import curl-7.61.1-25.el8_7.1
This commit is contained in:
		
							parent
							
								
									5416a993a2
								
							
						
					
					
						commit
						c45cbfa43f
					
				
							
								
								
									
										112
									
								
								SOURCES/0044-curl-7.61.1-retry-http11.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										112
									
								
								SOURCES/0044-curl-7.61.1-retry-http11.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,112 @@ | |||||||
|  | From 78b62ef1206621e8f4f1628ad4eb0a7be877c96f Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Johannes Schindelin <johannes.schindelin@gmx.de> | ||||||
|  | Date: Fri, 7 Dec 2018 17:04:39 +0100 | ||||||
|  | Subject: [PATCH] Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 | ||||||
|  | 
 | ||||||
|  | This is a companion patch to cbea2fd2c (NTLM: force the connection to | ||||||
|  | HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 | ||||||
|  | preemptively. However, with other (Negotiate) authentication it is not | ||||||
|  | clear to this developer whether there is a way to make it work with | ||||||
|  | HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the | ||||||
|  | error HTTP_1_1_REQUIRED. | ||||||
|  | 
 | ||||||
|  | Note: we will still keep the NTLM workaround, as it avoids an extra | ||||||
|  | round trip. | ||||||
|  | 
 | ||||||
|  | Daniel Stenberg helped a lot with this patch, in particular by | ||||||
|  | suggesting to introduce the Curl_h2_http_1_1_error() function. | ||||||
|  | 
 | ||||||
|  | Closes #3349 | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | ||||||
|  | 
 | ||||||
|  | Upstream-commit: d997aa0e963c5be5de100dccdc5208d39bd3d62b | ||||||
|  | Signed-off-by: Kamil Dudka <kdudka@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  lib/http2.c |  8 ++++++++ | ||||||
|  |  lib/http2.h |  4 ++++ | ||||||
|  |  lib/multi.c | 20 ++++++++++++++++++++ | ||||||
|  |  3 files changed, 32 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/lib/http2.c b/lib/http2.c
 | ||||||
|  | index d769193..3071097 100644
 | ||||||
|  | --- a/lib/http2.c
 | ||||||
|  | +++ b/lib/http2.c
 | ||||||
|  | @@ -2300,6 +2300,14 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data)
 | ||||||
|  |      Curl_http2_remove_child(data->set.stream_depends_on, data); | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | +/* Only call this function for a transfer that already got a HTTP/2
 | ||||||
|  | +   CURLE_HTTP2_STREAM error! */
 | ||||||
|  | +bool Curl_h2_http_1_1_error(struct connectdata *conn)
 | ||||||
|  | +{
 | ||||||
|  | +  struct http_conn *httpc = &conn->proto.httpc;
 | ||||||
|  | +  return (httpc->error_code == NGHTTP2_HTTP_1_1_REQUIRED);
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  #else /* !USE_NGHTTP2 */ | ||||||
|  |   | ||||||
|  |  /* Satisfy external references even if http2 is not compiled in. */ | ||||||
|  | diff --git a/lib/http2.h b/lib/http2.h
 | ||||||
|  | index 21cd9b8..91e504c 100644
 | ||||||
|  | --- a/lib/http2.h
 | ||||||
|  | +++ b/lib/http2.h
 | ||||||
|  | @@ -59,6 +59,9 @@ CURLcode Curl_http2_add_child(struct Curl_easy *parent,
 | ||||||
|  |  void Curl_http2_remove_child(struct Curl_easy *parent, | ||||||
|  |                               struct Curl_easy *child); | ||||||
|  |  void Curl_http2_cleanup_dependencies(struct Curl_easy *data); | ||||||
|  | +
 | ||||||
|  | +/* returns true if the HTTP/2 stream error was HTTP_1_1_REQUIRED */
 | ||||||
|  | +bool Curl_h2_http_1_1_error(struct connectdata *conn);
 | ||||||
|  |  #else /* USE_NGHTTP2 */ | ||||||
|  |  #define Curl_http2_init(x) CURLE_UNSUPPORTED_PROTOCOL | ||||||
|  |  #define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL | ||||||
|  | @@ -74,6 +77,7 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
 | ||||||
|  |  #define Curl_http2_add_child(x, y, z) | ||||||
|  |  #define Curl_http2_remove_child(x, y) | ||||||
|  |  #define Curl_http2_cleanup_dependencies(x) | ||||||
|  | +#define Curl_h2_http_1_1_error(x) 0
 | ||||||
|  |  #endif | ||||||
|  |   | ||||||
|  |  #endif /* HEADER_CURL_HTTP2_H */ | ||||||
|  | diff --git a/lib/multi.c b/lib/multi.c
 | ||||||
|  | index 0f57fd5..d64ba94 100644
 | ||||||
|  | --- a/lib/multi.c
 | ||||||
|  | +++ b/lib/multi.c
 | ||||||
|  | @@ -46,6 +46,7 @@
 | ||||||
|  |  #include "vtls/vtls.h" | ||||||
|  |  #include "connect.h" | ||||||
|  |  #include "http_proxy.h" | ||||||
|  | +#include "http2.h"
 | ||||||
|  |  /* The last 3 #include files should be in this order */ | ||||||
|  |  #include "curl_printf.h" | ||||||
|  |  #include "curl_memory.h" | ||||||
|  | @@ -1943,6 +1944,25 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
 | ||||||
|  |            done = TRUE; | ||||||
|  |          } | ||||||
|  |        } | ||||||
|  | +      else if((CURLE_HTTP2_STREAM == result) &&
 | ||||||
|  | +                Curl_h2_http_1_1_error(data->easy_conn)) {
 | ||||||
|  | +        CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
 | ||||||
|  | +
 | ||||||
|  | +        infof(data, "Forcing HTTP/1.1 for NTLM");
 | ||||||
|  | +        data->set.httpversion = CURL_HTTP_VERSION_1_1;
 | ||||||
|  | +
 | ||||||
|  | +        if(!ret)
 | ||||||
|  | +          retry = (newurl)?TRUE:FALSE;
 | ||||||
|  | +        else
 | ||||||
|  | +          result = ret;
 | ||||||
|  | +
 | ||||||
|  | +        if(retry) {
 | ||||||
|  | +          /* if we are to retry, set the result to OK and consider the
 | ||||||
|  | +             request as done */
 | ||||||
|  | +          result = CURLE_OK;
 | ||||||
|  | +          done = TRUE;
 | ||||||
|  | +        }
 | ||||||
|  | +      }
 | ||||||
|  |   | ||||||
|  |        if(result) { | ||||||
|  |          /* | ||||||
|  | -- 
 | ||||||
|  | 2.37.3 | ||||||
|  | 
 | ||||||
| @ -1,7 +1,7 @@ | |||||||
| Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | ||||||
| Name: curl | Name: curl | ||||||
| Version: 7.61.1 | Version: 7.61.1 | ||||||
| Release: 25%{?dist} | Release: 25%{?dist}.1 | ||||||
| License: MIT | License: MIT | ||||||
| Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz | Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz | ||||||
| 
 | 
 | ||||||
| @ -121,6 +121,9 @@ Patch41:  0041-curl-7.61.1-CVE-2022-32206.patch | |||||||
| # setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703) | # setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703) | ||||||
| Patch42:  0042-curl-7.61.1-ssh-known-hosts.patch | Patch42:  0042-curl-7.61.1-ssh-known-hosts.patch | ||||||
| 
 | 
 | ||||||
|  | # upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) | ||||||
|  | Patch44:  0044-curl-7.61.1-retry-http11.patch | ||||||
|  | 
 | ||||||
| # patch making libcurl multilib ready | # patch making libcurl multilib ready | ||||||
| Patch101: 0101-curl-7.32.0-multilib.patch | Patch101: 0101-curl-7.32.0-multilib.patch | ||||||
| 
 | 
 | ||||||
| @ -336,6 +339,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6} | |||||||
| %patch40 -p1 | %patch40 -p1 | ||||||
| %patch41 -p1 | %patch41 -p1 | ||||||
| %patch42 -p1 | %patch42 -p1 | ||||||
|  | %patch44 -p1 | ||||||
| 
 | 
 | ||||||
| # make tests/*.py use Python 3 | # make tests/*.py use Python 3 | ||||||
| sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py | sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py | ||||||
| @ -498,6 +502,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la | |||||||
| %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25.el8_7.1 | ||||||
|  | - upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337) | ||||||
|  | 
 | ||||||
| * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25 | * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25 | ||||||
| - setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703) | - setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703) | ||||||
| - fix HTTP compression denial of service (CVE-2022-32206) | - fix HTTP compression denial of service (CVE-2022-32206) | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user