import curl-7.61.1-25.el8_7.1
This commit is contained in:
parent
5416a993a2
commit
c45cbfa43f
112
SOURCES/0044-curl-7.61.1-retry-http11.patch
Normal file
112
SOURCES/0044-curl-7.61.1-retry-http11.patch
Normal file
@ -0,0 +1,112 @@
|
||||
From 78b62ef1206621e8f4f1628ad4eb0a7be877c96f Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
Date: Fri, 7 Dec 2018 17:04:39 +0100
|
||||
Subject: [PATCH] Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
|
||||
|
||||
This is a companion patch to cbea2fd2c (NTLM: force the connection to
|
||||
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
|
||||
preemptively. However, with other (Negotiate) authentication it is not
|
||||
clear to this developer whether there is a way to make it work with
|
||||
HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
|
||||
error HTTP_1_1_REQUIRED.
|
||||
|
||||
Note: we will still keep the NTLM workaround, as it avoids an extra
|
||||
round trip.
|
||||
|
||||
Daniel Stenberg helped a lot with this patch, in particular by
|
||||
suggesting to introduce the Curl_h2_http_1_1_error() function.
|
||||
|
||||
Closes #3349
|
||||
|
||||
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
|
||||
Upstream-commit: d997aa0e963c5be5de100dccdc5208d39bd3d62b
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/http2.c | 8 ++++++++
|
||||
lib/http2.h | 4 ++++
|
||||
lib/multi.c | 20 ++++++++++++++++++++
|
||||
3 files changed, 32 insertions(+)
|
||||
|
||||
diff --git a/lib/http2.c b/lib/http2.c
|
||||
index d769193..3071097 100644
|
||||
--- a/lib/http2.c
|
||||
+++ b/lib/http2.c
|
||||
@@ -2300,6 +2300,14 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data)
|
||||
Curl_http2_remove_child(data->set.stream_depends_on, data);
|
||||
}
|
||||
|
||||
+/* Only call this function for a transfer that already got a HTTP/2
|
||||
+ CURLE_HTTP2_STREAM error! */
|
||||
+bool Curl_h2_http_1_1_error(struct connectdata *conn)
|
||||
+{
|
||||
+ struct http_conn *httpc = &conn->proto.httpc;
|
||||
+ return (httpc->error_code == NGHTTP2_HTTP_1_1_REQUIRED);
|
||||
+}
|
||||
+
|
||||
#else /* !USE_NGHTTP2 */
|
||||
|
||||
/* Satisfy external references even if http2 is not compiled in. */
|
||||
diff --git a/lib/http2.h b/lib/http2.h
|
||||
index 21cd9b8..91e504c 100644
|
||||
--- a/lib/http2.h
|
||||
+++ b/lib/http2.h
|
||||
@@ -59,6 +59,9 @@ CURLcode Curl_http2_add_child(struct Curl_easy *parent,
|
||||
void Curl_http2_remove_child(struct Curl_easy *parent,
|
||||
struct Curl_easy *child);
|
||||
void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
|
||||
+
|
||||
+/* returns true if the HTTP/2 stream error was HTTP_1_1_REQUIRED */
|
||||
+bool Curl_h2_http_1_1_error(struct connectdata *conn);
|
||||
#else /* USE_NGHTTP2 */
|
||||
#define Curl_http2_init(x) CURLE_UNSUPPORTED_PROTOCOL
|
||||
#define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL
|
||||
@@ -74,6 +77,7 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
|
||||
#define Curl_http2_add_child(x, y, z)
|
||||
#define Curl_http2_remove_child(x, y)
|
||||
#define Curl_http2_cleanup_dependencies(x)
|
||||
+#define Curl_h2_http_1_1_error(x) 0
|
||||
#endif
|
||||
|
||||
#endif /* HEADER_CURL_HTTP2_H */
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index 0f57fd5..d64ba94 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "vtls/vtls.h"
|
||||
#include "connect.h"
|
||||
#include "http_proxy.h"
|
||||
+#include "http2.h"
|
||||
/* The last 3 #include files should be in this order */
|
||||
#include "curl_printf.h"
|
||||
#include "curl_memory.h"
|
||||
@@ -1943,6 +1944,25 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
done = TRUE;
|
||||
}
|
||||
}
|
||||
+ else if((CURLE_HTTP2_STREAM == result) &&
|
||||
+ Curl_h2_http_1_1_error(data->easy_conn)) {
|
||||
+ CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
|
||||
+
|
||||
+ infof(data, "Forcing HTTP/1.1 for NTLM");
|
||||
+ data->set.httpversion = CURL_HTTP_VERSION_1_1;
|
||||
+
|
||||
+ if(!ret)
|
||||
+ retry = (newurl)?TRUE:FALSE;
|
||||
+ else
|
||||
+ result = ret;
|
||||
+
|
||||
+ if(retry) {
|
||||
+ /* if we are to retry, set the result to OK and consider the
|
||||
+ request as done */
|
||||
+ result = CURLE_OK;
|
||||
+ done = TRUE;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if(result) {
|
||||
/*
|
||||
--
|
||||
2.37.3
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.61.1
|
||||
Release: 25%{?dist}
|
||||
Release: 25%{?dist}.1
|
||||
License: MIT
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -121,6 +121,9 @@ Patch41: 0041-curl-7.61.1-CVE-2022-32206.patch
|
||||
# setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
||||
Patch42: 0042-curl-7.61.1-ssh-known-hosts.patch
|
||||
|
||||
# upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
||||
Patch44: 0044-curl-7.61.1-retry-http11.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -336,6 +339,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
||||
%patch40 -p1
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch44 -p1
|
||||
|
||||
# make tests/*.py use Python 3
|
||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||
@ -498,6 +502,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.1
|
||||
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
|
||||
|
||||
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
|
||||
- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
|
||||
- fix HTTP compression denial of service (CVE-2022-32206)
|
||||
|
Loading…
Reference in New Issue
Block a user