diff --git a/0054-curl-7.61.1-64K-sftp.patch b/0054-curl-7.61.1-64K-sftp.patch new file mode 100644 index 0000000..136a4bf --- /dev/null +++ b/0054-curl-7.61.1-64K-sftp.patch @@ -0,0 +1,31 @@ +From 35eb2614d86316ba9f5a6806ce64f56680fa1e97 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 5 Sep 2023 17:33:41 +0200 +Subject: [PATCH] libssh: cap SFTP packet size sent + +Due to libssh limitations + +Signed-off-by: Jakub Jelen + +Closes #11804 +--- + lib/ssh-libssh.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c +index dea0084575859..7c6a2e53f338f 100644 +--- a/lib/ssh-libssh.c ++++ b/lib/ssh-libssh.c +@@ -2412,6 +2412,12 @@ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, + ssize_t nwrite; + (void)sockindex; + ++ /* limit the writes to the maximum specified in Section 3 of ++ * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02 ++ */ ++ if(len > 32768) ++ len = 32768; ++ + nwrite = sftp_write(conn->proto.sshc.sftp_file, mem, len); + + myssh_block2waitfor(conn, FALSE); diff --git a/curl.spec b/curl.spec index b00fb03..9afd1ce 100644 --- a/curl.spec +++ b/curl.spec @@ -154,6 +154,9 @@ Patch52: 0052-curl-7.61.1-certs.patch # when keyboard-interactive auth fails, try password Patch53: 0053-curl-7.61.1-password-when-keyboard-interactive-fails.patch +# cap SFTP packet size sent +Patch54: 0054-curl-7.61.1-64K-sftp.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -380,6 +383,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6} %patch51 -p1 git apply %{PATCH52} %patch53 -p1 +%patch54 -p1 # make tests/*.py use Python 3 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py @@ -544,6 +548,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %changelog * Tue Sep 19 2023 Jacek Migacz - 7.61.1-34 - when keyboard-interactive auth fails, try password (#2229800) +- cap SFTP packet size sent (RHEL-5311) * Tue Jun 27 2023 Jacek Migacz - 7.61.1-33 - fix host name wildcard checking (CVE-2023-28321)