From f8f333b93145956e1d79d2f19bc8de945a64c14f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 15 Nov 2022 02:02:56 -0500 Subject: [PATCH] import curl-7.76.1-19.el9 --- SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch | 40 ++++ .../0020-curl-7.76.1-openldap-rebase.patch | 186 ++++++++++++++++++ SPECS/curl.spec | 21 +- 3 files changed, 241 insertions(+), 6 deletions(-) create mode 100644 SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch create mode 100644 SOURCES/0020-curl-7.76.1-openldap-rebase.patch diff --git a/SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch b/SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch new file mode 100644 index 0000000..769a0fd --- /dev/null +++ b/SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch @@ -0,0 +1,40 @@ +From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 25 Apr 2022 11:48:00 +0200 +Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey + +Make connections to two separate IPv6 zone ids create separate +connections. + +Reported-by: Harry Sintonen +Bug: https://curl.se/docs/CVE-2022-27775.html +Closes #8747 + +Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705 +Signed-off-by: Kamil Dudka +--- + lib/conncache.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/conncache.c b/lib/conncache.c +index cd5756a..9b9f683 100644 +--- a/lib/conncache.c ++++ b/lib/conncache.c +@@ -159,8 +159,12 @@ static void hashkey(struct connectdata *conn, char *buf, + /* report back which name we used */ + *hostp = hostname; + +- /* put the number first so that the hostname gets cut off if too long */ +- msnprintf(buf, len, "%ld%s", port, hostname); ++ /* put the numbers first so that the hostname gets cut off if too long */ ++#ifdef ENABLE_IPV6 ++ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); ++#else ++ msnprintf(buf, len, "%ld/%s", port, hostname); ++#endif + } + + /* Returns number of connections currently held in the connection cache. +-- +2.34.1 + diff --git a/SOURCES/0020-curl-7.76.1-openldap-rebase.patch b/SOURCES/0020-curl-7.76.1-openldap-rebase.patch new file mode 100644 index 0000000..65870b5 --- /dev/null +++ b/SOURCES/0020-curl-7.76.1-openldap-rebase.patch @@ -0,0 +1,186 @@ +From c2acc48854be9f8590e57a7b44b649fb8537bed4 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 4 May 2021 16:14:13 +0200 +Subject: [PATCH] openldap: replace ldap_ prefix on private functions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at +least) there's a symbol collision because of that. + +The private functions now use the 'oldap_' prefix where it previously +used 'ldap_'. + +Reported-by: 3eka on github +Fixes #7004 +Closes #7005 + +Upstream-commit: 8bdde6b14ce3b5fd71c772a578fcbd4b6fa6df19 +Signed-off-by: Kamil Dudka +--- + lib/openldap.c | 67 +++++++++++++++++++++++++------------------------- + 1 file changed, 34 insertions(+), 33 deletions(-) + +diff --git a/lib/openldap.c b/lib/openldap.c +index b515554..5a32c74 100644 +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -76,16 +76,16 @@ extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url, + LDAP **ld); + #endif + +-static CURLcode ldap_setup_connection(struct Curl_easy *data, +- struct connectdata *conn); +-static CURLcode ldap_do(struct Curl_easy *data, bool *done); +-static CURLcode ldap_done(struct Curl_easy *data, CURLcode, bool); +-static CURLcode ldap_connect(struct Curl_easy *data, bool *done); +-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done); +-static CURLcode ldap_disconnect(struct Curl_easy *data, +- struct connectdata *conn, bool dead); ++static CURLcode oldap_setup_connection(struct Curl_easy *data, ++ struct connectdata *conn); ++static CURLcode oldap_do(struct Curl_easy *data, bool *done); ++static CURLcode oldap_done(struct Curl_easy *data, CURLcode, bool); ++static CURLcode oldap_connect(struct Curl_easy *data, bool *done); ++static CURLcode oldap_connecting(struct Curl_easy *data, bool *done); ++static CURLcode oldap_disconnect(struct Curl_easy *data, ++ struct connectdata *conn, bool dead); + +-static Curl_recv ldap_recv; ++static Curl_recv oldap_recv; + + /* + * LDAP protocol handler. +@@ -93,18 +93,18 @@ static Curl_recv ldap_recv; + + const struct Curl_handler Curl_handler_ldap = { + "LDAP", /* scheme */ +- ldap_setup_connection, /* setup_connection */ +- ldap_do, /* do_it */ +- ldap_done, /* done */ ++ oldap_setup_connection, /* setup_connection */ ++ oldap_do, /* do_it */ ++ oldap_done, /* done */ + ZERO_NULL, /* do_more */ +- ldap_connect, /* connect_it */ +- ldap_connecting, /* connecting */ ++ oldap_connect, /* connect_it */ ++ oldap_connecting, /* connecting */ + ZERO_NULL, /* doing */ + ZERO_NULL, /* proto_getsock */ + ZERO_NULL, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ +- ldap_disconnect, /* disconnect */ ++ oldap_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ +@@ -121,18 +121,18 @@ const struct Curl_handler Curl_handler_ldap = { + + const struct Curl_handler Curl_handler_ldaps = { + "LDAPS", /* scheme */ +- ldap_setup_connection, /* setup_connection */ +- ldap_do, /* do_it */ +- ldap_done, /* done */ ++ oldap_setup_connection, /* setup_connection */ ++ oldap_do, /* do_it */ ++ oldap_done, /* done */ + ZERO_NULL, /* do_more */ +- ldap_connect, /* connect_it */ +- ldap_connecting, /* connecting */ ++ oldap_connect, /* connect_it */ ++ oldap_connecting, /* connecting */ + ZERO_NULL, /* doing */ + ZERO_NULL, /* proto_getsock */ + ZERO_NULL, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ +- ldap_disconnect, /* disconnect */ ++ oldap_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ +@@ -173,8 +173,8 @@ struct ldapreqinfo { + int nument; + }; + +-static CURLcode ldap_setup_connection(struct Curl_easy *data, +- struct connectdata *conn) ++static CURLcode oldap_setup_connection(struct Curl_easy *data, ++ struct connectdata *conn) + { + struct ldapconninfo *li; + LDAPURLDesc *lud; +@@ -209,7 +209,7 @@ static CURLcode ldap_setup_connection(struct Curl_easy *data, + static Sockbuf_IO ldapsb_tls; + #endif + +-static CURLcode ldap_connect(struct Curl_easy *data, bool *done) ++static CURLcode oldap_connect(struct Curl_easy *data, bool *done) + { + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; +@@ -257,7 +257,7 @@ static CURLcode ldap_connect(struct Curl_easy *data, bool *done) + return CURLE_OK; + } + +-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done) ++static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) + { + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; +@@ -356,14 +356,15 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done) + + if(info) + ldap_memfree(info); +- conn->recv[FIRSTSOCKET] = ldap_recv; ++ conn->recv[FIRSTSOCKET] = oldap_recv; + *done = TRUE; + + return CURLE_OK; + } + +-static CURLcode ldap_disconnect(struct Curl_easy *data, +- struct connectdata *conn, bool dead_connection) ++static CURLcode oldap_disconnect(struct Curl_easy *data, ++ struct connectdata *conn, ++ bool dead_connection) + { + struct ldapconninfo *li = conn->proto.ldapc; + (void) dead_connection; +@@ -384,7 +385,7 @@ static CURLcode ldap_disconnect(struct Curl_easy *data, + return CURLE_OK; + } + +-static CURLcode ldap_do(struct Curl_easy *data, bool *done) ++static CURLcode oldap_do(struct Curl_easy *data, bool *done) + { + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; +@@ -429,8 +430,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + return CURLE_OK; + } + +-static CURLcode ldap_done(struct Curl_easy *data, CURLcode res, +- bool premature) ++static CURLcode oldap_done(struct Curl_easy *data, CURLcode res, ++ bool premature) + { + struct connectdata *conn = data->conn; + struct ldapreqinfo *lr = data->req.p.ldap; +@@ -452,8 +453,8 @@ static CURLcode ldap_done(struct Curl_easy *data, CURLcode res, + return CURLE_OK; + } + +-static ssize_t ldap_recv(struct Curl_easy *data, int sockindex, char *buf, +- size_t len, CURLcode *err) ++static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ++ size_t len, CURLcode *err) + { + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; +-- +2.35.3 + diff --git a/SPECS/curl.spec b/SPECS/curl.spec index 8853ea2..3660f44 100644 --- a/SPECS/curl.spec +++ b/SPECS/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 14%{?dist}.5 +Release: 19%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz @@ -35,6 +35,9 @@ Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch # fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch +# fix bad local IPv6 connection reuse (CVE-2022-27775) +Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch + # fix auth/cookie leak on redirect (CVE-2022-27776) Patch12: 0012-curl-7.76.1-CVE-2022-27776.patch @@ -56,6 +59,9 @@ Patch17: 0017-curl-7.76.1-CVE-2022-32206.patch # fix unpreserved file permissions (CVE-2022-32207) Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch +# fix build failure caused by openldap rebase (#2094159) +Patch20: 0020-curl-7.76.1-openldap-rebase.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -241,6 +247,7 @@ be installed. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 @@ -248,6 +255,7 @@ be installed. %patch16 -p1 %patch17 -p1 %patch19 -p1 +%patch20 -p1 # Fedora patches %patch101 -p1 @@ -468,23 +476,24 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog -* Wed Jun 29 2022 Kamil Dudka - 7.76.1-14.el9_0.5 +* Wed Jun 29 2022 Kamil Dudka - 7.76.1-19 - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) -* Wed May 11 2022 Kamil Dudka - 7.76.1-14.el9_0.4 +* Wed May 11 2022 Kamil Dudka - 7.76.1-18 - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) -* Mon May 02 2022 Kamil Dudka - 7.76.1-14.el9_0.3 +* Mon May 02 2022 Kamil Dudka - 7.76.1-17 - fix leak of SRP credentials in redirects (CVE-2022-27774) -* Fri Apr 29 2022 Kamil Dudka - 7.76.1-14.el9_0.2 +* Fri Apr 29 2022 Kamil Dudka - 7.76.1-16 - add missing tests to Makefile -* Thu Apr 28 2022 Kamil Dudka - 7.76.1-14.el9_0.1 +* Thu Apr 28 2022 Kamil Dudka - 7.76.1-15 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) +- fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) * Tue Oct 26 2021 Kamil Dudka - 7.76.1-14