import CS curl-7.76.1-34.el9

This commit is contained in:
eabdullin 2025-09-15 11:52:29 +00:00
parent 32275fb297
commit 5c20f87018
4 changed files with 1793 additions and 83 deletions

View File

@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
/*
* Match a hostname against a wildcard pattern.
* E.g.
@@ -65,26 +76,27 @@
@@ -65,26 +76,31 @@
static int hostmatch(char *hostname, char *pattern)
{
@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
- if(pattern_wildcard == NULL)
- return strcasecompare(pattern, hostname) ?
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+ if(hostname[hostlen-1]=='.')
+ if(hostname[hostlen-1]=='.') {
+ hostname[hostlen-1] = 0;
+ if(pattern[patternlen-1]=='.')
+ hostlen--;
+ }
+ if(pattern[patternlen-1]=='.') {
+ pattern[patternlen-1] = 0;
+ patternlen--;
+ }
+
+ if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen);
@ -143,7 +147,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
</keywords>
</info>
@@ -15,9 +14,9 @@ none
@@ -14,9 +13,9 @@ none
<features>
unittest
</features>
@ -154,7 +158,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
+Curl_cert_hostcheck unit tests
+</name>
</client>
</testcase>
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 2f3d3aa4d09e1..3ae75618d5d10 100644
@ -169,7 +173,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
static CURLcode unit_setup(void)
{
return CURLE_OK;
@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
@@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
@ -280,9 +284,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
+ strlen(tests[i].pattern),
+ tests[i].host,
+ strlen(tests[i].host))) {
+ tests[i].host)) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"

View File

@ -0,0 +1,28 @@
From badcf275bc5e7a13128734968102a48c93962cef Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 17 May 2021 09:05:39 +0200
Subject: [PATCH] http2: make sure pause is done on HTTP
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.
Reported-by: Denis Goleshchikhin
Fixes #7079
---
lib/http2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/http2.c b/lib/http2.c
index ac04d348c495..bc604ce1551a 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2353,7 +2353,8 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
DEBUGASSERT(data);
DEBUGASSERT(data->conn);
/* if it isn't HTTP/2, we're done */
- if(!data->conn->proto.httpc.h2)
+ if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
+ !data->conn->proto.httpc.h2)
return CURLE_OK;
#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
else {

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.76.1
Release: 31%{?dist}
Release: 34%{?dist}
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -116,6 +116,12 @@ Patch37: 0037-curl-7.76.1-ignore-unexpected-eof.patch
# provide common cleanup method for push headers (CVE-2024-2398)
Patch38: 0038-curl-7.76.1-CVE-2024-2398.patch
# make sure pause is done on HTTP
Patch39: 0039-curl-7.76.1-pause-on-http.patch
# noproxy: support proxies specified using cidr notation
Patch40: 0040-curl-7.76.1-noproxy-support-using-cidr.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@ -291,48 +297,50 @@ be installed.
%setup -q
# upstream patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 12 -p1
%patch -P 13 -p1
%patch -P 14 -p1
%patch -P 15 -p1
%patch -P 16 -p1
%patch -P 17 -p1
%patch -P 19 -p1
%patch -P 20 -p1
%patch -P 21 -p1
%patch -P 22 -p1
%patch -P 23 -p1
%patch -P 24 -p1
%patch -P 25 -p1
%patch -P 26 -p1
%patch -P 27 -p1
%patch -P 28 -p1
%patch -P 29 -p1
%patch -P 30 -p1
%patch -P 31 -p1
%patch -P 32 -p1
%patch -P 33 -p1
%patch -P 34 -p1
%patch -P 35 -p1
%patch -P 36 -p1
%patch -P 37 -p1
%patch -P 38 -p1
%patch -P 39 -p1
%patch -P 40 -p1
# Fedora patches
%patch101 -p1
%patch102 -p1
%patch105 -p1
%patch -P 101 -p1
%patch -P 102 -p1
%patch -P 105 -p1
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
# with errno 98: Address already in use' in Koji environment), and test 1801
@ -359,39 +367,6 @@ printf "702\n703\n716\n" >> tests/data/DISABLED
printf "2034\n2037\n2041\n" >> tests/data/DISABLED
%endif
# temporarily (really!, not like these above) disable tests related to openssl
# and reported by valgrind. All of it are failing with similar stack trace:
#=== Start of file valgrind3000
# ==92709== Syscall param openat(filename) points to unaddressable byte(s)
# ==92709== at 0x49D9784: open (open64.c:48)
# ==92709== by 0x495E095: _IO_file_open (fileops.c:189)
# ==92709== by 0x495E26A: _IO_file_fopen@@GLIBC_2.2.5 (fileops.c:281)
# ==92709== by 0x49524CC: __fopen_internal (iofopen.c:75)
# ==92709== by 0x4B37F2E: load_system_str (ssl_ciph.c:1472)
# ==92709== by 0x4B43118: ssl_create_cipher_list (ssl_ciph.c:1528)
# ==92709== by 0x4B4FCFF: UnknownInlinedFun (ssl_lib.c:3938)
# ==92709== by 0x4B4FCFF: SSL_CTX_new_ex (ssl_lib.c:3823)
# ==92709== by 0x48ABFA1: ossl_connect_step1.lto_priv.0 (openssl.c:2621)
# ==92709== by 0x48BAF16: ossl_connect_common (openssl.c:4042)
# ==92709== by 0x48B3D16: UnknownInlinedFun (vtls.c:370)
# ==92709== by 0x48B3D16: Curl_ssl_connect_nonblocking (vtls.c:353)
# ==92709== by 0x48873BB: UnknownInlinedFun (http.c:1595)
# ==92709== by 0x48873BB: Curl_http_connect (http.c:1518)
# ==92709== by 0x4895575: UnknownInlinedFun (multi.c:1514)
# ==92709== by 0x4895575: multi_runsingle (multi.c:1847)
# ==92709== by 0x48978AD: curl_multi_perform (multi.c:2403)
# ==92709== by 0x4874152: UnknownInlinedFun (easy.c:606)
# ==92709== by 0x4874152: UnknownInlinedFun (easy.c:696)
# ==92709== by 0x4874152: curl_easy_perform (easy.c:715)
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2379)
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2553)
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2669)
# ==92709== by 0x11478B: main (tool_main.c:277)
# ==92709== Address 0xffffffffff000804 is not stack'd, malloc'd or (recently) free'd
# ==92709==
#=== End of file valgrind3000
printf "300\n301\n303\n304\n305\n306\n309\n310\n311\n312\n313\n320\n321\n322\n324\n325\n400\n401\n403\n404\n405\n406\n407\n408\n409\n410\n560\n1272\n1561\n1562\n1630\n1631\n1632\n2034\n2035\n2037\n2038\n2041\n2042\n2048\n3000\n3001\n" >> tests/data/DISABLED
# adapt test 323 for updated OpenSSL
sed -e 's|^35$|35,52|' -i tests/data/test323
@ -586,6 +561,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Mon Jul 23 2025 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-34
- revert several disabled tests related to openssl/valgrind (RHEL-99465)
* Thu May 15 2025 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-33
- noproxy: support proxies specified using cidr notation (RHEL-81412)
* Tue Dec 17 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-32
- make up incomplete patch for host name wildcard checking (RHEL-5675)
- eliminate use of obsolete patch syntax (RHEL-65791)
- http2: make sure pause is done on HTTP (RHEL-85847)
* Thu Aug 22 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31
- provide common cleanup method for push headers (CVE-2024-2398)