import CS curl-7.76.1-34.el9
This commit is contained in:
parent
32275fb297
commit
5c20f87018
@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
|
||||
/*
|
||||
* Match a hostname against a wildcard pattern.
|
||||
* E.g.
|
||||
@@ -65,26 +76,27 @@
|
||||
@@ -65,26 +76,31 @@
|
||||
|
||||
static int hostmatch(char *hostname, char *pattern)
|
||||
{
|
||||
@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
|
||||
- if(pattern_wildcard == NULL)
|
||||
- return strcasecompare(pattern, hostname) ?
|
||||
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
|
||||
+ if(hostname[hostlen-1]=='.')
|
||||
+ if(hostname[hostlen-1]=='.') {
|
||||
+ hostname[hostlen-1] = 0;
|
||||
+ if(pattern[patternlen-1]=='.')
|
||||
+ hostlen--;
|
||||
+ }
|
||||
+ if(pattern[patternlen-1]=='.') {
|
||||
+ pattern[patternlen-1] = 0;
|
||||
+ patternlen--;
|
||||
+ }
|
||||
+
|
||||
+ if(strncmp(pattern, "*.", 2))
|
||||
+ return pmatch(hostname, hostlen, pattern, patternlen);
|
||||
@ -143,7 +147,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
@@ -15,9 +14,9 @@ none
|
||||
@@ -14,9 +13,9 @@ none
|
||||
<features>
|
||||
unittest
|
||||
</features>
|
||||
@ -154,7 +158,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
|
||||
+Curl_cert_hostcheck unit tests
|
||||
+</name>
|
||||
</client>
|
||||
|
||||
|
||||
</testcase>
|
||||
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
|
||||
index 2f3d3aa4d09e1..3ae75618d5d10 100644
|
||||
@ -169,7 +173,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
|
||||
static CURLcode unit_setup(void)
|
||||
{
|
||||
return CURLE_OK;
|
||||
@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
|
||||
@@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
|
||||
|
||||
static void unit_stop(void)
|
||||
{
|
||||
@ -280,9 +284,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
|
||||
+ int i;
|
||||
+ for(i = 0; tests[i].host; i++) {
|
||||
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
|
||||
+ strlen(tests[i].pattern),
|
||||
+ tests[i].host,
|
||||
+ strlen(tests[i].host))) {
|
||||
+ tests[i].host)) {
|
||||
+ fprintf(stderr,
|
||||
+ "HOST: %s\n"
|
||||
+ "PTRN: %s\n"
|
||||
|
||||
28
SOURCES/0039-curl-7.76.1-pause-on-http.patch
Normal file
28
SOURCES/0039-curl-7.76.1-pause-on-http.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From badcf275bc5e7a13128734968102a48c93962cef Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 17 May 2021 09:05:39 +0200
|
||||
Subject: [PATCH] http2: make sure pause is done on HTTP
|
||||
|
||||
Since the function is called for any protocol, we can't assume that the
|
||||
HTTP struct is there without first making sure it is HTTP.
|
||||
|
||||
Reported-by: Denis Goleshchikhin
|
||||
Fixes #7079
|
||||
---
|
||||
lib/http2.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/http2.c b/lib/http2.c
|
||||
index ac04d348c495..bc604ce1551a 100644
|
||||
--- a/lib/http2.c
|
||||
+++ b/lib/http2.c
|
||||
@@ -2353,7 +2353,8 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
|
||||
DEBUGASSERT(data);
|
||||
DEBUGASSERT(data->conn);
|
||||
/* if it isn't HTTP/2, we're done */
|
||||
- if(!data->conn->proto.httpc.h2)
|
||||
+ if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
|
||||
+ !data->conn->proto.httpc.h2)
|
||||
return CURLE_OK;
|
||||
#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
|
||||
else {
|
||||
1694
SOURCES/0040-curl-7.76.1-noproxy-support-using-cidr.patch
Normal file
1694
SOURCES/0040-curl-7.76.1-noproxy-support-using-cidr.patch
Normal file
File diff suppressed because it is too large
Load Diff
134
SPECS/curl.spec
134
SPECS/curl.spec
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.76.1
|
||||
Release: 31%{?dist}
|
||||
Release: 34%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -116,6 +116,12 @@ Patch37: 0037-curl-7.76.1-ignore-unexpected-eof.patch
|
||||
# provide common cleanup method for push headers (CVE-2024-2398)
|
||||
Patch38: 0038-curl-7.76.1-CVE-2024-2398.patch
|
||||
|
||||
# make sure pause is done on HTTP
|
||||
Patch39: 0039-curl-7.76.1-pause-on-http.patch
|
||||
|
||||
# noproxy: support proxies specified using cidr notation
|
||||
Patch40: 0040-curl-7.76.1-noproxy-support-using-cidr.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -291,48 +297,50 @@ be installed.
|
||||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
%patch -P 1 -p1
|
||||
%patch -P 2 -p1
|
||||
%patch -P 3 -p1
|
||||
%patch -P 4 -p1
|
||||
%patch -P 5 -p1
|
||||
%patch -P 6 -p1
|
||||
%patch -P 7 -p1
|
||||
%patch -P 8 -p1
|
||||
%patch -P 9 -p1
|
||||
%patch -P 10 -p1
|
||||
%patch -P 11 -p1
|
||||
%patch -P 12 -p1
|
||||
%patch -P 13 -p1
|
||||
%patch -P 14 -p1
|
||||
%patch -P 15 -p1
|
||||
%patch -P 16 -p1
|
||||
%patch -P 17 -p1
|
||||
%patch -P 19 -p1
|
||||
%patch -P 20 -p1
|
||||
%patch -P 21 -p1
|
||||
%patch -P 22 -p1
|
||||
%patch -P 23 -p1
|
||||
%patch -P 24 -p1
|
||||
%patch -P 25 -p1
|
||||
%patch -P 26 -p1
|
||||
%patch -P 27 -p1
|
||||
%patch -P 28 -p1
|
||||
%patch -P 29 -p1
|
||||
%patch -P 30 -p1
|
||||
%patch -P 31 -p1
|
||||
%patch -P 32 -p1
|
||||
%patch -P 33 -p1
|
||||
%patch -P 34 -p1
|
||||
%patch -P 35 -p1
|
||||
%patch -P 36 -p1
|
||||
%patch -P 37 -p1
|
||||
%patch -P 38 -p1
|
||||
%patch -P 39 -p1
|
||||
%patch -P 40 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch105 -p1
|
||||
%patch -P 101 -p1
|
||||
%patch -P 102 -p1
|
||||
%patch -P 105 -p1
|
||||
|
||||
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
|
||||
# with errno 98: Address already in use' in Koji environment), and test 1801
|
||||
@ -359,39 +367,6 @@ printf "702\n703\n716\n" >> tests/data/DISABLED
|
||||
printf "2034\n2037\n2041\n" >> tests/data/DISABLED
|
||||
%endif
|
||||
|
||||
# temporarily (really!, not like these above) disable tests related to openssl
|
||||
# and reported by valgrind. All of it are failing with similar stack trace:
|
||||
#=== Start of file valgrind3000
|
||||
# ==92709== Syscall param openat(filename) points to unaddressable byte(s)
|
||||
# ==92709== at 0x49D9784: open (open64.c:48)
|
||||
# ==92709== by 0x495E095: _IO_file_open (fileops.c:189)
|
||||
# ==92709== by 0x495E26A: _IO_file_fopen@@GLIBC_2.2.5 (fileops.c:281)
|
||||
# ==92709== by 0x49524CC: __fopen_internal (iofopen.c:75)
|
||||
# ==92709== by 0x4B37F2E: load_system_str (ssl_ciph.c:1472)
|
||||
# ==92709== by 0x4B43118: ssl_create_cipher_list (ssl_ciph.c:1528)
|
||||
# ==92709== by 0x4B4FCFF: UnknownInlinedFun (ssl_lib.c:3938)
|
||||
# ==92709== by 0x4B4FCFF: SSL_CTX_new_ex (ssl_lib.c:3823)
|
||||
# ==92709== by 0x48ABFA1: ossl_connect_step1.lto_priv.0 (openssl.c:2621)
|
||||
# ==92709== by 0x48BAF16: ossl_connect_common (openssl.c:4042)
|
||||
# ==92709== by 0x48B3D16: UnknownInlinedFun (vtls.c:370)
|
||||
# ==92709== by 0x48B3D16: Curl_ssl_connect_nonblocking (vtls.c:353)
|
||||
# ==92709== by 0x48873BB: UnknownInlinedFun (http.c:1595)
|
||||
# ==92709== by 0x48873BB: Curl_http_connect (http.c:1518)
|
||||
# ==92709== by 0x4895575: UnknownInlinedFun (multi.c:1514)
|
||||
# ==92709== by 0x4895575: multi_runsingle (multi.c:1847)
|
||||
# ==92709== by 0x48978AD: curl_multi_perform (multi.c:2403)
|
||||
# ==92709== by 0x4874152: UnknownInlinedFun (easy.c:606)
|
||||
# ==92709== by 0x4874152: UnknownInlinedFun (easy.c:696)
|
||||
# ==92709== by 0x4874152: curl_easy_perform (easy.c:715)
|
||||
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2379)
|
||||
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2553)
|
||||
# ==92709== by 0x11478B: UnknownInlinedFun (tool_operate.c:2669)
|
||||
# ==92709== by 0x11478B: main (tool_main.c:277)
|
||||
# ==92709== Address 0xffffffffff000804 is not stack'd, malloc'd or (recently) free'd
|
||||
# ==92709==
|
||||
#=== End of file valgrind3000
|
||||
printf "300\n301\n303\n304\n305\n306\n309\n310\n311\n312\n313\n320\n321\n322\n324\n325\n400\n401\n403\n404\n405\n406\n407\n408\n409\n410\n560\n1272\n1561\n1562\n1630\n1631\n1632\n2034\n2035\n2037\n2038\n2041\n2042\n2048\n3000\n3001\n" >> tests/data/DISABLED
|
||||
|
||||
# adapt test 323 for updated OpenSSL
|
||||
sed -e 's|^35$|35,52|' -i tests/data/test323
|
||||
|
||||
@ -586,6 +561,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Mon Jul 23 2025 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-34
|
||||
- revert several disabled tests related to openssl/valgrind (RHEL-99465)
|
||||
|
||||
* Thu May 15 2025 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-33
|
||||
- noproxy: support proxies specified using cidr notation (RHEL-81412)
|
||||
|
||||
* Tue Dec 17 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-32
|
||||
- make up incomplete patch for host name wildcard checking (RHEL-5675)
|
||||
- eliminate use of obsolete patch syntax (RHEL-65791)
|
||||
- http2: make sure pause is done on HTTP (RHEL-85847)
|
||||
|
||||
* Thu Aug 22 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31
|
||||
- provide common cleanup method for push headers (CVE-2024-2398)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user