import curl-7.76.1-23.el9_2.1
This commit is contained in:
		
							parent
							
								
									786a55128f
								
							
						
					
					
						commit
						3a4f41511a
					
				
							
								
								
									
										230
									
								
								SOURCES/0027-curl-7.76.1-CVE-2023-27535.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										230
									
								
								SOURCES/0027-curl-7.76.1-CVE-2023-27535.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,230 @@ | |||||||
|  | From e8705acd69383c13191c9dd4867d5118e58c54ba Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Daniel Stenberg <daniel@haxx.se> | ||||||
|  | Date: Thu, 6 Oct 2022 00:49:10 +0200 | ||||||
|  | Subject: [PATCH 1/2] strcase: add Curl_timestrcmp | ||||||
|  | 
 | ||||||
|  | This is a strcmp() alternative function for comparing "secrets", | ||||||
|  | designed to take the same time no matter the content to not leak | ||||||
|  | match/non-match info to observers based on how fast it is. | ||||||
|  | 
 | ||||||
|  | The time this function takes is only a function of the shortest input | ||||||
|  | string. | ||||||
|  | 
 | ||||||
|  | Reported-by: Trail of Bits | ||||||
|  | 
 | ||||||
|  | Closes #9658 | ||||||
|  | 
 | ||||||
|  | Upstream-commit: ed5095ed94281989e103c72e032200b83be37878 | ||||||
|  | Signed-off-by: Kamil Dudka <kdudka@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  lib/strcase.c | 22 ++++++++++++++++++++++ | ||||||
|  |  lib/strcase.h |  1 + | ||||||
|  |  2 files changed, 23 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/lib/strcase.c b/lib/strcase.c
 | ||||||
|  | index f932485..c73907d 100644
 | ||||||
|  | --- a/lib/strcase.c
 | ||||||
|  | +++ b/lib/strcase.c
 | ||||||
|  | @@ -261,6 +261,28 @@ bool Curl_safecmp(char *a, char *b)
 | ||||||
|  |    return !a && !b; | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | +/*
 | ||||||
|  | + * Curl_timestrcmp() returns 0 if the two strings are identical. The time this
 | ||||||
|  | + * function spends is a function of the shortest string, not of the contents.
 | ||||||
|  | + */
 | ||||||
|  | +int Curl_timestrcmp(const char *a, const char *b)
 | ||||||
|  | +{
 | ||||||
|  | +  int match = 0;
 | ||||||
|  | +  int i = 0;
 | ||||||
|  | +
 | ||||||
|  | +  if(a && b) {
 | ||||||
|  | +    while(1) {
 | ||||||
|  | +      match |= a[i]^b[i];
 | ||||||
|  | +      if(!a[i] || !b[i])
 | ||||||
|  | +        break;
 | ||||||
|  | +      i++;
 | ||||||
|  | +    }
 | ||||||
|  | +  }
 | ||||||
|  | +  else
 | ||||||
|  | +    return a || b;
 | ||||||
|  | +  return match;
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  /* --- public functions --- */ | ||||||
|  |   | ||||||
|  |  int curl_strequal(const char *first, const char *second) | ||||||
|  | diff --git a/lib/strcase.h b/lib/strcase.h
 | ||||||
|  | index d245929..11a67a1 100644
 | ||||||
|  | --- a/lib/strcase.h
 | ||||||
|  | +++ b/lib/strcase.h
 | ||||||
|  | @@ -49,5 +49,6 @@ void Curl_strntoupper(char *dest, const char *src, size_t n);
 | ||||||
|  |  void Curl_strntolower(char *dest, const char *src, size_t n); | ||||||
|  |   | ||||||
|  |  bool Curl_safecmp(char *a, char *b); | ||||||
|  | +int Curl_timestrcmp(const char *first, const char *second);
 | ||||||
|  |   | ||||||
|  |  #endif /* HEADER_CURL_STRCASE_H */ | ||||||
|  | -- 
 | ||||||
|  | 2.39.2 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | From 9cfaea212ff347937a38f6b5d6b885ed8ba1b931 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Daniel Stenberg <daniel@haxx.se> | ||||||
|  | Date: Thu, 9 Mar 2023 17:47:06 +0100 | ||||||
|  | Subject: [PATCH 2/2] ftp: add more conditions for connection reuse | ||||||
|  | 
 | ||||||
|  | Reported-by: Harry Sintonen | ||||||
|  | Closes #10730 | ||||||
|  | 
 | ||||||
|  | Upstream-commit: 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 | ||||||
|  | Signed-off-by: Kamil Dudka <kdudka@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  lib/ftp.c     | 28 ++++++++++++++++++++++++++-- | ||||||
|  |  lib/ftp.h     |  5 +++++ | ||||||
|  |  lib/setopt.c  |  2 +- | ||||||
|  |  lib/url.c     | 12 ++++++++++++ | ||||||
|  |  lib/urldata.h |  4 ++-- | ||||||
|  |  5 files changed, 46 insertions(+), 5 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/lib/ftp.c b/lib/ftp.c
 | ||||||
|  | index 9442832..df15bc0 100644
 | ||||||
|  | --- a/lib/ftp.c
 | ||||||
|  | +++ b/lib/ftp.c
 | ||||||
|  | @@ -4086,6 +4086,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data,
 | ||||||
|  |    } | ||||||
|  |   | ||||||
|  |    freedirs(ftpc); | ||||||
|  | +  Curl_safefree(ftpc->account);
 | ||||||
|  | +  Curl_safefree(ftpc->alternative_to_user);
 | ||||||
|  |    Curl_safefree(ftpc->prevpath); | ||||||
|  |    Curl_safefree(ftpc->server_os); | ||||||
|  |    Curl_pp_disconnect(pp); | ||||||
|  | @@ -4346,11 +4348,31 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
 | ||||||
|  |  { | ||||||
|  |    char *type; | ||||||
|  |    struct FTP *ftp; | ||||||
|  | +  struct ftp_conn *ftpc = &conn->proto.ftpc;
 | ||||||
|  |   | ||||||
|  | -  data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
 | ||||||
|  | +  ftp = calloc(sizeof(struct FTP), 1);
 | ||||||
|  |    if(NULL == ftp) | ||||||
|  |      return CURLE_OUT_OF_MEMORY; | ||||||
|  |   | ||||||
|  | +  /* clone connection related data that is FTP specific */
 | ||||||
|  | +  if(data->set.str[STRING_FTP_ACCOUNT]) {
 | ||||||
|  | +    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
 | ||||||
|  | +    if(!ftpc->account) {
 | ||||||
|  | +      free(ftp);
 | ||||||
|  | +      return CURLE_OUT_OF_MEMORY;
 | ||||||
|  | +    }
 | ||||||
|  | +  }
 | ||||||
|  | +  if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
 | ||||||
|  | +    ftpc->alternative_to_user =
 | ||||||
|  | +      strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
 | ||||||
|  | +    if(!ftpc->alternative_to_user) {
 | ||||||
|  | +      Curl_safefree(ftpc->account);
 | ||||||
|  | +      free(ftp);
 | ||||||
|  | +      return CURLE_OUT_OF_MEMORY;
 | ||||||
|  | +    }
 | ||||||
|  | +  }
 | ||||||
|  | +  data->req.p.ftp = ftp;
 | ||||||
|  | +
 | ||||||
|  |    ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ | ||||||
|  |   | ||||||
|  |    /* FTP URLs support an extension like ";type=<typecode>" that | ||||||
|  | @@ -4385,7 +4407,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
 | ||||||
|  |    /* get some initial data into the ftp struct */ | ||||||
|  |    ftp->transfer = PPTRANSFER_BODY; | ||||||
|  |    ftp->downloadsize = 0; | ||||||
|  | -  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
 | ||||||
|  | +  ftpc->known_filesize = -1; /* unknown size for now */
 | ||||||
|  | +  ftpc->use_ssl = data->set.use_ssl;
 | ||||||
|  | +  ftpc->ccc = data->set.ftp_ccc;
 | ||||||
|  |   | ||||||
|  |    return CURLE_OK; | ||||||
|  |  } | ||||||
|  | diff --git a/lib/ftp.h b/lib/ftp.h
 | ||||||
|  | index 7f6f432..3f33e27 100644
 | ||||||
|  | --- a/lib/ftp.h
 | ||||||
|  | +++ b/lib/ftp.h
 | ||||||
|  | @@ -115,6 +115,8 @@ struct FTP {
 | ||||||
|  |     struct */ | ||||||
|  |  struct ftp_conn { | ||||||
|  |    struct pingpong pp; | ||||||
|  | +  char *account;
 | ||||||
|  | +  char *alternative_to_user;
 | ||||||
|  |    char *entrypath; /* the PWD reply when we logged on */ | ||||||
|  |    char *file;    /* url-decoded file name (or path) */ | ||||||
|  |    char **dirs;   /* realloc()ed array for path components */ | ||||||
|  | @@ -144,6 +146,9 @@ struct ftp_conn {
 | ||||||
|  |    ftpstate state; /* always use ftp.c:state() to change state! */ | ||||||
|  |    ftpstate state_saved; /* transfer type saved to be reloaded after | ||||||
|  |                             data connection is established */ | ||||||
|  | +  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
 | ||||||
|  | +                              IMAP or POP3 or others! (type: curl_usessl)*/
 | ||||||
|  | +  unsigned char ccc;       /* ccc level for this connection */
 | ||||||
|  |    curl_off_t retr_size_saved; /* Size of retrieved file saved */ | ||||||
|  |    char *server_os;     /* The target server operating system. */ | ||||||
|  |    curl_off_t known_filesize; /* file size is different from -1, if wildcard | ||||||
|  | diff --git a/lib/setopt.c b/lib/setopt.c
 | ||||||
|  | index 3339a67..6fc111d 100644
 | ||||||
|  | --- a/lib/setopt.c
 | ||||||
|  | +++ b/lib/setopt.c
 | ||||||
|  | @@ -2264,7 +2264,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
 | ||||||
|  |      arg = va_arg(param, long); | ||||||
|  |      if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) | ||||||
|  |        return CURLE_BAD_FUNCTION_ARGUMENT; | ||||||
|  | -    data->set.use_ssl = (curl_usessl)arg;
 | ||||||
|  | +    data->set.use_ssl = (unsigned char)arg;
 | ||||||
|  |      break; | ||||||
|  |   | ||||||
|  |    case CURLOPT_SSL_OPTIONS: | ||||||
|  | diff --git a/lib/url.c b/lib/url.c
 | ||||||
|  | index 61ba832..4e21838 100644
 | ||||||
|  | --- a/lib/url.c
 | ||||||
|  | +++ b/lib/url.c
 | ||||||
|  | @@ -1329,6 +1329,18 @@ ConnectionExists(struct Curl_easy *data,
 | ||||||
|  |          if(!ssh_config_matches(needle, check)) | ||||||
|  |            continue; | ||||||
|  |        } | ||||||
|  | +#ifndef CURL_DISABLE_FTP
 | ||||||
|  | +      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
 | ||||||
|  | +        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
 | ||||||
|  | +        if(Curl_timestrcmp(needle->proto.ftpc.account,
 | ||||||
|  | +                           check->proto.ftpc.account) ||
 | ||||||
|  | +           Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
 | ||||||
|  | +                           check->proto.ftpc.alternative_to_user) ||
 | ||||||
|  | +           (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
 | ||||||
|  | +           (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
 | ||||||
|  | +          continue;
 | ||||||
|  | +      }
 | ||||||
|  | +#endif
 | ||||||
|  |   | ||||||
|  |        if((needle->handler->flags&PROTOPT_SSL) | ||||||
|  |  #ifndef CURL_DISABLE_PROXY | ||||||
|  | diff --git a/lib/urldata.h b/lib/urldata.h
 | ||||||
|  | index 9d9ca92..4e2f5b9 100644
 | ||||||
|  | --- a/lib/urldata.h
 | ||||||
|  | +++ b/lib/urldata.h
 | ||||||
|  | @@ -1749,8 +1749,6 @@ struct UserDefined {
 | ||||||
|  |    void *ssh_keyfunc_userp;         /* custom pointer to callback */ | ||||||
|  |    enum CURL_NETRC_OPTION | ||||||
|  |         use_netrc;        /* defined in include/curl.h */ | ||||||
|  | -  curl_usessl use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
 | ||||||
|  | -                            IMAP or POP3 or others! */
 | ||||||
|  |    long new_file_perms;    /* Permissions to use when creating remote files */ | ||||||
|  |    long new_directory_perms; /* Permissions to use when creating remote dirs */ | ||||||
|  |    long ssh_auth_types;   /* allowed SSH auth types */ | ||||||
|  | @@ -1793,6 +1791,8 @@ struct UserDefined {
 | ||||||
|  |    CURLU *uh; /* URL handle for the current parsed URL */ | ||||||
|  |    void *trailer_data; /* pointer to pass to trailer data callback */ | ||||||
|  |    curl_trailer_callback trailer_callback; /* trailing data callback */ | ||||||
|  | +  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
 | ||||||
|  | +                              IMAP or POP3 or others! (type: curl_usessl)*/
 | ||||||
|  |    BIT(is_fread_set); /* has read callback been set to non-NULL? */ | ||||||
|  |    BIT(is_fwrite_set); /* has write callback been set to non-NULL? */ | ||||||
|  |    BIT(free_referer); /* set TRUE if 'referer' points to a string we | ||||||
|  | -- 
 | ||||||
|  | 2.39.2 | ||||||
|  | 
 | ||||||
| @ -1,7 +1,7 @@ | |||||||
| Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | ||||||
| Name: curl | Name: curl | ||||||
| Version: 7.76.1 | Version: 7.76.1 | ||||||
| Release: 23%{?dist} | Release: 23%{?dist}.1 | ||||||
| License: MIT | License: MIT | ||||||
| Source: https://curl.se/download/%{name}-%{version}.tar.xz | Source: https://curl.se/download/%{name}-%{version}.tar.xz | ||||||
| 
 | 
 | ||||||
| @ -74,6 +74,9 @@ Patch23:  0023-curl-7.76.1-CVE-2022-43552.patch | |||||||
| # fix HTTP multi-header compression denial of service (CVE-2023-23916) | # fix HTTP multi-header compression denial of service (CVE-2023-23916) | ||||||
| Patch24:  0024-curl-7.76.1-CVE-2023-23916.patch | Patch24:  0024-curl-7.76.1-CVE-2023-23916.patch | ||||||
| 
 | 
 | ||||||
|  | # fix FTP too eager connection reuse (CVE-2023-27535) | ||||||
|  | Patch27:  0027-curl-7.76.1-CVE-2023-27535.patch | ||||||
|  | 
 | ||||||
| # patch making libcurl multilib ready | # patch making libcurl multilib ready | ||||||
| Patch101: 0101-curl-7.32.0-multilib.patch | Patch101: 0101-curl-7.32.0-multilib.patch | ||||||
| 
 | 
 | ||||||
| @ -272,6 +275,7 @@ be installed. | |||||||
| %patch22 -p1 | %patch22 -p1 | ||||||
| %patch23 -p1 | %patch23 -p1 | ||||||
| %patch24 -p1 | %patch24 -p1 | ||||||
|  | %patch27 -p1 | ||||||
| 
 | 
 | ||||||
| # Fedora patches | # Fedora patches | ||||||
| %patch101 -p1 | %patch101 -p1 | ||||||
| @ -497,6 +501,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la | |||||||
| %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23.el9_2.1 | ||||||
|  | - fix FTP too eager connection reuse (CVE-2023-27535) | ||||||
|  | 
 | ||||||
| * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23 | * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23 | ||||||
| - fix HTTP multi-header compression denial of service (CVE-2023-23916) | - fix HTTP multi-header compression denial of service (CVE-2023-23916) | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user