new upstream release - 7.76.0

Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials

0001-curl-7.75.0-ldaps-segv.patch

@@ -1,156 +0,0 @@
-From 17686d25019489f43f3d5641db8683932857845e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 15 Feb 2021 09:41:22 +0100
-Subject: [PATCH 1/2] openldap: pass 'data' to the callbacks instead of 'conn'
-
-Upstream-commit: a59c33ceffb8f78b71fa084bbc99c94ecfe82ce6
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/openldap.c | 16 +++++++++-------
- 1 file changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/lib/openldap.c b/lib/openldap.c
-index 4070bbf..d079822 100644
---- a/lib/openldap.c
-+++ b/lib/openldap.c
-@@ -278,7 +278,7 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done)
-     if(!li->sslinst) {
-       Sockbuf *sb;
-       ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
--      ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, conn);
-+      ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data);
-       li->sslinst = TRUE;
-       li->recv = conn->recv[FIRSTSOCKET];
-       li->send = conn->send[FIRSTSOCKET];
-@@ -716,8 +716,8 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
- {
-   (void)arg;
-   if(opt == LBER_SB_OPT_DATA_READY) {
--    struct connectdata *conn = sbiod->sbiod_pvt;
--    return Curl_ssl_data_pending(conn, FIRSTSOCKET);
-+    struct Curl_easy *data = sbiod->sbiod_pvt;
-+    return Curl_ssl_data_pending(data->conn, FIRSTSOCKET);
-   }
-   return 0;
- }
-@@ -725,12 +725,13 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
- static ber_slen_t
- ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
- {
--  struct connectdata *conn = sbiod->sbiod_pvt;
-+  struct Curl_easy *data = sbiod->sbiod_pvt;
-+  struct connectdata *conn = data->conn;
-   struct ldapconninfo *li = conn->proto.ldapc;
-   ber_slen_t ret;
-   CURLcode err = CURLE_RECV_ERROR;
- 
--  ret = (li->recv)(conn->data, FIRSTSOCKET, buf, len, &err);
-+  ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
-   if(ret < 0 && err == CURLE_AGAIN) {
-     SET_SOCKERRNO(EWOULDBLOCK);
-   }
-@@ -740,12 +741,13 @@ ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
- static ber_slen_t
- ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
- {
--  struct connectdata *conn = sbiod->sbiod_pvt;
-+  struct Curl_easy *data = sbiod->sbiod_pvt;
-+  struct connectdata *conn = data->conn;
-   struct ldapconninfo *li = conn->proto.ldapc;
-   ber_slen_t ret;
-   CURLcode err = CURLE_SEND_ERROR;
- 
--  ret = (li->send)(conn->data, FIRSTSOCKET, buf, len, &err);
-+  ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
-   if(ret < 0 && err == CURLE_AGAIN) {
-     SET_SOCKERRNO(EWOULDBLOCK);
-   }
--- 
-2.26.3
-
-
-From a1c1f175e44ef95c47b1e2e91424e193ee7a0d0b Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 23 Mar 2021 09:28:07 +0100
-Subject: [PATCH 2/2] openldap: avoid NULL pointer dereferences
-
-Follow-up to a59c33ceffb8f78
-Reported-by: Patrick Monnerat
-Fixes #6676
-Closes #6780
-
-Upstream-commit: e467ea3bd937f38e1d2e070a68ed451303ba1e73
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/openldap.c | 40 +++++++++++++++++++++++++---------------
- 1 file changed, 25 insertions(+), 15 deletions(-)
-
-diff --git a/lib/openldap.c b/lib/openldap.c
-index d079822..066c0fd 100644
---- a/lib/openldap.c
-+++ b/lib/openldap.c
-@@ -369,6 +369,9 @@ static CURLcode ldap_disconnect(struct Curl_easy *data,
- 
-   if(li) {
-     if(li->ld) {
-+      Sockbuf *sb;
-+      ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
-+      ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, NULL);
-       ldap_unbind_ext(li->ld, NULL, NULL);
-       li->ld = NULL;
-     }
-@@ -726,14 +729,18 @@ static ber_slen_t
- ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
- {
-   struct Curl_easy *data = sbiod->sbiod_pvt;
--  struct connectdata *conn = data->conn;
--  struct ldapconninfo *li = conn->proto.ldapc;
--  ber_slen_t ret;
--  CURLcode err = CURLE_RECV_ERROR;
-+  ber_slen_t ret = 0;
-+  if(data) {
-+    struct connectdata *conn = data->conn;
-+    if(conn) {
-+      struct ldapconninfo *li = conn->proto.ldapc;
-+      CURLcode err = CURLE_RECV_ERROR;
- 
--  ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
--  if(ret < 0 && err == CURLE_AGAIN) {
--    SET_SOCKERRNO(EWOULDBLOCK);
-+      ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
-+      if(ret < 0 && err == CURLE_AGAIN) {
-+        SET_SOCKERRNO(EWOULDBLOCK);
-+      }
-+    }
-   }
-   return ret;
- }
-@@ -742,14 +749,17 @@ static ber_slen_t
- ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
- {
-   struct Curl_easy *data = sbiod->sbiod_pvt;
--  struct connectdata *conn = data->conn;
--  struct ldapconninfo *li = conn->proto.ldapc;
--  ber_slen_t ret;
--  CURLcode err = CURLE_SEND_ERROR;
--
--  ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
--  if(ret < 0 && err == CURLE_AGAIN) {
--    SET_SOCKERRNO(EWOULDBLOCK);
-+  ber_slen_t ret = 0;
-+  if(data) {
-+    struct connectdata *conn = data->conn;
-+    if(conn) {
-+      struct ldapconninfo *li = conn->proto.ldapc;
-+      CURLcode err = CURLE_SEND_ERROR;
-+      ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
-+      if(ret < 0 && err == CURLE_AGAIN) {
-+        SET_SOCKERRNO(EWOULDBLOCK);
-+      }
-+    }
-   }
-   return ret;
- }
--- 
-2.26.3
-

curl-7.75.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmAaSxEACgkQXMkI/bce
-EsI36QgAlx+oYuWiaMytv/Ixfcm2gTq+9Qu60KsmvccyKLOq7OxAmX+gz1PYOsUc
-eqAwq8dg9Mo+cuk7zWpxRMg1qBgvZpv5oeAhy8VUeWD/HE0Z2RoxC3tw87uNn5uN
-2g0FJEXGzDaQQdI0hh2Kb4uNqiKiBCsSfHX4J+eWDUoHwzoFestct8PAcAG8lOzt
-0nGj6Is1Rba3SrlkCtRdzEkrjfNe5KKNjE9F0ybhL7TPKSZZvlustZgU5OgdjDHu
-uJzFQDK5eyjeYu7tyJQOOwercjOQrmp0YYvYt6CdALUflU2RNvnS83+e/syAYEZ4
-FvnYlZyp8WCKxOikGwX2m/JEOATXSw==
-=HFSu
------END PGP SIGNATURE-----

curl-7.76.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmBkDkUACgkQXMkI/bce
+EsJ15ggAtcFfjbq0Fk1KMymZ7trx49GcOPNUKa7utST3tumg0Tc3HsIeuWIOyO0s
+frTWFtroWogELMjjdr+yyrI5PZrLkEdtFKd+lRYO4T2Y0SS6Q57d/4CCu3SXNgmd
+zKUq4ZSRbjdPFRKkWJ6RMDfPeu8pcJIGQM23BapPbpxtEgd5f8+PzzSX/8S3I1aD
+yDv9V3tM+NQq6peetV6wj7hWFInUHbTWPSlyzuCvWB2cQRxDNsTcSxuShd0krbgV
+CA6Kt4MQc7QOi7luUAHEGmjTRIhSwvTfY6w0EqqFzvRHlf0gsCIUn5jEs8cq+2iV
+nEUuezAT/rRYfyjyQ1hWvIK5GP5aCw==
+=ju96
+-----END PGP SIGNATURE-----

curl.spec

@@ -1,13 +1,10 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.75.0
+Version: 7.76.0
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
-# fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
-Patch1:   0001-curl-7.75.0-ldaps-segv.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -183,7 +180,6 @@ be installed.
 %setup -q
 
 # upstream patches
-%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -364,6 +360,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
+    CVE-2021-22876 - Automatic referer leaks credentials
+
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.75.0-4
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 

sources

@@ -1 +1 @@
-SHA512 (curl-7.75.0.tar.xz) = 4c2fc6658379b8b93dd50665b70f3000b63d3bcafd2df60b7e651a8edf4735b3decb06c338b84cb22058191aa9f8f4dc85760a42f9987210b59300758304b746
+SHA512 (curl-7.76.0.tar.xz) = a67e5078b48150c6f5331e76b25a6b197f1e916be1db900bf9455b032b3af5a71610b47e607546ecbae510d196a0cfcb75a14dac549288797af1701b7b587ece