new upstream release - 8.0.0
Resolves: CVE-2023-27538 - SSH connection too eager reuse still Resolves: CVE-2023-27537 - HSTS double-free Resolves: CVE-2023-27536 - GSS delegation too eager connection re-use Resolves: CVE-2023-27535 - FTP too eager connection reuse Resolves: CVE-2023-27534 - SFTP path ~ resolving discrepancy Resolves: CVE-2023-27533 - TELNET option IAC injection
This commit is contained in:
parent
d5c1163ef3
commit
7b0a4d3dfc
230
0001-curl-8.0.0-revert-multi-remove.patch
Normal file
230
0001-curl-8.0.0-revert-multi-remove.patch
Normal file
@ -0,0 +1,230 @@
|
||||
From d7c75c3608d6002cfb46a2612efa507d9a8ba66e Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 20 Mar 2023 12:51:05 +0100
|
||||
Subject: [PATCH] Revert "multi: remove PENDING + MSGSENT handles from the main
|
||||
linked list"
|
||||
|
||||
This reverts commit f6d6f3ce01e377932f1ce7c24ee34d45a36950b8.
|
||||
|
||||
The commits caused issues in the 8.0.0 release. Needs a retake.
|
||||
|
||||
Upstream-commit: cf1eebc68a28cb18bffde5a0a0d2f02bf7b183ec
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/multi.c | 73 +++++++++++++++++++----------------------------
|
||||
lib/multihandle.h | 2 --
|
||||
lib/urldata.h | 3 +-
|
||||
3 files changed, 31 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index 0967500d0..731b2598f 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -383,10 +383,12 @@ static void sh_init(struct Curl_hash *hash, int hashsize)
|
||||
* Called when a transfer is completed. Adds the given msg pointer to
|
||||
* the list kept in the multi handle.
|
||||
*/
|
||||
-static void multi_addmsg(struct Curl_multi *multi, struct Curl_message *msg)
|
||||
+static CURLMcode multi_addmsg(struct Curl_multi *multi,
|
||||
+ struct Curl_message *msg)
|
||||
{
|
||||
Curl_llist_insert_next(&multi->msglist, multi->msglist.tail, msg,
|
||||
&msg->list);
|
||||
+ return CURLM_OK;
|
||||
}
|
||||
|
||||
struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
|
||||
@@ -409,7 +411,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
|
||||
|
||||
Curl_llist_init(&multi->msglist, NULL);
|
||||
Curl_llist_init(&multi->pending, NULL);
|
||||
- Curl_llist_init(&multi->msgsent, NULL);
|
||||
|
||||
multi->multiplexing = TRUE;
|
||||
|
||||
@@ -455,14 +456,6 @@ struct Curl_multi *curl_multi_init(void)
|
||||
CURL_DNS_HASH_SIZE);
|
||||
}
|
||||
|
||||
-/* returns TRUE if the easy handle is supposed to be present in the main link
|
||||
- list */
|
||||
-static bool in_main_list(struct Curl_easy *data)
|
||||
-{
|
||||
- return ((data->mstate != MSTATE_PENDING) &&
|
||||
- (data->mstate != MSTATE_MSGSENT));
|
||||
-}
|
||||
-
|
||||
static void link_easy(struct Curl_multi *multi,
|
||||
struct Curl_easy *data)
|
||||
{
|
||||
@@ -496,8 +489,6 @@ static void unlink_easy(struct Curl_multi *multi,
|
||||
data->next->prev = data->prev;
|
||||
else
|
||||
multi->easylp = data->prev; /* point to last node */
|
||||
-
|
||||
- data->prev = data->next = NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -857,16 +848,10 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
|
||||
called. Do it after multi_done() in case that sets another time! */
|
||||
Curl_expire_clear(data);
|
||||
|
||||
- if(data->connect_queue.ptr) {
|
||||
- /* the handle is in the pending or msgsent lists, so go ahead and remove
|
||||
- it */
|
||||
- if(data->mstate == MSTATE_PENDING)
|
||||
- Curl_llist_remove(&multi->pending, &data->connect_queue, NULL);
|
||||
- else
|
||||
- Curl_llist_remove(&multi->msgsent, &data->connect_queue, NULL);
|
||||
- }
|
||||
- if(in_main_list(data))
|
||||
- unlink_easy(multi, data);
|
||||
+ if(data->connect_queue.ptr)
|
||||
+ /* the handle was in the pending list waiting for an available connection,
|
||||
+ so go ahead and remove it */
|
||||
+ Curl_llist_remove(&multi->pending, &data->connect_queue, NULL);
|
||||
|
||||
if(data->dns.hostcachetype == HCACHE_MULTI) {
|
||||
/* stop using the multi handle's DNS cache, *after* the possible
|
||||
@@ -927,6 +912,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
|
||||
|
||||
/* make sure there's no pending message in the queue sent from this easy
|
||||
handle */
|
||||
+
|
||||
for(e = multi->msglist.head; e; e = e->next) {
|
||||
struct Curl_message *msg = e->ptr;
|
||||
|
||||
@@ -937,6 +923,19 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
|
||||
}
|
||||
}
|
||||
|
||||
+ /* Remove from the pending list if it is there. Otherwise this will
|
||||
+ remain on the pending list forever due to the state change. */
|
||||
+ for(e = multi->pending.head; e; e = e->next) {
|
||||
+ struct Curl_easy *curr_data = e->ptr;
|
||||
+
|
||||
+ if(curr_data == data) {
|
||||
+ Curl_llist_remove(&multi->pending, e, NULL);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ unlink_easy(multi, data);
|
||||
+
|
||||
/* NOTE NOTE NOTE
|
||||
We do not touch the easy handle here! */
|
||||
multi->num_easy--; /* one less to care about now */
|
||||
@@ -1944,6 +1943,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
}
|
||||
break;
|
||||
|
||||
+ case MSTATE_PENDING:
|
||||
+ /* We will stay here until there is a connection available. Then
|
||||
+ we try again in the MSTATE_CONNECT state. */
|
||||
+ break;
|
||||
+
|
||||
case MSTATE_CONNECT:
|
||||
/* Connect. We want to get a connection identifier filled in. */
|
||||
/* init this transfer. */
|
||||
@@ -1967,8 +1971,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
/* add this handle to the list of connect-pending handles */
|
||||
Curl_llist_insert_next(&multi->pending, multi->pending.tail, data,
|
||||
&data->connect_queue);
|
||||
- /* unlink from the main list */
|
||||
- unlink_easy(multi, data);
|
||||
result = CURLE_OK;
|
||||
break;
|
||||
}
|
||||
@@ -2595,11 +2597,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
case MSTATE_COMPLETED:
|
||||
break;
|
||||
|
||||
- case MSTATE_PENDING:
|
||||
case MSTATE_MSGSENT:
|
||||
- /* handles in these states should NOT be in this list */
|
||||
- DEBUGASSERT(0);
|
||||
- break;
|
||||
+ data->result = result;
|
||||
+ return CURLM_OK; /* do nothing */
|
||||
|
||||
default:
|
||||
return CURLM_INTERNAL_ERROR;
|
||||
@@ -2687,17 +2687,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
|
||||
msg->extmsg.easy_handle = data;
|
||||
msg->extmsg.data.result = result;
|
||||
|
||||
- multi_addmsg(multi, msg);
|
||||
+ rc = multi_addmsg(multi, msg);
|
||||
DEBUGASSERT(!data->conn);
|
||||
}
|
||||
multistate(data, MSTATE_MSGSENT);
|
||||
-
|
||||
- /* add this handle to the list of msgsent handles */
|
||||
- Curl_llist_insert_next(&multi->msgsent, multi->msgsent.tail, data,
|
||||
- &data->connect_queue);
|
||||
- /* unlink from the main list */
|
||||
- unlink_easy(multi, data);
|
||||
- return CURLM_OK;
|
||||
}
|
||||
} while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE));
|
||||
|
||||
@@ -2728,9 +2721,6 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
|
||||
/* Do the loop and only alter the signal ignore state if the next handle
|
||||
has a different NO_SIGNAL state than the previous */
|
||||
do {
|
||||
- /* the current node might be unlinked in multi_runsingle(), get the next
|
||||
- pointer now */
|
||||
- struct Curl_easy *datanext = data->next;
|
||||
if(data->set.no_signal != nosig) {
|
||||
sigpipe_restore(&pipe_st);
|
||||
sigpipe_ignore(data, &pipe_st);
|
||||
@@ -2739,7 +2729,7 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
|
||||
result = multi_runsingle(multi, &now, data);
|
||||
if(result)
|
||||
returncode = result;
|
||||
- data = datanext; /* operate on next handle */
|
||||
+ data = data->next; /* operate on next handle */
|
||||
} while(data);
|
||||
sigpipe_restore(&pipe_st);
|
||||
}
|
||||
@@ -3720,9 +3710,6 @@ static void process_pending_handles(struct Curl_multi *multi)
|
||||
|
||||
DEBUGASSERT(data->mstate == MSTATE_PENDING);
|
||||
|
||||
- /* put it back into the main list */
|
||||
- link_easy(multi, data);
|
||||
-
|
||||
multistate(data, MSTATE_CONNECT);
|
||||
|
||||
/* Remove this node from the list */
|
||||
diff --git a/lib/multihandle.h b/lib/multihandle.h
|
||||
index 5b16bb605..6cda65d44 100644
|
||||
--- a/lib/multihandle.h
|
||||
+++ b/lib/multihandle.h
|
||||
@@ -101,8 +101,6 @@ struct Curl_multi {
|
||||
|
||||
struct Curl_llist pending; /* Curl_easys that are in the
|
||||
MSTATE_PENDING state */
|
||||
- struct Curl_llist msgsent; /* Curl_easys that are in the
|
||||
- MSTATE_MSGSENT state */
|
||||
|
||||
/* callback function and user data pointer for the *socket() API */
|
||||
curl_socket_callback socket_cb;
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index 4e07bcd60..8b54518d2 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -1894,8 +1894,7 @@ struct Curl_easy {
|
||||
struct Curl_easy *prev;
|
||||
|
||||
struct connectdata *conn;
|
||||
- struct Curl_llist_element connect_queue; /* for the pending and msgsent
|
||||
- lists */
|
||||
+ struct Curl_llist_element connect_queue;
|
||||
struct Curl_llist_element conn_queue; /* list per connectdata */
|
||||
|
||||
CURLMstate mstate; /* the handle's state */
|
||||
--
|
||||
2.40.0
|
||||
|
16
curl.spec
16
curl.spec
@ -1,6 +1,6 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.88.1
|
||||
Version: 8.0.0
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||
@ -10,6 +10,10 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
||||
# which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
|
||||
Source2: mykey.asc
|
||||
|
||||
# revert a commit that caused issues in the 8.0.0 release
|
||||
# https://github.com/curl/curl/pull/10795
|
||||
Patch1: 0001-curl-8.0.0-revert-multi-remove.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -203,6 +207,7 @@ be installed.
|
||||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -438,6 +443,15 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Mon Mar 20 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2023-27538 - SSH connection too eager reuse still
|
||||
CVE-2023-27537 - HSTS double-free
|
||||
CVE-2023-27536 - GSS delegation too eager connection re-use
|
||||
CVE-2023-27535 - FTP too eager connection reuse
|
||||
CVE-2023-27534 - SFTP path ~ resolving discrepancy
|
||||
CVE-2023-27533 - TELNET option IAC injection
|
||||
|
||||
* Mon Feb 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.1-1
|
||||
- new upstream release
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (curl-7.88.1.tar.xz) = b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f
|
||||
SHA512 (curl-7.88.1.tar.xz.asc) = d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6
|
||||
SHA512 (curl-8.0.0.tar.xz) = 7141e0e2ed065ba14a7fd7e080bc78cadfcf0c7e4054384f17bfbe24caa0bf512d1feaac89dabb9bebc30c2ba40e78ea4e77ac16ce07515f1e9d6b0f05098c9c
|
||||
SHA512 (curl-8.0.0.tar.xz.asc) = ab741ce5a93e8729bb280c38a109dd11c6f07bc5d955368171dd0c26641d117c62945c13cdc8ff66e32e98fa027cc8ae08aba833a3ee702a2a06c7cef5b8f4ea
|
||||
|
Loading…
Reference in New Issue
Block a user