import curl-7.61.1-30.el8
This commit is contained in:
parent
f3742f8140
commit
2cf47cbfbd
171
SOURCES/0043-curl-7.61.1-CVE-2022-35252.patch
Normal file
171
SOURCES/0043-curl-7.61.1-CVE-2022-35252.patch
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
From 005d3f387bc5c3b2ee94d0597b5e202644c825f5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Wed, 31 Oct 2018 11:08:49 +0100
|
||||||
|
Subject: [PATCH 1/3] runtests: use the local curl for verifying
|
||||||
|
|
||||||
|
... revert the mistaken change brought in commit 8440616f53.
|
||||||
|
|
||||||
|
Reported-by: Alessandro Ghedini
|
||||||
|
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
|
||||||
|
|
||||||
|
Closes #3198
|
||||||
|
|
||||||
|
Upstream-commit: 8effa8c2b09906a2f00a3f08322dc5da35245b0a
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/runtests.pl | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||||
|
index 8d8ed81..d62fa40 100755
|
||||||
|
--- a/tests/runtests.pl
|
||||||
|
+++ b/tests/runtests.pl
|
||||||
|
@@ -152,7 +152,7 @@ my $NEGTELNETPORT; # TELNET server port with negotiation
|
||||||
|
|
||||||
|
my $srcdir = $ENV{'srcdir'} || '.';
|
||||||
|
my $CURL="../src/curl".exe_ext(); # what curl executable to run on the tests
|
||||||
|
-my $VCURL="curl"; # what curl binary to use to verify the servers with
|
||||||
|
+my $VCURL=$CURL; # what curl binary to use to verify the servers with
|
||||||
|
# VCURL is handy to set to the system one when the one you
|
||||||
|
# just built hangs or crashes and thus prevent verification
|
||||||
|
my $DBGCURL=$CURL; #"../src/.libs/curl"; # alternative for debugging
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
|
||||||
|
From fbc2ac6f06ec13cc872ce7adb870f4d7c7d5dded Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 29 Aug 2022 00:09:17 +0200
|
||||||
|
Subject: [PATCH 2/3] cookie: reject cookies with "control bytes"
|
||||||
|
|
||||||
|
Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
|
||||||
|
|
||||||
|
Reported-by: Axel Chong
|
||||||
|
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-35252.html
|
||||||
|
|
||||||
|
CVE-2022-35252
|
||||||
|
|
||||||
|
Closes #9381
|
||||||
|
|
||||||
|
Upstream-commit: 8dfc93e573ca740544a2d79ebb0ed786592c65c3
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/cookie.c | 29 +++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 29 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||||
|
index cb0c03b..e0470a1 100644
|
||||||
|
--- a/lib/cookie.c
|
||||||
|
+++ b/lib/cookie.c
|
||||||
|
@@ -371,6 +371,30 @@ static void strstore(char **str, const char *newstr)
|
||||||
|
*str = strdup(newstr);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ RFC 6265 section 4.1.1 says a server should accept this range:
|
||||||
|
+
|
||||||
|
+ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
|
||||||
|
+
|
||||||
|
+ But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
|
||||||
|
+ fine. The prime reason for filtering out control bytes is that some HTTP
|
||||||
|
+ servers return 400 for requests that contain such.
|
||||||
|
+*/
|
||||||
|
+static int invalid_octets(const char *p)
|
||||||
|
+{
|
||||||
|
+ /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
|
||||||
|
+ static const char badoctets[] = {
|
||||||
|
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
|
||||||
|
+ "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
|
||||||
|
+ "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
|
||||||
|
+ };
|
||||||
|
+ size_t vlen, len;
|
||||||
|
+ /* scan for all the octets that are *not* in cookie-octet */
|
||||||
|
+ len = strcspn(p, badoctets);
|
||||||
|
+ vlen = strlen(p);
|
||||||
|
+ return (len != vlen);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* remove_expired() removes expired cookies.
|
||||||
|
*/
|
||||||
|
@@ -541,6 +565,11 @@ Curl_cookie_add(struct Curl_easy *data,
|
||||||
|
badcookie = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ if(invalid_octets(whatptr) || invalid_octets(name)) {
|
||||||
|
+ infof(data, "invalid octets in name/value, cookie dropped");
|
||||||
|
+ badcookie = TRUE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
else if(!len) {
|
||||||
|
/* this was a "<name>=" with no content, and we must allow
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
||||||
|
|
||||||
|
From 1a3e2bd48572761236934651091c899a4d460ef5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 29 Aug 2022 00:09:17 +0200
|
||||||
|
Subject: [PATCH 3/3] test8: verify that "ctrl-byte cookies" are ignored
|
||||||
|
|
||||||
|
Upstream-commit: 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/test8 | 32 +++++++++++++++++++++++++++++++-
|
||||||
|
1 file changed, 31 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tests/data/test8 b/tests/data/test8
|
||||||
|
index a8548e6..8587611 100644
|
||||||
|
--- a/tests/data/test8
|
||||||
|
+++ b/tests/data/test8
|
||||||
|
@@ -46,6 +46,36 @@ Set-Cookie: trailingspace = removed; path=/we/want;
|
||||||
|
Set-Cookie: nocookie=yes; path=/WE;
|
||||||
|
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
|
||||||
|
Set-Cookie: partialip=nono; domain=.0.0.1;
|
||||||
|
+Set-Cookie: cookie1=-junk
|
||||||
|
+Set-Cookie: cookie2=-junk
|
||||||
|
+Set-Cookie: cookie3=-junk
|
||||||
|
+Set-Cookie: cookie4=-junk
|
||||||
|
+Set-Cookie: cookie5=-junk
|
||||||
|
+Set-Cookie: cookie6=-junk
|
||||||
|
+Set-Cookie: cookie7=-junk
|
||||||
|
+Set-Cookie: cookie8=-junk
|
||||||
|
+Set-Cookie: cookie9=junk- -
|
||||||
|
+Set-Cookie: cookie11=-junk
|
||||||
|
+Set-Cookie: cookie12=-junk
|
||||||
|
+Set-Cookie: cookie14=-junk
|
||||||
|
+Set-Cookie: cookie15=-junk
|
||||||
|
+Set-Cookie: cookie16=-junk
|
||||||
|
+Set-Cookie: cookie17=-junk
|
||||||
|
+Set-Cookie: cookie18=-junk
|
||||||
|
+Set-Cookie: cookie19=-junk
|
||||||
|
+Set-Cookie: cookie20=-junk
|
||||||
|
+Set-Cookie: cookie21=-junk
|
||||||
|
+Set-Cookie: cookie22=-junk
|
||||||
|
+Set-Cookie: cookie23=-junk
|
||||||
|
+Set-Cookie: cookie24=-junk
|
||||||
|
+Set-Cookie: cookie25=-junk
|
||||||
|
+Set-Cookie: cookie26=-junk
|
||||||
|
+Set-Cookie: cookie27=-junk
|
||||||
|
+Set-Cookie: cookie28=-junk
|
||||||
|
+Set-Cookie: cookie29=-junk
|
||||||
|
+Set-Cookie: cookie30=-junk
|
||||||
|
+Set-Cookie: cookie31=-junk
|
||||||
|
+Set-Cookie: cookie31=-junk
|
||||||
|
|
||||||
|
</file>
|
||||||
|
<precheck>
|
||||||
|
@@ -62,7 +92,7 @@ perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only works for HOSTIPs endi
|
||||||
|
GET /we/want/8 HTTP/1.1
|
||||||
|
Host: %HOSTIP:%HTTPPORT
|
||||||
|
Accept: */*
|
||||||
|
-Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
|
||||||
|
+Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes; cookie9=junk- -
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
81
SOURCES/0045-curl-7.61.1-CVE-2022-43552.patch
Normal file
81
SOURCES/0045-curl-7.61.1-CVE-2022-43552.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
From 5cdcf1dbd39c64e18a81fc912a36942a3ec87565 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 19 Dec 2022 08:38:37 +0100
|
||||||
|
Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
|
||||||
|
|
||||||
|
It is managed by the generic layer.
|
||||||
|
|
||||||
|
Reported-by: Trail of Bits
|
||||||
|
|
||||||
|
Closes #10112
|
||||||
|
|
||||||
|
Upstream-commit: 4f20188ac644afe174be6005ef4f6ffba232b8b2
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/smb.c | 14 ++------------
|
||||||
|
lib/telnet.c | 3 ---
|
||||||
|
2 files changed, 2 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/smb.c b/lib/smb.c
|
||||||
|
index 039d680..f682c1f 100644
|
||||||
|
--- a/lib/smb.c
|
||||||
|
+++ b/lib/smb.c
|
||||||
|
@@ -61,8 +61,6 @@ static CURLcode smb_connect(struct connectdata *conn, bool *done);
|
||||||
|
static CURLcode smb_connection_state(struct connectdata *conn, bool *done);
|
||||||
|
static CURLcode smb_do(struct connectdata *conn, bool *done);
|
||||||
|
static CURLcode smb_request_state(struct connectdata *conn, bool *done);
|
||||||
|
-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
|
||||||
|
- bool premature);
|
||||||
|
static CURLcode smb_disconnect(struct connectdata *conn, bool dead);
|
||||||
|
static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
|
||||||
|
int numsocks);
|
||||||
|
@@ -75,7 +73,7 @@ const struct Curl_handler Curl_handler_smb = {
|
||||||
|
"SMB", /* scheme */
|
||||||
|
smb_setup_connection, /* setup_connection */
|
||||||
|
smb_do, /* do_it */
|
||||||
|
- smb_done, /* done */
|
||||||
|
+ ZERO_NULL, /* done */
|
||||||
|
ZERO_NULL, /* do_more */
|
||||||
|
smb_connect, /* connect_it */
|
||||||
|
smb_connection_state, /* connecting */
|
||||||
|
@@ -100,7 +98,7 @@ const struct Curl_handler Curl_handler_smbs = {
|
||||||
|
"SMBS", /* scheme */
|
||||||
|
smb_setup_connection, /* setup_connection */
|
||||||
|
smb_do, /* do_it */
|
||||||
|
- smb_done, /* done */
|
||||||
|
+ ZERO_NULL, /* done */
|
||||||
|
ZERO_NULL, /* do_more */
|
||||||
|
smb_connect, /* connect_it */
|
||||||
|
smb_connection_state, /* connecting */
|
||||||
|
@@ -915,14 +913,6 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done)
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
|
||||||
|
- bool premature)
|
||||||
|
-{
|
||||||
|
- (void) premature;
|
||||||
|
- Curl_safefree(conn->data->req.protop);
|
||||||
|
- return status;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
static CURLcode smb_disconnect(struct connectdata *conn, bool dead)
|
||||||
|
{
|
||||||
|
struct smb_conn *smbc = &conn->proto.smbc;
|
||||||
|
diff --git a/lib/telnet.c b/lib/telnet.c
|
||||||
|
index 923c7f8..48cd0d7 100644
|
||||||
|
--- a/lib/telnet.c
|
||||||
|
+++ b/lib/telnet.c
|
||||||
|
@@ -1294,9 +1294,6 @@ static CURLcode telnet_done(struct connectdata *conn,
|
||||||
|
|
||||||
|
curl_slist_free_all(tn->telnet_vars);
|
||||||
|
tn->telnet_vars = NULL;
|
||||||
|
-
|
||||||
|
- Curl_safefree(conn->data->req.protop);
|
||||||
|
-
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.1
|
Version: 7.61.1
|
||||||
Release: 25%{?dist}.3
|
Release: 30%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -121,9 +121,15 @@ Patch41: 0041-curl-7.61.1-CVE-2022-32206.patch
|
|||||||
# setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
# setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
||||||
Patch42: 0042-curl-7.61.1-ssh-known-hosts.patch
|
Patch42: 0042-curl-7.61.1-ssh-known-hosts.patch
|
||||||
|
|
||||||
|
# control code in cookie denial of service (CVE-2022-35252)
|
||||||
|
Patch43: 0043-curl-7.61.1-CVE-2022-35252.patch
|
||||||
|
|
||||||
# upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
# upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
||||||
Patch44: 0044-curl-7.61.1-retry-http11.patch
|
Patch44: 0044-curl-7.61.1-retry-http11.patch
|
||||||
|
|
||||||
|
# smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
|
||||||
|
Patch45: 0045-curl-7.61.1-CVE-2022-43552.patch
|
||||||
|
|
||||||
# h2: lower initial window size to 32 MiB (#2166254)
|
# h2: lower initial window size to 32 MiB (#2166254)
|
||||||
Patch46: 0046-curl-7.61.1-h2-window-size.patch
|
Patch46: 0046-curl-7.61.1-h2-window-size.patch
|
||||||
|
|
||||||
@ -345,7 +351,9 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
|||||||
%patch40 -p1
|
%patch40 -p1
|
||||||
%patch41 -p1
|
%patch41 -p1
|
||||||
%patch42 -p1
|
%patch42 -p1
|
||||||
|
%patch43 -p1
|
||||||
%patch44 -p1
|
%patch44 -p1
|
||||||
|
%patch45 -p1
|
||||||
%patch46 -p1
|
%patch46 -p1
|
||||||
%patch47 -p1
|
%patch47 -p1
|
||||||
|
|
||||||
@ -510,15 +518,21 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.3
|
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30
|
||||||
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
|
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
|
||||||
|
|
||||||
* Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.2
|
* Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-29
|
||||||
- h2: lower initial window size to 32 MiB (#2166254)
|
- h2: lower initial window size to 32 MiB (#2166254)
|
||||||
|
|
||||||
* Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.1
|
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-28
|
||||||
|
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
|
||||||
|
|
||||||
|
* Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-27
|
||||||
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
||||||
|
|
||||||
|
* Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26
|
||||||
|
- control code in cookie denial of service (CVE-2022-35252)
|
||||||
|
|
||||||
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
|
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
|
||||||
- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
||||||
- fix HTTP compression denial of service (CVE-2022-32206)
|
- fix HTTP compression denial of service (CVE-2022-32206)
|
||||||
|
Loading…
Reference in New Issue
Block a user