new upstream release - 7.76.0

Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
This commit is contained in:
Kamil Dudka 2021-03-31 10:10:28 +02:00
parent 25676e54ef
commit a0d250c162
5 changed files with 19 additions and 174 deletions

View File

@ -1,156 +0,0 @@
From 17686d25019489f43f3d5641db8683932857845e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 15 Feb 2021 09:41:22 +0100
Subject: [PATCH 1/2] openldap: pass 'data' to the callbacks instead of 'conn'
Upstream-commit: a59c33ceffb8f78b71fa084bbc99c94ecfe82ce6
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/openldap.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/lib/openldap.c b/lib/openldap.c
index 4070bbf..d079822 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -278,7 +278,7 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done)
if(!li->sslinst) {
Sockbuf *sb;
ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
- ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, conn);
+ ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data);
li->sslinst = TRUE;
li->recv = conn->recv[FIRSTSOCKET];
li->send = conn->send[FIRSTSOCKET];
@@ -716,8 +716,8 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
{
(void)arg;
if(opt == LBER_SB_OPT_DATA_READY) {
- struct connectdata *conn = sbiod->sbiod_pvt;
- return Curl_ssl_data_pending(conn, FIRSTSOCKET);
+ struct Curl_easy *data = sbiod->sbiod_pvt;
+ return Curl_ssl_data_pending(data->conn, FIRSTSOCKET);
}
return 0;
}
@@ -725,12 +725,13 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
static ber_slen_t
ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
- struct connectdata *conn = sbiod->sbiod_pvt;
+ struct Curl_easy *data = sbiod->sbiod_pvt;
+ struct connectdata *conn = data->conn;
struct ldapconninfo *li = conn->proto.ldapc;
ber_slen_t ret;
CURLcode err = CURLE_RECV_ERROR;
- ret = (li->recv)(conn->data, FIRSTSOCKET, buf, len, &err);
+ ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
if(ret < 0 && err == CURLE_AGAIN) {
SET_SOCKERRNO(EWOULDBLOCK);
}
@@ -740,12 +741,13 @@ ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
static ber_slen_t
ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
- struct connectdata *conn = sbiod->sbiod_pvt;
+ struct Curl_easy *data = sbiod->sbiod_pvt;
+ struct connectdata *conn = data->conn;
struct ldapconninfo *li = conn->proto.ldapc;
ber_slen_t ret;
CURLcode err = CURLE_SEND_ERROR;
- ret = (li->send)(conn->data, FIRSTSOCKET, buf, len, &err);
+ ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
if(ret < 0 && err == CURLE_AGAIN) {
SET_SOCKERRNO(EWOULDBLOCK);
}
--
2.26.3
From a1c1f175e44ef95c47b1e2e91424e193ee7a0d0b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 23 Mar 2021 09:28:07 +0100
Subject: [PATCH 2/2] openldap: avoid NULL pointer dereferences
Follow-up to a59c33ceffb8f78
Reported-by: Patrick Monnerat
Fixes #6676
Closes #6780
Upstream-commit: e467ea3bd937f38e1d2e070a68ed451303ba1e73
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/openldap.c | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/lib/openldap.c b/lib/openldap.c
index d079822..066c0fd 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -369,6 +369,9 @@ static CURLcode ldap_disconnect(struct Curl_easy *data,
if(li) {
if(li->ld) {
+ Sockbuf *sb;
+ ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb);
+ ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, NULL);
ldap_unbind_ext(li->ld, NULL, NULL);
li->ld = NULL;
}
@@ -726,14 +729,18 @@ static ber_slen_t
ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
struct Curl_easy *data = sbiod->sbiod_pvt;
- struct connectdata *conn = data->conn;
- struct ldapconninfo *li = conn->proto.ldapc;
- ber_slen_t ret;
- CURLcode err = CURLE_RECV_ERROR;
+ ber_slen_t ret = 0;
+ if(data) {
+ struct connectdata *conn = data->conn;
+ if(conn) {
+ struct ldapconninfo *li = conn->proto.ldapc;
+ CURLcode err = CURLE_RECV_ERROR;
- ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
- if(ret < 0 && err == CURLE_AGAIN) {
- SET_SOCKERRNO(EWOULDBLOCK);
+ ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err);
+ if(ret < 0 && err == CURLE_AGAIN) {
+ SET_SOCKERRNO(EWOULDBLOCK);
+ }
+ }
}
return ret;
}
@@ -742,14 +749,17 @@ static ber_slen_t
ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
struct Curl_easy *data = sbiod->sbiod_pvt;
- struct connectdata *conn = data->conn;
- struct ldapconninfo *li = conn->proto.ldapc;
- ber_slen_t ret;
- CURLcode err = CURLE_SEND_ERROR;
-
- ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
- if(ret < 0 && err == CURLE_AGAIN) {
- SET_SOCKERRNO(EWOULDBLOCK);
+ ber_slen_t ret = 0;
+ if(data) {
+ struct connectdata *conn = data->conn;
+ if(conn) {
+ struct ldapconninfo *li = conn->proto.ldapc;
+ CURLcode err = CURLE_SEND_ERROR;
+ ret = (li->send)(data, FIRSTSOCKET, buf, len, &err);
+ if(ret < 0 && err == CURLE_AGAIN) {
+ SET_SOCKERRNO(EWOULDBLOCK);
+ }
+ }
}
return ret;
}
--
2.26.3

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmAaSxEACgkQXMkI/bce
EsI36QgAlx+oYuWiaMytv/Ixfcm2gTq+9Qu60KsmvccyKLOq7OxAmX+gz1PYOsUc
eqAwq8dg9Mo+cuk7zWpxRMg1qBgvZpv5oeAhy8VUeWD/HE0Z2RoxC3tw87uNn5uN
2g0FJEXGzDaQQdI0hh2Kb4uNqiKiBCsSfHX4J+eWDUoHwzoFestct8PAcAG8lOzt
0nGj6Is1Rba3SrlkCtRdzEkrjfNe5KKNjE9F0ybhL7TPKSZZvlustZgU5OgdjDHu
uJzFQDK5eyjeYu7tyJQOOwercjOQrmp0YYvYt6CdALUflU2RNvnS83+e/syAYEZ4
FvnYlZyp8WCKxOikGwX2m/JEOATXSw==
=HFSu
-----END PGP SIGNATURE-----

11
curl-7.76.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmBkDkUACgkQXMkI/bce
EsJ15ggAtcFfjbq0Fk1KMymZ7trx49GcOPNUKa7utST3tumg0Tc3HsIeuWIOyO0s
frTWFtroWogELMjjdr+yyrI5PZrLkEdtFKd+lRYO4T2Y0SS6Q57d/4CCu3SXNgmd
zKUq4ZSRbjdPFRKkWJ6RMDfPeu8pcJIGQM23BapPbpxtEgd5f8+PzzSX/8S3I1aD
yDv9V3tM+NQq6peetV6wj7hWFInUHbTWPSlyzuCvWB2cQRxDNsTcSxuShd0krbgV
CA6Kt4MQc7QOi7luUAHEGmjTRIhSwvTfY6w0EqqFzvRHlf0gsCIUn5jEs8cq+2iV
nEUuezAT/rRYfyjyQ1hWvIK5GP5aCw==
=ju96
-----END PGP SIGNATURE-----

View File

@ -1,13 +1,10 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.75.0
Release: 3%{?dist}
Version: 7.76.0
Release: 1%{?dist}
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
# fix SIGSEGV upon disconnect of a ldaps:// transfer
Patch1: 0001-curl-7.75.0-ldaps-segv.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@ -183,7 +180,6 @@ be installed.
%setup -q
# upstream patches
%patch1 -p1
# Fedora patches
%patch101 -p1
@ -364,6 +360,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Wed Mar 31 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
CVE-2021-22876 - Automatic referer leaks credentials
* Wed Mar 24 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-3
- fix SIGSEGV upon disconnect of a ldaps:// transfer

View File

@ -1 +1 @@
SHA512 (curl-7.75.0.tar.xz) = 4c2fc6658379b8b93dd50665b70f3000b63d3bcafd2df60b7e651a8edf4735b3decb06c338b84cb22058191aa9f8f4dc85760a42f9987210b59300758304b746
SHA512 (curl-7.76.0.tar.xz) = a67e5078b48150c6f5331e76b25a6b197f1e916be1db900bf9455b032b3af5a71610b47e607546ecbae510d196a0cfcb75a14dac549288797af1701b7b587ece