import curl-7.76.1-23.el9
This commit is contained in:
parent
91bd179f8e
commit
41ac10a16f
136
SOURCES/0021-curl-7.76.1-CVE-2022-35252.patch
Normal file
136
SOURCES/0021-curl-7.76.1-CVE-2022-35252.patch
Normal file
@ -0,0 +1,136 @@
|
||||
From fbc2ac6f06ec13cc872ce7adb870f4d7c7d5dded Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 29 Aug 2022 00:09:17 +0200
|
||||
Subject: [PATCH 1/2] cookie: reject cookies with "control bytes"
|
||||
|
||||
Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
|
||||
|
||||
Reported-by: Axel Chong
|
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-35252.html
|
||||
|
||||
CVE-2022-35252
|
||||
|
||||
Closes #9381
|
||||
|
||||
Upstream-commit: 8dfc93e573ca740544a2d79ebb0ed786592c65c3
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/cookie.c | 29 +++++++++++++++++++++++++++++
|
||||
1 file changed, 29 insertions(+)
|
||||
|
||||
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||
index cb0c03b..e0470a1 100644
|
||||
--- a/lib/cookie.c
|
||||
+++ b/lib/cookie.c
|
||||
@@ -383,6 +383,30 @@ static void strstore(char **str, const char *newstr)
|
||||
*str = strdup(newstr);
|
||||
}
|
||||
|
||||
+/*
|
||||
+ RFC 6265 section 4.1.1 says a server should accept this range:
|
||||
+
|
||||
+ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
|
||||
+
|
||||
+ But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
|
||||
+ fine. The prime reason for filtering out control bytes is that some HTTP
|
||||
+ servers return 400 for requests that contain such.
|
||||
+*/
|
||||
+static int invalid_octets(const char *p)
|
||||
+{
|
||||
+ /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
|
||||
+ static const char badoctets[] = {
|
||||
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
|
||||
+ "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
|
||||
+ "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
|
||||
+ };
|
||||
+ size_t vlen, len;
|
||||
+ /* scan for all the octets that are *not* in cookie-octet */
|
||||
+ len = strcspn(p, badoctets);
|
||||
+ vlen = strlen(p);
|
||||
+ return (len != vlen);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* remove_expired() removes expired cookies.
|
||||
*/
|
||||
@@ -567,6 +591,11 @@ Curl_cookie_add(struct Curl_easy *data,
|
||||
badcookie = TRUE;
|
||||
break;
|
||||
}
|
||||
+ if(invalid_octets(whatptr) || invalid_octets(name)) {
|
||||
+ infof(data, "invalid octets in name/value, cookie dropped");
|
||||
+ badcookie = TRUE;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
else if(!len) {
|
||||
/* this was a "<name>=" with no content, and we must allow
|
||||
--
|
||||
2.37.1
|
||||
|
||||
|
||||
From 1a3e2bd48572761236934651091c899a4d460ef5 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 29 Aug 2022 00:09:17 +0200
|
||||
Subject: [PATCH 2/2] test8: verify that "ctrl-byte cookies" are ignored
|
||||
|
||||
Upstream-commit: 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/data/test8 | 32 +++++++++++++++++++++++++++++++-
|
||||
1 file changed, 31 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/data/test8 b/tests/data/test8
|
||||
index a8548e6..8587611 100644
|
||||
--- a/tests/data/test8
|
||||
+++ b/tests/data/test8
|
||||
@@ -46,6 +46,36 @@ Set-Cookie: trailingspace = removed; path=/we/want;
|
||||
Set-Cookie: nocookie=yes; path=/WE;
|
||||
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
|
||||
Set-Cookie: partialip=nono; domain=.0.0.1;
|
||||
+Set-Cookie: cookie1=%hex[%01-junk]hex%
|
||||
+Set-Cookie: cookie2=%hex[%02-junk]hex%
|
||||
+Set-Cookie: cookie3=%hex[%03-junk]hex%
|
||||
+Set-Cookie: cookie4=%hex[%04-junk]hex%
|
||||
+Set-Cookie: cookie5=%hex[%05-junk]hex%
|
||||
+Set-Cookie: cookie6=%hex[%06-junk]hex%
|
||||
+Set-Cookie: cookie7=%hex[%07-junk]hex%
|
||||
+Set-Cookie: cookie8=%hex[%08-junk]hex%
|
||||
+Set-Cookie: cookie9=%hex[junk-%09-]hex%
|
||||
+Set-Cookie: cookie11=%hex[%0b-junk]hex%
|
||||
+Set-Cookie: cookie12=%hex[%0c-junk]hex%
|
||||
+Set-Cookie: cookie14=%hex[%0e-junk]hex%
|
||||
+Set-Cookie: cookie15=%hex[%0f-junk]hex%
|
||||
+Set-Cookie: cookie16=%hex[%10-junk]hex%
|
||||
+Set-Cookie: cookie17=%hex[%11-junk]hex%
|
||||
+Set-Cookie: cookie18=%hex[%12-junk]hex%
|
||||
+Set-Cookie: cookie19=%hex[%13-junk]hex%
|
||||
+Set-Cookie: cookie20=%hex[%14-junk]hex%
|
||||
+Set-Cookie: cookie21=%hex[%15-junk]hex%
|
||||
+Set-Cookie: cookie22=%hex[%16-junk]hex%
|
||||
+Set-Cookie: cookie23=%hex[%17-junk]hex%
|
||||
+Set-Cookie: cookie24=%hex[%18-junk]hex%
|
||||
+Set-Cookie: cookie25=%hex[%19-junk]hex%
|
||||
+Set-Cookie: cookie26=%hex[%1a-junk]hex%
|
||||
+Set-Cookie: cookie27=%hex[%1b-junk]hex%
|
||||
+Set-Cookie: cookie28=%hex[%1c-junk]hex%
|
||||
+Set-Cookie: cookie29=%hex[%1d-junk]hex%
|
||||
+Set-Cookie: cookie30=%hex[%1e-junk]hex%
|
||||
+Set-Cookie: cookie31=%hex[%1f-junk]hex%
|
||||
+Set-Cookie: cookie31=%hex[%7f-junk]hex%
|
||||
|
||||
</file>
|
||||
<precheck>
|
||||
@@ -60,7 +90,7 @@ GET /we/want/%TESTNUMBER HTTP/1.1
|
||||
Host: %HOSTIP:%HTTPPORT
|
||||
User-Agent: curl/%VERSION
|
||||
Accept: */*
|
||||
-Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
|
||||
+Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes; cookie9=junk- -
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
--
|
||||
2.37.1
|
||||
|
251
SOURCES/0022-curl-7.76.1-CVE-2022-32221.patch
Normal file
251
SOURCES/0022-curl-7.76.1-CVE-2022-32221.patch
Normal file
@ -0,0 +1,251 @@
|
||||
From 08a53016db649bdf4f65c42a9704d35e052be7eb Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 15 Sep 2022 09:22:45 +0200
|
||||
Subject: [PATCH 1/2] setopt: when POST is set, reset the 'upload' field
|
||||
|
||||
Reported-by: RobBotic1 on github
|
||||
Fixes #9507
|
||||
Closes #9511
|
||||
|
||||
Upstream-commit: a64e3e59938abd7d667e4470a18072a24d7e9de9
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/setopt.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/setopt.c b/lib/setopt.c
|
||||
index d5e3b50..b8793b4 100644
|
||||
--- a/lib/setopt.c
|
||||
+++ b/lib/setopt.c
|
||||
@@ -628,6 +628,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
|
||||
}
|
||||
else
|
||||
data->set.method = HTTPREQ_GET;
|
||||
+ data->set.upload = FALSE;
|
||||
break;
|
||||
|
||||
case CURLOPT_HTTPPOST:
|
||||
--
|
||||
2.37.3
|
||||
|
||||
|
||||
From a5e36349807b98d31a16bd220f6434289465e16a Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 15 Sep 2022 09:23:33 +0200
|
||||
Subject: [PATCH 2/2] test1948: verify PUT + POST reusing the same handle
|
||||
|
||||
Reproduced #9507, verifies the fix
|
||||
|
||||
Upstream-commit: 1edb15925e350be3b891f8a8de86600b22c0bb20
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/data/Makefile.inc | 1 +
|
||||
tests/data/test1948 | 73 +++++++++++++++++++++++++++++++++++
|
||||
tests/libtest/Makefile.inc | 5 +++
|
||||
tests/libtest/lib1948.c | 79 ++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 158 insertions(+)
|
||||
create mode 100644 tests/data/test1948
|
||||
create mode 100644 tests/libtest/lib1948.c
|
||||
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index 818ee08..0cfab9b 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -217,6 +217,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
|
||||
test1916 test1917 test1918 \
|
||||
\
|
||||
test1933 test1934 test1935 test1936 \
|
||||
+test1948 \
|
||||
\
|
||||
test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
|
||||
test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
|
||||
diff --git a/tests/data/test1948 b/tests/data/test1948
|
||||
new file mode 100644
|
||||
index 0000000..639523d
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test1948
|
||||
@@ -0,0 +1,73 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+HTTP POST
|
||||
+HTTP PUT
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data>
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT
|
||||
+Content-Type: text/html
|
||||
+Content-Length: 6
|
||||
+
|
||||
+hello
|
||||
+</data>
|
||||
+<datacheck>
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT
|
||||
+Content-Type: text/html
|
||||
+Content-Length: 6
|
||||
+
|
||||
+hello
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT
|
||||
+Content-Type: text/html
|
||||
+Content-Length: 6
|
||||
+
|
||||
+hello
|
||||
+</datacheck>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+
|
||||
+<name>
|
||||
+CURLOPT_POST after CURLOPT_UPLOAD reusing handle
|
||||
+</name>
|
||||
+<tool>
|
||||
+lib%TESTNUMBER
|
||||
+</tool>
|
||||
+
|
||||
+<command>
|
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+<protocol>
|
||||
+PUT /%TESTNUMBER HTTP/1.1
|
||||
+Host: %HOSTIP:%HTTPPORT
|
||||
+Accept: */*
|
||||
+Content-Length: 22
|
||||
+Expect: 100-continue
|
||||
+
|
||||
+This is test PUT data
|
||||
+POST /1948 HTTP/1.1
|
||||
+Host: %HOSTIP:%HTTPPORT
|
||||
+Accept: */*
|
||||
+Content-Length: 22
|
||||
+Content-Type: application/x-www-form-urlencoded
|
||||
+
|
||||
+This is test PUT data
|
||||
+</protocol>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
||||
index 83a8af4..3192eca 100644
|
||||
--- a/tests/libtest/Makefile.inc
|
||||
+++ b/tests/libtest/Makefile.inc
|
||||
@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
|
||||
lib1591 lib1592 lib1593 lib1594 lib1596 \
|
||||
lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
|
||||
lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
|
||||
+ lib1948 \
|
||||
lib3010
|
||||
|
||||
chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
|
||||
@@ -690,6 +691,10 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib1936_LDADD = $(TESTUTIL_LIBS)
|
||||
lib1936_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
|
||||
+lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
|
||||
+lib1948_LDADD = $(TESTUTIL_LIBS)
|
||||
+lib1948_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1948
|
||||
+
|
||||
lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib3010_LDADD = $(TESTUTIL_LIBS)
|
||||
lib3010_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
|
||||
new file mode 100644
|
||||
index 0000000..7c891a2
|
||||
--- /dev/null
|
||||
+++ b/tests/libtest/lib1948.c
|
||||
@@ -0,0 +1,79 @@
|
||||
+/***************************************************************************
|
||||
+ * _ _ ____ _
|
||||
+ * Project ___| | | | _ \| |
|
||||
+ * / __| | | | |_) | |
|
||||
+ * | (__| |_| | _ <| |___
|
||||
+ * \___|\___/|_| \_\_____|
|
||||
+ *
|
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ *
|
||||
+ * This software is licensed as described in the file COPYING, which
|
||||
+ * you should have received as part of this distribution. The terms
|
||||
+ * are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
+ *
|
||||
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
+ * copies of the Software, and permit persons to whom the Software is
|
||||
+ * furnished to do so, under the terms of the COPYING file.
|
||||
+ *
|
||||
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
+ * KIND, either express or implied.
|
||||
+ *
|
||||
+ * SPDX-License-Identifier: curl
|
||||
+ *
|
||||
+ ***************************************************************************/
|
||||
+
|
||||
+#include "test.h"
|
||||
+
|
||||
+typedef struct
|
||||
+{
|
||||
+ char *buf;
|
||||
+ size_t len;
|
||||
+} put_buffer;
|
||||
+
|
||||
+static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
|
||||
+{
|
||||
+ put_buffer *putdata = (put_buffer *)stream;
|
||||
+ size_t totalsize = size * nmemb;
|
||||
+ size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
|
||||
+ memcpy(ptr, putdata->buf, tocopy);
|
||||
+ putdata->len -= tocopy;
|
||||
+ putdata->buf += tocopy;
|
||||
+ return tocopy;
|
||||
+}
|
||||
+
|
||||
+int test(char *URL)
|
||||
+{
|
||||
+ CURL *curl;
|
||||
+ CURLcode res = CURLE_OUT_OF_MEMORY;
|
||||
+
|
||||
+ curl_global_init(CURL_GLOBAL_DEFAULT);
|
||||
+
|
||||
+ curl = curl_easy_init();
|
||||
+ if(curl) {
|
||||
+ const char *testput = "This is test PUT data\n";
|
||||
+ put_buffer pbuf;
|
||||
+
|
||||
+ /* PUT */
|
||||
+ curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
|
||||
+ curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
|
||||
+ curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
|
||||
+ pbuf.buf = (char *)testput;
|
||||
+ pbuf.len = strlen(testput);
|
||||
+ curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
|
||||
+ curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
|
||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, URL);
|
||||
+ if(!res)
|
||||
+ res = curl_easy_perform(curl);
|
||||
+ if(!res) {
|
||||
+ /* POST */
|
||||
+ curl_easy_setopt(curl, CURLOPT_POST, 1L);
|
||||
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
|
||||
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
|
||||
+ res = curl_easy_perform(curl);
|
||||
+ }
|
||||
+ curl_easy_cleanup(curl);
|
||||
+ }
|
||||
+
|
||||
+ curl_global_cleanup();
|
||||
+ return (int)res;
|
||||
+}
|
||||
--
|
||||
2.37.3
|
||||
|
81
SOURCES/0023-curl-7.76.1-CVE-2022-43552.patch
Normal file
81
SOURCES/0023-curl-7.76.1-CVE-2022-43552.patch
Normal file
@ -0,0 +1,81 @@
|
||||
From 5cdcf1dbd39c64e18a81fc912a36942a3ec87565 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 19 Dec 2022 08:38:37 +0100
|
||||
Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
|
||||
|
||||
It is managed by the generic layer.
|
||||
|
||||
Reported-by: Trail of Bits
|
||||
|
||||
Closes #10112
|
||||
|
||||
Upstream-commit: 4f20188ac644afe174be6005ef4f6ffba232b8b2
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/smb.c | 14 ++------------
|
||||
lib/telnet.c | 3 ---
|
||||
2 files changed, 2 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/lib/smb.c b/lib/smb.c
|
||||
index 039d680..f682c1f 100644
|
||||
--- a/lib/smb.c
|
||||
+++ b/lib/smb.c
|
||||
@@ -60,8 +60,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
|
||||
static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
|
||||
static CURLcode smb_do(struct Curl_easy *data, bool *done);
|
||||
static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
|
||||
-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
|
||||
- bool premature);
|
||||
static CURLcode smb_disconnect(struct Curl_easy *data,
|
||||
struct connectdata *conn, bool dead);
|
||||
static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
|
||||
@@ -76,7 +74,7 @@ const struct Curl_handler Curl_handler_smb = {
|
||||
"SMB", /* scheme */
|
||||
smb_setup_connection, /* setup_connection */
|
||||
smb_do, /* do_it */
|
||||
- smb_done, /* done */
|
||||
+ ZERO_NULL, /* done */
|
||||
ZERO_NULL, /* do_more */
|
||||
smb_connect, /* connect_it */
|
||||
smb_connection_state, /* connecting */
|
||||
@@ -103,7 +101,7 @@ const struct Curl_handler Curl_handler_smbs = {
|
||||
"SMBS", /* scheme */
|
||||
smb_setup_connection, /* setup_connection */
|
||||
smb_do, /* do_it */
|
||||
- smb_done, /* done */
|
||||
+ ZERO_NULL, /* done */
|
||||
ZERO_NULL, /* do_more */
|
||||
smb_connect, /* connect_it */
|
||||
smb_connection_state, /* connecting */
|
||||
@@ -941,14 +939,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
|
||||
- bool premature)
|
||||
-{
|
||||
- (void) premature;
|
||||
- Curl_safefree(data->req.p.smb);
|
||||
- return status;
|
||||
-}
|
||||
-
|
||||
static CURLcode smb_disconnect(struct Curl_easy *data,
|
||||
struct connectdata *conn, bool dead)
|
||||
{
|
||||
diff --git a/lib/telnet.c b/lib/telnet.c
|
||||
index 923c7f8..48cd0d7 100644
|
||||
--- a/lib/telnet.c
|
||||
+++ b/lib/telnet.c
|
||||
@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data,
|
||||
|
||||
curl_slist_free_all(tn->telnet_vars);
|
||||
tn->telnet_vars = NULL;
|
||||
-
|
||||
- Curl_safefree(data->req.p.telnet);
|
||||
-
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
--
|
||||
2.38.1
|
||||
|
678
SOURCES/0024-curl-7.76.1-CVE-2023-23916.patch
Normal file
678
SOURCES/0024-curl-7.76.1-CVE-2023-23916.patch
Normal file
@ -0,0 +1,678 @@
|
||||
From 95f873ff983a1ae57415b3c16a881e74432cf8b8 Mon Sep 17 00:00:00 2001
|
||||
From: Fabian Keil <fk@fabiankeil.de>
|
||||
Date: Tue, 9 Feb 2021 14:04:32 +0100
|
||||
Subject: [PATCH 1/4] runtests.pl: support the nonewline attribute for the data
|
||||
part
|
||||
|
||||
Added to FILEFORMAT
|
||||
|
||||
Closes #8239
|
||||
|
||||
Upstream-commit: 736847611a40c01e7c290407e22e2f0f5f8efd6a
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/FILEFORMAT.md | 5 ++++-
|
||||
tests/runtests.pl | 7 +++++++
|
||||
tests/server/getpart.c | 11 ++++++++++-
|
||||
3 files changed, 21 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md
|
||||
index b75a02a..0b98787 100644
|
||||
--- a/tests/FILEFORMAT.md
|
||||
+++ b/tests/FILEFORMAT.md
|
||||
@@ -185,7 +185,7 @@ which are treated together as a single identifier.
|
||||
|
||||
## `<reply>`
|
||||
|
||||
-### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"]>`
|
||||
+### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"] [nonewline="yes"]>`
|
||||
|
||||
data to be sent to the client on its request and later verified that it
|
||||
arrived safely. Set `nocheck="yes"` to prevent the test script from verifying
|
||||
@@ -211,6 +211,9 @@ much sense for other sections than "data").
|
||||
`hex=yes` means that the data is a sequence of hex pairs. It will get decoded
|
||||
and used as "raw" data.
|
||||
|
||||
+`nonewline=yes` means that the last byte (the trailing newline character)
|
||||
+should be cut off from the data before sending or comparing it.
|
||||
+
|
||||
For FTP file listings, the `<data>` section will be used *only* if you make
|
||||
sure that there has been a CWD done first to a directory named `test-[num]`
|
||||
where [num] is the test case number. Otherwise the ftp server can't know from
|
||||
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||
index 40315aa..2e1500d 100755
|
||||
--- a/tests/runtests.pl
|
||||
+++ b/tests/runtests.pl
|
||||
@@ -3837,6 +3837,13 @@ sub singletest {
|
||||
else {
|
||||
# check against the data section
|
||||
@reply = getpart("reply", "data");
|
||||
+ if(@reply) {
|
||||
+ my %hash = getpartattr("reply", "data");
|
||||
+ if($hash{'nonewline'}) {
|
||||
+ # cut off the final newline from the final line of the data
|
||||
+ chomp($reply[$#reply]);
|
||||
+ }
|
||||
+ }
|
||||
# get the mode attribute
|
||||
my $filemode=$replyattr{'mode'};
|
||||
if($filemode && ($filemode eq "text") && $has_textaware) {
|
||||
diff --git a/tests/server/getpart.c b/tests/server/getpart.c
|
||||
index 32b55bc..f8fe3f6 100644
|
||||
--- a/tests/server/getpart.c
|
||||
+++ b/tests/server/getpart.c
|
||||
@@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -295,6 +295,7 @@ int getpart(char **outbuf, size_t *outlen,
|
||||
size_t outalloc = 256;
|
||||
int in_wanted_part = 0;
|
||||
int base64 = 0;
|
||||
+ int nonewline = 0;
|
||||
int error;
|
||||
|
||||
enum {
|
||||
@@ -360,6 +361,8 @@ int getpart(char **outbuf, size_t *outlen,
|
||||
if(error)
|
||||
return error;
|
||||
}
|
||||
+ if(nonewline)
|
||||
+ (*outlen)--;
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -377,6 +380,8 @@ int getpart(char **outbuf, size_t *outlen,
|
||||
if(error)
|
||||
return error;
|
||||
}
|
||||
+ if(nonewline)
|
||||
+ (*outlen)--;
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -451,6 +456,10 @@ int getpart(char **outbuf, size_t *outlen,
|
||||
/* bit rough test, but "mostly" functional, */
|
||||
/* treat wanted part data as base64 encoded */
|
||||
base64 = 1;
|
||||
+ if(strstr(patt, "nonewline=")) {
|
||||
+ show(("* setting nonewline\n"));
|
||||
+ nonewline = 1;
|
||||
+ }
|
||||
}
|
||||
continue;
|
||||
}
|
||||
--
|
||||
2.39.1
|
||||
|
||||
|
||||
From 6e244e1bcb04012e11c537253e76e6f968d8bb72 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 1 Dec 2022 09:21:04 +0100
|
||||
Subject: [PATCH 2/4] runtests: do CRLF replacements per section only
|
||||
|
||||
The `crlf="yes"` attribute and "hyper mode" are now only applied on a
|
||||
subset of dedicated sections: data, datacheck, stdout and protocol.
|
||||
|
||||
Updated test 2500 accordingly.
|
||||
|
||||
Also made test1 use crlf="yes" for <protocol>, mostly because it is
|
||||
often used as a template test case. Going forward, using this attribute
|
||||
we should be able to write test cases using linefeeds only and avoid
|
||||
mixed line ending encodings.
|
||||
|
||||
Follow-up to ca15b7512e8d11
|
||||
|
||||
Fixes #10009
|
||||
Closes #10010
|
||||
|
||||
Upstream-commit: 2f34a7347f315513bfda9ef14770d287fb246bcd
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/FILEFORMAT.md | 22 +++++++++++++++------
|
||||
tests/data/test1 | 14 ++++++-------
|
||||
tests/runtests.pl | 48 ++++++++++++++++++++++++++++++++++++++++++---
|
||||
3 files changed, 68 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md
|
||||
index c1fbc57..dcb5695 100644
|
||||
--- a/tests/FILEFORMAT.md
|
||||
+++ b/tests/FILEFORMAT.md
|
||||
@@ -185,7 +185,7 @@ which are treated together as a single identifier.
|
||||
|
||||
## `<reply>`
|
||||
|
||||
-### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"] [nonewline="yes"]>`
|
||||
+### `<data [nocheck="yes"] [sendzero="yes"] [base64="yes"] [hex="yes"] [nonewline="yes"] [crlf="yes"]>`
|
||||
|
||||
data to be sent to the client on its request and later verified that it
|
||||
arrived safely. Set `nocheck="yes"` to prevent the test script from verifying
|
||||
@@ -214,12 +214,16 @@ and used as "raw" data.
|
||||
`nonewline=yes` means that the last byte (the trailing newline character)
|
||||
should be cut off from the data before sending or comparing it.
|
||||
|
||||
+`crlf=yes` forces *header* newlines to become CRLF even if not written so in
|
||||
+the source file. Note that this makes runtests.pl parse and "guess" what is a
|
||||
+header and what is not in order to apply the CRLF line endings appropriately.
|
||||
+
|
||||
For FTP file listings, the `<data>` section will be used *only* if you make
|
||||
sure that there has been a CWD done first to a directory named `test-[num]`
|
||||
where [num] is the test case number. Otherwise the ftp server can't know from
|
||||
which test file to load the list content.
|
||||
|
||||
-### `<dataNUM>`
|
||||
+### `<dataNUM [crlf="yes"]>`
|
||||
|
||||
Send back this contents instead of the <data> one. The num is set by:
|
||||
|
||||
@@ -243,7 +247,7 @@ The connect section is used instead of the 'data' for all CONNECT
|
||||
requests. The remainder of the rules for the data section then apply but with
|
||||
a connect prefix.
|
||||
|
||||
-### `<datacheck [mode="text"] [nonewline="yes"]>`
|
||||
+### `<datacheck [mode="text"] [nonewline="yes"] [crlf="yes"]>`
|
||||
if the data is sent but this is what should be checked afterwards. If
|
||||
`nonewline=yes` is set, runtests will cut off the trailing newline from the
|
||||
data before comparing with the one actually received by the client.
|
||||
@@ -251,7 +255,7 @@ data before comparing with the one actually received by the client.
|
||||
Use the `mode="text"` attribute if the output is in text mode on platforms
|
||||
that have a text/binary difference.
|
||||
|
||||
-### `<datacheckNUM [nonewline="yes"] [mode="text"]>`
|
||||
+### `<datacheckNUM [nonewline="yes"] [mode="text"] [crlf="yes"]>`
|
||||
The contents of numbered datacheck sections are appended to the non-numbered
|
||||
one.
|
||||
|
||||
@@ -528,13 +532,16 @@ changing protocol data such as port numbers or user-agent strings.
|
||||
One perl op per line that operates on the protocol dump. This is pretty
|
||||
advanced. Example: `s/^EPRT .*/EPRT stripped/`.
|
||||
|
||||
-### `<protocol [nonewline="yes"]>`
|
||||
+### `<protocol [nonewline="yes"] crlf="yes">`
|
||||
|
||||
the protocol dump curl should transmit, if 'nonewline' is set, we will cut off
|
||||
the trailing newline of this given data before comparing with the one actually
|
||||
sent by the client The `<strip>` and `<strippart>` rules are applied before
|
||||
comparisons are made.
|
||||
|
||||
+`crlf=yes` forces the newlines to become CRLF even if not written so in the
|
||||
+test.
|
||||
+
|
||||
### `<proxy [nonewline="yes"]>`
|
||||
|
||||
The protocol dump curl should transmit to a HTTP proxy (when the http-proxy
|
||||
@@ -551,7 +558,7 @@ have a text/binary difference.
|
||||
If 'nonewline' is set, we will cut off the trailing newline of this given data
|
||||
before comparing with the one actually received by the client
|
||||
|
||||
-### `<stdout [mode="text"] [nonewline="yes"]>`
|
||||
+### `<stdout [mode="text"] [nonewline="yes"] [crlf="yes"]>`
|
||||
This verifies that this data was passed to stdout.
|
||||
|
||||
Use the mode="text" attribute if the output is in text mode on platforms that
|
||||
@@ -560,6 +567,9 @@ have a text/binary difference.
|
||||
If 'nonewline' is set, we will cut off the trailing newline of this given data
|
||||
before comparing with the one actually received by the client
|
||||
|
||||
+`crlf=yes` forces the newlines to become CRLF even if not written so in the
|
||||
+test.
|
||||
+
|
||||
### `<file name="log/filename" [mode="text"]>`
|
||||
The file's contents must be identical to this after the test is complete. Use
|
||||
the mode="text" attribute if the output is in text mode on platforms that have
|
||||
diff --git a/tests/data/test1 b/tests/data/test1
|
||||
index f39a08b..700bed8 100644
|
||||
--- a/tests/data/test1
|
||||
+++ b/tests/data/test1
|
||||
@@ -9,7 +9,7 @@ HTTP GET
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
-<data>
|
||||
+<data crlf="yes">
|
||||
HTTP/1.1 200 OK
|
||||
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
Server: test-server/fake
|
||||
@@ -42,12 +42,12 @@ http://%HOSTIP:%HTTPPORT/%TESTNUMBER
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
-<protocol>
|
||||
-GET /%TESTNUMBER HTTP/1.1
|
||||
-Host: %HOSTIP:%HTTPPORT
|
||||
-User-Agent: curl/%VERSION
|
||||
-Accept: */*
|
||||
-
|
||||
+<protocol crlf="yes">
|
||||
+GET /%TESTNUMBER HTTP/1.1
|
||||
+Host: %HOSTIP:%HTTPPORT
|
||||
+User-Agent: curl/%VERSION
|
||||
+Accept: */*
|
||||
+
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
||||
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||
index 72a9989..b12a42d 100755
|
||||
--- a/tests/runtests.pl
|
||||
+++ b/tests/runtests.pl
|
||||
@@ -3410,7 +3410,13 @@ sub subBase64 {
|
||||
|
||||
my $prevupdate;
|
||||
sub subNewlines {
|
||||
- my ($thing) = @_;
|
||||
+ my ($force, $thing) = @_;
|
||||
+
|
||||
+ if($force) {
|
||||
+ # enforce CRLF newline
|
||||
+ $$thing =~ s/\x0d*\x0a/\x0d\x0a/;
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
# When curl is built with Hyper, it gets all response headers delivered as
|
||||
# name/value pairs and curl "invents" the newlines when it saves the
|
||||
@@ -3424,7 +3430,7 @@ sub subNewlines {
|
||||
# skip curl error messages
|
||||
($$thing !~ /^curl: \(\d+\) /))) {
|
||||
# enforce CRLF newline
|
||||
- $$thing =~ s/\x0a/\x0d\x0a/;
|
||||
+ $$thing =~ s/\x0d*\x0a/\x0d\x0a/;
|
||||
$prevupdate = 1;
|
||||
}
|
||||
else {
|
||||
@@ -3496,6 +3502,7 @@ sub prepro {
|
||||
my (@entiretest) = @_;
|
||||
my $show = 1;
|
||||
my @out;
|
||||
+ my $data_crlf;
|
||||
for my $s (@entiretest) {
|
||||
my $f = $s;
|
||||
if($s =~ /^ *%if (.*)/) {
|
||||
@@ -3519,9 +3526,19 @@ sub prepro {
|
||||
next;
|
||||
}
|
||||
if($show) {
|
||||
+ # The processor does CRLF replacements in the <data*> sections if
|
||||
+ # necessary since those parts might be read by separate servers.
|
||||
+ if($s =~ /^ *<data(.*)\>/) {
|
||||
+ if($1 =~ /crlf="yes"/ || $has_hyper) {
|
||||
+ $data_crlf = 1;
|
||||
+ }
|
||||
+ }
|
||||
+ elsif(($s =~ /^ *<\/data/) && $data_crlf) {
|
||||
+ $data_crlf = 0;
|
||||
+ }
|
||||
subVariables(\$s, $testnum, "%");
|
||||
subBase64(\$s);
|
||||
- subNewlines(\$s) if($has_hyper);
|
||||
+ subNewlines(0, \$s) if($data_crlf);
|
||||
push @out, $s;
|
||||
}
|
||||
}
|
||||
@@ -3830,6 +3847,11 @@ sub singletest {
|
||||
# of the datacheck
|
||||
chomp($replycheckpart[$#replycheckpart]);
|
||||
}
|
||||
+ if($replycheckpartattr{'crlf'} ||
|
||||
+ ($has_hyper && ($keywords{"HTTP"}
|
||||
+ || $keywords{"HTTPS"}))) {
|
||||
+ map subNewlines(0, \$_), @replycheckpart;
|
||||
+ }
|
||||
push(@reply, @replycheckpart);
|
||||
}
|
||||
}
|
||||
@@ -3851,6 +3873,11 @@ sub singletest {
|
||||
map s/\r\n/\n/g, @reply;
|
||||
map s/\n/\r\n/g, @reply;
|
||||
}
|
||||
+ if($replyattr{'crlf'} ||
|
||||
+ ($has_hyper && ($keywords{"HTTP"}
|
||||
+ || $keywords{"HTTPS"}))) {
|
||||
+ map subNewlines(0, \$_), @reply;
|
||||
+ }
|
||||
}
|
||||
|
||||
# this is the valid protocol blurb curl should generate
|
||||
@@ -4287,6 +4314,12 @@ sub singletest {
|
||||
chomp($validstdout[$#validstdout]);
|
||||
}
|
||||
|
||||
+ if($hash{'crlf'} ||
|
||||
+ ($has_hyper && ($keywords{"HTTP"}
|
||||
+ || $keywords{"HTTPS"}))) {
|
||||
+ map subNewlines(0, \$_), @validstdout;
|
||||
+ }
|
||||
+
|
||||
$res = compare($testnum, $testname, "stdout", \@actual, \@validstdout);
|
||||
if($res) {
|
||||
return $errorreturncode;
|
||||
@@ -4381,6 +4414,10 @@ sub singletest {
|
||||
}
|
||||
}
|
||||
|
||||
+ if($hash{'crlf'}) {
|
||||
+ map subNewlines(1, \$_), @protstrip;
|
||||
+ }
|
||||
+
|
||||
if((!$out[0] || ($out[0] eq "")) && $protstrip[0]) {
|
||||
logmsg "\n $testnum: protocol FAILED!\n".
|
||||
" There was no content at all in the file $SERVERIN.\n".
|
||||
@@ -4512,6 +4549,11 @@ sub singletest {
|
||||
map s/\r\n/\n/g, @outfile;
|
||||
map s/\n/\r\n/g, @outfile;
|
||||
}
|
||||
+ if($hash{'crlf'} ||
|
||||
+ ($has_hyper && ($keywords{"HTTP"}
|
||||
+ || $keywords{"HTTPS"}))) {
|
||||
+ map subNewlines(0, \$_), @outfile;
|
||||
+ }
|
||||
|
||||
my $strip;
|
||||
for $strip (@stripfile) {
|
||||
--
|
||||
2.39.1
|
||||
|
||||
|
||||
From 228ed11bf33c63d9208a3fb38fe5a0d19c0764bd Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 27 Dec 2022 11:50:23 +0100
|
||||
Subject: [PATCH 3/4] runtests: support crlf="yes" for verify/proxy
|
||||
|
||||
Upstream-commit: dc0725244a3163f1e2d5f51165db3a1a430f3ba0
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
tests/FILEFORMAT.md | 4 ++--
|
||||
tests/runtests.pl | 5 +++++
|
||||
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md
|
||||
index dcb5695..6646793 100644
|
||||
--- a/tests/FILEFORMAT.md
|
||||
+++ b/tests/FILEFORMAT.md
|
||||
@@ -532,7 +532,7 @@ changing protocol data such as port numbers or user-agent strings.
|
||||
One perl op per line that operates on the protocol dump. This is pretty
|
||||
advanced. Example: `s/^EPRT .*/EPRT stripped/`.
|
||||
|
||||
-### `<protocol [nonewline="yes"] crlf="yes">`
|
||||
+### `<protocol [nonewline="yes"][crlf="yes"]>`
|
||||
|
||||
the protocol dump curl should transmit, if 'nonewline' is set, we will cut off
|
||||
the trailing newline of this given data before comparing with the one actually
|
||||
@@ -542,7 +542,7 @@ comparisons are made.
|
||||
`crlf=yes` forces the newlines to become CRLF even if not written so in the
|
||||
test.
|
||||
|
||||
-### `<proxy [nonewline="yes"]>`
|
||||
+### `<proxy [nonewline="yes"][crlf="yes"]>`
|
||||
|
||||
The protocol dump curl should transmit to a HTTP proxy (when the http-proxy
|
||||
server is used), if 'nonewline' is set, we will cut off the trailing newline
|
||||
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||
index b12a42d..5cdc83d 100755
|
||||
--- a/tests/runtests.pl
|
||||
+++ b/tests/runtests.pl
|
||||
@@ -4510,6 +4510,11 @@ sub singletest {
|
||||
}
|
||||
}
|
||||
|
||||
+ if($hash{'crlf'} ||
|
||||
+ ($has_hyper && ($keywords{"HTTP"} || $keywords{"HTTPS"}))) {
|
||||
+ map subNewlines(0, \$_), @protstrip;
|
||||
+ }
|
||||
+
|
||||
$res = compare($testnum, $testname, "proxy", \@out, \@protstrip);
|
||||
if($res) {
|
||||
return $errorreturncode;
|
||||
--
|
||||
2.39.1
|
||||
|
||||
|
||||
From bc5fc958b017895728962c9d44c469418cbec1a0 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Monnerat <patrick@monnerat.net>
|
||||
Date: Mon, 13 Feb 2023 08:33:09 +0100
|
||||
Subject: [PATCH 4/4] content_encoding: do not reset stage counter for each
|
||||
header
|
||||
|
||||
Test 418 verifies
|
||||
|
||||
Closes #10492
|
||||
|
||||
Upstream-commit: 119fb187192a9ea13dc90d9d20c215fc82799ab9
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/content_encoding.c | 7 +-
|
||||
lib/urldata.h | 1 +
|
||||
tests/data/Makefile.inc | 1 +
|
||||
tests/data/test387 | 2 +-
|
||||
tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 158 insertions(+), 5 deletions(-)
|
||||
create mode 100644 tests/data/test418
|
||||
|
||||
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
|
||||
index bfc13e2..94344d6 100644
|
||||
--- a/lib/content_encoding.c
|
||||
+++ b/lib/content_encoding.c
|
||||
@@ -1033,7 +1033,6 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
|
||||
const char *enclist, int maybechunked)
|
||||
{
|
||||
struct SingleRequest *k = &data->req;
|
||||
- int counter = 0;
|
||||
|
||||
do {
|
||||
const char *name;
|
||||
@@ -1068,9 +1067,9 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
|
||||
if(!encoding)
|
||||
encoding = &error_encoding; /* Defer error at stack use. */
|
||||
|
||||
- if(++counter >= MAX_ENCODE_STACK) {
|
||||
- failf(data, "Reject response due to %u content encodings",
|
||||
- counter);
|
||||
+ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
|
||||
+ failf(data, "Reject response due to more than %u content encodings",
|
||||
+ MAX_ENCODE_STACK);
|
||||
return CURLE_BAD_CONTENT_ENCODING;
|
||||
}
|
||||
/* Stack the unencoding stage. */
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index 5b4b34f..8c8c20b 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -700,6 +700,7 @@ struct SingleRequest {
|
||||
#ifndef CURL_DISABLE_DOH
|
||||
struct dohdata *doh; /* DoH specific data for this request */
|
||||
#endif
|
||||
+ unsigned char writer_stack_depth; /* Unencoding stack depth. */
|
||||
BIT(header); /* incoming data has HTTP header */
|
||||
BIT(content_range); /* set TRUE if Content-Range: was found */
|
||||
BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index fb51cd6..86b6f85 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -67,6 +67,7 @@ test393 test394 test395 test396 test397 \
|
||||
\
|
||||
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
|
||||
test409 test410 \
|
||||
+ test418 \
|
||||
\
|
||||
test430 test431 test432 test433 test434 \
|
||||
\
|
||||
diff --git a/tests/data/test387 b/tests/data/test387
|
||||
index 015ec25..644fc7f 100644
|
||||
--- a/tests/data/test387
|
||||
+++ b/tests/data/test387
|
||||
@@ -47,7 +47,7 @@ Accept: */*
|
||||
61
|
||||
</errorcode>
|
||||
<stderr mode="text">
|
||||
-curl: (61) Reject response due to 5 content encodings
|
||||
+curl: (61) Reject response due to more than 5 content encodings
|
||||
</stderr>
|
||||
</verify>
|
||||
</testcase>
|
||||
diff --git a/tests/data/test418 b/tests/data/test418
|
||||
new file mode 100644
|
||||
index 0000000..50e974e
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test418
|
||||
@@ -0,0 +1,152 @@
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+HTTP
|
||||
+gzip
|
||||
+</keywords>
|
||||
+</info>
|
||||
+
|
||||
+#
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data nocheck="yes">
|
||||
+HTTP/1.1 200 OK
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+Transfer-Encoding: gzip
|
||||
+
|
||||
+-foo-
|
||||
+</data>
|
||||
+</reply>
|
||||
+
|
||||
+#
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+ <name>
|
||||
+Response with multiple Transfer-Encoding headers
|
||||
+ </name>
|
||||
+ <command>
|
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
|
||||
+</command>
|
||||
+</client>
|
||||
+
|
||||
+#
|
||||
+# Verify data after the test has been "shot"
|
||||
+<verify>
|
||||
+<protocol crlf="yes">
|
||||
+GET /%TESTNUMBER HTTP/1.1
|
||||
+Host: %HOSTIP:%HTTPPORT
|
||||
+User-Agent: curl/%VERSION
|
||||
+Accept: */*
|
||||
+
|
||||
+</protocol>
|
||||
+
|
||||
+# CURLE_BAD_CONTENT_ENCODING is 61
|
||||
+<errorcode>
|
||||
+61
|
||||
+</errorcode>
|
||||
+<stderr mode="text">
|
||||
+curl: (61) Reject response due to more than 5 content encodings
|
||||
+</stderr>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.39.1
|
||||
|
@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
||||
index 080421b..ea3b806 100644
|
||||
--- a/tests/libtest/Makefile.inc
|
||||
+++ b/tests/libtest/Makefile.inc
|
||||
@@ -592,6 +592,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
@@ -593,6 +593,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
lib1559_LDADD = $(TESTUTIL_LIBS)
|
||||
|
||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.76.1
|
||||
Release: 19%{?dist}
|
||||
Release: 23%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -62,6 +62,18 @@ Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch
|
||||
# fix build failure caused by openldap rebase (#2094159)
|
||||
Patch20: 0020-curl-7.76.1-openldap-rebase.patch
|
||||
|
||||
# control code in cookie denial of service (CVE-2022-35252)
|
||||
Patch21: 0021-curl-7.76.1-CVE-2022-35252.patch
|
||||
|
||||
# fix POST following PUT confusion (CVE-2022-32221)
|
||||
Patch22: 0022-curl-7.76.1-CVE-2022-32221.patch
|
||||
|
||||
# smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
|
||||
Patch23: 0023-curl-7.76.1-CVE-2022-43552.patch
|
||||
|
||||
# fix HTTP multi-header compression denial of service (CVE-2023-23916)
|
||||
Patch24: 0024-curl-7.76.1-CVE-2023-23916.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -256,6 +268,10 @@ be installed.
|
||||
%patch17 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -282,6 +298,11 @@ echo "582" >> tests/data/DISABLED
|
||||
printf "702\n703\n716\n" >> tests/data/DISABLED
|
||||
%endif
|
||||
|
||||
# temporarily disable tests 2034 2037 2041 on aarch64
|
||||
%ifarch aarch64
|
||||
printf "2034\n2037\n2041\n" >> tests/data/DISABLED
|
||||
%endif
|
||||
|
||||
# adapt test 323 for updated OpenSSL
|
||||
sed -e 's|^35$|35,52|' -i tests/data/test323
|
||||
|
||||
@ -476,6 +497,18 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23
|
||||
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
|
||||
|
||||
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-22
|
||||
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
|
||||
|
||||
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21
|
||||
- fix POST following PUT confusion (CVE-2022-32221)
|
||||
|
||||
* Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20
|
||||
- control code in cookie denial of service (CVE-2022-35252)
|
||||
|
||||
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19
|
||||
- fix unpreserved file permissions (CVE-2022-32207)
|
||||
- fix HTTP compression denial of service (CVE-2022-32206)
|
||||
|
Loading…
Reference in New Issue
Block a user