packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update curl to 8.1.2

Browse Source
This commit is contained in:
eaglegai 2023-07-15 02:23:17 +00:00
parent 564551b57e
commit 75ee662eef
17 changed files with 37 additions and 1404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
backport-0001-CVE-2023-28320.patch
View File

@ -1,82 +0,0 @@
From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Tue, 25 Apr 2023 09:22:26 +0200
Subject: [PATCH] hostip: add locks around use of global buffer for alarm()
When building with the sync name resolver and timeout ability we now
require thread-safety to be present to enable it.
Closes #11030
Conflict:NA
Reference:https://github.com/curl/curl/commit/13718030ad4b3209a7583b
---
lib/hostip.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/lib/hostip.c b/lib/hostip.c
index 2381290fdd43e..e410cda69ae6e 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -70,12 +70,19 @@
#include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
#endif
-#if defined(CURLRES_SYNCH) && \
- defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
+#if defined(CURLRES_SYNCH) && \
+ defined(HAVE_ALARM) && \
+ defined(SIGALRM) && \
+ defined(HAVE_SIGSETJMP) && \
+ defined(GLOBAL_INIT_IS_THREADSAFE)
/* alarm-based timeouts can only be used with all the dependencies satisfied */
#define USE_ALARM_TIMEOUT
#endif
+#ifdef USE_ALARM_TIMEOUT
+#include "easy_lock.h"
+#endif
+
#define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
/*
@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
-#ifdef HAVE_SIGSETJMP
+#ifdef USE_ALARM_TIMEOUT
/* Beware this is a global and unique instance. This is used to store the
return address that we can jump back to from inside a signal handler. This
is not thread-safe stuff. */
sigjmp_buf curl_jmpenv;
+curl_simple_lock curl_jmpenv_lock;
#endif
/* lookup address, returns entry if found and not stale */
@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
static
void alarmfunc(int sig)
{
- /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */
(void)sig;
siglongjmp(curl_jmpenv, 1);
}
@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
This should be the last thing we do before calling Curl_resolv(),
as otherwise we'd have to worry about variables that get modified
before we invoke Curl_resolv() (and thus use "volatile"). */
+ curl_simple_lock_lock(&curl_jmpenv_lock);
+
if(sigsetjmp(curl_jmpenv, 1)) {
/* this is coming from a siglongjmp() after an alarm signal */
failf(data, "name lookup timed out");
@@ -980,6 +989,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
#endif
#endif /* HAVE_SIGACTION */
+ curl_simple_lock_unlock(&curl_jmpenv_lock);
+
/* switch back the alarm() to either zero or to what it was before minus
the time we spent until now! */
if(prev_alarm) {

79
backport-0002-CVE-2023-28320.patch
View File

@ -1,79 +0,0 @@
From f446258f0269a62289cca0210157cb8558d0edc3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 16 May 2023 23:40:42 +0200
Subject: [PATCH 1/1] hostip: include easy_lock.h before using
GLOBAL_INIT_IS_THREADSAFE
Since that header file is the only place that define can be defined.
Reported-by: Marc Deslauriers
Follow-up to 13718030ad4b3209
Closes #11121
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3
---
lib/hostip.c | 10 ++++------
lib/hostip.h | 9 ---------
2 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/lib/hostip.c b/lib/hostip.c
index 615f36c16..4ff348436 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -70,6 +70,8 @@
#include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
#endif
+#include "easy_lock.h"
+
#if defined(CURLRES_SYNCH) && \
defined(HAVE_ALARM) && \
defined(SIGALRM) && \
@@ -79,10 +81,6 @@
#define USE_ALARM_TIMEOUT
#endif
-#ifdef USE_ALARM_TIMEOUT
-#include "easy_lock.h"
-#endif
-
#define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
/*
@@ -289,8 +287,8 @@ void Curl_hostcache_prune(struct Curl_easy *data)
/* Beware this is a global and unique instance. This is used to store the
return address that we can jump back to from inside a signal handler. This
is not thread-safe stuff. */
-sigjmp_buf curl_jmpenv;
-curl_simple_lock curl_jmpenv_lock;
+static sigjmp_buf curl_jmpenv;
+static curl_simple_lock curl_jmpenv_lock;
#endif
/* lookup address, returns entry if found and not stale */
diff --git a/lib/hostip.h b/lib/hostip.h
index 4b5481f65..0dd19e87c 100644
--- a/lib/hostip.h
+++ b/lib/hostip.h
@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
#define CURL_INADDR_NONE INADDR_NONE
#endif
-#ifdef HAVE_SIGSETJMP
-/* Forward-declaration of variable defined in hostip.c. Beware this
- * is a global and unique instance. This is used to store the return
- * address that we can jump back to from inside a signal handler.
- * This is not thread-safe stuff.
- */
-extern sigjmp_buf curl_jmpenv;
-#endif
-
/*
* Function provided by the resolver backend to set DNS servers to use.
*/
--
2.33.0

20
backport-0101-curl-7.32.0-multilib.patch
View File

@ -4,16 +4,16 @@ Date: Fri, 12 Apr 2013 12:04:05 +0200
Subject: [PATCH] prevent multilib conflicts on the curl-config script Subject: [PATCH] prevent multilib conflicts on the curl-config script
--- ---
curl-config.in | 21 +++------------------ curl-config.in | 23 +++++------------------
docs/curl-config.1 | 4 +++- docs/curl-config.1 | 4 +++-
libcurl.pc.in | 1 + libcurl.pc.in | 1 +
3 files changed, 7 insertions(+), 19 deletions(-) 3 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/curl-config.in b/curl-config.in diff --git a/curl-config.in b/curl-config.in
index 150004d..95d0759 100644 index 150004d..95d0759 100644
--- a/curl-config.in --- a/curl-config.in
+++ b/curl-config.in +++ b/curl-config.in
@@ -76,7 +76,7 @@ while test $# -gt 0; do @@ -78,7 +78,7 @@ while test $# -gt 0; do
;; ;;
--cc) --cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;; ;;
--prefix) --prefix)
@@ -155,32 +155,17 @@ while test $# -gt 0; do @@ -157,32 +157,19 @@ while test $# -gt 0; do
;; ;;
--libs) --libs)
@ -49,6 +49,8 @@ index 150004d..95d0759 100644
- echo "curl was built with static libraries disabled" >&2 - echo "curl was built with static libraries disabled" >&2
- exit 1 - exit 1
- fi - fi
+ echo "curl was built with static libraries disabled" >&2
+ exit 1
;; ;;
--configure) --configure)
@ -61,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
index 14a9d2b..ffcc004 100644 index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1 --- a/docs/curl-config.1
+++ b/docs/curl-config.1 +++ b/docs/curl-config.1
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear @@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
comma-separated. (Added in 7.58.0) comma-separated. (Added in 7.58.0)
.IP "--static-libs" .IP "--static-libs"
Shows the complete set of libs and other linker options you will need in order Shows the complete set of libs and other linker options you will need in order
@ -76,7 +78,7 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in
index 2ba9c39..f8f8b00 100644 index 2ba9c39..f8f8b00 100644
--- a/libcurl.pc.in --- a/libcurl.pc.in
+++ b/libcurl.pc.in +++ b/libcurl.pc.in
@@ -29,6 +29,7 @@ libdir=@libdir@ @@ -31,6 +31,7 @@ libdir=@libdir@
includedir=@includedir@ includedir=@includedir@
supported_protocols="@SUPPORT_PROTOCOLS@" supported_protocols="@SUPPORT_PROTOCOLS@"
supported_features="@SUPPORT_FEATURES@" supported_features="@SUPPORT_FEATURES@"
@ -85,5 +87,5 @@ index 2ba9c39..f8f8b00 100644
Name: libcurl Name: libcurl
URL: https://curl.se/ URL: https://curl.se/
-- --
2.5.0 2.26.2

52
backport-CVE-2023-27533.patch
View File

@ -1,52 +0,0 @@
From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Mar 2023 12:07:33 +0100
Subject: [PATCH] telnet: only accept option arguments in ascii
To avoid embedded telnet negotiation commands etc.
Reported-by: Harry Sintonen
Closes #10728
---
lib/telnet.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -770,6 +770,17 @@ static void printsub(struct Curl_easy *d
}
}
+static bool str_is_nonascii(const char *str)
+{
+ size_t len = strlen(str);
+ while(len--) {
+ if(*str & 0x80)
+ return TRUE;
+ str++;
+ }
+ return FALSE;
+}
+
static CURLcode check_telnet_options(struct Curl_easy *data)
{
struct curl_slist *head;
@@ -784,6 +795,8 @@ static CURLcode check_telnet_options(str
/* Add the user name as an environment variable if it
was given on the command line */
if(data->state.aptr.user) {
+ if(str_is_nonascii(data->conn->user))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
beg = curl_slist_append(tn->telnet_vars, option_arg);
if(!beg) {
@@ -799,6 +812,9 @@ static CURLcode check_telnet_options(str
if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
option_keyword, option_arg) == 2) {
+ if(str_is_nonascii(option_arg))
+ continue;
+
/* Terminal type */
if(strcasecompare(option_keyword, "TTYPE")) {
strncpy(tn->subopt_ttype, option_arg, 31);

120
backport-CVE-2023-27534.patch
View File

@ -1,120 +0,0 @@
From 4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 16:22:11 +0100
Subject: [PATCH] curl_path: create the new path with dynbuf
Closes #10729
---
lib/curl_path.c | 75 +++++++++++++++++++++++--------------------------
1 file changed, 35 insertions(+), 40 deletions(-)
diff --git a/lib/curl_path.c b/lib/curl_path.c
index 2df8687a557ba..977e5336f552c 100644
--- a/lib/curl_path.c
+++ b/lib/curl_path.c
@@ -32,70 +32,65 @@
#include "escape.h"
#include "memdebug.h"
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
+
/* figure out the path to work with in this particular request */
CURLcode Curl_getworkingpath(struct Curl_easy *data,
char *homedir, /* when SFTP is used */
char **path) /* returns the allocated
real path to work with */
{
- char *real_path = NULL;
char *working_path;
size_t working_path_len;
+ struct dynbuf npath;
CURLcode result =
Curl_urldecode(data->state.up.path, 0, &working_path,
&working_path_len, REJECT_ZERO);
if(result)
return result;
+ /* new path to switch to in case we need to */
+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
+
/* Check for /~/, indicating relative to the user's home directory */
- if(data->conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
+ /* It is referenced to the home directory, so strip the leading '/~/' */
+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
- /* It is referenced to the home directory, so strip the leading '/~/' */
- memcpy(real_path, working_path + 3, working_path_len - 2);
- else
- memcpy(real_path, working_path, 1 + working_path_len);
}
- else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
- size_t homelen = strlen(homedir);
- real_path = malloc(homelen + working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- /* It is referenced to the home directory, so strip the
- leading '/' */
- memcpy(real_path, homedir, homelen);
- /* Only add a trailing '/' if homedir does not end with one */
- if(homelen == 0 || real_path[homelen - 1] != '/') {
- real_path[homelen] = '/';
- homelen++;
- real_path[homelen] = '\0';
- }
- if(working_path_len > 3) {
- memcpy(real_path + homelen, working_path + 3,
- 1 + working_path_len -3);
- }
+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+ size_t len;
+ const char *p;
+ int copyfrom = 3;
+ if(Curl_dyn_add(&npath, homedir)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
- else {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(real_path, working_path, 1 + working_path_len);
+ /* Copy a separating '/' if homedir does not end with one */
+ len = Curl_dyn_len(&npath);
+ p = Curl_dyn_ptr(&npath);
+ if(len && (p[len-1] != '/'))
+ copyfrom = 2;
+
+ if(Curl_dyn_addn(&npath,
+ &working_path[copyfrom], working_path_len - copyfrom)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
}
- free(working_path);
+ if(Curl_dyn_len(&npath)) {
+ free(working_path);
- /* store the pointer for the caller to receive */
- *path = real_path;
+ /* store the pointer for the caller to receive */
+ *path = Curl_dyn_ptr(&npath);
+ }
+ else
+ *path = working_path;
return CURLE_OK;
}

151
backport-CVE-2023-27535.patch
View File

@ -1,151 +0,0 @@
From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 17:47:06 +0100
Subject: [PATCH] ftp: add more conditions for connection reuse
Reported-by: Harry Sintonen
Closes #10730
---
lib/ftp.c | 28 ++++++++++++++++++++++++++--
lib/ftp.h | 5 +++++
lib/setopt.c | 2 +-
lib/url.c | 17 +++++++++++++++--
lib/urldata.h | 4 ++--
5 files changed, 49 insertions(+), 7 deletions(-)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -4052,6 +4052,8 @@ static CURLcode ftp_disconnect(struct Cu
}
freedirs(ftpc);
+ Curl_safefree(ftpc->account);
+ Curl_safefree(ftpc->alternative_to_user);
Curl_safefree(ftpc->prevpath);
Curl_safefree(ftpc->server_os);
Curl_pp_disconnect(pp);
@@ -4321,11 +4323,31 @@ static CURLcode ftp_setup_connection(str
char *type;
struct FTP *ftp;
CURLcode result = CURLE_OK;
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
- data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
+ ftp = calloc(sizeof(struct FTP), 1);
if(!ftp)
return CURLE_OUT_OF_MEMORY;
+ /* clone connection related data that is FTP specific */
+ if(data->set.str[STRING_FTP_ACCOUNT]) {
+ ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+ if(!ftpc->account) {
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+ ftpc->alternative_to_user =
+ strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+ if(!ftpc->alternative_to_user) {
+ Curl_safefree(ftpc->account);
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ data->req.p.ftp = ftp;
+
ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
/* FTP URLs support an extension like ";type=<typecode>" that
@@ -4360,7 +4382,9 @@ static CURLcode ftp_setup_connection(str
/* get some initial data into the ftp struct */
ftp->transfer = PPTRANSFER_BODY;
ftp->downloadsize = 0;
- conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+ ftpc->known_filesize = -1; /* unknown size for now */
+ ftpc->use_ssl = data->set.use_ssl;
+ ftpc->ccc = data->set.ftp_ccc;
return result;
}
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -120,6 +120,8 @@ struct FTP {
struct */
struct ftp_conn {
struct pingpong pp;
+ char *account;
+ char *alternative_to_user;
char *entrypath; /* the PWD reply when we logged on */
char *file; /* url-decoded file name (or path) */
char **dirs; /* realloc()ed array for path components */
@@ -143,6 +145,9 @@ struct ftp_conn {
ftpstate state; /* always use ftp.c:state() to change state! */
ftpstate state_saved; /* transfer type saved to be reloaded after data
connection is established */
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
+ unsigned char ccc; /* ccc level for this connection */
BIT(ftp_trying_alternative);
BIT(dont_check); /* Set to TRUE to prevent the final (post-transfer)
file size and 226/250 status check. It should still
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -2369,7 +2369,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *
arg = va_arg(param, long);
if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))
return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.use_ssl = (curl_usessl)arg;
+ data->set.use_ssl = (unsigned char)arg;
break;
case CURLOPT_SSL_OPTIONS:
--- a/lib/url.c
+++ b/lib/url.c
@@ -1299,11 +1299,24 @@ ConnectionExists(struct Curl_easy *data,
|| ((check->httpversion >= 30) &&
(data->state.httpwant < CURL_HTTP_VERSION_3))))
continue;
-
- if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}
+#endif
+#ifndef CURL_DISABLE_FTP
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+ if(Curl_timestrcmp(needle->proto.ftpc.account,
+ check->proto.ftpc.account) ||
+ Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+ check->proto.ftpc.alternative_to_user) ||
+ (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+ (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+ continue;
+ }
+#endif
if((needle->handler->flags&PROTOPT_SSL)
#ifndef CURL_DISABLE_PROXY
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1713,8 +1713,6 @@ struct UserDefined {
#ifndef CURL_DISABLE_NETRC
unsigned char use_netrc; /* enum CURL_NETRC_OPTION values */
#endif
- curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
- IMAP or POP3 or others! */
unsigned int new_file_perms; /* when creating remote files */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
struct curl_blob *blobs[BLOB_LAST];
@@ -1773,6 +1771,8 @@ struct UserDefined {
BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
recipients */
#endif
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
unsigned char connect_only; /* make connection/request, then let
application use the socket */
BIT(is_fread_set); /* has read callback been set to non-NULL? */

44
backport-CVE-2023-27536.patch
View File

@ -1,44 +0,0 @@
From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation
Reported-by: Harry Sintonen
Closes #10731
---
lib/url.c | 6 ++++++
lib/urldata.h | 1 +
2 files changed, 7 insertions(+)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1291,6 +1291,11 @@ ConnectionExists(struct Curl_easy *data,
}
}
+ /* GSS delegation differences do not actually affect every connection
+ and auth method, but this check takes precaution before efficiency */
+ if(needle->gssapi_delegation != check->gssapi_delegation)
+ continue;
+
/* If multiplexing isn't enabled on the h2 connection and h1 is
explicitly requested, handle it: */
if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
@@ -1602,6 +1607,7 @@ static struct connectdata *allocate_conn
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
conn->lastused = Curl_now(); /* used now */
+ conn->gssapi_delegation = data->set.gssapi_delegation;
return conn;
error:
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1057,6 +1057,7 @@ struct connectdata {
unsigned char ip_version; /* copied from the Curl_easy at creation time */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
unsigned char connect_only;
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
};
/* The end of connectdata. */

32
backport-CVE-2023-27537.patch
View File

@ -1,32 +0,0 @@
From dca4cdf071be095bcdc7126eaa77a8946ea4790b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 18:01:34 +0100
Subject: [PATCH] CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
Reported-by: Hiroki Kurosawa
Closes #10732
---
docs/libcurl/opts/CURLSHOPT_SHARE.3 | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/docs/libcurl/opts/CURLSHOPT_SHARE.3
+++ b/docs/libcurl/opts/CURLSHOPT_SHARE.3
@@ -57,8 +57,7 @@ implemented until 7.23.0.
Put the connection cache in the share object and make all easy handles using
this share object share the connection cache.
-Note that due to a known bug, it is not safe to share connections this way
-between multiple concurrent threads.
+It is not supported to share connections between multiple concurrent threads.
Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing only
get additional transfers added to them if the existing connection is held by
@@ -82,6 +81,8 @@ multi handle will share PSL cache by def
.IP CURL_LOCK_DATA_HSTS
The in-memory HSTS cache.
+It is not supported to share the HSTS between multiple concurrent threads.
+
Added in 7.88.0
.SH PROTOCOLS
All

22
backport-CVE-2023-27538.patch
View File

@ -1,22 +0,0 @@
From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 08:22:51 +0100
Subject: [PATCH] url: fix the SSH connection reuse check
Reported-by: Harry Sintonen
Closes #10735
---
lib/url.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1300,7 +1300,7 @@ ConnectionExists(struct Curl_easy *data,
(data->state.httpwant < CURL_HTTP_VERSION_3))))
continue;
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}

297
backport-CVE-2023-28321.patch
View File

@ -1,297 +0,0 @@
From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 24 Apr 2023 21:07:02 +0200
Subject: [PATCH] hostcheck: fix host name wildcard checking
The leftmost "label" of the host name can now only match against single
'*'. Like the browsers have worked for a long time.
- extended unit test 1397 for this
- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
Reported-by: Hiroki Kurosawa
Closes #11018
---
lib/vtls/hostcheck.c | 50 +++++++--------
tests/data/test1397 | 10 ++-
tests/unit/Makefile.am | 94 ----------------------------
tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++
tests/unit/unit1397.c | 134 ++++++++++++++++++++++++----------------
5 files changed, 202 insertions(+), 180 deletions(-)
diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
index e827dc5..d061c63 100644
--- a/lib/vtls/hostcheck.c
+++ b/lib/vtls/hostcheck.c
@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen,
* apparent distinction between a name and an IP. We need to detect the use of
* an IP address and not wildcard match on such names.
*
+ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
+ * "*b".
+ *
* Return TRUE on a match. FALSE if not.
+ *
+ * @unittest: 1397
*/
static bool hostmatch(const char *hostname,
@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname,
const char *pattern,
size_t patternlen)
{
- const char *pattern_label_end, *wildcard, *hostname_label_end;
- size_t prefixlen, suffixlen;
+ const char *pattern_label_end;
- /* normalize pattern and hostname by stripping off trailing dots */
+ DEBUGASSERT(pattern);
DEBUGASSERT(patternlen);
+ DEBUGASSERT(hostname);
+ DEBUGASSERT(hostlen);
+
+ /* normalize pattern and hostname by stripping off trailing dots */
if(hostname[hostlen-1]=='.')
hostlen--;
if(pattern[patternlen-1]=='.')
patternlen--;
- wildcard = memchr(pattern, '*', patternlen);
- if(!wildcard)
+ if(strncmp(pattern, "*.", 2))
return pmatch(hostname, hostlen, pattern, patternlen);
/* detect IP address as hostname and fail the match if so */
- if(Curl_host_is_ipnum(hostname))
+ else if(Curl_host_is_ipnum(hostname))
return FALSE;
/* We require at least 2 dots in the pattern to avoid too wide wildcard
match. */
pattern_label_end = memchr(pattern, '.', patternlen);
if(!pattern_label_end ||
- (memrchr(pattern, '.', patternlen) == pattern_label_end) ||
- strncasecompare(pattern, "xn--", 4))
+ (memrchr(pattern, '.', patternlen) == pattern_label_end))
return pmatch(hostname, hostlen, pattern, patternlen);
-
- hostname_label_end = memchr(hostname, '.', hostlen);
- if(!hostname_label_end)
- return FALSE;
else {
- size_t skiphost = hostname_label_end - hostname;
- size_t skiplen = pattern_label_end - pattern;
- if(!pmatch(hostname_label_end, hostlen - skiphost,
- pattern_label_end, patternlen - skiplen))
- return FALSE;
+ const char *hostname_label_end = memchr(hostname, '.', hostlen);
+ if(hostname_label_end) {
+ size_t skiphost = hostname_label_end - hostname;
+ size_t skiplen = pattern_label_end - pattern;
+ return pmatch(hostname_label_end, hostlen - skiphost,
+ pattern_label_end, patternlen - skiplen);
+ }
}
- /* The wildcard must match at least one character, so the left-most
- label of the hostname is at least as large as the left-most label
- of the pattern. */
- if(hostname_label_end - hostname < pattern_label_end - pattern)
- return FALSE;
-
- prefixlen = wildcard - pattern;
- suffixlen = pattern_label_end - (wildcard + 1);
- return strncasecompare(pattern, hostname, prefixlen) &&
- strncasecompare(wildcard + 1, hostname_label_end - suffixlen,
- suffixlen) ? TRUE : FALSE;
+ return FALSE;
}
/*
diff --git a/tests/data/test1397 b/tests/data/test1397
index 84f962a..f31b2c2 100644
--- a/tests/data/test1397
+++ b/tests/data/test1397
@@ -2,8 +2,7 @@
<info>
<keywords>
unittest
-ssl
-wildcard
+Curl_cert_hostcheck
</keywords>
</info>
@@ -16,9 +15,8 @@ none
<features>
unittest
</features>
- <name>
-Check wildcard certificate matching function Curl_cert_hostcheck
- </name>
+<name>
+Curl_cert_hostcheck unit tests
+</name>
</client>
-
</testcase>
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 2f3d3aa..3ae7561 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -23,7 +23,6 @@
***************************************************************************/
#include "curlcheck.h"
-#include "vtls/hostcheck.h" /* from the lib dir */
static CURLcode unit_setup(void)
{
@@ -32,63 +31,94 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
- /* done before shutting down and exiting */
}
-UNITTEST_START
-
/* only these backends define the tested functions */
-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
-
- /* here you start doing things and checking that the results are good */
+#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
+#include "vtls/hostcheck.h"
+struct testcase {
+ const char *host;
+ const char *pattern;
+ bool match;
+};
-fail_unless(Curl_cert_hostcheck(STRCONST("www.example.com"),
- STRCONST("www.example.com")), "good 1");
-fail_unless(Curl_cert_hostcheck(STRCONST("*.example.com"),
- STRCONST("www.example.com")),
- "good 2");
-fail_unless(Curl_cert_hostcheck(STRCONST("xxx*.example.com"),
- STRCONST("xxxwww.example.com")), "good 3");
-fail_unless(Curl_cert_hostcheck(STRCONST("f*.example.com"),
- STRCONST("foo.example.com")), "good 4");
-fail_unless(Curl_cert_hostcheck(STRCONST("192.168.0.0"),
- STRCONST("192.168.0.0")), "good 5");
+static struct testcase tests[] = {
+ {"", "", FALSE},
+ {"a", "", FALSE},
+ {"", "b", FALSE},
+ {"a", "b", FALSE},
+ {"aa", "bb", FALSE},
+ {"\xff", "\xff", TRUE},
+ {"aa.aa.aa", "aa.aa.bb", FALSE},
+ {"aa.aa.aa", "aa.aa.aa", TRUE},
+ {"aa.aa.aa", "*.aa.bb", FALSE},
+ {"aa.aa.aa", "*.aa.aa", TRUE},
+ {"192.168.0.1", "192.168.0.1", TRUE},
+ {"192.168.0.1", "*.168.0.1", FALSE},
+ {"192.168.0.1", "*.0.1", FALSE},
+ {"h.ello", "*.ello", FALSE},
+ {"h.ello.", "*.ello", FALSE},
+ {"h.ello", "*.ello.", FALSE},
+ {"h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo", " *.e.llo", FALSE},
+ {" h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo", TRUE},
+ {"*.e.llo.", "*.e.llo", TRUE},
+ {"************.e.llo.", "*.e.llo", TRUE},
+ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
+ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
+ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
+ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
+ ".e.llo.", "*.e.llo", TRUE},
+ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo.", TRUE},
+ {"h.e.llo", "*.e.llo.", TRUE},
+ {".h.e.llo", "*.e.llo.", FALSE},
+ {"h.e.llo", "*.*.llo.", FALSE},
+ {"h.e.llo", "h.*.llo", FALSE},
+ {"h.e.llo", "h.e.*", FALSE},
+ {"hello", "*.ello", FALSE},
+ {"hello", "**llo", FALSE},
+ {"bar.foo.example.com", "*.example.com", FALSE},
+ {"foo.example.com", "*.example.com", TRUE},
+ {"baz.example.net", "b*z.example.net", FALSE},
+ {"foobaz.example.net", "*baz.example.net", FALSE},
+ {"xn--l8j.example.local", "x*.example.local", FALSE},
+ {"xn--l8j.example.net", "*.example.net", TRUE},
+ {"xn--l8j.example.net", "*j.example.net", FALSE},
+ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
+ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
+ {"xl8j.example.net", "*.example.net", TRUE},
+ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
+ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
+ {NULL, NULL, FALSE}
+};
-fail_if(Curl_cert_hostcheck(STRCONST("xxx.example.com"),
- STRCONST("www.example.com")), "bad 1");
-fail_if(Curl_cert_hostcheck(STRCONST("*"),
- STRCONST("www.example.com")),"bad 2");
-fail_if(Curl_cert_hostcheck(STRCONST("*.*.com"),
- STRCONST("www.example.com")), "bad 3");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example.com"),
- STRCONST("baa.foo.example.com")), "bad 4");
-fail_if(Curl_cert_hostcheck(STRCONST("f*.example.com"),
- STRCONST("baa.example.com")), "bad 5");
-fail_if(Curl_cert_hostcheck(STRCONST("*.com"),
- STRCONST("example.com")), "bad 6");
-fail_if(Curl_cert_hostcheck(STRCONST("*fail.com"),
- STRCONST("example.com")), "bad 7");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
- STRCONST("www.example.")), "bad 8");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
- STRCONST("www.example")), "bad 9");
-fail_if(Curl_cert_hostcheck(STRCONST(""), STRCONST("www")), "bad 10");
-fail_if(Curl_cert_hostcheck(STRCONST("*"), STRCONST("www")), "bad 11");
-fail_if(Curl_cert_hostcheck(STRCONST("*.168.0.0"),
- STRCONST("192.168.0.0")), "bad 12");
-fail_if(Curl_cert_hostcheck(STRCONST("www.example.com"),
- STRCONST("192.168.0.0")), "bad 13");
-
-#ifdef ENABLE_IPV6
-fail_if(Curl_cert_hostcheck(STRCONST("*::3285:a9ff:fe46:b619"),
- STRCONST("fe80::3285:a9ff:fe46:b619")), "bad 14");
-fail_unless(Curl_cert_hostcheck(STRCONST("fe80::3285:a9ff:fe46:b619"),
- STRCONST("fe80::3285:a9ff:fe46:b619")),
- "good 6");
-#endif
+UNITTEST_START
+{
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
+ strlen(tests[i].pattern),
+ tests[i].host,
+ strlen(tests[i].host))) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"
+ "did %sMATCH\n",
+ tests[i].host,
+ tests[i].pattern,
+ tests[i].match ? "NOT ": "");
+ unitfail++;
+ }
+ }
+}
-#endif
+UNITTEST_STOP
+#else
- /* you end the test code like this: */
+UNITTEST_START
UNITTEST_STOP
+#endif
--
2.33.0

434
backport-CVE-2023-28322.patch
View File

@ -1,434 +0,0 @@
From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Apr 2023 08:28:01 +0200
Subject: [PATCH] lib: unify the upload/method handling
By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.
Closes #11017
---
lib/curl_rtmp.c | 4 ++--
lib/file.c | 4 ++--
lib/ftp.c | 8 ++++----
lib/http.c | 4 ++--
lib/imap.c | 6 +++---
lib/rtsp.c | 4 ++--
lib/setopt.c | 6 ++----
lib/smb.c | 6 +++---
lib/smtp.c | 4 ++--
lib/tftp.c | 8 ++++----
lib/transfer.c | 4 ++--
lib/urldata.h | 2 +-
lib/vssh/libssh.c | 6 +++---
lib/vssh/libssh2.c | 6 +++---
lib/vssh/wolfssh.c | 2 +-
15 files changed, 36 insertions(+), 38 deletions(-)
diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
index 2679a2c..406fb42 100644
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
/* We have to know if it's a write before we send the
* connect request packet
*/
- if(data->set.upload)
+ if(data->state.upload)
r->Link.protocol |= RTMP_FEATURE_WRITE;
/* For plain streams, use the buffer toggle trick to keep data flowing */
@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done)
if(!RTMP_ConnectStream(r, 0))
return CURLE_FAILED_INIT;
- if(data->set.upload) {
+ if(data->state.upload) {
Curl_pgrsSetUploadSize(data, data->state.infilesize);
Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
}
diff --git a/lib/file.c b/lib/file.c
index 51c5d07..c751e88 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done)
file->freepath = real_path; /* free this when done */
file->fd = fd;
- if(!data->set.upload && (fd == -1)) {
+ if(!data->state.upload && (fd == -1)) {
failf(data, "Couldn't open file %s", data->state.up.path);
file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
return CURLE_FILE_COULDNT_READ_FILE;
@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
Curl_pgrsStartNow(data);
- if(data->set.upload)
+ if(data->state.upload)
return file_upload(data);
file = data->req.p.file;
diff --git a/lib/ftp.c b/lib/ftp.c
index 601f603..6e8be09 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -1344,7 +1344,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data)
data->set.str[STRING_CUSTOMREQUEST]?
data->set.str[STRING_CUSTOMREQUEST]:
(data->state.list_only?"NLST":"LIST"));
- else if(data->set.upload)
+ else if(data->state.upload)
result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s",
conn->proto.ftpc.file);
else
@@ -3346,7 +3346,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
/* the response code from the transfer showed an error already so no
use checking further */
;
- else if(data->set.upload) {
+ else if(data->state.upload) {
if((-1 != data->state.infilesize) &&
(data->state.infilesize != data->req.writebytecount) &&
!data->set.crlf &&
@@ -3602,7 +3602,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep)
connected back to us */
}
}
- else if(data->set.upload) {
+ else if(data->state.upload) {
result = ftp_nb_type(data, conn, data->state.prefer_ascii,
FTP_STOR_TYPE);
if(result)
@@ -4191,7 +4191,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data)
ftpc->file = NULL; /* instead of point to a zero byte,
we make it a NULL pointer */
- if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
+ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
/* We need a file name when uploading. Return error! */
failf(data, "Uploading to a URL without a file name");
free(rawPath);
diff --git a/lib/http.c b/lib/http.c
index cb585e7..b9a441e 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1962,7 +1962,7 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq;
const char *request;
if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
- data->set.upload)
+ data->state.upload)
httpreq = HTTPREQ_PUT;
/* Now set the 'request' pointer to the proper request string */
@@ -2279,7 +2279,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn,
if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
(((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
http->postsize < 0) ||
- ((data->set.upload || httpreq == HTTPREQ_POST) &&
+ ((data->state.upload || httpreq == HTTPREQ_POST) &&
data->state.infilesize == -1))) {
if(conn->bits.authneg)
/* don't enable chunked during auth neg */
diff --git a/lib/imap.c b/lib/imap.c
index c2f675d..1952e66 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status,
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && !imap->custom &&
- (imap->uid || imap->mindex || data->set.upload ||
+ (imap->uid || imap->mindex || data->state.upload ||
data->set.mimepost.kind != MIMEKIND_NONE)) {
/* Handle responses after FETCH or APPEND transfer has finished */
- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
state(data, IMAP_FETCH_FINAL);
else {
/* End the APPEND command first by sending an empty line */
@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected,
selected = TRUE;
/* Start the first command in the DO phase */
- if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+ if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
/* APPEND can be executed directly */
result = imap_perform_append(data);
else if(imap->custom && (selected || !imap->mailbox))
diff --git a/lib/rtsp.c b/lib/rtsp.c
index 9d27929..9639d93 100644
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -494,7 +494,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
rtspreq == RTSPREQ_SET_PARAMETER ||
rtspreq == RTSPREQ_GET_PARAMETER) {
- if(data->set.upload) {
+ if(data->state.upload) {
putsize = data->state.infilesize;
data->state.httpreq = HTTPREQ_PUT;
@@ -513,7 +513,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
result =
Curl_dyn_addf(&req_buffer,
"Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
- (data->set.upload ? putsize : postsize));
+ (data->state.upload ? putsize : postsize));
if(result)
return result;
}
diff --git a/lib/setopt.c b/lib/setopt.c
index eae6a4c..d757220 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -329,8 +329,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
* We want to sent data to the remote host. If this is HTTP, that equals
* using the PUT request.
*/
- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
- if(data->set.upload) {
+ arg = va_arg(param, long);
+ if(arg) {
/* If this is HTTP, PUT is what's needed to "upload" */
data->set.method = HTTPREQ_PUT;
data->set.opt_no_body = FALSE; /* this is implied */
@@ -660,7 +660,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
}
else
data->set.method = HTTPREQ_GET;
- data->set.upload = FALSE;
break;
#ifndef CURL_DISABLE_MIME
@@ -884,7 +883,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
*/
if(va_arg(param, long)) {
data->set.method = HTTPREQ_GET;
- data->set.upload = FALSE; /* switch off upload */
data->set.opt_no_body = FALSE; /* this is implied */
}
break;
diff --git a/lib/smb.c b/lib/smb.c
index dc0abe7..097874b 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -531,7 +531,7 @@ static CURLcode smb_send_open(struct Curl_easy *data)
byte_count = strlen(req->path);
msg.name_length = smb_swap16((unsigned short)byte_count);
msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
- if(data->set.upload) {
+ if(data->state.upload) {
msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
}
@@ -763,7 +763,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
void *msg = NULL;
const struct smb_nt_create_response *smb_m;
- if(data->set.upload && (data->state.infilesize < 0)) {
+ if(data->state.upload && (data->state.infilesize < 0)) {
failf(data, "SMB upload needs to know the size up front");
return CURLE_SEND_ERROR;
}
@@ -814,7 +814,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
smb_m = (const struct smb_nt_create_response*) msg;
req->fid = smb_swap16(smb_m->fid);
data->req.offset = 0;
- if(data->set.upload) {
+ if(data->state.upload) {
data->req.size = data->state.infilesize;
Curl_pgrsSetUploadSize(data, data->req.size);
next_state = SMB_UPLOAD;
diff --git a/lib/smtp.c b/lib/smtp.c
index 7a03030..c182cac 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status,
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && data->set.mail_rcpt &&
- (data->set.upload || data->set.mimepost.kind)) {
+ (data->state.upload || data->set.mimepost.kind)) {
/* Calculate the EOB taking into account any terminating CRLF from the
previous line of the email or the CRLF of the DATA command when there
is "no mail data". RFC-5321, sect. 4.1.1.4.
@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected,
smtp->eob = 2;
/* Start the first command in the DO phase */
- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
/* MAIL transfer */
result = smtp_perform_mail(data);
else
diff --git a/lib/tftp.c b/lib/tftp.c
index 164d3c7..8ed1b88 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state,
/* tsize should be ignored on upload: Who cares about the size of the
remote file? */
- if(!data->set.upload) {
+ if(!data->state.upload) {
if(!tsize) {
failf(data, "invalid tsize -:%s:- value in OACK packet", value);
return CURLE_TFTP_ILLEGAL;
@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
return result;
}
- if(data->set.upload) {
+ if(data->state.upload) {
/* If we are uploading, send an WRQ */
setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
state->data->req.upload_fromhere =
@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
if(!data->set.tftp_no_options) {
char buf[64];
/* add tsize option */
- if(data->set.upload && (data->state.infilesize != -1))
+ if(data->state.upload && (data->state.infilesize != -1))
msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
data->state.infilesize);
else
@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
break;
case TFTP_EVENT_OACK:
- if(data->set.upload) {
+ if(data->state.upload) {
result = tftp_connect_for_tx(state, event);
}
else {
diff --git a/lib/transfer.c b/lib/transfer.c
index 69df214..6da96a0 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1287,6 +1287,7 @@ void Curl_init_CONNECT(struct Curl_easy *data)
{
data->state.fread_func = data->set.fread_func_set;
data->state.in = data->set.in_set;
+ data->state.upload = (data->state.httpreq == HTTPREQ_PUT);
}
/*
@@ -1715,7 +1716,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
data->state.httpreq != HTTPREQ_POST_MIME) ||
!(data->set.keep_post & CURL_REDIR_POST_303))) {
data->state.httpreq = HTTPREQ_GET;
- data->set.upload = false;
infof(data, "Switch to %s",
data->req.no_body?"HEAD":"GET");
}
@@ -1753,7 +1753,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url)
/* if we're talking upload, we can't do the checks below, unless the protocol
is HTTP as when uploading over HTTP we will still get a response */
- if(data->set.upload &&
+ if(data->state.upload &&
!(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
return CURLE_OK;
diff --git a/lib/urldata.h b/lib/urldata.h
index 6a63947..069ffb2 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1442,6 +1442,7 @@ struct UrlState {
BIT(rewindbeforesend);/* TRUE when the sending couldn't be stopped even
though it will be discarded. We must call the data
rewind callback before trying to send again. */
+ BIT(upload); /* upload request */
};
/*
@@ -1817,7 +1818,6 @@ struct UserDefined {
BIT(http_auto_referer); /* set "correct" referer when following
location: */
BIT(opt_no_body); /* as set with CURLOPT_NOBODY */
- BIT(upload); /* upload request */
BIT(verbose); /* output verbosity */
BIT(krb); /* Kerberos connection requested */
BIT(reuse_forbid); /* forbidden to be reused, close after use */
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index 1115318..19804c2 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -1210,7 +1210,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(protop->path[strlen(protop->path)-1] == '/')
@@ -1823,7 +1823,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
/* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
ssh_set_blocking(sshc->ssh_session, 1);
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -1928,7 +1928,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
break;
}
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SCP_SEND_EOF);
else
state(data, SSH_SCP_CHANNEL_FREE);
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 4703eb5..48ff4de 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -2014,7 +2014,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(sshp->path[strlen(sshp->path)-1] == '/')
@@ -2687,7 +2687,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
break;
}
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -2827,7 +2827,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
break;
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SCP_SEND_EOF);
else
state(data, SSH_SCP_CHANNEL_FREE);
diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
index 17d59ec..2ca91b7 100644
--- a/lib/vssh/wolfssh.c
+++ b/lib/vssh/wolfssh.c
@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
}
break;
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
--
2.33.0

9
backport-curl-7.84.0-test3026.patch
View File

@ -2,7 +2,7 @@ From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com> From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 27 Jun 2022 16:50:57 +0200 Date: Mon, 27 Jun 2022 16:50:57 +0200
Subject: [PATCH] test3026: disable valgrind Subject: [PATCH] test3026: disable valgrind
It fails on x86_64 with: It fails on x86_64 with:
``` ```
Use --max-threads=INT to specify a larger number of threads Use --max-threads=INT to specify a larger number of threads
@ -33,13 +33,11 @@ It fails on x86_64 with:
valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576 valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
[...] [...]
``` ```
Conflict: NA
Reference: https://src.fedoraproject.org/rpms/curl/blob/rawhide/f/0102-curl-7.84.0-test3026.patch
--- ---
tests/data/test3026 | 3 +++ tests/data/test3026 | 3 +++
tests/libtest/lib3026.c | 4 ++-- tests/libtest/lib3026.c | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-) 2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/tests/data/test3026 b/tests/data/test3026 diff --git a/tests/data/test3026 b/tests/data/test3026
index fb80cc8..01f2ba5 100644 index fb80cc8..01f2ba5 100644
--- a/tests/data/test3026 --- a/tests/data/test3026
@ -57,7 +55,7 @@ diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
index 43fe335..70cd7a4 100644 index 43fe335..70cd7a4 100644
--- a/tests/libtest/lib3026.c --- a/tests/libtest/lib3026.c
+++ b/tests/libtest/lib3026.c +++ b/tests/libtest/lib3026.c
@@ -139,8 +139,8 @@ int test(char *URL) @@ -147,8 +147,8 @@ int test(char *URL)
results[i] = CURL_LAST; /* initialize with invalid value */ results[i] = CURL_LAST; /* initialize with invalid value */
res = pthread_create(&tids[i], NULL, run_thread, &results[i]); res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
if(res) { if(res) {
@ -70,3 +68,4 @@ index 43fe335..70cd7a4 100644
goto cleanup; goto cleanup;
-- --
2.37.1 2.37.1

51
backport-curl-7.87.0-test3012.patch
View File

@ -1,51 +0,0 @@
From 0d0a256c8e7f6261d49e1bdd583c04c0e5dfe706 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Jan 2023 08:53:05 +0100
Subject: [PATCH] test3012: disable valgrind
valgrind reports a call to memcpy() with overlapping blocks by mistake:
```
test 3012...[--output-dir with -J]
../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
CMD (0): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
valgrind ERROR ==496584== Source and destination overlap in memcpy_chk(0x54ad1a0, 0x54ad1a1, 11)
==496584== at 0x484C332: __memcpy_chk (vg_replace_strmem.c:1741)
==496584== by 0x118FDB: UnknownInlinedFun (string_fortified.h:36)
==496584== by 0x118FDB: UnknownInlinedFun (tool_cb_hdr.c:301)
==496584== by 0x118FDB: tool_header_cb (tool_cb_hdr.c:173)
==496584== by 0x489907B: chop_write.lto_priv.0 (sendf.c:620)
==496584== by 0x489CDD1: UnknownInlinedFun (http.c:4449)
==496584== by 0x489CDD1: UnknownInlinedFun (transfer.c:633)
==496584== by 0x489CDD1: Curl_readwrite (transfer.c:1219)
==496584== by 0x488C116: multi_runsingle (multi.c:2404)
==496584== by 0x488F491: curl_multi_perform (multi.c:2682)
==496584== by 0x486A9DA: UnknownInlinedFun (easy.c:663)
==496584== by 0x486A9DA: UnknownInlinedFun (easy.c:753)
==496584== by 0x486A9DA: curl_easy_perform (easy.c:772)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2406)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2594)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2706)
==496584== by 0x114B28: main (tool_main.c:284)
```
Bug: https://bugzilla.redhat.com/2143040
---
tests/data/test3012 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/data/test3012 b/tests/data/test3012
index 1889c93..ea43a49 100644
--- a/tests/data/test3012
+++ b/tests/data/test3012
@@ -56,5 +56,9 @@ Accept: */*
<file name="log/MMM%TESTNUMBERMMM">
-foo-
</file>
+
+<valgrind>
+disable
+</valgrind>
</verify>
</testcase>
--
2.39.0

19
backport-curl-7.88.0-tests-warnings.patch
View File

@ -2,28 +2,29 @@ From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com> From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 15 Feb 2023 10:42:38 +0100 Date: Wed, 15 Feb 2023 10:42:38 +0100
Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them" Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them"
While it might be useful for upstream developers, it is not so useful While it might be useful for upstream developers, it is not so useful
for downstream consumers. for downstream consumers.
This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8. This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8.
--- ---
tests/runtests.pl | 3 +-- tests/runtests.pl | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-) 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/runtests.pl b/tests/runtests.pl diff --git a/tests/runtests.pl b/tests/runtests.pl
index 71644ad18..0cf85c3fe 100755 index 71644ad18..0cf85c3fe 100755
--- a/tests/runtests.pl --- a/tests/runtests.pl
+++ b/tests/runtests.pl +++ b/tests/runtests.pl
@@ -75,8 +75,7 @@ BEGIN { @@ -55,8 +55,7 @@
} # given, this won't be a problem.
use strict; use strict;
-# Promote all warnings to fatal -# Promote all warnings to fatal
-use warnings FATAL => 'all'; -use warnings FATAL => 'all';
+use warnings; +use warnings;
use Cwd; use 5.006;
use Digest::MD5 qw(md5);
use MIME::Base64; # These should be the only variables that might be needed to get edited:
-- --
2.39.1 2.39.1

BIN
curl-7.88.1.tar.xz
View File

Binary file not shown.

BIN
curl-8.1.2.tar.xz Normal file
View File

Binary file not shown.

29
curl.spec
View File

@ -5,27 +5,16 @@
%global _configure ../configure %global _configure ../configure
Name: curl Name: curl
Version: 7.88.1 Version: 8.1.2
Release: 4 Release: 1
Summary: Curl is used in command lines or scripts to transfer data Summary: Curl is used in command lines or scripts to transfer data
License: MIT License: curl
URL: https://curl.haxx.se/ URL: https://curl.se/
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz Source: https://curl.se/download/curl-%{version}.tar.xz
Patch1: backport-0101-curl-7.32.0-multilib.patch Patch1: backport-0101-curl-7.32.0-multilib.patch
Patch2: backport-curl-7.84.0-test3026.patch Patch2: backport-curl-7.84.0-test3026.patch
Patch3: backport-curl-7.87.0-test3012.patch
Patch4: backport-curl-7.88.0-tests-warnings.patch Patch4: backport-curl-7.88.0-tests-warnings.patch
Patch5: backport-CVE-2023-27533.patch
Patch6: backport-CVE-2023-27534.patch
Patch7: backport-CVE-2023-27538.patch
Patch8: backport-CVE-2023-27535.patch
Patch9: backport-CVE-2023-27536.patch
Patch10: backport-CVE-2023-27537.patch
Patch11: backport-0001-CVE-2023-28320.patch
Patch12: backport-0002-CVE-2023-28320.patch
Patch13: backport-CVE-2023-28321.patch
Patch14: backport-CVE-2023-28322.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -72,7 +61,7 @@ Header files for libcurl.
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{version} -p1
printf "1112\n1455\n1184\n1801\n1592\n3000\n3001\n" >> tests/data/DISABLED echo "1801" >> tests/data/DISABLED
# adapt test 323 for updated OpenSSL # adapt test 323 for updated OpenSSL
sed -e 's/^35$/35,52/' -i tests/data/test323 sed -e 's/^35$/35,52/' -i tests/data/test323
@ -210,6 +199,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update to curl 8.1.2
* Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.88.1-4 * Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.88.1-4
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA