rpms/curl
7
0
Fork 1
Code Issues Pull Requests Releases Activity

http2: make sure pause is done on HTTP

Browse Source 
Resolves: RHEL-85847
This commit is contained in:
Jacek Migacz 2025-04-07 18:48:04 +02:00
parent 5b07a8b039
commit 3ba57e8417
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0039-curl-7.76.1-pause-on-http.patch Normal file
View File

@ -0,0 +1,28 @@
From badcf275bc5e7a13128734968102a48c93962cef Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 17 May 2021 09:05:39 +0200
Subject: [PATCH] http2: make sure pause is done on HTTP
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.
Reported-by: Denis Goleshchikhin
Fixes #7079
---
lib/http2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/http2.c b/lib/http2.c
index ac04d348c495..bc604ce1551a 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2353,7 +2353,8 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
DEBUGASSERT(data);
DEBUGASSERT(data->conn);
/* if it isn't HTTP/2, we're done */
- if(!data->conn->proto.httpc.h2)
+ if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
+ !data->conn->proto.httpc.h2)
return CURLE_OK;
#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
else {

7
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.76.1 Version: 7.76.1
Release: 31%{?dist} Release: 32%{?dist}
License: MIT License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -116,6 +116,9 @@ Patch37: 0037-curl-7.76.1-ignore-unexpected-eof.patch
# provide common cleanup method for push headers (CVE-2024-2398) # provide common cleanup method for push headers (CVE-2024-2398)
Patch38: 0038-curl-7.76.1-CVE-2024-2398.patch Patch38: 0038-curl-7.76.1-CVE-2024-2398.patch
# make sure pause is done on HTTP
Patch39: 0039-curl-7.76.1-pause-on-http.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -328,6 +331,7 @@ be installed.
%patch -P 36 -p1 %patch -P 36 -p1
%patch -P 37 -p1 %patch -P 37 -p1
%patch -P 38 -p1 %patch -P 38 -p1
%patch -P 39 -p1
# Fedora patches # Fedora patches
%patch -P 101 -p1 %patch -P 101 -p1
@ -589,6 +593,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
* Tue Dec 17 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-32 * Tue Dec 17 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-32
- make up incomplete patch for host name wildcard checking (RHEL-5675) - make up incomplete patch for host name wildcard checking (RHEL-5675)
- eliminate use of obsolete patch syntax (RHEL-65791) - eliminate use of obsolete patch syntax (RHEL-65791)
- http2: make sure pause is done on HTTP (RHEL-85847)
* Thu Aug 22 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31 * Thu Aug 22 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31
- provide common cleanup method for push headers (CVE-2024-2398) - provide common cleanup method for push headers (CVE-2024-2398)