new upstream release - 7.42.0

Fixes CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, and CVE-2015-3148.
This commit is contained in:
Kamil Dudka 2015-04-22 12:40:08 +02:00
parent 094e8186a4
commit 167643f9ce
6 changed files with 13 additions and 225 deletions

View File

@ -1,150 +0,0 @@
From b4d5a85714dc37d3aa0aa6ed7b37d95205b0f13a Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 24 Feb 2015 15:10:15 +0100
Subject: [PATCH] nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS. This also fixes
the following Coverity report:
Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
Upstream-commit: 7a1538d9cc0736e0a9ab13cf115db40a0bfbb152
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vtls/nss.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 16b9124..1dd56ba 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data,
if(data)
Curl_nss_seed(data); /* Initiate the seed if not already done */
- if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
- /* no way to signal a failure from here, we have to abort */
- failf(data, "PK11_GenerateRandom() failed, calling abort()...");
- abort();
- }
+ if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
+ /* signal a failure */
+ return -1;
return 0;
}
--
2.1.0
From 6d5b40e46ec36a19bc4ee76ec674058088bec8ba Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 24 Feb 2015 15:18:45 +0100
Subject: [PATCH] nss: do not skip Curl_nss_seed() if data is NULL
In that case, we only skip writing the error message for failed NSS
initialization (while still returning the correct error code).
Upstream-commit: 4909f7c795a4490dbb29e89b8b1564af86ee5999
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vtls/nss.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 1dd56ba..e201dec 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1034,6 +1034,7 @@ static PRStatus nspr_io_close(PRFileDesc *fd)
return close_fn(fd);
}
+/* data might be NULL */
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
NSSInitParameters initparams;
@@ -1071,6 +1072,7 @@ static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
return CURLE_SSL_CACERT_BADFILE;
}
+/* data might be NULL */
static CURLcode nss_init(struct SessionHandle *data)
{
char *cert_dir;
@@ -1149,12 +1151,14 @@ int Curl_nss_init(void)
return 1;
}
+/* data might be NULL */
CURLcode Curl_nss_force_init(struct SessionHandle *data)
{
CURLcode result;
if(!nss_initlock) {
- failf(data, "unable to initialize NSS, curl_global_init() should have "
- "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
+ if(data)
+ failf(data, "unable to initialize NSS, curl_global_init() should have "
+ "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
return CURLE_FAILED_INIT;
}
@@ -1904,6 +1908,7 @@ size_t Curl_nss_version(char *buffer, size_t size)
return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
}
+/* data might be NULL */
int Curl_nss_seed(struct SessionHandle *data)
{
/* make sure that NSS is initialized */
@@ -1915,8 +1920,7 @@ int Curl_nss_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
- if(data)
- Curl_nss_seed(data); /* Initiate the seed if not already done */
+ Curl_nss_seed(data); /* Initiate the seed if not already done */
if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
/* signal a failure */
--
2.1.0
From abe5470533db524abfbb7f7e078c15c159aa66d9 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 24 Feb 2015 18:58:55 +0100
Subject: [PATCH] curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
Otherwise it expands to:
echo ""/etc/pki/tls/certs/ca-bundle.crt""
Detected by ShellCheck:
curl-config:74:16: warning: The double quotes around this do
nothing. Remove or escape them. [SC2140]
Upstream-commit: e47b8306db14ed1ccd66f774bded2d59602d2c88
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
curl-config.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/curl-config.in b/curl-config.in
index 1ddf4c2..9398722 100644
--- a/curl-config.in
+++ b/curl-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
;;
--ca)
- echo "@CURL_CA_BUNDLE@"
+ echo @CURL_CA_BUNDLE@
;;
--cc)
--
2.1.0

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlTte8QACgkQeOEcayedXJFByQCdEIZG6sOcXOhbe9JGSTZowdMR
72cAoLu08rLq83AkywThzrxFG6qb7K0z
=U309
-----END PGP SIGNATURE-----

7
curl-7.42.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlU3ONsACgkQeOEcayedXJE4lQCeMzC0F+JUqFKRGut7+qXAbVlN
wJkAoLFPfw7cZS/mWrJipz23Gql4WYa9
=r9g2
-----END PGP SIGNATURE-----

View File

@ -1,15 +1,11 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.41.0
Version: 7.42.0
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Source3: https://raw.githubusercontent.com/bagder/curl/curl-7_41_0/tests/extern-scan.pl
# fix defects found by Coverity and ShellCheck
Patch1: 0001-curl-7.41.0-abe54705.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@ -117,10 +113,8 @@ documentation of the library, too.
%prep
%setup -q
install -m0755 %{SOURCE3} tests/
# upstream patches
%patch1 -p1
# Fedora patches
%patch101 -p1
@ -242,6 +236,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Wed Apr 22 2015 Kamil Dudka <kdudka@redhat.com> 7.42.0-1
- new upstream release (fixes CVE-2015-3143, CVE-2015-3144, CVE-2015-3145,
and CVE-2015-3148)
* Wed Feb 25 2015 Kamil Dudka <kdudka@redhat.com> 7.41.0-1
- new upstream release
- include extern-scan.pl to make test1135 succeed (upstream commit 1514b718)

View File

@ -1,60 +0,0 @@
#!/usr/bin/env perl
#***************************************************************************
# _ _ ____ _
# Project ___| | | | _ \| |
# / __| | | | |_) | |
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) 2010-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at http://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
###########################################################################
#
#
use strict;
use warnings;
# we may get the dir root pointed out
my $root=$ARGV[0] || ".";
my @incs = (
"$root/include/curl/curl.h",
"$root/include/curl/easy.h",
"$root/include/curl/mprintf.h",
"$root/include/curl/multi.h",
);
my $verbose=0;
my $summary=0;
my $misses=0;
my @syms;
my %doc;
my %rem;
sub scanheader {
my ($f)=@_;
open H, "<$f" || die;
while(<H>) {
if (/^(CURL_EXTERN.*)/) {
print "$1\n";
}
}
close H;
}
foreach my $i (@incs) {
scanheader($i);
}

View File

@ -1 +1 @@
3d75ba516673ddc441dac8d519d2634d curl-7.41.0.tar.lzma
fddfab60987ee6119652b57c082d2623 curl-7.42.0.tar.lzma