 21 +++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 7 insertions(+), 19 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 150004d..95d0759 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -76,7 +76,7 @@ while test $# -gt 0; do + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -143,32 +143,17 @@ while test $# -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; + + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi + ;; + + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl ++packages do not provide any static libraries, thus cannot be linked statically. ++(Added in 7.17.1) + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 2ba9c39..f8f8b00 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -29,6 +29,7 @@ libdir=@libdir@ + includedir=@includedir@ + supported_protocols="@SUPPORT_PROTOCOLS@" + supported_features="@SUPPORT_FEATURES@" ++configure_options=@CONFIGURE_OPTIONS@ + + Name: libcurl + URL: https://curl.haxx.se/ +-- +2.5.0 + diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch new file mode 100644 index 0000000..bbb253f --- /dev/null +++ b/0102-curl-7.36.0-debug.patch @@ -0,0 +1,65 @@ +From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 31 Oct 2012 11:38:30 +0100 +Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) + +--- + configure | 13 +++---------- + m4/curl-compilers.m4 | 13 +++---------- + 2 files changed, 6 insertions(+), 20 deletions(-) + +diff --git a/configure b/configure +index 8f079a3..53b4774 100755 +--- a/configure ++++ b/configure +@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; } + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + + OLDCPPFLAGS=$CPPFLAGS +diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 +index 0cbba7a..9175b5b 100644 +--- a/m4/curl-compilers.m4 ++++ b/m4/curl-compilers.m4 +@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else +-- +1.7.1 + diff --git a/0103-curl-7.59.0-python3.patch b/0103-curl-7.59.0-python3.patch new file mode 100644 index 0000000..f66b6c0 --- /dev/null +++ b/0103-curl-7.59.0-python3.patch @@ -0,0 +1,140 @@ +From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Thu, 15 Mar 2018 13:21:40 +0100 +Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3 + +--- + tests/http_pipe.py | 4 ++-- + tests/runtests.pl | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/http_pipe.py b/tests/http_pipe.py +index bc32173..75ac165 100755 +--- a/tests/http_pipe.py ++++ b/tests/http_pipe.py +@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler): + self.request.setblocking(True) + if not new_data: + return +- new_requests = self._request_parser.ParseAdditionalData(new_data) ++ new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8')) + self._response_builder.QueueRequests( + new_requests, self._request_parser.were_all_requests_http_1_1) + self._num_queued += len(new_requests) + self._last_queued_time = time.time() + elif fileno in wlist: +- num_bytes_sent = self.request.send(self._send_buffer[0:4096]) ++ num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8')) + self._send_buffer = self._send_buffer[num_bytes_sent:] + time.sleep(0.05) + +diff --git a/tests/runtests.pl b/tests/runtests.pl +index d6aa5ca..4d395ef 100755 +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -1439,7 +1439,7 @@ sub runhttpserver { + elsif($alt eq "pipe") { + # basically the same, but another ID + $idnum = 3; +- $exe = "python $srcdir/http_pipe.py"; ++ $exe = "python3 $srcdir/http_pipe.py"; + $verbose_flag .= "1 "; + } + elsif($alt eq "unix") { +-- +2.14.3 + + +From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Thu, 15 Mar 2018 14:49:56 +0100 +Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3 + +Unfortunately, smbserver.py does not work with Python 3 because +there is no 'impacket' module available for Python 3: + +https://github.com/CoreSecurity/impacket/issues/61 +--- + tests/negtelnetserver.py | 12 ++++++------ + tests/smbserver.py | 4 ++-- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py +index 8cfd409..72ee771 100755 +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -23,7 +23,7 @@ IDENT = "NTEL" + + # The strings that indicate the test framework is checking our aliveness + VERIFIED_REQ = b"verifiedserver" +-VERIFIED_RSP = b"WE ROOLZ: {pid}" ++VERIFIED_RSP = "WE ROOLZ: {pid}" + + + def telnetserver(options): +@@ -34,7 +34,7 @@ def telnetserver(options): + if options.pidfile: + pid = os.getpid() + with open(options.pidfile, "w") as f: +- f.write(b"{0}".format(pid)) ++ f.write("{0}".format(pid)) + + local_bind = (HOST, options.port) + log.info("Listening on %s", local_bind) +@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + response_data = VERIFIED_RSP.format(pid=os.getpid()) + else: + log.debug("Received normal request - echoing back") +- response_data = data.strip() ++ response_data = data.decode('utf8').strip() + + if response_data: + log.debug("Sending %r", response_data) +- self.request.sendall(response_data) ++ self.request.sendall(response_data.encode('utf8')) + + except IOError: + log.exception("IOError hit during request") +@@ -132,7 +132,7 @@ class Negotiator(object): + return buffer + + def byte_to_int(self, byte): +- return struct.unpack(b'B', byte)[0] ++ return int(byte) + + def no_neg(self, byte, byte_int, buffer): + # Not negotiating anything thus far. Check to see if we +@@ -197,7 +197,7 @@ class Negotiator(object): + self.tcp.sendall(packed_message) + + def pack(self, arr): +- return struct.pack(b'{0}B'.format(len(arr)), *arr) ++ return struct.pack('{0}B'.format(len(arr)), *arr) + + def send_iac(self, arr): + message = [NegTokens.IAC] +diff --git a/tests/smbserver.py b/tests/smbserver.py +index 195ae39..b09cd44 100755 +--- a/tests/smbserver.py ++++ b/tests/smbserver.py +@@ -24,7 +24,7 @@ + from __future__ import (absolute_import, division, print_function) + # unicode_literals) + import argparse +-import ConfigParser ++import configparser + import os + import sys + import logging +@@ -58,7 +58,7 @@ def smbserver(options): + f.write("{0}".format(pid)) + + # Here we write a mini config for the server +- smb_config = ConfigParser.ConfigParser() ++ smb_config = configparser.ConfigParser() + smb_config.add_section("global") + smb_config.set("global", "server_name", "SERVICE") + smb_config.set("global", "server_os", "UNIX") +-- +2.14.3 + diff --git a/0104-curl-7.19.7-localhost6.patch b/0104-curl-7.19.7-localhost6.patch new file mode 100644 index 0000000..4f664d3 --- /dev/null +++ b/0104-curl-7.19.7-localhost6.patch @@ -0,0 +1,51 @@ +diff --git a/tests/data/test1083 b/tests/data/test1083 +index e441278..b0958b6 100644 +--- a/tests/data/test1083 ++++ b/tests/data/test1083 +@@ -33,13 +33,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET with ip6-localhost --interface ++HTTP-IPv6 GET with localhost6 --interface + + +--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost ++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 + + +-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" ++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" + + + +diff --git a/tests/data/test241 b/tests/data/test241 +index 46eae1f..4e1632c 100644 +--- a/tests/data/test241 ++++ b/tests/data/test241 +@@ -30,13 +30,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET (using ip6-localhost) ++HTTP-IPv6 GET (using localhost6) + + +--g "http://ip6-localhost:%HTTP6PORT/241" ++-g "http://localhost6:%HTTP6PORT/241" + + +-./server/resolve --ipv6 ip6-localhost ++./server/resolve --ipv6 localhost6 + + + +@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost) + + + GET /241 HTTP/1.1 +-Host: ip6-localhost:%HTTP6PORT ++Host: localhost6:%HTTP6PORT + Accept: */* + + diff --git a/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch b/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch new file mode 100644 index 0000000..bdecdc7 --- /dev/null +++ b/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch @@ -0,0 +1,29 @@ +From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 28 Sep 2018 16:08:16 +0200 +Subject: [PATCH 225/557] Curl_auth_create_plain_message: fix + too-large-input-check + +CVE-2018-16839 +Reported-by: Harry Sintonen +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html +--- + lib/vauth/cleartext.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c +index a10edbd..be6d611 100644 +--- a/lib/vauth/cleartext.c ++++ b/lib/vauth/cleartext.c +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, + plen = strlen(passwdp); + + /* Compute binary message length. Check for overflows. */ +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) + return CURLE_OUT_OF_MEMORY; + plainlen = 2 * ulen + plen + 2; + +-- +1.8.3.1 + diff --git a/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch b/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch new file mode 100644 index 0000000..64ef0f3 --- /dev/null +++ b/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch @@ -0,0 +1,36 @@ +From 81d135d67155c5295b1033679c606165d4e28f3f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 18 Oct 2018 15:07:15 +0200 +Subject: [PATCH 224/557] Curl_close: clear data->multi_easy on free to avoid + use-after-free + +Regression from b46cfbc068 (7.59.0) +CVE-2018-16840 +Reported-by: Brian Carpenter (Geeknik Labs) + +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html +--- + lib/url.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index 723b898..0d5a13f 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data) + and detach this handle from there. */ + curl_multi_remove_handle(data->multi, data); + +- if(data->multi_easy) ++ if(data->multi_easy) { + /* when curl_easy_perform() is used, it creates its own multi handle to + use and this is the one */ + curl_multi_cleanup(data->multi_easy); ++ data->multi_easy = NULL; ++ } + + /* Destroy the timeout list that is held in the easy handle. It is + /normally/ done by curl_multi_remove_handle() but this is "just in +-- +1.8.3.1 + diff --git a/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch b/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch new file mode 100644 index 0000000..b40e660 --- /dev/null +++ b/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch @@ -0,0 +1,29 @@ +From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 28 Oct 2018 01:33:23 +0200 +Subject: [PATCH 232/557] voutf: fix bad arethmetic when outputting warnings to + stderr + +CVE-2018-16842 +Reported-by: Brian Carpenter +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html +--- + src/tool_msgs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tool_msgs.c b/src/tool_msgs.c +index 832ed81..f5e1df2 100644 +--- a/src/tool_msgs.c ++++ b/src/tool_msgs.c +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, + (void)fwrite(ptr, cut + 1, 1, config->errors); + fputs("\n", config->errors); + ptr += cut + 1; /* skip the space too */ +- len -= cut; ++ len -= cut + 1; + } + else { + fputs(ptr, config->errors); +-- +1.8.3.1 + diff --git a/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch b/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch new file mode 100644 index 0000000..a769dca --- /dev/null +++ b/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch @@ -0,0 +1,34 @@ +From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 2 Jan 2019 20:33:08 +0100 +Subject: [PATCH 478/557] NTLM: fix size check condition for type2 received + data + +Bug: https://curl.haxx.se/docs/CVE-2018-16890.html +Reported-by: Wenxiang Qian +CVE-2018-16890 +--- + lib/vauth/ntlm.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c +index c3d55ed..0ad4d97 100644 +--- a/lib/vauth/ntlm.c ++++ b/lib/vauth/ntlm.c +@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, + target_info_len = Curl_read16_le(&buffer[40]); + target_info_offset = Curl_read32_le(&buffer[44]); + if(target_info_len > 0) { +- if(((target_info_offset + target_info_len) > size) || ++ if((target_info_offset >= size) || ++ ((target_info_offset + target_info_len) > size) || + (target_info_offset < 48)) { + infof(data, "NTLM handshake failure (bad type-2 message). " +- "Target Info Offset Len is set incorrect by the peer\n"); ++ "Target Info Offset Len is set incorrect by the peer\n"); + return CURLE_BAD_CONTENT_ENCODING; + } + +-- +1.8.3.1 + diff --git a/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch b/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch new file mode 100644 index 0000000..9f411ae --- /dev/null +++ b/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch @@ -0,0 +1,39 @@ +From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 3 Jan 2019 12:59:28 +0100 +Subject: [PATCH 479/557] ntlm: fix *_type3_message size check to avoid buffer + overflow + +Bug: https://curl.haxx.se/docs/CVE-2019-3822.html +Reported-by: Wenxiang Qian +CVE-2019-3822 +--- + lib/vauth/ntlm.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c +index 0ad4d97..6a8fc5a 100644 +--- a/lib/vauth/ntlm.c ++++ b/lib/vauth/ntlm.c +@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, + }); + + #ifdef USE_NTRESPONSES +- if(size < (NTLM_BUFSIZE - ntresplen)) { +- DEBUGASSERT(size == (size_t)ntrespoff); +- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); +- size += ntresplen; ++ /* ntresplen + size should not be risking an integer overflow here */ ++ if(ntresplen + size > sizeof(ntlmbuf)) { ++ failf(data, "incoming NTLM message too big"); ++ return CURLE_OUT_OF_MEMORY; + } ++ DEBUGASSERT(size == (size_t)ntrespoff); ++ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); ++ size += ntresplen; + + DEBUG_OUT({ + fprintf(stderr, "\n ntresp="); +-- +1.8.3.1 + diff --git a/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch b/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch new file mode 100644 index 0000000..f79544a --- /dev/null +++ b/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch @@ -0,0 +1,47 @@ +From 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Sat, 19 Jan 2019 00:42:47 +0100 +Subject: [PATCH 480/557] smtp: avoid risk of buffer overflow in strtol + +If the incoming len 5, but the buffer does not have a termination +after 5 bytes, the strtol() call may keep reading through the line +buffer until is exceeds its boundary. Fix by ensuring that we are +using a bounded read with a temporary buffer on the stack. + +Bug: https://curl.haxx.se/docs/CVE-2019-3823.html +Reported-by: Brian Carpenter (Geeknik Labs) +CVE-2019-3823 +--- + lib/smtp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/smtp.c b/lib/smtp.c +index 84fc68e..d55647b 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, + Section 4. Examples of RFC-4954 but some e-mail servers ignore this and + only send the response code instead as per Section 4.2. */ + if(line[3] == ' ' || len == 5) { ++ char tmpline[6]; ++ + result = TRUE; +- *resp = curlx_sltosi(strtol(line, NULL, 10)); ++ memset(tmpline, '\0', sizeof(tmpline)); ++ memcpy(tmpline, line, (len == 5 ? 5 : 3)); ++ *resp = curlx_sltosi(strtol(tmpline, NULL, 10)); + + /* Make sure real server never sends internal value */ + if(*resp == 1) +-- +1.8.3.1 + diff --git a/CVE-2019-5436.patch b/CVE-2019-5436.patch new file mode 100644 index 0000000..9fdeb30 --- /dev/null +++ b/CVE-2019-5436.patch @@ -0,0 +1,25 @@ +From 5c89b6583079cd4cccbdf59929fa14515397430a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 3 May 2019 22:20:37 +0200 +Subject: [PATCH] tftp: use the current blksize for recvfrom() + +bug: CVE-2019-XXXXX +Reported-by: l00p3r +--- + lib/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: curl-7.64.0/lib/tftp.c +=================================================================== +--- curl-7.64.0.orig/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400 ++++ curl-7.64.0/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400 +@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct conn + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = TFTP_BLKSIZE_DEFAULT; ++ state->blksize = blksize; + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = + diff --git a/Curl_dedotdotify-always-nul-terminate-returned-strin.patch b/Curl_dedotdotify-always-nul-terminate-returned-strin.patch new file mode 100644 index 0000000..983d786 --- /dev/null +++ b/Curl_dedotdotify-always-nul-terminate-returned-strin.patch @@ -0,0 +1,25 @@ +From c558db3c39db1817f78ac1bd81ec03a99447d423 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Mon, 18 Mar 2019 12:47:43 -0400 +Subject: [PATCH] 0095 + +--- + lib/dotdot.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/dotdot.c b/lib/dotdot.c +index cbb308d..2c6177a 100644 +--- a/lib/dotdot.c ++++ b/lib/dotdot.c +@@ -62,6 +62,8 @@ char *Curl_dedotdotify(const char *input) + if(!out) + return NULL; /* out of memory */ + ++ *out = 0; /* zero terminates, for inputs like "./" */ ++ + /* get a cloned copy of the input */ + clone = strdup(input); + if(!clone) { +-- +1.8.3.1 + diff --git a/Curl_http2_done-fix-memleak-in-error-path.patch b/Curl_http2_done-fix-memleak-in-error-path.patch new file mode 100644 index 0000000..4783beb --- /dev/null +++ b/Curl_http2_done-fix-memleak-in-error-path.patch @@ -0,0 +1,44 @@ +From d26605818339acb190572a5c4291945160063ff0 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Mon, 18 Mar 2019 13:41:26 -0400 +Subject: [PATCH] 0101 + +--- + lib/http2.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/http2.c b/lib/http2.c +index dfc780e..eb395f9 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -1085,12 +1085,8 @@ void Curl_http2_done(struct connectdata *conn, bool premature) + struct HTTP *http = data->req.protop; + struct http_conn *httpc = &conn->proto.httpc; + +- if(!httpc->h2) /* not HTTP/2 ? */ +- return; +- +- if(data->state.drain) +- drained_transfer(data, httpc); +- ++ /* there might be allocated resources done before this got the 'h2' pointer ++ setup */ + if(http->header_recvbuf) { + Curl_add_buffer_free(http->header_recvbuf); + http->header_recvbuf = NULL; /* clear the pointer */ +@@ -1106,6 +1102,12 @@ void Curl_http2_done(struct connectdata *conn, bool premature) + } + } + ++ if(!httpc->h2) /* not HTTP/2 ? */ ++ return; ++ ++ if(data->state.drain) ++ drained_transfer(data, httpc); ++ + if(premature) { + /* RST_STREAM */ + if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, +-- +1.8.3.1 + diff --git a/Curl_retry_request-fix-memory-leak.patch b/Curl_retry_request-fix-memory-leak.patch new file mode 100644 index 0000000..1111b60 --- /dev/null +++ b/Curl_retry_request-fix-memory-leak.patch @@ -0,0 +1,36 @@ +From ef695fc30144c8b92700c0161cdafd141c70ae60 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 24 Sep 2018 14:05:24 +0200 +Subject: [PATCH 098/557] Curl_retry_request: fix memory leak + +Detected by OSS-Fuzz + +Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 +Closes #3042 +--- + lib/transfer.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/lib/transfer.c b/lib/transfer.c +index 6a80bf3..efd9292 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1705,8 +1705,13 @@ CURLcode Curl_retry_request(struct connectdata *conn, + + if(conn->handler->protocol&PROTO_FAMILY_HTTP) { + struct HTTP *http = data->req.protop; +- if(http->writebytecount) +- return Curl_readrewind(conn); ++ if(http->writebytecount) { ++ CURLcode result = Curl_readrewind(conn); ++ if(result) { ++ Curl_safefree(*url); ++ return result; ++ } ++ } + } + } + return CURLE_OK; +-- +1.8.3.1 + diff --git a/Curl_saferealloc-Fixed-typo-in-docblock.patch b/Curl_saferealloc-Fixed-typo-in-docblock.patch new file mode 100644 index 0000000..4857fed --- /dev/null +++ b/Curl_saferealloc-Fixed-typo-in-docblock.patch @@ -0,0 +1,26 @@ +From 39c9140cceaffd98c683e1f426cc451909703554 Mon Sep 17 00:00:00 2001 +From: Erik Minekus +Date: Fri, 21 Sep 2018 14:20:18 +0200 +Subject: [PATCH 081/557] Curl_saferealloc: Fixed typo in docblock + +Closes #3029 +--- + lib/strdup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/strdup.c b/lib/strdup.c +index 19cb044..51e7978 100644 +--- a/lib/strdup.c ++++ b/lib/strdup.c +@@ -81,7 +81,7 @@ void *Curl_memdup(const void *src, size_t length) + * Curl_saferealloc(ptr, size) + * + * Does a normal realloc(), but will free the data pointer if the realloc +- * fails. If 'size' is zero, it will free the data and return a failure. ++ * fails. If 'size' is non-zero, it will free the data and return a failure. + * + * This convenience function is provided and used to help us avoid a common + * mistake pattern when we could pass in a zero, catch the NULL return and end +-- +1.8.3.1 + diff --git a/OS400-handle-memory-error-in-list-conversion.patch b/OS400-handle-memory-error-in-list-conversion.patch new file mode 100644 index 0000000..b1e032a --- /dev/null +++ b/OS400-handle-memory-error-in-list-conversion.patch @@ -0,0 +1,50 @@ +From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Thu, 13 Dec 2018 10:15:00 +0100 +Subject: [PATCH 363/557] OS400: handle memory error in list conversion + +Curl_slist_append_nodup() returns NULL when it fails to create a new +item for the specified list, and since the coding here reassigned the +new list on top of the old list it would result in a dangling pointer +and lost memory. Also, in case we hit an allocation failure at some +point during the conversion, with allocation succeeding again on the +subsequent call(s) we will return a truncated list around the malloc +failure point. Fix by assigning to a temporary list pointer, which can +be checked (which is the common pattern for slist appending), and free +all the resources on allocation failure. + +Closes #3372 +Reviewed-by: Daniel Stenberg +--- + packages/OS400/ccsidcurl.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c +index b1d3ba8..ca711d0 100644 +--- a/packages/OS400/ccsidcurl.c ++++ b/packages/OS400/ccsidcurl.c +@@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid) + struct curl_slist * to = (struct curl_slist *) NULL; + + for(; from; from = from->next) { ++ struct curl_slist *nl; + char * cp = dynconvert(dccsid, from->data, -1, sccsid); + + if(!cp) { + curl_slist_free_all(to); + return (struct curl_slist *) NULL; + } +- to = Curl_slist_append_nodup(to, cp); ++ nl = Curl_slist_append_nodup(to, cp); ++ if(!nl) { ++ curl_slist_free_all(to); ++ free(cp); ++ return NULL; ++ } ++ to = nl; + } + return to; + } +-- +1.8.3.1 + diff --git a/configure-include-all-libraries-in-ssl-libs-fetch.patch b/configure-include-all-libraries-in-ssl-libs-fetch.patch new file mode 100644 index 0000000..f44f9ff --- /dev/null +++ b/configure-include-all-libraries-in-ssl-libs-fetch.patch @@ -0,0 +1,61 @@ +From 0fac7a10fd08281f659df82a9d1c779bf61d7401 Mon Sep 17 00:00:00 2001 +From: James Knight +Date: Tue, 30 Oct 2018 03:17:44 -0400 +Subject: [PATCH 318/557] configure: include all libraries in ssl-libs fetch + +When compiling a collection of SSL libraries to link against (SSL_LIBS), +ensure all libraries are included. The call `--libs-only-l` can produce +only a subset of found in a `--libs` call (e.x. pthread may be excluded). +Adding `--libs-only-other` ensures other libraries are also included in +the list. This corrects select build environments compiling against a +static version of OpenSSL. Before the change, the following could be +observed: + + checking for openssl options with pkg-config... found + configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " + configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight//staging/usr/lib -L/home/jdknight//staging/usr/lib " + configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight//staging/usr/include " + checking for HMAC_Update in -lcrypto... no + checking for HMAC_Init_ex in -lcrypto... no + checking OpenSSL linking with -ldl... no + checking OpenSSL linking with -ldl and -lpthread... no + configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. + configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. + ... + SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) + ... + +And include the other libraries when compiling SSL_LIBS succeeds with: + + checking for openssl options with pkg-config... found + configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " + configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight//staging/usr/lib -L/home/jdknight//staging/usr/lib " + configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight//staging/usr/include " + checking for HMAC_Update in -lcrypto... yes + checking for SSL_connect in -lssl... yes + ... + SSL support: enabled (OpenSSL) + ... + +Signed-off-by: James Knight +Closes #3193 +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 80f8ae1..b0bd9a3 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -1623,7 +1623,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && + + if test "$PKGCONFIG" != "no" ; then + SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl +- $PKGCONFIG --libs-only-l openssl 2>/dev/null` ++ $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` + + SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --libs-only-L openssl 2>/dev/null` +-- +1.8.3.1 + diff --git a/curl-7.61.1.tar.xz b/curl-7.61.1.tar.xz new file mode 100644 index 0000000..11fe1c1 Binary files /dev/null and b/curl-7.61.1.tar.xz differ diff --git a/curl-fix-memory-leak-reading-writeout-from-file.patch b/curl-fix-memory-leak-reading-writeout-from-file.patch new file mode 100644 index 0000000..0791282 --- /dev/null +++ b/curl-fix-memory-leak-reading-writeout-from-file.patch @@ -0,0 +1,30 @@ +From 650281ed5ba335d16a932ccba53665551197880f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 30 Nov 2018 11:59:04 +0100 +Subject: [PATCH 324/557] curl: fix memory leak reading --writeout from file + +If another string had been set first, the writout function for reading +the syntax from file would leak the previously allocated memory. + +Reported-by: Brian Carpenter +Fixes #3322 +Closes #3330 +--- + src/tool_getparam.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tool_getparam.c b/src/tool_getparam.c +index cd21f77..c0d3a84 100644 +--- a/src/tool_getparam.c ++++ b/src/tool_getparam.c +@@ -2066,6 +2066,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + fname = nextarg; + file = fopen(nextarg, FOPEN_READTEXT); + } ++ Curl_safefree(config->writeout); + err = file2string(&config->writeout, file); + if(file && (file != stdin)) + fclose(file); +-- +1.8.3.1 + diff --git a/curl.spec b/curl.spec new file mode 100644 index 0000000..8c354d1 --- /dev/null +++ b/curl.spec @@ -0,0 +1,248 @@ +#Global macro or variable +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) +%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) +%global _configure ../configure + +#Basic Information +Name: curl +Version: 7.61.1 +Release: 3 +Summary: curl is used in command lines or scripts to transfer data +License: MIT +URL: https://curl.haxx.se/ +Source: https://curl.haxx.se/download/curl-%{version}.tar.xz + +Patch1: 0001-curl-7.61.1-test320-gnutls.patch +Patch101: 0101-curl-7.32.0-multilib.patch +Patch102: 0102-curl-7.36.0-debug.patch +Patch103: 0103-curl-7.59.0-python3.patch +Patch104: 0104-curl-7.19.7-localhost6.patch + +Patch6000: fix-leak-when-writing-cookies-to-file.patch +Patch6001: fix-gcc8-warning.patch +Patch6002: fix-gcc8-warning-on-Windows.patch +Patch6003: fix-compiler-warning-on-64-bit-Windows.patch +Patch6004: urlglob-improve-error-message.patch +Patch6005: krb5-fix-memory-leak-in-krb_auth.patch +Patch6006: secure-Openwall-URLs.patch +Patch6007: http2-fix-memory-leaks-on-error-path.patch +Patch6008: memory-add-missing-curl_printf-header.patch +Patch6009: examples-Fix-memory-leaks-from-realloc-errors.patch +Patch6010: darwinssl-Fix-realloc-memleak.patch +Patch6011: nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch +Patch6012: Curl_saferealloc-Fixed-typo-in-docblock.patch +Patch6013: Curl_dedotdotify-always-nul-terminate-returned-strin.patch +Patch6014: Curl_retry_request-fix-memory-leak.patch +Patch6015: http-fix-memleak-in-rewind-error-path.patch +Patch6016: Curl_http2_done-fix-memleak-in-error-path.patch +Patch6017: multi-fix-location-URL-memleak-in-error-path.patch +Patch6018: multi-fix-memory-leak-in-content-encoding-related-er.patch +Patch6019: memory-ensure-to-check-allocation-results.patch +Patch6020: hostip-fix-check-on-Curl_shuffle_addr-return-value.patch +Patch6021: nonblock-fix-unused-parameter-warning.patch +Patch6022: tool_cb_hdr-handle-failure-of-rename.patch +Patch6023: multi-avoid-double-free.patch +Patch6024: netrc-free-temporary-strings-if-memory-allocation-fa.patch +Patch6025: ssh-free-the-session-on-init-failures.patch +Patch6026: multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch +Patch6027: CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch +Patch6028: CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch +Patch6029: CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch +Patch6030: curl_multibyte-fix-a-malloc-overcalculation.patch +Patch6031: curl_easy_perform-fix-timeout-handling.patch +Patch6032: configure-include-all-libraries-in-ssl-libs-fetch.patch +Patch6033: curl-fix-memory-leak-reading-writeout-from-file.patch +Patch6034: OS400-handle-memory-error-in-list-conversion.patch +Patch6035: smb-fix-incorrect-path-in-request-if-connection-reus.patch +Patch6036: wolfssl-Perform-cleanup.patch +Patch6037: libssh-free-sftp_canonicalize_path-data-correctly.patch +Patch6038: openvms-fix-OpenSSL-discovery-on-VAX.patch +Patch6039: timediff-fix-math-for-unsigned-time_t.patch +Patch6040: tool_cb_prg-avoid-integer-overflow.patch +Patch6041: openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch +Patch6042: ssh-log-the-libssh2-error-message-when-ssh-session-s.patch +Patch6043: schannel-on-connection-close-there-might-not-be-a-tr.patch +Patch6044: CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch +Patch6045: CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch +Patch6046: CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch +Patch6047: zsh.pl-escape-character.patch +Patch6048: examples-postinmemory-Potential-leak-of-memory-point.patch +Patch6049: mbedtls-release-sessionid-resources-on-error.patch +Patch6050: CVE-2019-5436.patch +Patch9000: 0001-fix-double-free-when-multi-perform.patch + +Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release} +Provides: webclient libcurl = %{version}-%{release} +Obsoletes: libcurl + +BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel libidn2-devel libmetalink-devel +BuildRequires: libnghttp2-devel libpsl-devel libssh-devel make openldap-devel openssh-clients +BuildRequires: openssh-server openssl-devel pkgconfig python3-devel sed stunnel zlib-devel +BuildRequires: gnutls-utils nghttp2 perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) +BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) perl(strict) +BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(warnings) perl(vars) + +%ifarch x86_64 +BuildRequires: valgrind +%endif + +Requires: libpsl >= %{libpsl_version} +Requires: libssh >= %{libssh_version} openssl-libs >= 1:%{openssl_version} + +%description +cURL is a computer software project providing a library (libcurl) and +command-line tool (curl) for transferring data using various protocols. + +%package devel +Summary: Files needed for building applications with libcurl +Requires: curl = %{version}-%{release} +Provides: curl-devel = %{version}-%{release} +Provides: libcurl-devel = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} libcurl-devel + +%description devel +The curl-devel package includes header files and libraries necessary for developing programs. + + +%package help +Summary: Documents for autogen +Buildarch: noarch + +%description help +Man pages and other related documents. + +%prep +%autosetup -n %{name}-%{version} -p1 + +# make tests/*.py use Python 3 +sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py + +# regenerate Makefile.in files +aclocal -I m4 +automake + +printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED + +# adapt test 323 for updated OpenSSL +sed -e 's/^35$/35,52/' -i tests/data/test323 + +%build +install -d build-{full,minimal} +export common_configure_opts=" \ + --cache-file=../config.cache \ + --disable-static \ + --enable-symbol-hiding \ + --enable-ipv6 \ + --enable-threaded-resolver \ + --with-gssapi \ + --with-nghttp2 \ + --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" + +# configure minimal build +( + cd build-minimal + %configure $common_configure_opts \ + --disable-ldap \ + --disable-ldaps \ + --disable-manual \ + --without-brotli \ + --without-libidn2 \ + --without-libmetalink \ + --without-libpsl \ + --without-libssh +) + +# configure full build +( + cd build-full + %configure $common_configure_opts \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ + --with-brotli \ + --with-libidn2 \ + --with-libmetalink \ + --with-libpsl \ + --with-libssh +) + +sed -e 's/^runpath_var=.*/runpath_var=/' \ + -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ + -i build-{full,minimal}/libtool + +%make_build V=1 -C build-minimal +%make_build V=1 -C build-full + +%check + +%install +# curl-minimal files install +%make_install -C build-minimal +for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do + mv -v $i $i.minimal +done +mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal} + +# install libcurl.m4 for devel +install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4 + +# curl file install +cd build-full +%make_install + +# install zsh completion for curl +LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts + +%pre + +%preun + +%post +/sbin/ldconfig + + +%postun +/sbin/ldconfig + + +%files +%defattr(-,root,root) +%license COPYING + +%{_bindir}/curl +%{_datadir}/zsh/site-functions +%{_libdir}/libcurl.so.4 +%{_libdir}/libcurl.so.4.[0-9].[0-9] +%exclude %{_libdir}/libcurl.la + +%exclude %{_bindir}/curl.minimal +%exclude %{_libdir}/libcurl.so.4.minimal +%exclude %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal +%exclude %{_libdir}/pkgconfig.minimal +%exclude %{_libdir}/libcurl.la.minimal +%exclude %{_libdir}/libcurl.so.minimal + + +%files devel +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md +%doc docs/CONTRIBUTE.md docs/libcurl/ABI +%{_bindir}/curl-config* +%{_includedir}/curl +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/aclocal/libcurl.m4 + +%files help +%{_mandir}/man1/curl.1* +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* + +%doc CHANGES README* +%doc docs/BUGS docs/FAQ docs/FEATURES +%doc docs/MANUAL docs/RESOURCES +%doc docs/TheArtOfHttpScripting docs/TODO + +%changelog +* Wed Sep 18 2019 guanyanjie - 7.61.1-3 +- Init for openEuler diff --git a/curl_easy_perform-fix-timeout-handling.patch b/curl_easy_perform-fix-timeout-handling.patch new file mode 100644 index 0000000..a7773f0 --- /dev/null +++ b/curl_easy_perform-fix-timeout-handling.patch @@ -0,0 +1,120 @@ +From 34fe0e1622fd87f2945e734787bc29e314d253cc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 24 Nov 2018 23:20:19 +0100 +Subject: [PATCH 314/557] curl_easy_perform: fix timeout handling + +curl_multi_wait() was erroneously used from within +curl_easy_perform(). It could lead to it believing there was no socket +to wait for and then instead sleep for a while instead of monitoring the +socket and then miss acting on that activity as swiftly as it should +(causing an up to 1000 ms delay). + +Reported-by: Antoni Villalonga +Fixes #3305 +Closes #3306 +Closes #3308 +--- + lib/easy.c | 7 ++++--- + lib/multi.c | 20 ++++++++++++++++++-- + lib/multiif.h | 8 ++++++++ + 3 files changed, 30 insertions(+), 5 deletions(-) + +diff --git a/lib/easy.c b/lib/easy.c +index d940b5d..e592d7a 100644 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -664,12 +664,12 @@ static CURLcode easy_transfer(struct Curl_multi *multi) + + while(!done && !mcode) { + int still_running = 0; +- int rc; ++ bool gotsocket = FALSE; + +- mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc); ++ mcode = Curl_multi_wait(multi, NULL, 0, 1000, NULL, &gotsocket); + + if(!mcode) { +- if(!rc) { ++ if(!gotsocket) { + long sleep_ms; + + /* If it returns without any filedescriptor instantly, we need to +@@ -688,6 +688,7 @@ static CURLcode easy_transfer(struct Curl_multi *multi) + + /* only read 'still_running' if curl_multi_perform() return OK */ + if(!mcode && !still_running) { ++ int rc; + CURLMsg *msg = curl_multi_info_read(multi, &rc); + if(msg) { + result = msg->data.result; +diff --git a/lib/multi.c b/lib/multi.c +index c2ef6c1..cca1380 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -985,11 +985,12 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, + + #define NUM_POLLS_ON_STACK 10 + +-CURLMcode curl_multi_wait(struct Curl_multi *multi, ++CURLMcode Curl_multi_wait(struct Curl_multi *multi, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms, +- int *ret) ++ int *ret, ++ bool *gotsocket) /* if any socket was checked */ + { + struct Curl_easy *data; + curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; +@@ -1003,6 +1004,9 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, + int retcode = 0; + struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; + ++ if(gotsocket) ++ *gotsocket = FALSE; ++ + if(!GOOD_MULTI_HANDLE(multi)) + return CURLM_BAD_HANDLE; + +@@ -1135,9 +1139,21 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, + free(ufds); + if(ret) + *ret = retcode; ++ if(gotsocket && (extra_fds || curlfds)) ++ /* if any socket was checked */ ++ *gotsocket = TRUE; ++ + return CURLM_OK; + } + ++CURLMcode curl_multi_wait(struct Curl_multi *multi, ++ struct curl_waitfd extra_fds[], ++ unsigned int extra_nfds, ++ int timeout_ms, ++ int *ret) ++{ ++ return Curl_multi_wait(multi, extra_fds, extra_nfds, timeout_ms, ret, NULL); ++} + /* + * Curl_multi_connchanged() is called to tell that there is a connection in + * this multi handle that has changed state (pipelining become possible, the +diff --git a/lib/multiif.h b/lib/multiif.h +index c50063d..e44646b 100644 +--- a/lib/multiif.h ++++ b/lib/multiif.h +@@ -97,4 +97,12 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s); + CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, + struct Curl_easy *data, + struct connectdata *conn); ++ ++CURLMcode Curl_multi_wait(struct Curl_multi *multi, ++ struct curl_waitfd extra_fds[], ++ unsigned int extra_nfds, ++ int timeout_ms, ++ int *ret, ++ bool *gotsocket); /* if any socket was checked */ ++ + #endif /* HEADER_CURL_MULTIIF_H */ +-- +1.8.3.1 + diff --git a/curl_multibyte-fix-a-malloc-overcalculation.patch b/curl_multibyte-fix-a-malloc-overcalculation.patch new file mode 100644 index 0000000..6cb9bf5 --- /dev/null +++ b/curl_multibyte-fix-a-malloc-overcalculation.patch @@ -0,0 +1,41 @@ +From 28429fb1753d63a659f38577b39e0b5747f28939 Mon Sep 17 00:00:00 2001 +From: Jay Satiro +Date: Thu, 1 Nov 2018 02:53:22 -0400 +Subject: [PATCH 261/557] curl_multibyte: fix a malloc overcalculation + +Prior to this change twice as many bytes as necessary were malloc'd when +converting wchar to UTF8. To allay confusion in the future I also +changed the variable name for the amount of bytes from len to bytes. + +Closes https://github.com/curl/curl/pull/3209 +--- + lib/curl_multibyte.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/curl_multibyte.c b/lib/curl_multibyte.c +index e78bb50..e48334f 100644 +--- a/lib/curl_multibyte.c ++++ b/lib/curl_multibyte.c +@@ -64,13 +64,13 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w) + char *str_utf8 = NULL; + + if(str_w) { +- int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL, +- 0, NULL, NULL); +- if(str_utf8_len > 0) { +- str_utf8 = malloc(str_utf8_len * sizeof(wchar_t)); ++ int bytes = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, ++ NULL, 0, NULL, NULL); ++ if(bytes > 0) { ++ str_utf8 = malloc(bytes); + if(str_utf8) { +- if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len, +- NULL, FALSE) == 0) { ++ if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, bytes, ++ NULL, NULL) == 0) { + free(str_utf8); + return NULL; + } +-- +1.8.3.1 + diff --git a/darwinssl-Fix-realloc-memleak.patch b/darwinssl-Fix-realloc-memleak.patch new file mode 100644 index 0000000..1831763 --- /dev/null +++ b/darwinssl-Fix-realloc-memleak.patch @@ -0,0 +1,37 @@ +From a544df0b095d295e246f7aa5dcc613b80708d203 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 12:29:54 -0500 +Subject: [PATCH] darwinssl: Fix realloc memleak + +The reallocation was using the input pointer for the return value, which +leads to a memory leak on reallication failure. Fix by instead use the +safe internal API call Curl_saferealloc(). + +--- + lib/vtls/darwinssl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c +index 1aea0dc..e963f27 100644 +--- a/lib/vtls/darwinssl.c ++++ b/lib/vtls/darwinssl.c +@@ -116,6 +116,7 @@ + #include "vtls.h" + #include "darwinssl.h" + #include "curl_printf.h" ++#include "strdup.h" + + #include "curl_memory.h" + /* The last #include file should be: */ +@@ -2039,7 +2040,7 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen) + + if(len + n >= cap) { + cap *= 2; +- data = realloc(data, cap); ++ data = Curl_saferealloc(data, cap); + if(!data) { + close(fd); + return -1; +-- +1.8.3.1 + diff --git a/examples-Fix-memory-leaks-from-realloc-errors.patch b/examples-Fix-memory-leaks-from-realloc-errors.patch new file mode 100644 index 0000000..3296a20 --- /dev/null +++ b/examples-Fix-memory-leaks-from-realloc-errors.patch @@ -0,0 +1,163 @@ +From 23524bf85b887adbc513bc015c9530355967bc04 Mon Sep 17 00:00:00 2001 +From: Kruzya +Date: Sat, 15 Sep 2018 08:55:11 +0300 +Subject: [PATCH 065/557] examples: Fix memory leaks from realloc errors + +Make sure to not overwrite the reallocated pointer in realloc() calls +to avoid a memleak on memory errors. +--- + docs/examples/crawler.c | 8 +++++++- + docs/examples/curlx.c | 12 ++++++++++-- + docs/examples/getinmemory.c | 7 ++++--- + docs/examples/postinmemory.c | 7 ++++--- + docs/examples/xmlstream.c | 7 ++++--- + 5 files changed, 29 insertions(+), 12 deletions(-) + +diff --git a/docs/examples/crawler.c b/docs/examples/crawler.c +index 0aeb865..d8fa5a4 100644 +--- a/docs/examples/crawler.c ++++ b/docs/examples/crawler.c +@@ -52,7 +52,13 @@ size_t grow_buffer(void *contents, size_t sz, size_t nmemb, void *ctx) + { + size_t realsize = sz * nmemb; + memory *mem = (memory*) ctx; +- mem->buf = realloc(mem->buf, mem->size + realsize); ++ char *ptr = realloc(mem->buf, mem->size + realsize); ++ if(!ptr) { ++ /* out of memory */ ++ printf("not enough memory (realloc returned NULL)\n"); ++ return 0; ++ } ++ mem->buf = ptr; + memcpy(&(mem->buf[mem->size]), contents, realsize); + mem->size += realsize; + return realsize; +diff --git a/docs/examples/curlx.c b/docs/examples/curlx.c +index 141f5a8..49f52e6 100644 +--- a/docs/examples/curlx.c ++++ b/docs/examples/curlx.c +@@ -515,12 +515,20 @@ int main(int argc, char **argv) + curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p); + + { ++ char *ptr; + int lu; int i = 0; + while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) { + i += lu; + if(i == tabLength) { + tabLength += 100; +- binaryptr = realloc(binaryptr, tabLength); /* should be more careful */ ++ ptr = realloc(binaryptr, tabLength); /* should be more careful */ ++ if(!ptr) { ++ /* out of memory */ ++ BIO_printf(p.errorbio, "out of memory (realloc returned NULL)\n"); ++ goto fail; ++ } ++ binaryptr = ptr; ++ ptr = NULL; + } + } + tabLength = i; +@@ -551,7 +559,7 @@ int main(int argc, char **argv) + /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/ + + /* free the header list*/ +- ++fail: + curl_slist_free_all(headers); + + /* always cleanup */ +diff --git a/docs/examples/getinmemory.c b/docs/examples/getinmemory.c +index f5e8942..a21a2aa 100644 +--- a/docs/examples/getinmemory.c ++++ b/docs/examples/getinmemory.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -42,13 +42,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) + size_t realsize = size * nmemb; + struct MemoryStruct *mem = (struct MemoryStruct *)userp; + +- mem->memory = realloc(mem->memory, mem->size + realsize + 1); +- if(mem->memory == NULL) { ++ char *ptr = realloc(mem->memory, mem->size + realsize + 1); ++ if(ptr == NULL) { + /* out of memory! */ + printf("not enough memory (realloc returned NULL)\n"); + return 0; + } + ++ mem->memory = ptr; + memcpy(&(mem->memory[mem->size]), contents, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; +diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c +index 488d227..176f24a 100644 +--- a/docs/examples/postinmemory.c ++++ b/docs/examples/postinmemory.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -39,13 +39,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) + size_t realsize = size * nmemb; + struct MemoryStruct *mem = (struct MemoryStruct *)userp; + +- mem->memory = realloc(mem->memory, mem->size + realsize + 1); +- if(mem->memory == NULL) { ++ char *ptr = realloc(mem->memory, mem->size + realsize + 1); ++ if(!ptr) { + /* out of memory! */ + printf("not enough memory (realloc returned NULL)\n"); + return 0; + } + ++ mem->memory = ptr; + memcpy(&(mem->memory[mem->size]), contents, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; +diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c +index 9ee4a2e..296ae3b 100644 +--- a/docs/examples/xmlstream.c ++++ b/docs/examples/xmlstream.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -69,14 +69,15 @@ static void characterDataHandler(void *userData, const XML_Char *s, int len) + struct ParserStruct *state = (struct ParserStruct *) userData; + struct MemoryStruct *mem = &state->characters; + +- mem->memory = realloc(mem->memory, mem->size + len + 1); +- if(mem->memory == NULL) { ++ char *ptr = realloc(mem->memory, mem->size + len + 1); ++ if(!ptr) { + /* Out of memory. */ + fprintf(stderr, "Not enough memory (realloc returned NULL).\n"); + state->ok = 0; + return; + } + ++ mem->memory = ptr; + memcpy(&(mem->memory[mem->size]), s, len); + mem->size += len; + mem->memory[mem->size] = 0; +-- +1.8.3.1 + diff --git a/examples-postinmemory-Potential-leak-of-memory-point.patch b/examples-postinmemory-Potential-leak-of-memory-point.patch new file mode 100644 index 0000000..c0d4b38 --- /dev/null +++ b/examples-postinmemory-Potential-leak-of-memory-point.patch @@ -0,0 +1,30 @@ +From 52d98194b539605a4bd5bfeddc367bff283ac28f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 14 Feb 2019 11:53:02 +0100 +Subject: [PATCH 541/557] examples/postinmemory: Potential leak of memory + pointed to by 'chunk.memory' + +Detected by scan-build +--- + docs/examples/postinmemory.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c +index 25a1e8e..376f334 100644 +--- a/docs/examples/postinmemory.c ++++ b/docs/examples/postinmemory.c +@@ -106,10 +105,9 @@ int main(void) + /* always cleanup */ + curl_easy_cleanup(curl); + +- free(chunk.memory); +- + /* we're done with libcurl, so clean it up */ + curl_global_cleanup(); + } ++ free(chunk.memory); + return 0; + } +-- +1.8.3.1 + diff --git a/fix-compiler-warning-on-64-bit-Windows.patch b/fix-compiler-warning-on-64-bit-Windows.patch new file mode 100644 index 0000000..bd2d613 --- /dev/null +++ b/fix-compiler-warning-on-64-bit-Windows.patch @@ -0,0 +1,52 @@ +From 621ce8280ff250b67f44b5be667c637c445cd9f3 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 11:35:06 -0500 +Subject: [PATCH] anyauthput: fix compiler warning on 64-bit Windows + +On Windows, the read function from is used, which has its byte +count parameter as unsigned int instead of size_t. + +Closes https://github.com/curl/curl/pull/2972 +--- + docs/examples/anyauthput.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/docs/examples/anyauthput.c b/docs/examples/anyauthput.c +index eb91d99..14da10c 100644 +--- a/docs/examples/anyauthput.c ++++ b/docs/examples/anyauthput.c +@@ -26,15 +26,18 @@ + */ + #include + #include ++#include ++#include ++ ++#include ++ + #ifdef WIN32 + # include ++# define READ_3RD_ARG unsigned int + #else + # include ++# define READ_3RD_ARG size_t + #endif +-#include +-#include +- +-#include + + #if LIBCURL_VERSION_NUM < 0x070c03 + #error "upgrade your libcurl to no less than 7.12.3" +@@ -83,7 +86,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream) + int *fdp = (int *)stream; + int fd = *fdp; + +- retcode = read(fd, ptr, size * nmemb); ++ retcode = read(fd, ptr, (READ_3RD_ARG)(size * nmemb)); + + nread = (curl_off_t)retcode; + +-- +1.8.3.1 + diff --git a/fix-gcc8-warning-on-Windows.patch b/fix-gcc8-warning-on-Windows.patch new file mode 100644 index 0000000..18a62a2 --- /dev/null +++ b/fix-gcc8-warning-on-Windows.patch @@ -0,0 +1,29 @@ +From f7734f39b857f56abbd849e06e91fe2b46ed04c3 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 11:28:21 -0500 +Subject: [PATCH] lib: fix gcc8 warning on Windows + +Closes https://github.com/curl/curl/pull/2979 +--- + lib/curl_sspi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c +index 11a7120..7d19342 100644 +--- a/lib/curl_sspi.c ++++ b/lib/curl_sspi.c +@@ -90,8 +90,9 @@ CURLcode Curl_sspi_global_init(void) + return CURLE_FAILED_INIT; + + /* Get address of the InitSecurityInterfaceA function from the SSPI dll */ +- pInitSecurityInterface = (INITSECURITYINTERFACE_FN) +- GetProcAddress(s_hSecDll, SECURITYENTRYPOINT); ++ pInitSecurityInterface = ++ CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN, ++ (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT))); + if(!pInitSecurityInterface) + return CURLE_FAILED_INIT; + +-- +1.8.3.1 + diff --git a/fix-gcc8-warning.patch b/fix-gcc8-warning.patch new file mode 100644 index 0000000..6d772c2 --- /dev/null +++ b/fix-gcc8-warning.patch @@ -0,0 +1,29 @@ +From b504d96674ba3684882fcc1244a23b7439f12b63 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 11:01:34 -0500 +Subject: [PATCH] openssl: fix gcc8 warning + Use memcpy instead of strncpy to copy a string without termination, + since gcc8 warns about using strncpy to copy as many bytes from a + string as its length. + + Closes https://github.com/curl/curl/issues/2980 +--- + lib/vtls/openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index a487f55..955b661 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -253,7 +253,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line) + if(!buf) + return; + } +- strncpy(buf, line, linelen); ++ memcpy(buf, line, linelen); + buf[linelen] = '\n'; + buf[linelen + 1] = '\0'; + +-- +1.8.3.1 + diff --git a/fix-leak-when-writing-cookies-to-file.patch b/fix-leak-when-writing-cookies-to-file.patch new file mode 100644 index 0000000..9ad3767 --- /dev/null +++ b/fix-leak-when-writing-cookies-to-file.patch @@ -0,0 +1,30 @@ +From 315693699f5786dd8bfecfa25201fa68da1458cc Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 10:55:48 -0500 +Subject: [PATCH] cookies: fix leak when writing cookies to file + +--- + lib/cookie.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index fd7341f..9cf8a36 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1508,10 +1508,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) + format_ptr = get_netscape_format(array[i]); + if(format_ptr == NULL) { + fprintf(out, "#\n# Fatal libcurl error\n"); +- if(!use_stdout) { +- free(array); ++ free(array); ++ if(!use_stdout) + fclose(out); +- } ++ + return 1; + } + fprintf(out, "%s\n", format_ptr); +-- +1.8.3.1 + diff --git a/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch b/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch new file mode 100644 index 0000000..cd4c543 --- /dev/null +++ b/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch @@ -0,0 +1,26 @@ +From 3349a633b8b181bfd1825b36d8cca51f5a20defd Mon Sep 17 00:00:00 2001 +From: Rick Deist +Date: Sun, 7 Oct 2018 19:18:03 +0300 +Subject: [PATCH 160/557] hostip: fix check on Curl_shuffle_addr return value + +Closes #3110 +--- + lib/hostip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/hostip.c b/lib/hostip.c +index 0dd0cbc..f589a0b 100644 +--- a/lib/hostip.c ++++ b/lib/hostip.c +@@ -454,7 +454,7 @@ Curl_cache_addr(struct Curl_easy *data, + /* shuffle addresses if requested */ + if(data->set.dns_shuffle_addresses) { + CURLcode result = Curl_shuffle_addr(data, &addr); +- if(!result) ++ if(result) + return NULL; + } + +-- +1.8.3.1 + diff --git a/http-fix-memleak-in-rewind-error-path.patch b/http-fix-memleak-in-rewind-error-path.patch new file mode 100644 index 0000000..b81a45c --- /dev/null +++ b/http-fix-memleak-in-rewind-error-path.patch @@ -0,0 +1,51 @@ +From 4058cf2a7f7e2590c26588c4eb476ac5c029cb5a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 25 Sep 2018 07:49:35 +0200 +Subject: [PATCH 100/557] http: fix memleak in rewind error path + +If the rewind would fail, a strdup() would not get freed. + +Detected by OSS-Fuzz + +Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 +Closes #3044 +--- + lib/http.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 02ba133..47e4719 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -537,14 +537,6 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) + } + + if(pickhost || pickproxy) { +- /* In case this is GSS auth, the newurl field is already allocated so +- we must make sure to free it before allocating a new one. As figured +- out in bug #2284386 */ +- Curl_safefree(data->req.newurl); +- data->req.newurl = strdup(data->change.url); /* clone URL */ +- if(!data->req.newurl) +- return CURLE_OUT_OF_MEMORY; +- + if((data->set.httpreq != HTTPREQ_GET) && + (data->set.httpreq != HTTPREQ_HEAD) && + !conn->bits.rewindaftersend) { +@@ -552,6 +544,13 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) + if(result) + return result; + } ++ /* In case this is GSS auth, the newurl field is already allocated so ++ we must make sure to free it before allocating a new one. As figured ++ out in bug #2284386 */ ++ Curl_safefree(data->req.newurl); ++ data->req.newurl = strdup(data->change.url); /* clone URL */ ++ if(!data->req.newurl) ++ return CURLE_OUT_OF_MEMORY; + } + else if((data->req.httpcode < 300) && + (!data->state.authhost.done) && +-- +1.8.3.1 + diff --git a/http2-fix-memory-leaks-on-error-path.patch b/http2-fix-memory-leaks-on-error-path.patch new file mode 100644 index 0000000..2eca86e --- /dev/null +++ b/http2-fix-memory-leaks-on-error-path.patch @@ -0,0 +1,42 @@ +From 955e575f4e0a20a752e4fe1951f9d1107edd3925 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Fri, 8 Mar 2019 12:06:11 -0500 +Subject: [PATCH] http2: fix memory leaks on error-path + +--- + lib/http2.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/lib/http2.c b/lib/http2.c +index d769193..dfc780e 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -2060,8 +2060,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn) + + stream->stream_id = -1; + +- if(!stream->header_recvbuf) ++ if(!stream->header_recvbuf) { + stream->header_recvbuf = Curl_add_buffer_init(); ++ if(!stream->header_recvbuf) ++ return CURLE_OUT_OF_MEMORY; ++ } + + if((conn->handler == &Curl_handler_http2_ssl) || + (conn->handler == &Curl_handler_http2)) +@@ -2073,8 +2076,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn) + conn->handler = &Curl_handler_http2; + + result = Curl_http2_init(conn); +- if(result) ++ if(result) { ++ Curl_add_buffer_free(stream->header_recvbuf); ++ stream->header_recvbuf = NULL; + return result; ++ } + + infof(conn->data, "Using HTTP2, server supports multi-use\n"); + stream->upload_left = 0; +-- +1.8.3.1 + diff --git a/krb5-fix-memory-leak-in-krb_auth.patch b/krb5-fix-memory-leak-in-krb_auth.patch new file mode 100644 index 0000000..93ff57c --- /dev/null +++ b/krb5-fix-memory-leak-in-krb_auth.patch @@ -0,0 +1,27 @@ +From 3c5ee47fc206036283bdbcbe4588464bc9a7a5ae Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Thu, 13 Sep 2018 10:10:55 +0200 +Subject: [PATCH 054/557] krb5: fix memory leak in krb_auth + +The FTP command allocated by aprintf() must be freed after usage. + +Reviewed-by: Daniel Stenberg +--- + lib/krb5.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/krb5.c b/lib/krb5.c +index 8b5a247..46c5608 100644 +--- a/lib/krb5.c ++++ b/lib/krb5.c +@@ -265,6 +265,7 @@ krb5_auth(void *app_data, struct connectdata *conn) + result = CURLE_OUT_OF_MEMORY; + + free(p); ++ free(cmd); + + if(result) { + ret = -2; +-- +1.8.3.1 + diff --git a/libssh-free-sftp_canonicalize_path-data-correctly.patch b/libssh-free-sftp_canonicalize_path-data-correctly.patch new file mode 100644 index 0000000..415f31a --- /dev/null +++ b/libssh-free-sftp_canonicalize_path-data-correctly.patch @@ -0,0 +1,68 @@ +From d18a5afaf07fdc093c6a6131cc7926a3d5a55407 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 21 Dec 2018 14:22:42 +0100 +Subject: [PATCH 386/557] libssh: free sftp_canonicalize_path() data correctly + +Assisted-by: Harry Sintonen + +Fixes #3402 +Closes #3403 +--- + lib/ssh-libssh.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c +index e38c01a..2e920f0 100644 +--- a/lib/ssh-libssh.c ++++ b/lib/ssh-libssh.c +@@ -95,6 +95,13 @@ + #include "memdebug.h" + #include "curl_path.h" + ++/* A recent macro provided by libssh. Or make our own. */ ++#ifndef SSH_STRING_FREE_CHAR ++/* !checksrc! disable ASSIGNWITHINCONDITION 1 */ ++#define SSH_STRING_FREE_CHAR(x) \ ++ do { if((x) != NULL) { ssh_string_free_char(x); x = NULL; } } while(0) ++#endif ++ + /* Local functions: */ + static CURLcode myssh_connect(struct connectdata *conn, bool *done); + static CURLcode myssh_multi_statemach(struct connectdata *conn, +@@ -1661,7 +1668,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) + sshc->sftp_session = NULL; + } + +- Curl_safefree(sshc->homedir); ++ SSH_STRING_FREE_CHAR(sshc->homedir); + conn->data->state.most_recent_ftp_entrypath = NULL; + + state(conn, SSH_SESSION_DISCONNECT); +@@ -1829,7 +1836,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) + + ssh_disconnect(sshc->ssh_session); + +- Curl_safefree(sshc->homedir); ++ SSH_STRING_FREE_CHAR(sshc->homedir); + conn->data->state.most_recent_ftp_entrypath = NULL; + + state(conn, SSH_SESSION_FREE); +@@ -1866,14 +1873,11 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) + + Curl_safefree(sshc->rsa_pub); + Curl_safefree(sshc->rsa); +- + Curl_safefree(sshc->quote_path1); + Curl_safefree(sshc->quote_path2); +- +- Curl_safefree(sshc->homedir); +- + Curl_safefree(sshc->readdir_line); + Curl_safefree(sshc->readdir_linkPath); ++ SSH_STRING_FREE_CHAR(sshc->homedir); + + /* the code we are about to return */ + result = sshc->actualcode; +-- +1.8.3.1 + diff --git a/mbedtls-release-sessionid-resources-on-error.patch b/mbedtls-release-sessionid-resources-on-error.patch new file mode 100644 index 0000000..3d602e8 --- /dev/null +++ b/mbedtls-release-sessionid-resources-on-error.patch @@ -0,0 +1,44 @@ +From 0299b262cd9c75adab546f4851c03995d98d61e1 Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Sat, 16 Feb 2019 22:30:31 +0100 +Subject: [PATCH 552/557] mbedtls: release sessionid resources on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If mbedtls_ssl_get_session() fails, it may still have allocated +memory that needs to be freed to avoid leaking. Call the library +API function to release session resources on this errorpath as +well as on Curl_ssl_addsessionid() errors. + +Closes: #3574 +Reported-by: Michał Antoniak +Reviewed-by: Daniel Stenberg +--- + lib/vtls/mbedtls.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c +index c36c93e..27a9402 100644 +--- a/lib/vtls/mbedtls.c ++++ b/lib/vtls/mbedtls.c +@@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn, + + ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid); + if(ret) { ++ if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED) ++ mbedtls_ssl_session_free(our_ssl_sessionid); + free(our_ssl_sessionid); + failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret); + return CURLE_SSL_CONNECT_ERROR; +@@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn, + retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex); + Curl_ssl_sessionid_unlock(conn); + if(retcode) { ++ mbedtls_ssl_session_free(our_ssl_sessionid); + free(our_ssl_sessionid); + failf(data, "failed to store ssl session"); + return retcode; +-- +1.8.3.1 + diff --git a/memory-add-missing-curl_printf-header.patch b/memory-add-missing-curl_printf-header.patch new file mode 100644 index 0000000..df3ff0a --- /dev/null +++ b/memory-add-missing-curl_printf-header.patch @@ -0,0 +1,33 @@ +From 927cb3708e29fd88dcfadb9444d0dc93dc2aa4b2 Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Mon, 17 Sep 2018 09:28:10 +0200 +Subject: [PATCH 064/557] memory: add missing curl_printf header + +ftp_send_command() was using vsnprintf() without including the libcurl +*rintf() replacement header. Fix by including curl_printf.h and also +add curl_memory.h while at it since memdebug.h depends on it. + +Closes #2999 +Reviewed-by: Daniel Stenberg +--- + lib/security.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/security.c b/lib/security.c +index 5f52515..6165d0a 100644 +--- a/lib/security.c ++++ b/lib/security.c +@@ -61,7 +61,9 @@ + #include "strcase.h" + #include "warnless.h" + #include "strdup.h" +-/* The last #include file should be: */ ++/* The last 3 #include files should be in this order */ ++#include "curl_printf.h" ++#include "curl_memory.h" + #include "memdebug.h" + + static const struct { +-- +1.8.3.1 + diff --git a/memory-ensure-to-check-allocation-results.patch b/memory-ensure-to-check-allocation-results.patch new file mode 100644 index 0000000..b9b5ad1 --- /dev/null +++ b/memory-ensure-to-check-allocation-results.patch @@ -0,0 +1,128 @@ +From 2873971d6251b7c1eb278df1ee2b944d7c3fcdba Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Wed, 3 Oct 2018 00:56:29 +0200 +Subject: [PATCH 129/557] memory: ensure to check allocation results + +The result of a memory allocation should always be checked, as we may +run under memory pressure where even a small allocation can fail. This +adds checking and error handling to a few cases where the allocation +wasn't checked for success. In the ftp case, the freeing of the path +variable is moved ahead of the allocation since there is little point +in keeping it around across the strdup, and the separation makes for +more readable code. In nwlib, the lock is aslo freed in the error path. + +Also bumps the copyright years on affected files. + +Closes #3084 +Reviewed-by: Jay Satiro +Reviewed-by: Daniel Stenberg +--- + lib/ftp.c | 4 +++- + lib/http2.c | 2 ++ + lib/nwlib.c | 7 +++++-- + lib/vauth/digest.c | 4 +++- + lib/vtls/schannel_verify.c | 4 ++++ + 5 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/lib/ftp.c b/lib/ftp.c +index a966817..793d991 100644 +--- a/lib/ftp.c ++++ b/lib/ftp.c +@@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status, + ftpc->prevpath[dlen] = 0; /* terminate */ + } + else { ++ free(path); + /* we never changed dir */ + ftpc->prevpath = strdup(""); +- free(path); ++ if(!ftpc->prevpath) ++ return CURLE_OUT_OF_MEMORY; + } + if(ftpc->prevpath) + infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath); +diff --git a/lib/http2.c b/lib/http2.c +index 29edfba..ed47b73 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -924,6 +924,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, + stream->push_headers_alloc = 10; + stream->push_headers = malloc(stream->push_headers_alloc * + sizeof(char *)); ++ if(!stream->push_headers) ++ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + stream->push_headers_used = 0; + } + else if(stream->push_headers_used == +diff --git a/lib/nwlib.c b/lib/nwlib.c +index 215d933..7bf5f51 100644 +--- a/lib/nwlib.c ++++ b/lib/nwlib.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData, + if(!app_data->tenbytes || !app_data->lock) { + if(app_data->lock) + NXMutexFree(app_data->lock); +- ++ free(app_data->tenbytes); + free(app_data); + app_data = (libdata_t *) NULL; + err = ENOMEM; +@@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData, + err = set_app_data(gLibId, app_data); + + if(err) { ++ if(app_data->lock) ++ NXMutexFree(app_data->lock); ++ free(app_data->tenbytes); + free(app_data); + app_data = (libdata_t *) NULL; + err = ENOMEM; +diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c +index fae5a49..ab5156e 100644 +--- a/lib/vauth/digest.c ++++ b/lib/vauth/digest.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message( + */ + + hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); ++ if(!hashthis) ++ return CURLE_OUT_OF_MEMORY; + + if(digest->qop && strcasecompare(digest->qop, "auth-int")) { + /* We don't support auth-int for PUT or POST at the moment. +diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c +index cfc4adf..2516f56 100644 +--- a/lib/vtls/schannel_verify.c ++++ b/lib/vtls/schannel_verify.c +@@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data, + * embedded null bytes. This appears to be undocumented behavior. + */ + cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR)); ++ if(!cert_hostname_buff) { ++ result = CURLE_OUT_OF_MEMORY; ++ goto cleanup; ++ } + actual_len = CertGetNameString(pCertContextServer, + CERT_NAME_DNS_TYPE, + name_flags, +-- +1.8.3.1 + diff --git a/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch b/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch new file mode 100644 index 0000000..748b3ff --- /dev/null +++ b/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch @@ -0,0 +1,30 @@ +From 3793761a3777095d643e9f2da951615e1178782c Mon Sep 17 00:00:00 2001 +From: Michael Kaufmann +Date: Thu, 25 Oct 2018 13:07:03 +0200 +Subject: [PATCH 216/557] multi: Fix error handling in the SENDPROTOCONNECT + state + +If Curl_protocol_connect() returns an error code, +handle the error instead of switching to the next state. + +Closes #3170 +--- + lib/multi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/multi.c b/lib/multi.c +index 7c691a1..0db2a97 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -1608,7 +1608,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + + case CURLM_STATE_SENDPROTOCONNECT: + result = Curl_protocol_connect(data->easy_conn, &protocol_connect); +- if(!protocol_connect) ++ if(!result && !protocol_connect) + /* switch to waiting state */ + multistate(data, CURLM_STATE_PROTOCONNECT); + else if(!result) { +-- +1.8.3.1 + diff --git a/multi-avoid-double-free.patch b/multi-avoid-double-free.patch new file mode 100644 index 0000000..c035da2 --- /dev/null +++ b/multi-avoid-double-free.patch @@ -0,0 +1,68 @@ +From 42c2b14aefb9bd580fe5128147bf52840e61c292 Mon Sep 17 00:00:00 2001 +From: kangenbo +Date: Mon, 18 Mar 2019 17:22:21 -0400 +Subject: [PATCH] 0191 + +--- + lib/multi.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +diff --git a/lib/multi.c b/lib/multi.c +index 8e920fc..3b85fee 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -1707,7 +1707,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + char *newurl = NULL; + followtype follow = FOLLOW_NONE; + CURLcode drc; +- bool retry = FALSE; + + drc = Curl_retry_request(data->easy_conn, &newurl); + if(drc) { +@@ -1715,15 +1714,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + result = drc; + stream_error = TRUE; + } +- else +- retry = (newurl)?TRUE:FALSE; + + Curl_posttransfer(data); + drc = multi_done(&data->easy_conn, result, FALSE); + + /* When set to retry the connection, we must to go back to + * the CONNECT state */ +- if(retry) { ++ if(newurl) { + if(!drc || (drc == CURLE_SEND_ERROR)) { + follow = FOLLOW_RETRY; + drc = Curl_follow(data, newurl, follow); +@@ -1986,16 +1983,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + else + follow = FOLLOW_RETRY; + result = multi_done(&data->easy_conn, CURLE_OK, FALSE); +- if(result) +- /* Curl_follow() would otherwise free this */ +- free(newurl); +- else { ++ if(!result) { + result = Curl_follow(data, newurl, follow); + if(!result) { + multistate(data, CURLM_STATE_CONNECT); + rc = CURLM_CALL_MULTI_PERFORM; + } + } ++ free(newurl); + } + else { + /* after the transfer is done, go DONE */ +@@ -2007,6 +2002,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + newurl = data->req.location; + data->req.location = NULL; + result = Curl_follow(data, newurl, FOLLOW_FAKE); ++ free(newurl); + if(result) { + stream_error = TRUE; + result = multi_done(&data->easy_conn, result, TRUE); +-- +1.8.3.1 + diff --git a/multi-fix-location-URL-memleak-in-error-path.patch b/multi-fix-location-URL-memleak-in-error-path.patch new file mode 100644 index 0000000..5fecab3 --- /dev/null +++ b/multi-fix-location-URL-memleak-in-error-path.patch @@ -0,0 +1,30 @@ +From 454fa3fd7be9b4a8d51d19d3515a3a935c3bf400 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 28 Sep 2018 10:58:28 +0200 +Subject: [PATCH 108/557] multi: fix location URL memleak in error path + +Follow-up to #3044 - fix a leak OSS-Fuzz detected +Closes #3057 +--- + lib/multi.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/multi.c b/lib/multi.c +index d5e09aa..f202609 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -1984,7 +1984,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + else + follow = FOLLOW_RETRY; + result = multi_done(&data->easy_conn, CURLE_OK, FALSE); +- if(!result) { ++ if(result) ++ /* Curl_follow() would otherwise free this */ ++ free(newurl); ++ else { + result = Curl_follow(data, newurl, follow); + if(!result) { + multistate(data, CURLM_STATE_CONNECT); +-- +1.8.3.1 + diff --git a/multi-fix-memory-leak-in-content-encoding-related-er.patch b/multi-fix-memory-leak-in-content-encoding-related-er.patch new file mode 100644 index 0000000..2be44c2 --- /dev/null +++ b/multi-fix-memory-leak-in-content-encoding-related-er.patch @@ -0,0 +1,42 @@ +From 2dfc0dd6b59db0816821508418addcf62863c84c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 29 Sep 2018 11:32:07 +0200 +Subject: [PATCH 111/557] multi: fix memory leak in content encoding related + error path + +... a missing multi_done() call. + +Credit to OSS-Fuzz +Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 +Closes #3063 +--- + lib/multi.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/lib/multi.c b/lib/multi.c +index f202609..9a98435 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -2005,12 +2005,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + newurl = data->req.location; + data->req.location = NULL; + result = Curl_follow(data, newurl, FOLLOW_FAKE); +- if(result) ++ if(result) { + stream_error = TRUE; ++ result = multi_done(&data->easy_conn, result, TRUE); ++ } + } + +- multistate(data, CURLM_STATE_DONE); +- rc = CURLM_CALL_MULTI_PERFORM; ++ if(!result) { ++ multistate(data, CURLM_STATE_DONE); ++ rc = CURLM_CALL_MULTI_PERFORM; ++ } + } + } + else if(comeback) +-- +1.8.3.1 + diff --git a/netrc-free-temporary-strings-if-memory-allocation-fa.patch b/netrc-free-temporary-strings-if-memory-allocation-fa.patch new file mode 100644 index 0000000..e64c0f5 --- /dev/null +++ b/netrc-free-temporary-strings-if-memory-allocation-fa.patch @@ -0,0 +1,111 @@ +From d48e6b7f9558ae2a21c74f9054221af8f5c6b607 Mon Sep 17 00:00:00 2001 +From: Michael Kaufmann +Date: Wed, 10 Oct 2018 22:38:50 +0200 +Subject: [PATCH 200/557] netrc: free temporary strings if memory allocation + fails + +- Change the inout parameters after all needed memory has been + allocated. Do not change them if something goes wrong. +- Free the allocated temporary strings if strdup() fails. + +Closes #3122 +--- + lib/netrc.c | 48 +++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 39 insertions(+), 9 deletions(-) + +diff --git a/lib/netrc.c b/lib/netrc.c +index a407bda..1724b35 100644 +--- a/lib/netrc.c ++++ b/lib/netrc.c +@@ -57,7 +57,11 @@ int Curl_parsenetrc(const char *host, + { + FILE *file; + int retcode = 1; +- int specific_login = (*loginp && **loginp != 0); ++ char *login = *loginp; ++ char *password = *passwordp; ++ bool specific_login = (login && *login != 0); ++ bool login_alloc = FALSE; ++ bool password_alloc = FALSE; + bool netrc_alloc = FALSE; + enum host_lookup_state state = NOTHING; + +@@ -125,7 +129,7 @@ int Curl_parsenetrc(const char *host, + continue; + while(!done && tok) { + +- if((*loginp && **loginp) && (*passwordp && **passwordp)) { ++ if((login && *login) && (password && *password)) { + done = TRUE; + break; + } +@@ -158,26 +162,34 @@ int Curl_parsenetrc(const char *host, + /* we are now parsing sub-keywords concerning "our" host */ + if(state_login) { + if(specific_login) { +- state_our_login = strcasecompare(*loginp, tok); ++ state_our_login = strcasecompare(login, tok); + } + else { +- free(*loginp); +- *loginp = strdup(tok); +- if(!*loginp) { ++ if(login_alloc) { ++ free(login); ++ login_alloc = FALSE; ++ } ++ login = strdup(tok); ++ if(!login) { + retcode = -1; /* allocation failed */ + goto out; + } ++ login_alloc = TRUE; + } + state_login = 0; + } + else if(state_password) { + if(state_our_login || !specific_login) { +- free(*passwordp); +- *passwordp = strdup(tok); +- if(!*passwordp) { ++ if(password_alloc) { ++ free(password); ++ password_alloc = FALSE; ++ } ++ password = strdup(tok); ++ if(!password) { + retcode = -1; /* allocation failed */ + goto out; + } ++ password_alloc = TRUE; + } + state_password = 0; + } +@@ -198,6 +210,24 @@ int Curl_parsenetrc(const char *host, + } /* while fgets() */ + + out: ++ if(!retcode) { ++ if(login_alloc) { ++ if(*loginp) ++ free(*loginp); ++ *loginp = login; ++ } ++ if(password_alloc) { ++ if(*passwordp) ++ free(*passwordp); ++ *passwordp = password; ++ } ++ } ++ else { ++ if(login_alloc) ++ free(login); ++ if(password_alloc) ++ free(password); ++ } + fclose(file); + } + +-- +1.8.3.1 + diff --git a/nonblock-fix-unused-parameter-warning.patch b/nonblock-fix-unused-parameter-warning.patch new file mode 100644 index 0000000..75604b5 --- /dev/null +++ b/nonblock-fix-unused-parameter-warning.patch @@ -0,0 +1,28 @@ +From 6c413648ec440230d2988be2d9ed8b70f8dba24b Mon Sep 17 00:00:00 2001 +From: Marcel Raad +Date: Sun, 14 Oct 2018 21:07:45 +0200 +Subject: [PATCH 181/557] nonblock: fix unused parameter warning + +If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not +used. +--- + lib/nonblock.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/nonblock.c b/lib/nonblock.c +index 5959281..4d105c1 100644 +--- a/lib/nonblock.c ++++ b/lib/nonblock.c +@@ -48,7 +48,8 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ + int nonblock /* TRUE or FALSE */) + { + #if defined(USE_BLOCKING_SOCKETS) +- ++ (void)sockfd; ++ (void)nonblock; + return 0; /* returns success */ + + #elif defined(HAVE_FCNTL_O_NONBLOCK) +-- +1.8.3.1 + diff --git a/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch b/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch new file mode 100644 index 0000000..0cd0175 --- /dev/null +++ b/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch @@ -0,0 +1,35 @@ +From eb0b3acbc1beb08489222ed713ac387ca900fe90 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 19 Sep 2018 10:05:56 +0200 +Subject: [PATCH 073/557] nss: try to connect even if libnssckbi.so fails to + load + +One can still use CA certificates stored in NSS database. + +Reported-by: Maxime Legros +Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html + +Closes #3016 +--- + lib/vtls/nss.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 4eb6a77..0c5a806 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn, + infof(data, "%s %s\n", (result) ? "failed to load" : "loaded", + trust_library); + if(result == CURLE_FAILED_INIT) +- /* make the error non-fatal if we are not going to verify peer */ +- result = CURLE_SSL_CACERT_BADFILE; ++ /* If libnssckbi.so is not available (or fails to load), one can still ++ use CA certificates stored in NSS database. Ignore the failure. */ ++ result = CURLE_OK; + } + else if(!use_trust_module && trust_module) { + /* libnssckbi.so not needed but already loaded --> unload it! */ +-- +1.8.3.1 + diff --git a/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch b/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch new file mode 100644 index 0000000..d232a54 --- /dev/null +++ b/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch @@ -0,0 +1,48 @@ +From 16a3307e813fa82776dc265201ffc7dac1c842a7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 15 Jan 2019 23:57:25 +0100 +Subject: [PATCH 451/557] openssl: fix the SSL_get_tlsext_status_ocsp_resp call + +.... to not pass in a const in the second argument as that's not how it +is supposed to be used and might cause compiler warnings. + +Reported-by: Pavel Pavlov +Fixes #3477 +Closes #3478 +--- + lib/vtls/openssl.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 45e72d6..9d11b89 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn, + struct ssl_connect_data *connssl) + { + int i, ocsp_status; ++ unsigned char *status; + const unsigned char *p; + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; +@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn, + X509_STORE *st = NULL; + STACK_OF(X509) *ch = NULL; + +- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p); ++ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status); + +- if(!p) { ++ if(!status) { + failf(data, "No OCSP response received"); + result = CURLE_SSL_INVALIDCERTSTATUS; + goto end; + } +- ++ p = status; + rsp = d2i_OCSP_RESPONSE(NULL, &p, len); + if(!rsp) { + failf(data, "Invalid OCSP response"); +-- +1.8.3.1 + diff --git a/openvms-fix-OpenSSL-discovery-on-VAX.patch b/openvms-fix-OpenSSL-discovery-on-VAX.patch new file mode 100644 index 0000000..65a690b --- /dev/null +++ b/openvms-fix-OpenSSL-discovery-on-VAX.patch @@ -0,0 +1,30 @@ +From 35221ecb14e1bb6c201ddf05d051fd15d8632fb3 Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Tue, 25 Dec 2018 22:27:29 +0100 +Subject: [PATCH 394/557] openvms: fix OpenSSL discovery on VAX + +The DCL code had a typo in one of the commands which would make the +OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. + +Closes #3407 +Reviewed-by: Viktor Szakats +--- + packages/vms/generate_config_vms_h_curl.com | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/packages/vms/generate_config_vms_h_curl.com b/packages/vms/generate_config_vms_h_curl.com +index 6e1b202..ef9efc2 100644 +--- a/packages/vms/generate_config_vms_h_curl.com ++++ b/packages/vms/generate_config_vms_h_curl.com +@@ -406,7 +406,7 @@ $ write cvh "#define USE_OPENSSL 1" + $ write cvh "#endif" + $ if arch_name .eqs. "VAX" + $ then +-$ old_mes = f$enviroment("message") ++$ old_mes = f$environment("message") + $ set message/notext/nofaci/noseve/noident + $ search/output=nla0: ssl$include:*.h CONF_MFLAGS_IGNORE_MISSING_FILE + $ status = $severity +-- +1.8.3.1 + diff --git a/schannel-on-connection-close-there-might-not-be-a-tr.patch b/schannel-on-connection-close-there-might-not-be-a-tr.patch new file mode 100644 index 0000000..e6031ca --- /dev/null +++ b/schannel-on-connection-close-there-might-not-be-a-tr.patch @@ -0,0 +1,48 @@ +From 6ee672970972a40603d8141293ca91c4d4854187 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 18 Jan 2019 11:21:25 +0100 +Subject: [PATCH 457/557] schannel: on connection close there might not be a + transfer + +Reported-by: Marcel Raad +Fixes #3412 +Closes #3483 +--- + lib/vtls/schannel.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c +index 56fd93e..ab7f83f 100644 +--- a/lib/vtls/schannel.c ++++ b/lib/vtls/schannel.c +@@ -7,7 +7,7 @@ + * + * Copyright (C) 2012 - 2016, Marc Hoersken, + * Copyright (C) 2012, Mark Salisbury, +- * Copyright (C) 2012 - 2018, Daniel Stenberg, , et al. ++ * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -2013,9 +2013,16 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) + + /* free SSPI Schannel API credential handle */ + if(BACKEND->cred) { +- Curl_ssl_sessionid_lock(conn); ++ /* ++ * When this function is called from Curl_schannel_close() the connection ++ * might not have an associated transfer so the check for conn->data is ++ * necessary. ++ */ ++ if(conn->data) ++ Curl_ssl_sessionid_lock(conn); + Curl_schannel_session_free(BACKEND->cred); +- Curl_ssl_sessionid_unlock(conn); ++ if(conn->data) ++ Curl_ssl_sessionid_unlock(conn); + BACKEND->cred = NULL; + } + +-- +1.8.3.1 + diff --git a/secure-Openwall-URLs.patch b/secure-Openwall-URLs.patch new file mode 100644 index 0000000..62f6883 --- /dev/null +++ b/secure-Openwall-URLs.patch @@ -0,0 +1,53 @@ +From 420087bb306528530ebdbf7f7806312882b1adba Mon Sep 17 00:00:00 2001 +From: Viktor Szakats +Date: Fri, 14 Sep 2018 18:48:35 +0000 +Subject: [PATCH 059/557] secure Openwall URLs + +--- + docs/SECURITY-PROCESS.md | 2 +- + lib/md4.c | 2 +- + lib/md5.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md +index 6ef7757..6cae503 100644 +--- a/docs/SECURITY-PROCESS.md ++++ b/docs/SECURITY-PROCESS.md +@@ -61,7 +61,7 @@ announcement. + Figure out the CWE (Common Weakness Enumeration) number for the flaw. + + - Request a CVE number from +- [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) ++ [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) + when also informing and preparing them for the upcoming public security + vulnerability announcement - attach the advisory draft for information. Note + that 'distros' won't accept an embargo longer than 14 days and they do not +diff --git a/lib/md4.c b/lib/md4.c +index 2bb7dcc..d350602 100644 +--- a/lib/md4.c ++++ b/lib/md4.c +@@ -3,7 +3,7 @@ + * MD4 Message-Digest Algorithm (RFC 1320). + * + * Homepage: +- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 ++ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 + * + * Author: + * Alexander Peslyak, better known as Solar Designer +diff --git a/lib/md5.c b/lib/md5.c +index b819d39..45f45bb 100644 +--- a/lib/md5.c ++++ b/lib/md5.c +@@ -177,7 +177,7 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) + * MD5 Message-Digest Algorithm (RFC 1321). + * + * Homepage: +- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 ++ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + * + * Author: + * Alexander Peslyak, better known as Solar Designer +-- +1.8.3.1 + diff --git a/smb-fix-incorrect-path-in-request-if-connection-reus.patch b/smb-fix-incorrect-path-in-request-if-connection-reus.patch new file mode 100644 index 0000000..0fb8c00 --- /dev/null +++ b/smb-fix-incorrect-path-in-request-if-connection-reus.patch @@ -0,0 +1,55 @@ +From 462037ad487c0457451e66afd0cb50a9f70c0c28 Mon Sep 17 00:00:00 2001 +From: Matus Uzak +Date: Tue, 18 Dec 2018 22:28:20 +0100 +Subject: [PATCH 377/557] smb: fix incorrect path in request if connection + reused + +Follow-up to 09e401e01bf9. If connection gets reused, then data member +will be copied, but not the proto member. As a result, in smb_do(), +path has been set from the original proto.share data. + +Closes #3388 +--- + lib/smb.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/smb.c b/lib/smb.c +index e4f266e..76c99a2 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -947,15 +947,10 @@ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks, + static CURLcode smb_do(struct connectdata *conn, bool *done) + { + struct smb_conn *smbc = &conn->proto.smbc; +- struct smb_request *req = conn->data->req.protop; + + *done = FALSE; + if(smbc->share) { +- req->path = strchr(smbc->share, '\0'); +- if(req->path) { +- req->path++; +- return CURLE_OK; +- } ++ return CURLE_OK; + } + return CURLE_URL_MALFORMAT; + } +@@ -964,6 +959,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) + { + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; ++ struct smb_request *req = data->req.protop; + struct smb_conn *smbc = &conn->proto.smbc; + char *path; + char *slash; +@@ -992,6 +988,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) + /* Parse the path for the file path converting any forward slashes into + backslashes */ + *slash++ = 0; ++ req->path = slash; + + for(; *slash; slash++) { + if(*slash == '/') +-- +1.8.3.1 + diff --git a/ssh-free-the-session-on-init-failures.patch b/ssh-free-the-session-on-init-failures.patch new file mode 100644 index 0000000..b2ec6a7 --- /dev/null +++ b/ssh-free-the-session-on-init-failures.patch @@ -0,0 +1,35 @@ +From 5c8c310edb1e5dbf41c5d2d68622b63f7700488e Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Fri, 26 Oct 2018 15:39:15 +0200 +Subject: [PATCH 211/557] ssh: free the session on init failures + +Ensure to clear the session object in case the libssh2 initialization +fails. + +It could be argued that the libssh2 error function should be called to +get a proper error message in this case. But since the only error path +in libssh2_knownhost_init() is memory a allocation failure it's safest +to avoid since the libssh2 error handling allocates memory. + +Closes #3179 +Reviewed-by: Daniel Stenberg +--- + lib/ssh.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/ssh.c b/lib/ssh.c +index a4b2ca4..da89619 100644 +--- a/lib/ssh.c ++++ b/lib/ssh.c +@@ -2926,7 +2926,7 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done) + int rc; + ssh->kh = libssh2_knownhost_init(ssh->ssh_session); + if(!ssh->kh) { +- /* eeek. TODO: free the ssh_session! */ ++ libssh2_session_free(ssh->ssh_session); + return CURLE_FAILED_INIT; + } + +-- +1.8.3.1 + diff --git a/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch b/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch new file mode 100644 index 0000000..83cc33c --- /dev/null +++ b/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch @@ -0,0 +1,36 @@ +From b095a1ca63ab4962e7256616ff02607c5a77e089 Mon Sep 17 00:00:00 2001 +From: JDepooter +Date: Wed, 16 Jan 2019 17:18:20 -0800 +Subject: [PATCH 456/557] ssh: log the libssh2 error message when ssh session + startup fails + +When a ssh session startup fails, it is useful to know why it has +failed. This commit changes the message from: + "Failure establishing ssh session" +to something like this, for example: + "Failure establishing ssh session: -5, Unable to exchange encryption keys" + +Closes #3481 +--- + lib/ssh.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/ssh.c b/lib/ssh.c +index f3b0a58..8c68adc 100644 +--- a/lib/ssh.c ++++ b/lib/ssh.c +@@ -667,7 +667,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) + break; + } + if(rc) { +- failf(data, "Failure establishing ssh session"); ++ char *err_msg = NULL; ++ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); ++ failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg); ++ + state(conn, SSH_SESSION_FREE); + sshc->actualcode = CURLE_FAILED_INIT; + break; +-- +1.8.3.1 + diff --git a/timediff-fix-math-for-unsigned-time_t.patch b/timediff-fix-math-for-unsigned-time_t.patch new file mode 100644 index 0000000..92773d1 --- /dev/null +++ b/timediff-fix-math-for-unsigned-time_t.patch @@ -0,0 +1,37 @@ +From 1a93153783c0ae626acf0b9041eeb2cb2fe7944a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 8 Jan 2019 17:34:45 +0100 +Subject: [PATCH 423/557] timediff: fix math for unsigned time_t + +Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html + +Closes #3449 +--- + lib/timeval.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/timeval.c b/lib/timeval.c +index 2d7c782..f1cbfe6 100644 +--- a/lib/timeval.c ++++ b/lib/timeval.c +@@ -163,7 +163,7 @@ struct curltime Curl_now(void) + */ + timediff_t Curl_timediff(struct curltime newer, struct curltime older) + { +- timediff_t diff = newer.tv_sec-older.tv_sec; ++ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; + if(diff >= (TIME_MAX/1000)) + return TIME_MAX; + else if(diff <= (TIME_MIN/1000)) +@@ -177,7 +177,7 @@ timediff_t Curl_timediff(struct curltime newer, struct curltime older) + */ + timediff_t Curl_timediff_us(struct curltime newer, struct curltime older) + { +- timediff_t diff = newer.tv_sec-older.tv_sec; ++ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; + if(diff >= (TIME_MAX/1000000)) + return TIME_MAX; + else if(diff <= (TIME_MIN/1000000)) +-- +1.8.3.1 + diff --git a/tool_cb_hdr-handle-failure-of-rename.patch b/tool_cb_hdr-handle-failure-of-rename.patch new file mode 100644 index 0000000..2aaed2d --- /dev/null +++ b/tool_cb_hdr-handle-failure-of-rename.patch @@ -0,0 +1,47 @@ +From 6b6ba1dc29857f5eb4c31fed3d63619fea99d5f4 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 15 Oct 2018 16:03:46 +0200 +Subject: [PATCH 186/557] tool_cb_hdr: handle failure of rename() + +Detected by Coverity. + +Closes #3140 +Reviewed-by: Jay Satiro +--- + src/tool_cb_hdr.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c +index 983258c..7a7a836 100644 +--- a/src/tool_cb_hdr.c ++++ b/src/tool_cb_hdr.c +@@ -132,15 +132,24 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { ++ int rc; + /* already opened and possibly written to */ + if(outs->fopened) + fclose(outs->stream); + outs->stream = NULL; + + /* rename the initial file name to the new file name */ +- rename(outs->filename, filename); ++ rc = rename(outs->filename, filename); ++ if(rc != 0) { ++ warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", ++ outs->filename, filename, strerror(errno)); ++ } + if(outs->alloc_filename) +- free(outs->filename); ++ Curl_safefree(outs->filename); ++ if(rc != 0) { ++ free(filename); ++ return failure; ++ } + } + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; +-- +1.8.3.1 + diff --git a/tool_cb_prg-avoid-integer-overflow.patch b/tool_cb_prg-avoid-integer-overflow.patch new file mode 100644 index 0000000..c6f42c8 --- /dev/null +++ b/tool_cb_prg-avoid-integer-overflow.patch @@ -0,0 +1,63 @@ +From 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 11 Jan 2019 00:25:46 +0100 +Subject: [PATCH 437/557] tool_cb_prg: avoid integer overflow + +When calculating the progress bar width. + +Reported-by: Peng Li +Fixes #3456 +Closes #3458 +--- + src/tool_cb_prg.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c +index 15ff5b2..0539e98 100644 +--- a/src/tool_cb_prg.c ++++ b/src/tool_cb_prg.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -106,6 +106,13 @@ static void fly(struct ProgressData *bar, bool moved) + + #define MAX_BARLENGTH 256 + ++#if (SIZEOF_CURL_OFF_T == 4) ++# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF) ++#else ++ /* assume CURL_SIZEOF_CURL_OFF_T == 8 */ ++# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF) ++#endif ++ + int tool_progress_cb(void *clientp, + curl_off_t dltotal, curl_off_t dlnow, + curl_off_t ultotal, curl_off_t ulnow) +@@ -119,10 +126,16 @@ int tool_progress_cb(void *clientp, + curl_off_t point; + + /* expected transfer size */ +- total = dltotal + ultotal + bar->initial_size; ++ if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal)) ++ total = CURL_OFF_T_MAX; ++ else ++ total = dltotal + ultotal + bar->initial_size; + + /* we've come this far */ +- point = dlnow + ulnow + bar->initial_size; ++ if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow)) ++ point = CURL_OFF_T_MAX; ++ else ++ point = dlnow + ulnow + bar->initial_size; + + if(bar->calls) { + /* after first call... */ +-- +1.8.3.1 + diff --git a/urlglob-improve-error-message.patch b/urlglob-improve-error-message.patch new file mode 100644 index 0000000..5d7db07 --- /dev/null +++ b/urlglob-improve-error-message.patch @@ -0,0 +1,71 @@ +From ddb06ffc0f680322ce746c6e8d524dee4de84955 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 11 Sep 2018 22:03:47 +0200 +Subject: [PATCH 045/557] urlglob: improve error message + +to help user understand what the problem is + +Reported-by: Daniel Shahaf + +Fixes #2763 +Closes #2977 +--- + src/tool_urlglob.c | 11 ++++++----- + tests/data/test75 | 4 +++- + 2 files changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c +index cb87706..e4a5c33 100644 +--- a/src/tool_urlglob.c ++++ b/src/tool_urlglob.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -459,18 +459,19 @@ CURLcode glob_url(URLGlob **glob, char *url, unsigned long *urlnum, + *urlnum = amount; + else { + if(error && glob_expand->error) { +- char text[128]; ++ char text[512]; + const char *t; + if(glob_expand->pos) { +- snprintf(text, sizeof(text), "%s in column %zu", glob_expand->error, +- glob_expand->pos); ++ snprintf(text, sizeof(text), "%s in URL position %zu:\n%s\n%*s^", ++ glob_expand->error, ++ glob_expand->pos, url, glob_expand->pos - 1, " "); + t = text; + } + else + t = glob_expand->error; + + /* send error description to the error-stream */ +- fprintf(error, "curl: (%d) [globbing] %s\n", res, t); ++ fprintf(error, "curl: (%d) %s\n", res, t); + } + /* it failed, we cleanup */ + glob_cleanup(glob_expand); +diff --git a/tests/data/test75 b/tests/data/test75 +index d8836b9..115963d 100644 +--- a/tests/data/test75 ++++ b/tests/data/test75 +@@ -44,7 +44,9 @@ perl %SRCDIR/libtest/test75.pl http://%HOSTIP:%HTTPPORT/ 22 + 3 + + +-curl: (3) [globbing] bad range in column 47 ++curl: (3) bad range in URL position 47: ++http://a-site-never-accessed.example.org/[2-1] ++ ^ + + + +-- +1.8.3.1 + diff --git a/wolfssl-Perform-cleanup.patch b/wolfssl-Perform-cleanup.patch new file mode 100644 index 0000000..c008c03 --- /dev/null +++ b/wolfssl-Perform-cleanup.patch @@ -0,0 +1,44 @@ +From 982a897b4bc22fa49da2501af8242e8c8ce1792c Mon Sep 17 00:00:00 2001 +From: David Garske +Date: Wed, 19 Dec 2018 08:30:44 -0800 +Subject: [PATCH 381/557] wolfssl: Perform cleanup + +This adds a cleanup callback for cyassl. Resolves possible memory leak +when using ECC fixed point cache. + +Closes #3395 +Reviewed-by: Daniel Stenberg +Reviewed-by: Daniel Gustafsson +--- + lib/vtls/cyassl.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c +index 0d45afb..ea96cf6 100644 +--- a/lib/vtls/cyassl.c ++++ b/lib/vtls/cyassl.c +@@ -794,6 +794,12 @@ static int Curl_cyassl_init(void) + } + + ++static void Curl_cyassl_cleanup(void) ++{ ++ CyaSSL_Cleanup(); ++} ++ ++ + static bool Curl_cyassl_data_pending(const struct connectdata* conn, + int connindex) + { +@@ -1004,7 +1010,7 @@ const struct Curl_ssl Curl_ssl_cyassl = { + sizeof(struct ssl_backend_data), + + Curl_cyassl_init, /* init */ +- Curl_none_cleanup, /* cleanup */ ++ Curl_cyassl_cleanup, /* cleanup */ + Curl_cyassl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_cyassl_shutdown, /* shutdown */ +-- +1.8.3.1 + diff --git a/zsh.pl-escape-character.patch b/zsh.pl-escape-character.patch new file mode 100644 index 0000000..b84aa86 --- /dev/null +++ b/zsh.pl-escape-character.patch @@ -0,0 +1,38 @@ +From b3cc8017b7364f588365be2b2629c49c142efdb7 Mon Sep 17 00:00:00 2001 +From: Alessandro Ghedini +Date: Tue, 5 Feb 2019 21:06:26 +0000 +Subject: [PATCH 492/557] zsh.pl: escape ':' character + +':' is interpreted as separator by zsh, so if used as part of the argument +or option's description it needs to be escaped. + +The problem can be reproduced as follows: + + % curl --reso + % curl -E + +Bug: https://bugs.debian.org/921452 +--- + scripts/zsh.pl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/zsh.pl b/scripts/zsh.pl +index 941b322..0f9cbec 100755 +--- a/scripts/zsh.pl ++++ b/scripts/zsh.pl +@@ -45,9 +45,12 @@ sub parse_main_opts { + + my $option = ''; + ++ $arg =~ s/\:/\\\:/g if defined $arg; ++ + $desc =~ s/'/'\\''/g if defined $desc; + $desc =~ s/\[/\\\[/g if defined $desc; + $desc =~ s/\]/\\\]/g if defined $desc; ++ $desc =~ s/\:/\\\:/g if defined $desc; + + $option .= '{' . trim($short) . ',' if defined $short; + $option .= trim($long) if defined $long; +-- +1.8.3.1 +


Key Exchange:	SRP
Compression	NULL
Cipher	AES-NNN-CBC
MAC	SHA1
Ciphersuite	SRP_SHA_AES_NNN_CBC_SHA1