From 3c88d5d34e1a50361b2b9e07c5325e83b94b7f4d Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Mon, 21 Oct 2024 00:52:10 +0000 Subject: automatic import of curl --- .gitignore | 1 + backport-0001-CVE-2023-46219.patch | 133 ++++++ backport-0002-CVE-2023-46219.patch | 80 ++++ backport-0101-curl-7.32.0-multilib.patch | 91 ++++ backport-CVE-2023-46218.patch | 54 +++ backport-CVE-2024-2004.patch | 139 ++++++ backport-CVE-2024-2398.patch | 96 ++++ ...CVE-2024-7264-x509asn1-clean-up-GTime2str.patch | 60 +++ ...2024-7264-x509asn1-unittests-and-fixes-fo.patch | 315 ++++++++++++ ...24-8096-gtls-fix-OCSP-stapling-management.patch | 206 ++++++++ backport-curl-7.84.0-test3026.patch | 71 +++ backport-curl-7.88.0-tests-warnings.patch | 30 ++ ...-libssh2-set-length-to-0-if-strdup-failed.patch | 31 ++ backport-multi-avoid-memory-leak-risk.patch | 46 ++ ...te-ldap-URLs-correctly-for-IPv6-addresses.patch | 35 ++ ...ssl-avoid-BN_num_bits-NULL-pointer-derefs.patch | 34 ++ ...mhlp-fix-CRLF-stripping-files-with-d-file.patch | 100 ++++ backport-pre-CVE-2024-2004.patch | 159 +++++++ ...l_cb_rea-limit-rate-unpause-for-T-uploads.patch | 61 +++ ...cfgable-free-proxy_-cipher13_list-on-exit.patch | 28 ++ ...ransfers-to-override-max-connection-limit.patch | 49 ++ curl.spec | 526 +++++++++++++++++++++ sources | 1 + 23 files changed, 2346 insertions(+) create mode 100644 backport-0001-CVE-2023-46219.patch create mode 100644 backport-0002-CVE-2023-46219.patch create mode 100644 backport-0101-curl-7.32.0-multilib.patch create mode 100644 backport-CVE-2023-46218.patch create mode 100644 backport-CVE-2024-2004.patch create mode 100644 backport-CVE-2024-2398.patch create mode 100644 backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch create mode 100644 backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch create mode 100644 backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch create mode 100644 backport-curl-7.84.0-test3026.patch create mode 100644 backport-curl-7.88.0-tests-warnings.patch create mode 100644 backport-libssh2-set-length-to-0-if-strdup-failed.patch create mode 100644 backport-multi-avoid-memory-leak-risk.patch create mode 100644 backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch create mode 100644 backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch create mode 100644 backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch create mode 100644 backport-pre-CVE-2024-2004.patch create mode 100644 backport-tool_cb_rea-limit-rate-unpause-for-T-uploads.patch create mode 100644 backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch create mode 100644 backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch create mode 100644 curl.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..88e50a6 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/curl-8.4.0.tar.xz diff --git a/backport-0001-CVE-2023-46219.patch b/backport-0001-CVE-2023-46219.patch new file mode 100644 index 0000000..2e2ae77 --- /dev/null +++ b/backport-0001-CVE-2023-46219.patch @@ -0,0 +1,133 @@ +From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 08:23:17 +0100 +Subject: [PATCH] fopen: create short(er) temporary file name + +Only using random letters in the name plus a ".tmp" extension. Not by +appending characters to the final file name. + +Reported-by: Maksymilian Arciemowicz + +Closes #12388 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/73b65e94f3531179de45c6f3c836a610e3d0a846 +--- + lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 60 insertions(+), 5 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index 75b8a7aa5..a73ac068e 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -39,6 +39,51 @@ + #include "curl_memory.h" + #include "memdebug.h" + ++/* ++ The dirslash() function breaks a null-terminated pathname string into ++ directory and filename components then returns the directory component up ++ to, *AND INCLUDING*, a final '/'. If there is no directory in the path, ++ this instead returns a "" string. ++ ++ This function returns a pointer to malloc'ed memory. ++ ++ The input path to this function is expected to have a file name part. ++*/ ++ ++#ifdef _WIN32 ++#define PATHSEP "\\" ++#define IS_SEP(x) (((x) == '/') || ((x) == '\\')) ++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2) ++#define PATHSEP "\\" ++#define IS_SEP(x) ((x) == '\\') ++#else ++#define PATHSEP "/" ++#define IS_SEP(x) ((x) == '/') ++#endif ++ ++static char *dirslash(const char *path) ++{ ++ size_t n; ++ struct dynbuf out; ++ DEBUGASSERT(path); ++ Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH); ++ n = strlen(path); ++ if(n) { ++ /* find the rightmost path separator, if any */ ++ while(n && !IS_SEP(path[n-1])) ++ --n; ++ /* skip over all the path separators, if any */ ++ while(n && IS_SEP(path[n-1])) ++ --n; ++ } ++ if(Curl_dyn_addn(&out, path, n)) ++ return NULL; ++ /* if there was a directory, append a single trailing slash */ ++ if(n && Curl_dyn_addn(&out, PATHSEP, 1)) ++ return NULL; ++ return Curl_dyn_ptr(&out); ++} ++ + /* + * Curl_fopen() opens a file for writing with a temp name, to be renamed + * to the final name when completed. If there is an existing file using this +@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + FILE **fh, char **tempname) + { + CURLcode result = CURLE_WRITE_ERROR; +- unsigned char randsuffix[9]; ++ unsigned char randbuf[41]; + char *tempstore = NULL; + struct_stat sb; + int fd = -1; ++ char *dir; + *tempname = NULL; + ++ dir = dirslash(filename); ++ if(!dir) ++ goto fail; ++ + *fh = fopen(filename, FOPEN_WRITETEXT); + if(!*fh) + goto fail; +- if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) { ++ free(dir); + return CURLE_OK; ++ } + fclose(*fh); + *fh = NULL; + +- result = Curl_rand_alnum(data, randsuffix, sizeof(randsuffix)); ++ result = Curl_rand_alnum(data, randbuf, sizeof(randbuf)); + if(result) + goto fail; + +- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); ++ /* The temp file name should not end up too long for the target file ++ system */ ++ tempstore = aprintf("%s%s.tmp", dir, randbuf); + if(!tempstore) { + result = CURLE_OUT_OF_MEMORY; + goto fail; +@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + if(!*fh) + goto fail; + ++ free(dir); + *tempname = tempstore; + return CURLE_OK; + +@@ -105,7 +160,7 @@ fail: + } + + free(tempstore); +- ++ free(dir); + return result; + } + +-- +2.33.0 + diff --git a/backport-0002-CVE-2023-46219.patch b/backport-0002-CVE-2023-46219.patch new file mode 100644 index 0000000..c9c08ec --- /dev/null +++ b/backport-0002-CVE-2023-46219.patch @@ -0,0 +1,80 @@ +From f27b8dba73295cb5296a50f2c19c0739b502eb94 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 24 Nov 2023 09:46:32 +0100 +Subject: [PATCH] fopen: allocate the dir after fopen + +Move the allocation of the directory name down to after the fopen() call +to allow that shortcut code path to avoid a superfluous malloc+free +cycle. + +Follow-up to 73b65e94f35311 + +Closes #12398 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/f27b8dba73295cb5296a50f2c19c0739b502eb94 +--- + lib/fopen.c | 20 +++++++++----------- + 1 file changed, 9 insertions(+), 11 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index 2e726cc95..851279fe1 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -99,18 +99,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + char *tempstore = NULL; + struct_stat sb; + int fd = -1; +- char *dir; ++ char *dir = NULL; + *tempname = NULL; + +- dir = dirslash(filename); +- if(!dir) +- goto fail; +- + *fh = fopen(filename, FOPEN_WRITETEXT); + if(!*fh) + goto fail; + if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) { +- free(dir); + return CURLE_OK; + } + fclose(*fh); +@@ -120,9 +115,14 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + if(result) + goto fail; + +- /* The temp file name should not end up too long for the target file +- system */ +- tempstore = aprintf("%s%s.tmp", dir, randbuf); ++ dir = dirslash(filename); ++ if(dir) { ++ /* The temp file name should not end up too long for the target file ++ system */ ++ tempstore = aprintf("%s%s.tmp", dir, randbuf); ++ free(dir); ++ } ++ + if(!tempstore) { + result = CURLE_OUT_OF_MEMORY; + goto fail; +@@ -137,7 +137,6 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + if(!*fh) + goto fail; + +- free(dir); + *tempname = tempstore; + return CURLE_OK; + +@@ -148,7 +147,6 @@ fail: + } + + free(tempstore); +- free(dir); + return result; + } + +-- +2.33.0 + diff --git a/backport-0101-curl-7.32.0-multilib.patch b/backport-0101-curl-7.32.0-multilib.patch new file mode 100644 index 0000000..b4f8e2a --- /dev/null +++ b/backport-0101-curl-7.32.0-multilib.patch @@ -0,0 +1,91 @@ +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 12 Apr 2013 12:04:05 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script + +--- + curl-config.in | 23 +++++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 150004d..95d0759 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -78,7 +78,7 @@ while test $# -gt 0; do + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -157,32 +157,19 @@ while test $# -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@ENABLE_SHARED@" = "Xno"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; + + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi ++ echo "curl was built with static libraries disabled" >&2 ++ exit 1 + ;; + + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl ++packages do not provide any static libraries, thus cannot be linked statically. ++(Added in 7.17.1) + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 2ba9c39..f8f8b00 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -31,6 +31,7 @@ libdir=@libdir@ + includedir=@includedir@ + supported_protocols="@SUPPORT_PROTOCOLS@" + supported_features="@SUPPORT_FEATURES@" ++configure_options=@CONFIGURE_OPTIONS@ + + Name: libcurl + URL: https://curl.se/ +-- +2.26.2 + diff --git a/backport-CVE-2023-46218.patch b/backport-CVE-2023-46218.patch new file mode 100644 index 0000000..8158814 --- /dev/null +++ b/backport-CVE-2023-46218.patch @@ -0,0 +1,54 @@ +From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 23 Nov 2023 08:15:47 +0100 +Subject: [PATCH] cookie: lowercase the domain names before PSL checks + +Reported-by: Harry Sintonen + +Closes #12387 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb +--- + lib/cookie.c | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index 568cf537a..9095cea3e 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data, + * dereference it. + */ + if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { +- const psl_ctx_t *psl = Curl_psl_use(data); +- int acceptable; +- +- if(psl) { +- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); +- Curl_psl_release(data); ++ bool acceptable = FALSE; ++ char lcase[256]; ++ char lcookie[256]; ++ size_t dlen = strlen(domain); ++ size_t clen = strlen(co->domain); ++ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { ++ const psl_ctx_t *psl = Curl_psl_use(data); ++ if(psl) { ++ /* the PSL check requires lowercase domain name and pattern */ ++ Curl_strntolower(lcase, domain, dlen + 1); ++ Curl_strntolower(lcookie, co->domain, clen + 1); ++ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); ++ Curl_psl_release(data); ++ } ++ else ++ acceptable = !bad_domain(domain, strlen(domain)); + } +- else +- acceptable = !bad_domain(domain, strlen(domain)); + + if(!acceptable) { + infof(data, "cookie '%s' dropped, domain '%s' must not " +-- +2.33.0 + diff --git a/backport-CVE-2024-2004.patch b/backport-CVE-2024-2004.patch new file mode 100644 index 0000000..b8d947b --- /dev/null +++ b/backport-CVE-2024-2004.patch @@ -0,0 +1,139 @@ +From 17d302e56221f5040092db77d4f85086e8a20e0e Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson +Date: Tue, 27 Feb 2024 15:43:56 +0100 +Subject: [PATCH] setopt: Fix disabling all protocols + +When disabling all protocols without enabling any, the resulting +set of allowed protocols remained the default set. Clearing the +allowed set before inspecting the passed value from --proto make +the set empty even in the errorpath of no protocols enabled. + +Co-authored-by: Dan Fandrich +Reported-by: Dan Fandrich +Reviewed-by: Daniel Stenberg +Closes: #13004 + +Conflict:Context adapt +Reference:https://github.com/curl/curl/commit/17d302e56221f5040092db77d4f85086e8a20e0e +--- + lib/setopt.c | 16 ++++++++-------- + tests/data/Makefile.inc | 2 +- + tests/data/test1474 | 42 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 51 insertions(+), 9 deletions(-) + create mode 100644 tests/data/test1474 + +diff --git a/lib/setopt.c b/lib/setopt.c +index 6a4990cce..ce1321fc8 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -155,6 +155,12 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) + + static CURLcode protocol2num(const char *str, curl_prot_t *val) + { ++ /* ++ * We are asked to cherry-pick protocols, so play it safe and disallow all ++ * protocols to start with, and re-add the wanted ones back in. ++ */ ++ *val = 0; ++ + if(!str) + return CURLE_BAD_FUNCTION_ARGUMENT; + +@@ -163,8 +169,6 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val) + return CURLE_OK; + } + +- *val = 0; +- + do { + const char *token = str; + size_t tlen; +@@ -2654,22 +2658,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + break; + + case CURLOPT_PROTOCOLS_STR: { +- curl_prot_t prot; + argptr = va_arg(param, char *); +- result = protocol2num(argptr, &prot); ++ result = protocol2num(argptr, &data->set.allowed_protocols); + if(result) + return result; +- data->set.allowed_protocols = prot; + break; + } + + case CURLOPT_REDIR_PROTOCOLS_STR: { +- curl_prot_t prot; + argptr = va_arg(param, char *); +- result = protocol2num(argptr, &prot); ++ result = protocol2num(argptr, &data->set.redir_protocols); + if(result) + return result; +- data->set.redir_protocols = prot; + break; + } + +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index c20f90d94..b80ffb618 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -187,7 +187,7 @@ test1439 test1440 test1441 test1442 test1443 test1444 test1445 test1446 \ + test1447 test1448 test1449 test1450 test1451 test1452 test1453 test1454 \ + test1455 test1456 test1457 test1458 test1459 test1460 test1461 test1462 \ + test1463 test1464 test1465 test1466 test1467 test1468 test1469 test1470 \ +-test1471 test1472 test1473 \ ++test1471 test1472 test1473 test1474 \ + \ + test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ + test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ +diff --git a/tests/data/test1474 b/tests/data/test1474 +new file mode 100644 +index 000000000..c66fa2810 +--- /dev/null ++++ b/tests/data/test1474 +@@ -0,0 +1,42 @@ ++ ++ ++ ++HTTP ++HTTP GET ++--proto ++ ++ ++ ++# ++# Server-side ++ ++ ++ ++ ++ ++# ++# Client-side ++ ++ ++none ++ ++ ++http ++ ++ ++--proto -all disables all protocols ++ ++ ++--proto -all http://%HOSTIP:%NOLISTENPORT/%TESTNUMBER ++ ++ ++ ++# ++# Verify data after the test has been "shot" ++ ++# 1 - Protocol "http" disabled ++ ++1 ++ ++ ++ +-- +2.33.0 + diff --git a/backport-CVE-2024-2398.patch b/backport-CVE-2024-2398.patch new file mode 100644 index 0000000..c3128b1 --- /dev/null +++ b/backport-CVE-2024-2398.patch @@ -0,0 +1,96 @@ +From deca8039991886a559b67bcd6701db800a5cf764 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Wed, 6 Mar 2024 09:36:08 +0100 +Subject: [PATCH] http2: push headers better cleanup + +- provide common cleanup method for push headers + +Closes #13054 + +Conflict:struct h2_stream_ctx *stream => struct stream_ctx *stream +Context adapt +Reference:https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764 +--- + lib/http2.c | 34 +++++++++++++++------------------- + 1 file changed, 15 insertions(+), 19 deletions(-) + +diff --git a/lib/http2.c b/lib/http2.c +index c63ecd383..96868728a 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -271,6 +271,15 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf, + return CURLE_OK; + } + ++static void free_push_headers(struct stream_ctx *stream) ++{ ++ size_t i; ++ for(i = 0; ipush_headers_used; i++) ++ free(stream->push_headers[i]); ++ Curl_safefree(stream->push_headers); ++ stream->push_headers_used = 0; ++} ++ + static void http2_data_done(struct Curl_cfilter *cf, + struct Curl_easy *data, bool premature) + { +@@ -306,15 +315,7 @@ static void http2_data_done(struct Curl_cfilter *cf, + Curl_bufq_free(&stream->recvbuf); + Curl_h1_req_parse_free(&stream->h1); + Curl_dynhds_free(&stream->resp_trailers); +- if(stream->push_headers) { +- /* if they weren't used and then freed before */ +- for(; stream->push_headers_used > 0; --stream->push_headers_used) { +- free(stream->push_headers[stream->push_headers_used - 1]); +- } +- free(stream->push_headers); +- stream->push_headers = NULL; +- } +- ++ free_push_headers(stream); + free(stream); + H2_STREAM_LCTX(data) = NULL; + } +@@ -860,7 +861,6 @@ static int push_promise(struct Curl_cfilter *cf, + struct curl_pushheaders heads; + CURLMcode rc; + CURLcode result; +- size_t i; + /* clone the parent */ + struct Curl_easy *newhandle = h2_duphandle(cf, data); + if(!newhandle) { +@@ -905,11 +905,7 @@ static int push_promise(struct Curl_cfilter *cf, + Curl_set_in_callback(data, false); + + /* free the headers again */ +- for(i = 0; ipush_headers_used; i++) +- free(stream->push_headers[i]); +- free(stream->push_headers); +- stream->push_headers = NULL; +- stream->push_headers_used = 0; ++ free_push_headers(stream); + + if(rv) { + DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT)); +@@ -1430,14 +1426,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, + if(stream->push_headers_alloc > 1000) { + /* this is beyond crazy many headers, bail out */ + failf(data_s, "Too many PUSH_PROMISE headers"); +- Curl_safefree(stream->push_headers); ++ free_push_headers(stream); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + stream->push_headers_alloc *= 2; +- headp = Curl_saferealloc(stream->push_headers, +- stream->push_headers_alloc * sizeof(char *)); ++ headp = realloc(stream->push_headers, ++ stream->push_headers_alloc * sizeof(char *)); + if(!headp) { +- stream->push_headers = NULL; ++ free_push_headers(stream); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + stream->push_headers = headp; +-- +2.33.0 + diff --git a/backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch b/backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch new file mode 100644 index 0000000..4f3ef5d --- /dev/null +++ b/backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch @@ -0,0 +1,60 @@ +From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 30 Jul 2024 10:05:17 +0200 +Subject: [PATCH] x509asn1: clean up GTime2str + +Co-authored-by: Stefan Eissing +Reported-by: Dov Murik + +Closes #14307 +--- + lib/vtls/x509asn1.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c +index c3fd3a3..dd7985d 100644 +--- a/lib/vtls/x509asn1.c ++++ b/lib/vtls/x509asn1.c +@@ -537,7 +537,7 @@ static const char *GTime2str(const char *beg, const char *end) + /* Convert an ASN.1 Generalized time to a printable string. + Return the dynamically allocated string, or NULL if an error occurs. */ + +- for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++) ++ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++) + ; + + /* Get seconds digits. */ +@@ -556,17 +556,22 @@ static const char *GTime2str(const char *beg, const char *end) + return NULL; + } + +- /* Scan for timezone, measure fractional seconds. */ ++ /* timezone follows optional fractional seconds. */ + tzp = fracp; +- fracl = 0; ++ fracl = 0; /* no fractional seconds detected so far */ + if(fracp < end && (*fracp == '.' || *fracp == ',')) { +- fracp++; +- do ++ /* Have fractional seconds, e.g. "[.,]\d+". How many? */ ++ tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ ++ while(tzp < end && ISDIGIT(*tzp)) + tzp++; +- while(tzp < end && *tzp >= '0' && *tzp <= '9'); +- /* Strip leading zeroes in fractional seconds. */ +- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) +- ; ++ if(tzp == fracp) /* never looped, no digit after [.,] */ ++ return CURLE_BAD_FUNCTION_ARGUMENT; ++ fracl = tzp - fracp - 1; /* number of fractional sec digits */ ++ DEBUGASSERT(fracl > 0); ++ /* Strip trailing zeroes in fractional seconds. ++ * May reduce fracl to 0 if only '0's are present. */ ++ while(fracl && fracp[fracl - 1] == '0') ++ fracl--; + } + + /* Process timezone. */ +-- +2.41.0 + diff --git a/backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch b/backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch new file mode 100644 index 0000000..f4949bc --- /dev/null +++ b/backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch @@ -0,0 +1,315 @@ +From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Tue, 30 Jul 2024 16:40:48 +0200 +Subject: [PATCH] x509asn1: unittests and fixes for gtime2str + +Fix issues in GTime2str() and add unit test cases to verify correct +behaviour. + +Follow-up to 3c914bc6801 + +Closes #14316 +--- + lib/vtls/x509asn1.c | 32 +++++++--- + lib/vtls/x509asn1.h | 11 ++++ + tests/data/Makefile.inc | 2 +- + tests/data/test1656 | 22 +++++++ + tests/unit/Makefile.inc | 4 +- + tests/unit/unit1656.c | 133 ++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 194 insertions(+), 10 deletions(-) + create mode 100644 tests/data/test1656 + create mode 100644 tests/unit/unit1656.c + +diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c +index dd7985d..5c65df1 100644 +--- a/lib/vtls/x509asn1.c ++++ b/lib/vtls/x509asn1.c +@@ -561,12 +561,13 @@ static const char *GTime2str(const char *beg, const char *end) + fracl = 0; /* no fractional seconds detected so far */ + if(fracp < end && (*fracp == '.' || *fracp == ',')) { + /* Have fractional seconds, e.g. "[.,]\d+". How many? */ +- tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ ++ fracp++; /* should be a digit char or BAD ARGUMENT */ ++ tzp = fracp; + while(tzp < end && ISDIGIT(*tzp)) + tzp++; + if(tzp == fracp) /* never looped, no digit after [.,] */ + return CURLE_BAD_FUNCTION_ARGUMENT; +- fracl = tzp - fracp - 1; /* number of fractional sec digits */ ++ fracl = tzp - fracp; /* number of fractional sec digits */ + DEBUGASSERT(fracl > 0); + /* Strip trailing zeroes in fractional seconds. + * May reduce fracl to 0 if only '0's are present. */ +@@ -575,18 +576,24 @@ static const char *GTime2str(const char *beg, const char *end) + } + + /* Process timezone. */ +- if(tzp >= end) +- ; /* Nothing to do. */ ++ if(tzp >= end) { ++ tzp = ""; ++ tzl = 0; ++ } + else if(*tzp == 'Z') { +- tzp = " GMT"; +- end = tzp + 4; ++ sep = " "; ++ tzp = "GMT"; ++ tzl = 3; ++ } ++ else if((*tzp == '+') || (*tzp == '-')) { ++ sep = " UTC"; ++ tzl = end - tzp; + } + else { + sep = " "; +- tzp++; ++ tzl = end - tzp; + } + +- tzl = end - tzp; + return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", + beg, beg + 4, beg + 6, + beg + 8, beg + 10, sec1, sec2, +@@ -594,6 +601,15 @@ static const char *GTime2str(const char *beg, const char *end) + sep, (int)tzl, tzp); + } + ++#ifdef UNITTESTS ++/* used by unit1656.c */ ++CURLcode Curl_x509_GTime2str(struct dynbuf *store, ++ const char *beg, const char *end) ++{ ++ return GTime2str(store, beg, end); ++} ++#endif ++ + /* + * Convert an ASN.1 UTC time to a printable string. + * Return the dynamically allocated string, or NULL if an error occurs. +diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h +index 23a67b8..1d8bbab 100644 +--- a/lib/vtls/x509asn1.h ++++ b/lib/vtls/x509asn1.h +@@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, + const char *beg, const char *end); + CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, + const char *beg, const char *end); ++ ++#ifdef UNITTESTS ++#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ ++ defined(USE_MBEDTLS) ++ ++/* used by unit1656.c */ ++CURLcode Curl_x509_GTime2str(struct dynbuf *store, ++ const char *beg, const char *end); ++#endif ++#endif ++ + #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */ + #endif /* HEADER_CURL_X509ASN1_H */ +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 1472b19..0af94e6 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -207,7 +207,7 @@ test1620 test1621 \ + \ + test1630 test1631 test1632 test1633 test1634 test1635 \ + \ +-test1650 test1651 test1652 test1653 test1654 test1655 \ ++test1650 test1651 test1652 test1653 test1654 test1655 test1656 \ + test1660 test1661 test1662 \ + \ + test1670 test1671 \ +diff --git a/tests/data/test1656 b/tests/data/test1656 +new file mode 100644 +index 0000000..2fab21b +--- /dev/null ++++ b/tests/data/test1656 +@@ -0,0 +1,22 @@ ++ ++ ++ ++unittest ++Curl_x509_GTime2str ++ ++ ++ ++# ++# Client-side ++ ++ ++none ++ ++ ++unittest ++ ++ ++Curl_x509_GTime2str unit tests ++ ++ ++ +diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc +index 36e922b..b0eaf64 100644 +--- a/tests/unit/Makefile.inc ++++ b/tests/unit/Makefile.inc +@@ -36,7 +36,7 @@ UNITPROGS = unit1300 unit1302 unit1303 unit1304 unit1305 unit1307 \ + unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \ + unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 \ + unit1620 unit1621 \ +- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \ ++ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \ + unit1660 unit1661 \ + unit2600 unit2601 unit2602 unit2603 \ + unit3200 +@@ -117,6 +117,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES) + + unit1655_SOURCES = unit1655.c $(UNITFILES) + ++unit1656_SOURCES = unit1656.c $(UNITFILES) ++ + unit1660_SOURCES = unit1660.c $(UNITFILES) + + unit1661_SOURCES = unit1661.c $(UNITFILES) +diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c +new file mode 100644 +index 0000000..644e72f +--- /dev/null ++++ b/tests/unit/unit1656.c +@@ -0,0 +1,133 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Daniel Stenberg, , et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++#include "curlcheck.h" ++ ++#include "vtls/x509asn1.h" ++ ++static CURLcode unit_setup(void) ++{ ++ return CURLE_OK; ++} ++ ++static void unit_stop(void) ++{ ++ ++} ++ ++#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ ++ defined(USE_MBEDTLS) ++ ++#ifndef ARRAYSIZE ++#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) ++#endif ++ ++struct test_spec { ++ const char *input; ++ const char *exp_output; ++ CURLcode exp_result; ++}; ++ ++static struct test_spec test_specs[] = { ++ { "190321134340", "1903-21-13 43:40:00", CURLE_OK }, ++ { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, ++ { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK }, ++ { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK }, ++ { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK }, ++ { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK }, ++ { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK }, ++ { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK }, ++ { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK }, ++ { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK }, ++ { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK }, ++ { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK }, ++ { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK }, ++ { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK }, ++ { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK }, ++ { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK }, ++ { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK }, ++ { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK }, ++ { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK }, ++ { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK }, ++ { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK }, ++}; ++ ++static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf) ++{ ++ CURLcode result; ++ const char *in = spec->input; ++ ++ Curl_dyn_reset(dbuf); ++ result = Curl_x509_GTime2str(dbuf, in, in + strlen(in)); ++ if(result != spec->exp_result) { ++ fprintf(stderr, "test %zu: expect result %d, got %d\n", ++ i, spec->exp_result, result); ++ return FALSE; ++ } ++ else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) { ++ fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n", ++ i, in, spec->exp_output, Curl_dyn_ptr(dbuf)); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++UNITTEST_START ++{ ++ size_t i; ++ struct dynbuf dbuf; ++ bool all_ok = TRUE; ++ ++ Curl_dyn_init(&dbuf, 32*1024); ++ ++ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { ++ fprintf(stderr, "curl_global_init() failed\n"); ++ return TEST_ERR_MAJOR_BAD; ++ } ++ ++ for(i = 0; i < ARRAYSIZE(test_specs); ++i) { ++ if(!do_test(&test_specs[i], i, &dbuf)) ++ all_ok = FALSE; ++ } ++ fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails"); ++ ++ Curl_dyn_free(&dbuf); ++ curl_global_cleanup(); ++} ++UNITTEST_STOP ++ ++#else ++ ++UNITTEST_START ++{ ++ puts("not tested since Curl_x509_GTime2str() is not built-in"); ++} ++UNITTEST_STOP ++ ++#endif +-- +2.41.0 + diff --git a/backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch b/backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch new file mode 100644 index 0000000..462971d --- /dev/null +++ b/backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch @@ -0,0 +1,206 @@ +From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 20 Aug 2024 16:14:39 +0200 +Subject: [PATCH] gtls: fix OCSP stapling management + +Reported-by: Hiroki Kurosawa +Closes #14642 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f +--- + lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------ + 1 file changed, 73 insertions(+), 73 deletions(-) + +diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c +index 03d6fcc03..c7589d9d3 100644 +--- a/lib/vtls/gtls.c ++++ b/lib/vtls/gtls.c +@@ -850,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, + init_flags |= GNUTLS_NO_TICKETS; + #endif + ++#if defined(GNUTLS_NO_STATUS_REQUEST) ++ if(!config->verifystatus) ++ /* Disable the "status_request" TLS extension, enabled by default since ++ GnuTLS 3.8.0. */ ++ init_flags |= GNUTLS_NO_STATUS_REQUEST; ++#endif ++ + rc = gnutls_init(>ls->session, init_flags); + if(rc != GNUTLS_E_SUCCESS) { + failf(data, "gnutls_init() failed: %d", rc); +@@ -1321,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, + infof(data, " server certificate verification SKIPPED"); + + if(config->verifystatus) { +- if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { +- gnutls_datum_t status_request; +- gnutls_ocsp_resp_t ocsp_resp; ++ gnutls_datum_t status_request; ++ gnutls_ocsp_resp_t ocsp_resp; ++ gnutls_ocsp_cert_status_t status; ++ gnutls_x509_crl_reason_t reason; + +- gnutls_ocsp_cert_status_t status; +- gnutls_x509_crl_reason_t reason; ++ rc = gnutls_ocsp_status_request_get(session, &status_request); + +- rc = gnutls_ocsp_status_request_get(session, &status_request); ++ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ++ failf(data, "No OCSP response received"); ++ return CURLE_SSL_INVALIDCERTSTATUS; ++ } + +- infof(data, " server certificate status verification FAILED"); ++ if(rc < 0) { ++ failf(data, "Invalid OCSP response received"); ++ return CURLE_SSL_INVALIDCERTSTATUS; ++ } + +- if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { +- failf(data, "No OCSP response received"); +- return CURLE_SSL_INVALIDCERTSTATUS; +- } ++ gnutls_ocsp_resp_init(&ocsp_resp); + +- if(rc < 0) { +- failf(data, "Invalid OCSP response received"); +- return CURLE_SSL_INVALIDCERTSTATUS; +- } ++ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); ++ if(rc < 0) { ++ failf(data, "Invalid OCSP response received"); ++ return CURLE_SSL_INVALIDCERTSTATUS; ++ } + +- gnutls_ocsp_resp_init(&ocsp_resp); ++ (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, ++ &status, NULL, NULL, NULL, &reason); + +- rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); +- if(rc < 0) { +- failf(data, "Invalid OCSP response received"); +- return CURLE_SSL_INVALIDCERTSTATUS; +- } ++ switch(status) { ++ case GNUTLS_OCSP_CERT_GOOD: ++ break; + +- (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, +- &status, NULL, NULL, NULL, &reason); ++ case GNUTLS_OCSP_CERT_REVOKED: { ++ const char *crl_reason; + +- switch(status) { +- case GNUTLS_OCSP_CERT_GOOD: ++ switch(reason) { ++ default: ++ case GNUTLS_X509_CRLREASON_UNSPECIFIED: ++ crl_reason = "unspecified reason"; + break; + +- case GNUTLS_OCSP_CERT_REVOKED: { +- const char *crl_reason; +- +- switch(reason) { +- default: +- case GNUTLS_X509_CRLREASON_UNSPECIFIED: +- crl_reason = "unspecified reason"; +- break; +- +- case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: +- crl_reason = "private key compromised"; +- break; +- +- case GNUTLS_X509_CRLREASON_CACOMPROMISE: +- crl_reason = "CA compromised"; +- break; +- +- case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: +- crl_reason = "affiliation has changed"; +- break; ++ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: ++ crl_reason = "private key compromised"; ++ break; + +- case GNUTLS_X509_CRLREASON_SUPERSEDED: +- crl_reason = "certificate superseded"; +- break; ++ case GNUTLS_X509_CRLREASON_CACOMPROMISE: ++ crl_reason = "CA compromised"; ++ break; + +- case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: +- crl_reason = "operation has ceased"; +- break; ++ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: ++ crl_reason = "affiliation has changed"; ++ break; + +- case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: +- crl_reason = "certificate is on hold"; +- break; ++ case GNUTLS_X509_CRLREASON_SUPERSEDED: ++ crl_reason = "certificate superseded"; ++ break; + +- case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: +- crl_reason = "will be removed from delta CRL"; +- break; ++ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: ++ crl_reason = "operation has ceased"; ++ break; + +- case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: +- crl_reason = "privilege withdrawn"; +- break; ++ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: ++ crl_reason = "certificate is on hold"; ++ break; + +- case GNUTLS_X509_CRLREASON_AACOMPROMISE: +- crl_reason = "AA compromised"; +- break; +- } ++ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: ++ crl_reason = "will be removed from delta CRL"; ++ break; + +- failf(data, "Server certificate was revoked: %s", crl_reason); ++ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: ++ crl_reason = "privilege withdrawn"; + break; +- } + +- default: +- case GNUTLS_OCSP_CERT_UNKNOWN: +- failf(data, "Server certificate status is unknown"); ++ case GNUTLS_X509_CRLREASON_AACOMPROMISE: ++ crl_reason = "AA compromised"; + break; + } + +- gnutls_ocsp_resp_deinit(ocsp_resp); ++ failf(data, "Server certificate was revoked: %s", crl_reason); ++ break; ++ } + +- return CURLE_SSL_INVALIDCERTSTATUS; ++ default: ++ case GNUTLS_OCSP_CERT_UNKNOWN: ++ failf(data, "Server certificate status is unknown"); ++ break; + } +- else +- infof(data, " server certificate status verification OK"); ++ ++ gnutls_ocsp_resp_deinit(ocsp_resp); ++ if(status != GNUTLS_OCSP_CERT_GOOD) ++ return CURLE_SSL_INVALIDCERTSTATUS; + } + else + infof(data, " server certificate status verification SKIPPED"); +-- +2.33.0 + diff --git a/backport-curl-7.84.0-test3026.patch b/backport-curl-7.84.0-test3026.patch new file mode 100644 index 0000000..1098583 --- /dev/null +++ b/backport-curl-7.84.0-test3026.patch @@ -0,0 +1,71 @@ +From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 27 Jun 2022 16:50:57 +0200 +Subject: [PATCH] test3026: disable valgrind + +It fails on x86_64 with: +``` + Use --max-threads=INT to specify a larger number of threads + and rerun valgrind + valgrind: the 'impossible' happened: + Max number of threads is too low + host stacktrace: + ==174357== at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + sched status: + running_tid=1 + Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357) + ==174357== at 0x4A07816: clone (in /usr/lib64/libc.so.6) + ==174357== by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6) + ==174357== by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6) + ==174357== by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6) + ==174357== by 0x1093B5: test.part.0 (lib3026.c:64) + ==174357== by 0x492454F: (below main) (in /usr/lib64/libc.so.6) + client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998 + valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576 +[...] +``` +--- + tests/data/test3026 | 3 +++ + tests/libtest/lib3026.c | 4 ++-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tests/data/test3026 b/tests/data/test3026 +index fb80cc8..01f2ba5 100644 +--- a/tests/data/test3026 ++++ b/tests/data/test3026 +@@ -41,5 +41,8 @@ none + + 0 + ++ ++disable ++ + + +diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c +index 43fe335..70cd7a4 100644 +--- a/tests/libtest/lib3026.c ++++ b/tests/libtest/lib3026.c +@@ -147,8 +147,8 @@ int test(char *URL) + results[i] = CURL_LAST; /* initialize with invalid value */ + res = pthread_create(&tids[i], NULL, run_thread, &results[i]); + if(res) { +- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", +- __FILE__, __LINE__, res); ++ fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n", ++ __FILE__, __LINE__, i, res); + tid_count = i; + test_failure = -1; + goto cleanup; +-- +2.37.1 + diff --git a/backport-curl-7.88.0-tests-warnings.patch b/backport-curl-7.88.0-tests-warnings.patch new file mode 100644 index 0000000..04b2ba2 --- /dev/null +++ b/backport-curl-7.88.0-tests-warnings.patch @@ -0,0 +1,30 @@ +From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 15 Feb 2023 10:42:38 +0100 +Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them" + +While it might be useful for upstream developers, it is not so useful +for downstream consumers. + +This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8. +--- + tests/runtests.pl | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tests/runtests.pl b/tests/runtests.pl +index 71644ad18..0cf85c3fe 100755 +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -55,8 +55,7 @@ + # given, this won't be a problem. + + use strict; +-# Promote all warnings to fatal +-use warnings FATAL => 'all'; ++use warnings; + use 5.006; + + # These should be the only variables that might be needed to get edited: +-- +2.39.1 + diff --git a/backport-libssh2-set-length-to-0-if-strdup-failed.patch b/backport-libssh2-set-length-to-0-if-strdup-failed.patch new file mode 100644 index 0000000..eeeb7c0 --- /dev/null +++ b/backport-libssh2-set-length-to-0-if-strdup-failed.patch @@ -0,0 +1,31 @@ +From 6f3204820052263f488f86e02c206e1d24c4da2c Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 28 Mar 2024 00:38:09 +0100 +Subject: [PATCH] libssh2: set length to 0 if strdup failed + +Internally, libssh2 dereferences the NULL pointer if length is non-zero. +The callback function cannot return the error condition, so at least +prevent subsequent crash. + +Closes #13213 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/6f3204820052263f488f86e02c206e1d24c4da2c +--- + lib/vssh/libssh2.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c +index 3cfbe126c69df3..7d8d5f46571e9f 100644 +--- a/lib/vssh/libssh2.c ++++ b/lib/vssh/libssh2.c +@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction, + if(num_prompts == 1) { + struct connectdata *conn = data->conn; + responses[0].text = strdup(conn->passwd); +- responses[0].length = curlx_uztoui(strlen(conn->passwd)); ++ responses[0].length = ++ responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd)); + } + (void)prompts; + } /* kbd_callback */ diff --git a/backport-multi-avoid-memory-leak-risk.patch b/backport-multi-avoid-memory-leak-risk.patch new file mode 100644 index 0000000..0a0ed59 --- /dev/null +++ b/backport-multi-avoid-memory-leak-risk.patch @@ -0,0 +1,46 @@ +From 3572dd65bb233fc2720634804312192e3bdf4adf Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 25 Apr 2024 09:52:51 +0200 +Subject: [PATCH] multi: avoid memory-leak risk + +'newurl' is allocated in some conditions and used in a few scenarios, +but there were theoretical combinations in which it would not get freed. +Move the free to happen unconditionally. Never triggered by tests, but +spotted by Coverity. + +Closes #13471 + +Conflict:Context adapt +Reference:https://github.com/curl/curl/commit/3572dd65bb233fc2720634804312192e3bdf4adf +--- + lib/multi.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/multi.c b/lib/multi.c +index fb98d80639f3b7..7e7590d60f8bcb 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -2530,7 +2530,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + multistate(data, MSTATE_CONNECT); + rc = CURLM_CALL_MULTI_PERFORM; + } +- free(newurl); + } + else { + /* after the transfer is done, go DONE */ +@@ -2542,7 +2541,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + newurl = data->req.location; + data->req.location = NULL; + result = Curl_follow(data, newurl, FOLLOW_FAKE); +- free(newurl); + if(result) { + stream_error = TRUE; + result = multi_done(data, result, TRUE); +@@ -2561,6 +2559,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, + transfers */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } ++ free(newurl); + break; + } + diff --git a/backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch b/backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch new file mode 100644 index 0000000..aabfa79 --- /dev/null +++ b/backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch @@ -0,0 +1,35 @@ +From 56935a7dada6975d5a46aa494de0af195e4e8659 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 30 Mar 2024 11:14:54 +0100 +Subject: [PATCH] openldap: create ldap URLs correctly for IPv6 addresses + +Reported-by: Sergio Durigan Junior +Fixes #13228 +Closes #13235 + +Conflict:Context adapt +Reference:https://github.com/curl/curl/commit/56935a7dada6975d5a46aa494de0af195e4e8659 +--- + lib/openldap.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/lib/openldap.c b/lib/openldap.c +index 47266f64e44733..85a37b8186041a 100644 +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -548,9 +548,12 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) + + (void)done; + +- hosturl = aprintf("ldap%s://%s:%d", +- conn->handler->flags & PROTOPT_SSL? "s": "", +- conn->host.name, conn->remote_port); ++ hosturl = aprintf("%s://%s%s%s:%d", ++ conn->handler->scheme, ++ conn->bits.ipv6_ip? "[": "", ++ conn->host.name, ++ conn->bits.ipv6_ip? "]": "", ++ conn->remote_port); + if(!hosturl) + return CURLE_OUT_OF_MEMORY; + diff --git a/backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch b/backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch new file mode 100644 index 0000000..4a75f4c --- /dev/null +++ b/backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch @@ -0,0 +1,34 @@ +From b9f832edcce9db2de31070e76c3cbe59ca9ef512 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 12 Oct 2023 16:00:38 +0200 +Subject: [PATCH] openssl: avoid BN_num_bits() NULL pointer derefs + +Reported-by: icy17 on github +Fixes #12099 +Closes #12100 + +Conflict: NA +Reference: https://github.com/curl/curl/commit/b9f832edcce9db2de31070e76c3cbe59ca9ef512 +--- + lib/vtls/openssl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 9f9c8d136..6be86f871 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -538,9 +538,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) + #else + RSA_get0_key(rsa, &n, &e, NULL); + #endif /* HAVE_EVP_PKEY_GET_PARAMS */ +- BIO_printf(mem, "%d", BN_num_bits(n)); ++ BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0); + #else +- BIO_printf(mem, "%d", BN_num_bits(rsa->n)); ++ BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0); + #endif /* HAVE_OPAQUE_RSA_DSA_DH */ + push_certinfo("RSA Public Key", i); + print_pubkey_BN(rsa, n, i); +-- +2.33.0 + diff --git a/backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch b/backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch new file mode 100644 index 0000000..2e2bd23 --- /dev/null +++ b/backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch @@ -0,0 +1,100 @@ +From 923f7f8ce51b7f2f20282883cdafeb283310f3d9 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 6 Mar 2024 15:39:09 +0100 +Subject: [PATCH] paramhlp: fix CRLF-stripping files with "-d @file" + +All CR and LF bytes should be stripped, as documented, and all other +bytes are inluded in the data. Starting now, it also excludes null bytes +as they would otherwise also cut the data short. + +Reported-by: Simon K +Fixes #13063 +Closes #13064 + +Conflict:remove change of docs/cmdline-opts/data.md which is not exist +Reference:https://github.com/curl/curl/commit/923f7f8ce51b7f2f20282883cdafeb283310f3d9 +--- + src/tool_paramhlp.c | 63 +++++++++++++++++++++++++++++++-------- + 1 files changed, 51 insertions(+), 12 deletions(-) + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index 2725815000dc95..c26f6bbefd775c 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -63,6 +63,33 @@ struct getout *new_getout(struct OperationConfig *config) + return node; + } + ++#define ISCRLF(x) (((x) == '\r') || ((x) == '\n') || ((x) == '\0')) ++ ++/* memcrlf() has two modes. Both operate on a given memory area with ++ a specified size. ++ ++ countcrlf FALSE - return number of bytes from the start that DO NOT include ++ any CR or LF or NULL ++ ++ countcrlf TRUE - return number of bytes from the start that are ONLY CR or ++ LF or NULL. ++ ++*/ ++static size_t memcrlf(char *orig, ++ bool countcrlf, /* TRUE if we count CRLF, FALSE ++ if we count non-CRLF */ ++ size_t max) ++{ ++ char *ptr = orig; ++ size_t total = max; ++ for(ptr = orig; max; max--, ptr++) { ++ bool crlf = ISCRLF(*ptr); ++ if(countcrlf ^ crlf) ++ return ptr - orig; ++ } ++ return total; /* no delimiter found */ ++} ++ + #define MAX_FILE2STRING (256*1024*1024) /* big enough ? */ + + ParameterError file2string(char **bufp, FILE *file) +@@ -71,18 +98,30 @@ ParameterError file2string(char **bufp, FILE *file) + DEBUGASSERT(MAX_FILE2STRING < INT_MAX); /* needs to fit in an int later */ + curlx_dyn_init(&dyn, MAX_FILE2STRING); + if(file) { +- char buffer[256]; +- +- while(fgets(buffer, sizeof(buffer), file)) { +- char *ptr = strchr(buffer, '\r'); +- if(ptr) +- *ptr = '\0'; +- ptr = strchr(buffer, '\n'); +- if(ptr) +- *ptr = '\0'; +- if(curlx_dyn_add(&dyn, buffer)) +- return PARAM_NO_MEM; +- } ++ do { ++ char buffer[4096]; ++ char *ptr; ++ size_t nread = fread(buffer, 1, sizeof(buffer), file); ++ if(ferror(file)) { ++ curlx_dyn_free(&dyn); ++ *bufp = NULL; ++ return PARAM_READ_ERROR; ++ } ++ ptr = buffer; ++ while(nread) { ++ size_t nlen = memcrlf(ptr, FALSE, nread); ++ if(curlx_dyn_addn(&dyn, ptr, nlen)) ++ return PARAM_NO_MEM; ++ nread -= nlen; ++ ++ if(nread) { ++ ptr += nlen; ++ nlen = memcrlf(ptr, TRUE, nread); ++ ptr += nlen; ++ nread -= nlen; ++ } ++ } ++ } while(!feof(file)); + } + *bufp = curlx_dyn_ptr(&dyn); + return PARAM_OK; diff --git a/backport-pre-CVE-2024-2004.patch b/backport-pre-CVE-2024-2004.patch new file mode 100644 index 0000000..d297555 --- /dev/null +++ b/backport-pre-CVE-2024-2004.patch @@ -0,0 +1,159 @@ +From de0cd5e8e7c9a0cbf28c4a9dec998ad4b6dfa08c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 11 Dec 2023 23:17:26 +0100 +Subject: [PATCH] test1474: removed + +The test was already somewhat flaky and disabled on several platforms, +and after 1da640abb688 even more unstable. + +Conflict:Context adapt +Reference:https://github.com/curl/curl/commit/de0cd5e8e7c9a0cbf28c4a9dec998ad4b6dfa08c +--- + tests/data/Makefile.inc | 2 +- + tests/data/test1474 | 121 ---------------------------------------- + 2 files changed, 1 insertion(+), 122 deletions(-) + delete mode 100644 tests/data/test1474 + +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index de13c525e..6d1a2ad13 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -186,7 +186,7 @@ test1439 test1440 test1441 test1442 test1443 test1444 test1445 test1446 \ + test1447 test1448 test1449 test1450 test1451 test1452 test1453 test1454 \ + test1455 test1456 test1457 test1458 test1459 test1460 test1461 test1462 \ + test1463 test1464 test1465 test1466 test1467 test1468 test1469 test1470 \ +-test1471 test1472 test1473 test1474 \ ++test1471 test1472 test1473 \ + \ + test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ + test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ +diff --git a/tests/data/test1474 b/tests/data/test1474 +deleted file mode 100644 +index a87044d1a..000000000 +--- a/tests/data/test1474 ++++ /dev/null +@@ -1,121 +0,0 @@ +- +-# This test is quite timing dependent and tricky to set up. The time line of +-# test operations looks like this: +-# +-# 1. curl sends a PUT request with Expect: 100-continue and waits only 1 msec +-# for a 100 response. +-# 2. The HTTP server accepts the connection but waits 500 msec before acting +-# on the request. +-# 3. curl doesn't receive the expected 100 response before its timeout expires, +-# so it starts sending the body. It is throttled by a --limit-rate, so it +-# sends the first 64 KiB then stops for 1000 msec due to this +-# throttling. +-# 4. The server sends its 417 response while curl is throttled. +-# 5. curl responds to this 417 response by closing the connection (because it +-# has a half-completed response outstanding) and starting a new one. This +-# new request does not have an Expect: header so it is sent without delay. +-# It's still throttled, however, so it takes about 16 seconds to finish +-# sending. +-# 6. The server receives the response and this time acks it with 200. +-# +-# Because of the timing sensitivity (scheduling delays of 500 msec can cause +-# the test to fail), this test is marked flaky to avoid it being run in the CI +-# builds which are often run on overloaded servers. +-# Increasing the --limit-rate would decrease the test time, but at the cost of +-# becoming even more sensitive to delays (going from 500 msec to 250 msec or +-# less of accepted delay before failure). Adding a --speed-time would increase +-# the 1 second delay between writes to longer, but it would also increase the +-# total time needed by the test, which is already quite high. +-# +-# The assumption in step 3 is also broken on NetBSD 9.3, OpenBSD 7.3 and +-# Solaris 10 as they only usually send about half the requested amount of data +-# (see https://curl.se/mail/lib-2023-09/0021.html). +- +- +-HTTP +-HTTP PUT +-Expect +-flaky +-timing-dependent +- +- +-# Server-side +- +-# 417 means the server didn't like the Expect header +- +-HTTP/1.1 417 BAD swsbounce +-Date: Tue, 09 Nov 2010 14:49:00 GMT +-Server: test-server/fake +-Content-Length: 0 +- +- +- +-HTTP/1.1 200 OK +-Date: Tue, 09 Nov 2010 14:49:00 GMT +-Server: test-server/fake +-Content-Length: 10 +- +-blablabla +- +- +-HTTP/1.1 417 BAD swsbounce +-Date: Tue, 09 Nov 2010 14:49:00 GMT +-Server: test-server/fake +-Content-Length: 0 +- +-HTTP/1.1 200 OK +-Date: Tue, 09 Nov 2010 14:49:00 GMT +-Server: test-server/fake +-Content-Length: 10 +- +-blablabla +- +- +-no-expect +-delay: 500 +-connection-monitor +- +- +- +-# Client-side +- +- +-http +- +- +-HTTP PUT with Expect: 100-continue and 417 response during upload +- +- +-http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -T %LOGDIR/test%TESTNUMBER.txt --limit-rate 64K --expect100-timeout 0.001 +- +- +-perl -e "print 'Test does not work on this BSD system' if ( $^O eq 'netbsd' || $^O eq 'openbsd' || ($^O eq 'solaris' && qx/uname -r/ * 100 <= 510));" +- +-# Must be large enough to trigger curl's automatic 100-continue behaviour +- +-%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]% +- +- +- +-# Verify data after the test has been "shot" +- +- +-PUT /we/want/%TESTNUMBER HTTP/1.1 +-Host: %HOSTIP:%HTTPPORT +-User-Agent: curl/%VERSION +-Accept: */* +-Content-Length: 1053701 +-Expect: 100-continue +- +-%repeat[132 x S]%%repeat[1021 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]%%repeat[60 x x]%[DISCONNECT] +-PUT /we/want/%TESTNUMBER HTTP/1.1 +-Host: %HOSTIP:%HTTPPORT +-User-Agent: curl/%VERSION +-Accept: */* +-Content-Length: 1053701 +- +-%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]% +-[DISCONNECT] +- +- +- +-- +2.33.0 + diff --git a/backport-tool_cb_rea-limit-rate-unpause-for-T-uploads.patch b/backport-tool_cb_rea-limit-rate-unpause-for-T-uploads.patch new file mode 100644 index 0000000..fd98749 --- /dev/null +++ b/backport-tool_cb_rea-limit-rate-unpause-for-T-uploads.patch @@ -0,0 +1,61 @@ +From 5f4aaf8b66ef04208c1c2121d4b780c792303f32 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 30 Apr 2024 11:07:28 +0200 +Subject: [PATCH] tool_cb_rea: limit rate unpause for -T . uploads +Reference:https://github.com/curl/curl/pull/13506 + +--- + src/tool_cb_rea.c | 30 ++++++++++++++++++++++++++++-- + 1 file changed, 28 insertions(+), 2 deletions(-) + +diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c +index d70a9b9..f510f81 100644 +--- a/src/tool_cb_rea.c ++++ b/src/tool_cb_rea.c +@@ -36,6 +36,7 @@ + #include "tool_operate.h" + #include "tool_util.h" + #include "tool_msgs.h" ++#include "tool_sleep.h" + + #include "memdebug.h" /* keep this as LAST include */ + +@@ -124,8 +125,33 @@ int tool_readbusy_cb(void *clientp, + (void)ulnow; /* unused */ + + if(config->readbusy) { +- config->readbusy = FALSE; +- curl_easy_pause(per->curl, CURLPAUSE_CONT); ++ /* lame code to keep the rate down because the input might not deliver ++ anything, get paused again and come back here immediately */ ++ static long rate = 500; ++ static struct timeval prev; ++ static curl_off_t ulprev; ++ ++ if(ulprev == ulnow) { ++ /* it did not upload anything since last call */ ++ struct timeval now = tvnow(); ++ if(prev.tv_sec) ++ /* get a rolling average rate */ ++ /* rate = rate - rate/4 + tvdiff(now, prev)/4; */ ++ rate -= rate/4 - tvdiff(now, prev)/4; ++ prev = now; ++ } ++ else { ++ rate = 50; ++ ulprev = ulnow; ++ } ++ if(rate >= 50) { ++ /* keeps the looping down to 20 times per second in the crazy case */ ++ config->readbusy = FALSE; ++ curl_easy_pause(per->curl, CURLPAUSE_CONT); ++ } ++ else ++ /* sleep half a period */ ++ tool_go_sleep(25); + } + + return per->noprogress? 0 : CURL_PROGRESSFUNC_CONTINUE; +-- +2.27.0 + diff --git a/backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch b/backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch new file mode 100644 index 0000000..ada0c62 --- /dev/null +++ b/backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch @@ -0,0 +1,28 @@ +From 87d14e77b7d59a961eb56500017c0580f89f252b Mon Sep 17 00:00:00 2001 +From: Jan Venekamp <1422460+jan2000@users.noreply.github.com> +Date: Sat, 4 May 2024 03:05:51 +0200 +Subject: [PATCH] tool_cfgable: free {proxy_}cipher13_list on exit + +Author: Jan Venekamp +Reviewed-by: Daniel Gustafsson +Closes: #13531 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/87d14e77b7d59a961eb56500017c0580f89f252b +--- + src/tool_cfgable.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c +index bb271583263db3..5564e250d33782 100644 +--- a/src/tool_cfgable.c ++++ b/src/tool_cfgable.c +@@ -114,6 +114,8 @@ static void free_config_fields(struct OperationConfig *config) + Curl_safefree(config->doh_url); + Curl_safefree(config->cipher_list); + Curl_safefree(config->proxy_cipher_list); ++ Curl_safefree(config->cipher13_list); ++ Curl_safefree(config->proxy_cipher13_list); + Curl_safefree(config->cert); + Curl_safefree(config->proxy_cert); + Curl_safefree(config->cert_type); diff --git a/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch b/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch new file mode 100644 index 0000000..11e7a50 --- /dev/null +++ b/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch @@ -0,0 +1,49 @@ +From b049388d473a9a0189f3180e57e04a39a3793382 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 4 Jun 2024 17:00:05 +0200 +Subject: [PATCH] url: allow DoH transfers to override max connection limit + +When reaching the set maximum limit of allowed connections, allow a new +connection anyway if the transfer is created for the (internal) purpose +of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can +starve out new DoH requests making it impossible to name resolve for new +transfers. + +Bug: https://curl.se/mail/lib-2024-06/0001.html +Reported-by: kartatz +Closes #13880 + +Conflict:NA +Reference:https://github.com/curl/curl/commit/b049388d473a9a0189f3180e57e04a39a3793382 +--- + lib/url.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 41e35e153..4eabf0c87 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -3662,10 +3662,16 @@ static CURLcode create_conn(struct Curl_easy *data, + conn_candidate = Curl_conncache_extract_oldest(data); + if(conn_candidate) + Curl_disconnect(data, conn_candidate, FALSE); +- else { +- infof(data, "No connections available in cache"); +- connections_available = FALSE; +- } ++ else ++#ifndef CURL_DISABLE_DOH ++ if(data->set.dohfor) ++ infof(data, "Allowing DoH to override max connection limit"); ++ else ++#endif ++ { ++ infof(data, "No connections available in cache"); ++ connections_available = FALSE; ++ } + } + + if(!connections_available) { +-- +2.33.0 + diff --git a/curl.spec b/curl.spec new file mode 100644 index 0000000..5325732 --- /dev/null +++ b/curl.spec @@ -0,0 +1,526 @@ +#Global macro or variable +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) +%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') +%global libnghttp2_version %(pkg-config --modversion libnghttp2 2>/dev/null || echo 0) +%global _configure ../configure + +Name: curl +Version: 8.4.0 +Release: 10 +Summary: Curl is used in command lines or scripts to transfer data +License: curl +URL: https://curl.se/ +Source: https://curl.se/download/curl-%{version}.tar.xz + +Patch1: backport-0101-curl-7.32.0-multilib.patch +Patch2: backport-curl-7.84.0-test3026.patch +Patch4: backport-curl-7.88.0-tests-warnings.patch +Patch11: backport-CVE-2023-46218.patch +Patch12: backport-0001-CVE-2023-46219.patch +Patch13: backport-0002-CVE-2023-46219.patch +Patch15: backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch +Patch16: backport-pre-CVE-2024-2004.patch +Patch17: backport-CVE-2024-2004.patch +Patch18: backport-CVE-2024-2398.patch +Patch19: backport-tool_cb_rea-limit-rate-unpause-for-T-uploads.patch +#https://github.com/curl/curl/pull/13506 +Patch20: backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch +Patch21: backport-libssh2-set-length-to-0-if-strdup-failed.patch +Patch22: backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch +Patch23: backport-multi-avoid-memory-leak-risk.patch +Patch24: backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch +Patch25: backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch +Patch26: backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch +Patch27: backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch +Patch28: backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch + +BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel +BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel +BuildRequires: libssh-devel make openldap-devel openssh-clients openssh-server +BuildRequires: openssl-devel perl-interpreter pkgconfig python3-devel sed +BuildRequires: zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip) +BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings) +BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) +BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) +BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars) perl(Digest::SHA) + +%ifnarch aarch64 +BuildRequires: stunnel +%endif + +Requires: libcurl = %{version}-%{release} +Provides: curl-full = %{version}-%{release} webclient + +%description +cURL is a computer software project providing a library (libcurl) and +command-line tool (curl) for transferring data using various protocols. + +%package -n libcurl +Summary: A library for getting files from web servers +Requires: libssh >= %{libssh_version} libpsl >= %{libpsl_version} +Requires: openssl-libs >= 1:%{openssl_version} +Requires: libnghttp2 >= %{libnghttp2_version} +Provides: libcurl-full = %{version}-%{release} +Conflicts: curl < 7.66.0-3 + +%description -n libcurl +A library for getting files from web servers. + +%package -n libcurl-devel +Summary: Header files for libcurl +Requires: libcurl = %{version}-%{release} +Provides: curl-devel = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} + +%description -n libcurl-devel +Header files for libcurl. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 + +echo "1801" >> tests/data/DISABLED + +# adapt test 323 for updated OpenSSL +sed -e 's/^35$/35,52/' -i tests/data/test323 +# use localhost6 instead of ip6-localhost in the curl test-suite +( + # avoid glob expansion in the trace output of `bash -x` + { set +x; } 2>/dev/null + cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" + printf "+ %s\n" "$cmd" >&2 + eval "$cmd" +) + +%build +# regenerate Makefile.in files +aclocal -I m4 +automake + +install -d build-full +export common_configure_opts="--cache-file=../config.cache \ + --enable-hsts --enable-ipv6 --enable-symbol-hiding --enable-threaded-resolver \ + --without-zstd --with-gssapi --with-libidn2 --with-nghttp2 --with-ssl \ + --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" + +%global _configure ../configure + +# configure full build +( + cd build-full + %configure $common_configure_opts \ + --enable-dict \ + --enable-gopher \ + --enable-imap \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ + --enable-mqtt \ + --enable-ntlm \ + --enable-ntlm-wb \ + --enable-pop3 \ + --enable-rtsp \ + --enable-smb \ + --enable-smtp \ + --enable-telnet \ + --enable-tftp \ + --enable-tls-srp \ + --with-brotli \ + --with-libpsl \ + --with-libssh +) + +sed -e 's/^runpath_var=.*/runpath_var=/' \ + -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ + -i build-full/libtool + +%make_build V=1 -C build-full + +%check +# compile upstream test-cases +%make_build V=1 -C build-full/tests + +# relax crypto policy for the test-suite to make it pass again (#1610888) +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX +export OPENSSL_CONF= + +# make runtests.pl work for out-of-tree builds +export srcdir=../../tests + +# prevent valgrind from being extremely slow (#1662656) +unset DEBUGINFOD_URLS + +# run the upstream test-suite for curl-full +for size in full; do ( + cd build-${size} + + # we have to override LD_LIBRARY_PATH because we eliminated rpath + export LD_LIBRARY_PATH="${PWD}/lib/.libs" + + cd tests + perl -I../../tests ../../tests/runtests.pl -a -n -p -v '!flaky' +) +done + +%install +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} + +# install libcurl.m4 for devel +install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4 + +# curl file install +cd build-full +%make_install + +# install zsh completion for curl +LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts + +# do not install /usr/share/fish/completions/curl.fish which is also installed +# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict +rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish + +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.a +rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la + +%ldconfig_scriptlets + +%ldconfig_scriptlets -n libcurl + +%files +%defattr(-,root,root) +%license COPYING +%{_bindir}/curl +%{_datadir}/zsh + +%files -n libcurl +%defattr(-,root,root) +%{_libdir}/libcurl.so.4 +%{_libdir}/libcurl.so.4.[0-9].[0-9] + +%files -n libcurl-devel +%defattr(-,root,root) +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md +%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md +%{_bindir}/curl-config* +%{_includedir}/curl +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/aclocal/libcurl.m4 + +%files help +%defattr(-,root,root) +%doc CHANGES README* +%doc docs/BUGS.md docs/FAQ docs/FEATURES.md +%doc docs/TheArtOfHttpScripting.md docs/TODO +%{_mandir}/man1/curl.1* +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* + +%changelog +* Fri Sep 20 2024 zhouyihang - 8.4.0-10 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:url: allow DoH transfers to override max connection limit + +* Thu Sep 12 2024 zhouyihang - 8.4.0-9 +- Type:CVE +- CVE:CVE-2024-8096 +- SUG:NA +- DESC:fix CVE-2024-8096 + +* Thu Sep 05 2024 zhouyihang - 8.4.0-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:revert modify licence from curl to MIT + +* Thu Aug 15 2024 zhangxianjun - 8.4.0-7 +- modify licence from curl to MIT + +* Wed Jul 31 2024 yinyongkang - 8.4.0-6 +- Type:CVE +- CVE:CVE-2024-7264 +- SUG:NA +- DESC:fix CVE-2024-7264 + +* Mon Jun 24 2024 zhouyihang - 8.4.0-5 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:paramhlp: fix CRLF-stripping files with "-d @file" + libssh2: set length to 0 if strdup failed + openldap: create ldap URLs correctly for IPv6 addresses + multi: avoid memory-leak risk + tool_cfgable: free {proxy_}cipher13_list on exit + +* Wed Jun 12 2024 zhouyihang - 8.4.0-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add version require of nghttp2 for libcurl + +* Thu May 09 2024 baiguo - 8.4.0-3 +- DESC: tool_cb_rea: limit rate unpause for -T . uploads + +* Mon Apr 01 2024 zhouyihang - 8.4.0-2 +- Type:CVE +- CVE:CVE-2024-2004 CVE-2024-2398 +- SUG:NA +- DESC:fix CVE-2024-2004 CVE-2024-2398 + +* Tue Jan 09 2024 zhouyihang - 8.4.0-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update curl to 8.4.0 + +* Thu Dec 28 2023 zhouyihang - 8.1.2-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:transfer: also stop the sending on closed connection + openssl: avoid BN_num_bits() NULL pointer derefs + +* Fri Dec 08 2023 zhouyihang - 8.1.2-6 +- Type:CVE +- CVE:CVE-2023-46218 CVE-2023-46219 +- SUG:NA +- DESC:fix CVE-2023-46218 CVE-2023-46219 + +* Thu Oct 12 2023 zhouyihang - 8.1.2-5 +- Type:CVE +- CVE:CVE-2023-38545 CVE-2023-38546 +- SUG:NA +- DESC:fix CVE-2023-38545 CVE-2023-38546 + +* Thu Sep 14 2023 gaihuiying - 8.1.2-4 +- Type:CVE +- CVE:CVE-2023-38039 +- SUG:NA +- DESC:fix CVE-2023-38039 + +* Wed Sep 06 2023 yanglu - 8.1.2-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:vtls:avoid memory leak if sha256 call fails + urlapi:make sure zoneid is also duplicated in curl_url_dup + +* Thu Jul 20 2023 zhouyihang - 8.1.2-2 +- Type:CVE +- CVE:CVE-2023-32001 +- SUG:NA +- DESC:fix CVE-2023-32001 + +* Sat Jul 15 2023 gaihuiying - 8.1.2-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update to curl 8.1.2 + +* Sat Jun 10 2023 zhouyihang - 7.88.1-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:disable valgrind in tests + +* Thu Jun 08 2023 xingwei - 7.88.1-3 +- Type:CVE +- CVE:CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 +- SUG:NA +- DESC:fix CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 + +* Wed Mar 22 2023 zengwefeng - 7.88.1-2 +- Type:cves +- ID:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 +- SUG:NA +- DESC:fix CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 + + +* Thu Mar 02 2023 xinghe - 7.88.1-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:upgrade to 7.88.1 + +* Sat Feb 18 2023 xinghe - 7.86.0-3 +- Type:cves +- ID:CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 +- SUG:NA +- DESC:fix CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 + +* Thu Dec 22 2022 zhouyihang - 7.86.0-2 +- Type:cves +- ID:CVE-2022-43551 CVE-2022-43552 +- SUG:NA +- DESC:fix CVE-2022-43551 CVE-2022-43552 + +* Wed Nov 16 2022 xinghe - 7.86.0-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:upgrade to 7.86.0 + +* Thu Oct 27 2022 yanglu - 7.79.1-12 +- Type:cves +- CVE:CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 +- SUG:NA +- DESC:fix CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 + +* Tue Oct 11 2022 huangduirong - 7.79.1-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Move autoreconf to build + +* Thu Sep 01 2022 zhouyihang - 7.79.1-10 +- Type:cves +- CVE:CVE-2022-35252 +- SUG:NA +- DESC:fix CVE-2022-35252 + +* Thu Jul 28 2022 gaihuiying - 7.79.1-9 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:just rebuild release to 7.79.1-9 + +* Mon Jul 25 2022 gaihuiying - 7.79.1-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix build error when add --disable-http-auth configure option + +* Tue Jul 05 2022 gaihuiying - 7.79.1-7 +- Type:cves +- CVE:CVE-2022-32207 +- SUG:NA +- DESC:fix CVE-2022-32207 better + +* Wed Jun 29 2022 gaihuiying - 7.79.1-6 +- Type:cves +- CVE:CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 +- SUG:NA +- DESC:fix CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 + +* Tue May 17 2022 gaihuiying - 7.79.1-5 +- Type:cves +- CVE:CVE-2022-27781 CVE-2022-27782 +- SUG:NA +- DESC:fix CVE-2022-27781 CVE-2022-27782 + +* Sat May 14 2022 gaoxingwang - 7.79.1-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix dict and neg telnet server start fail in upstream testcase + +* Fri May 06 2022 gaihuiying - 7.79.1-3 +- Type:cves +- CVE:CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 +- SUG:NA +- DESC:fix CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 + +* Mon Apr 25 2022 gaoxingwang - 7.79.1-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:enable check in spec + +* Thu Jan 20 2022 gaoxingwang - 7.79.1-1 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:update curl to 7.79.1 +* Wed Sep 29 2021 yanglu - 7.77.0-3 +- Type:CVE +- CVE:CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 +- SUG:NA +- DESC:fix CVE-2021-22945 CVE-2021-22946CVE-2021-22947 + +* Fri Aug 13 2021 gaihuiying - 7.77.0-2 +- Type:CVE +- CVE:CVE-2021-22925 CVE-2021-22926 +- SUG:NA +- DESC:fix CVE-2021-22925 CVE-2021-22926 + +* Thu Jul 8 2021 gaihuiying - 7.77.0-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update curl to 7.77.0 + +* Tue Jun 8 2021 gaihuiying - 7.71.1-9 +- Type:CVE +- CVE:CVE-2021-22897 CVE-2021-22898 +- SUG:NA +- DESC:fix CVE-2021-22897 CVE-2021-22898 + +* Tue Apr 20 2021 gaihuiying - 7.71.1-8 +- Type:CVE +- CVE:CVE-2021-22890 +- SUG:NA +- DESC:fix CVE-2021-22890 + +* Thu Apr 8 2021 xieliuhua - 7.71.1-7 +- Type:CVE +- CVE:CVE-2021-22876 +- SUG:NA +- DESC:fix CVE-2021-22876 + +* Tue Jan 26 2021 wangxiaopeng - 7.71.1-6 +- Type:CVE +- CVE:CVE-2020-8285 +- SUG:NA +- DESC:fix CVE-2020-8285 + +* Tue Jan 19 2021 xielh2000 - 7.71.1-5 +- Type:CVE +- CVE:CVE-2020-8286 +- SUG:NA +- DESC:fix CVE-2020-8286 + +* Mon Jan 18 2021 xihaochen - 7.71.1-4 +- Type:CVE +- CVE:CVE-2020-8284 +- SUG:NA +- DESC:fix CVE-2020-8284 + +* Tue Jan 5 2021 gaihuiying - 7.71.1-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix downgrade error + +* Mon Dec 28 2020 liuxin - 7.71.1-2 +- Type:cves +- ID:CVE-2020-8231 +- SUG:NA +- DESC:fix CVE-2020-8231 + +* Fri Jul 24 2020 zhujunhao - 7.71.1-1 +- Update to 7.71.1 + +* Thu Apr 9 2020 songnannan - 7.66.0-3 +- split out the libcurl and libcurl-devel package + +* Tue Mar 17 2020 chenzhen - 7.66.0-2 +- Type:cves +- ID:CVE-2019-15601 +- SUG:NA +- DESC:fix CVE-2019-15601 + +* Sat Jan 11 2020 openEuler Buildteam - 7.66.0-1 +- update to 7.66.0 + +* Sat Dec 21 2019 openEuler Buildteam - 7.61.1-4 +- Type:cves +- ID:CVE-2019-5481 CVE-2019-5482 +- SUG:NA +- DESC:fix CVE-2019-5481 CVE-2019-5482 + +* Wed Sep 18 2019 guanyanjie - 7.61.1-3 +- Init for openEuler diff --git a/sources b/sources new file mode 100644 index 0000000..cceefee --- /dev/null +++ b/sources @@ -0,0 +1 @@ +8424597f247da68b6041dd7f9ca367fe curl-8.4.0.tar.xz -- cgit v1.2.3