new upstream release - 7.85.0
Resolves: CVE-2022-35252 - control code in cookie denial of service
This commit is contained in:
parent
f58874c271
commit
1322e86ddb
@ -1,32 +0,0 @@
|
|||||||
From 711902d9e591947d5d8ec9568beab0c7d36b7dd0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Stenberg <daniel@haxx.se>
|
|
||||||
Date: Mon, 27 Jun 2022 08:46:21 +0200
|
|
||||||
Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
|
|
||||||
|
|
||||||
Patched-by: Harry Sintonen
|
|
||||||
|
|
||||||
Closes #9054
|
|
||||||
|
|
||||||
Upstream-commit: e2e7f54b7bea521fa8373095d0f43261a720cda0
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
lib/easy_lock.h | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/easy_lock.h b/lib/easy_lock.h
|
|
||||||
index 819f50c..1f54289 100644
|
|
||||||
--- a/lib/easy_lock.h
|
|
||||||
+++ b/lib/easy_lock.h
|
|
||||||
@@ -36,6 +36,9 @@
|
|
||||||
|
|
||||||
#elif defined (HAVE_ATOMIC)
|
|
||||||
#include <stdatomic.h>
|
|
||||||
+#if defined(HAVE_SCHED_YIELD)
|
|
||||||
+#include <sched.h>
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#define curl_simple_lock atomic_bool
|
|
||||||
#define CURL_SIMPLE_LOCK_INIT false
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,156 +0,0 @@
|
|||||||
From 221905eca9fb4b82822b6a14ef6d82c98c5702d9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jay Satiro <raysatiro@yahoo.com>
|
|
||||||
Date: Thu, 25 Aug 2022 03:46:42 -0400
|
|
||||||
Subject: [PATCH] tests: fix http2 tests to use CRLF headers
|
|
||||||
|
|
||||||
Prior to this change some tests that rely on nghttpx proxy did not use
|
|
||||||
CRLF headers everywhere. Recent changes in nghttp2 (??? ref here)
|
|
||||||
requires curl's HTTP/1.1 test server to use CRLF headers.
|
|
||||||
|
|
||||||
Fixes https://github.com/curl/curl/issues/9364
|
|
||||||
Closes https://github.com/curl/curl/pull/9365
|
|
||||||
---
|
|
||||||
tests/data/test1700 | 34 +++++++++++++++++-----------------
|
|
||||||
tests/data/test1701 | 22 +++++++++++-----------
|
|
||||||
tests/data/test358 | 16 ++++++++--------
|
|
||||||
tests/data/test359 | 16 ++++++++--------
|
|
||||||
4 files changed, 44 insertions(+), 44 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/data/test1700 b/tests/data/test1700
|
|
||||||
index 8b1ef4ae3..7f78bcf5f 100644
|
|
||||||
--- a/tests/data/test1700
|
|
||||||
+++ b/tests/data/test1700
|
|
||||||
@@ -11,26 +11,26 @@ HTTP/2
|
|
||||||
# Server-side
|
|
||||||
<reply>
|
|
||||||
<data nocheck="yes">
|
|
||||||
-HTTP/1.1 200 OK
|
|
||||||
-Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
-Server: test-server/fake
|
|
||||||
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
-ETag: "21025-dc7-39462498"
|
|
||||||
-Accept-Ranges: bytes
|
|
||||||
-Content-Length: 6
|
|
||||||
-Connection: close
|
|
||||||
-Content-Type: text/html
|
|
||||||
-Funny-head: yesyes
|
|
||||||
-
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Server: test-server/fake
|
|
||||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
+ETag: "21025-dc7-39462498"
|
|
||||||
+Accept-Ranges: bytes
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+
|
|
||||||
-foo-
|
|
||||||
</data>
|
|
||||||
<data1>
|
|
||||||
-HTTP/1.1 200 OK
|
|
||||||
-Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
-Content-Length: 6
|
|
||||||
-Connection: close
|
|
||||||
-Content-Type: text/html
|
|
||||||
-
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+
|
|
||||||
-maa-
|
|
||||||
</data1>
|
|
||||||
</reply>
|
|
||||||
diff --git a/tests/data/test1701 b/tests/data/test1701
|
|
||||||
index 3c1a2bd0b..22f6147d0 100644
|
|
||||||
--- a/tests/data/test1701
|
|
||||||
+++ b/tests/data/test1701
|
|
||||||
@@ -11,17 +11,17 @@ HTTP/2
|
|
||||||
# Server-side
|
|
||||||
<reply>
|
|
||||||
<data nocheck="yes">
|
|
||||||
-HTTP/1.1 200 OK
|
|
||||||
-Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
-Server: test-server/fake
|
|
||||||
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
-ETag: "21025-dc7-39462498"
|
|
||||||
-Accept-Ranges: bytes
|
|
||||||
-Content-Length: 6
|
|
||||||
-Connection: close
|
|
||||||
-Content-Type: text/html
|
|
||||||
-Funny-head: yesyes
|
|
||||||
-
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Server: test-server/fake
|
|
||||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
|
||||||
+ETag: "21025-dc7-39462498"
|
|
||||||
+Accept-Ranges: bytes
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+
|
|
||||||
-foo-
|
|
||||||
</data>
|
|
||||||
</reply>
|
|
||||||
diff --git a/tests/data/test358 b/tests/data/test358
|
|
||||||
index 8b4f66062..0f8a9801b 100644
|
|
||||||
--- a/tests/data/test358
|
|
||||||
+++ b/tests/data/test358
|
|
||||||
@@ -12,14 +12,14 @@ HTTP/2
|
|
||||||
# Server-side
|
|
||||||
<reply>
|
|
||||||
<data nocheck="yes">
|
|
||||||
-HTTP/1.1 200 OK
|
|
||||||
-Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
-Content-Length: 6
|
|
||||||
-Connection: close
|
|
||||||
-Content-Type: text/html
|
|
||||||
-Funny-head: yesyes
|
|
||||||
-Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0
|
|
||||||
-
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0
|
|
||||||
+
|
|
||||||
-foo-
|
|
||||||
</data>
|
|
||||||
</reply>
|
|
||||||
diff --git a/tests/data/test359 b/tests/data/test359
|
|
||||||
index a5ba4e3ae..0e684e39e 100644
|
|
||||||
--- a/tests/data/test359
|
|
||||||
+++ b/tests/data/test359
|
|
||||||
@@ -12,14 +12,14 @@ HTTP/2
|
|
||||||
# Server-side
|
|
||||||
<reply>
|
|
||||||
<data nocheck="yes">
|
|
||||||
-HTTP/1.1 200 OK
|
|
||||||
-Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
-Content-Length: 6
|
|
||||||
-Connection: close
|
|
||||||
-Content-Type: text/html
|
|
||||||
-Funny-head: yesyes
|
|
||||||
-Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0
|
|
||||||
-
|
|
||||||
+HTTP/1.1 200 OK
|
|
||||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
||||||
+Content-Length: 6
|
|
||||||
+Connection: close
|
|
||||||
+Content-Type: text/html
|
|
||||||
+Funny-head: yesyes
|
|
||||||
+Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0
|
|
||||||
+
|
|
||||||
-foo-
|
|
||||||
</data>
|
|
||||||
</reply>
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -44,7 +44,7 @@ index 150004d..95d0759 100644
|
|||||||
|
|
||||||
--static-libs)
|
--static-libs)
|
||||||
- if test "X@ENABLE_STATIC@" != "Xno" ; then
|
- if test "X@ENABLE_STATIC@" != "Xno" ; then
|
||||||
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
|
- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@
|
||||||
- else
|
- else
|
||||||
- echo "curl was built with static libraries disabled" >&2
|
- echo "curl was built with static libraries disabled" >&2
|
||||||
- exit 1
|
- exit 1
|
||||||
|
@ -34,8 +34,9 @@ It fails on x86_64 with:
|
|||||||
[...]
|
[...]
|
||||||
```
|
```
|
||||||
---
|
---
|
||||||
tests/data/test3026 | 3 +++
|
tests/data/test3026 | 3 +++
|
||||||
1 file changed, 3 insertions(+)
|
tests/libtest/lib3026.c | 4 ++--
|
||||||
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/tests/data/test3026 b/tests/data/test3026
|
diff --git a/tests/data/test3026 b/tests/data/test3026
|
||||||
index fb80cc8..01f2ba5 100644
|
index fb80cc8..01f2ba5 100644
|
||||||
@ -50,16 +51,13 @@ index fb80cc8..01f2ba5 100644
|
|||||||
+</valgrind>
|
+</valgrind>
|
||||||
</verify>
|
</verify>
|
||||||
</testcase>
|
</testcase>
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
||||||
diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
|
diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
|
||||||
index 43fe335..70cd7a4 100644
|
index 43fe335..70cd7a4 100644
|
||||||
--- a/tests/libtest/lib3026.c
|
--- a/tests/libtest/lib3026.c
|
||||||
+++ b/tests/libtest/lib3026.c
|
+++ b/tests/libtest/lib3026.c
|
||||||
@@ -63,8 +63,8 @@ int test(char *URL)
|
@@ -123,8 +123,8 @@ int test(char *URL)
|
||||||
for(i = 0; i < tid_count; i++) {
|
results[i] = CURL_LAST; /* initialize with invalid value */
|
||||||
int res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
|
res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
|
||||||
if(res) {
|
if(res) {
|
||||||
- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
|
- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n",
|
||||||
- __FILE__, __LINE__, res);
|
- __FILE__, __LINE__, res);
|
||||||
@ -68,3 +66,6 @@ index 43fe335..70cd7a4 100644
|
|||||||
tid_count = i;
|
tid_count = i;
|
||||||
test_failure = -1;
|
test_failure = -1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
||||||
|
16
curl.spec
16
curl.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.84.0
|
Version: 7.85.0
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||||
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
||||||
@ -10,12 +10,6 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
|||||||
# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
|
# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
|
||||||
Source2: mykey.asc
|
Source2: mykey.asc
|
||||||
|
|
||||||
# easy_lock.h: include sched.h if available to fix build
|
|
||||||
Patch1: 0001-curl-7.84.0-sched-yield.patch
|
|
||||||
|
|
||||||
# tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
|
|
||||||
Patch2: 0002-curl-7.84.0-tests-http2.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -194,8 +188,6 @@ be installed.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -429,6 +421,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 01 2022 Kamil Dudka <kdudka@redhat.com> - 7.85.0-3
|
||||||
|
- new upstream release, which fixes the following vulnerability
|
||||||
|
CVE-2022-35252 - control code in cookie denial of service
|
||||||
|
|
||||||
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
|
* Thu Aug 25 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-3
|
||||||
- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
|
- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (curl-7.84.0.tar.xz) = 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
|
SHA512 (curl-7.85.0.tar.xz) = b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
|
||||||
SHA512 (curl-7.84.0.tar.xz.asc) = 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702
|
SHA512 (curl-7.85.0.tar.xz.asc) = 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6
|
||||||
|
Loading…
Reference in New Issue
Block a user