import UBI curl-7.61.1-33.el8
This commit is contained in:
eabdullin
parent
ad7840c8f2
commit
b707ea5524
@ -1,17 +1,20 @@
|
|||||||
From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001
|
From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
|
||||||
From: Daniel Stenberg <daniel@haxx.se>
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
||||||
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
||||||
|
|
||||||
Reported-by: Harry Sintonen
|
Reported-by: Harry Sintonen
|
||||||
Closes #10731
|
Closes #10731
|
||||||
|
|
||||||
|
Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
---
|
---
|
||||||
lib/url.c | 6 ++++++
|
lib/url.c | 6 ++++++
|
||||||
lib/urldata.h | 1 +
|
lib/urldata.h | 2 ++
|
||||||
2 files changed, 7 insertions(+)
|
2 files changed, 8 insertions(+)
|
||||||
|
|
||||||
diff --git a/lib/url.c b/lib/url.c
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
index df6ef1213..cc2f427dc 100644
|
index 3b11b7e..cbbc7f3 100644
|
||||||
--- a/lib/url.c
|
--- a/lib/url.c
|
||||||
+++ b/lib/url.c
|
+++ b/lib/url.c
|
||||||
@@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
|
@@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||||
@ -26,7 +29,8 @@ index df6ef1213..cc2f427dc 100644
|
|||||||
if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
|
if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
|
||||||
if(!ssh_config_matches(needle, check))
|
if(!ssh_config_matches(needle, check))
|
||||||
continue;
|
continue;
|
||||||
@@ -1950,5 +1950,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
@@ -1949,6 +1954,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||||
|
it may live on without (this specific) Curl_easy */
|
||||||
conn->fclosesocket = data->set.fclosesocket;
|
conn->fclosesocket = data->set.fclosesocket;
|
||||||
conn->closesocket_client = data->set.closesocket_client;
|
conn->closesocket_client = data->set.closesocket_client;
|
||||||
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
||||||
@ -34,18 +38,18 @@ index df6ef1213..cc2f427dc 100644
|
|||||||
return conn;
|
return conn;
|
||||||
error:
|
error:
|
||||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
index bf5daaf50..da5de5ba9 100644
|
index ce90304..9e16f26 100644
|
||||||
--- a/lib/urldata.h
|
--- a/lib/urldata.h
|
||||||
+++ b/lib/urldata.h
|
+++ b/lib/urldata.h
|
||||||
@@ -1061,6 +1061,8 @@ struct connectdata {
|
@@ -856,6 +856,8 @@ struct connectdata {
|
||||||
char *unix_domain_socket;
|
int httpversion; /* the HTTP version*10 reported by the server */
|
||||||
bool abstract_unix_socket;
|
int rtspversion; /* the RTSP version*10 reported by the server */
|
||||||
#endif
|
|
||||||
+
|
|
||||||
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
|
||||||
};
|
|
||||||
|
|
||||||
/* The end of connectdata. */
|
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
||||||
|
+
|
||||||
|
struct curltime now; /* "current" time */
|
||||||
|
struct curltime created; /* creation time */
|
||||||
|
curl_socket_t sock[2]; /* two sockets, the second is used for the data
|
||||||
--
|
--
|
||||||
2.40.1
|
2.39.2
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.1
|
Version: 7.61.1
|
||||||
Release: 30%{?dist}.3
|
Release: 33%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -139,17 +139,17 @@ Patch47: 0047-curl-7.61.1-CVE-2023-23916.patch
|
|||||||
# fix FTP too eager connection reuse (CVE-2023-27535)
|
# fix FTP too eager connection reuse (CVE-2023-27535)
|
||||||
Patch48: 0048-curl-7.61.1-CVE-2023-27535.patch
|
Patch48: 0048-curl-7.61.1-CVE-2023-27535.patch
|
||||||
|
|
||||||
|
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||||
|
Patch49: 0049-curl-7.61.1-CVE-2023-27536.patch
|
||||||
|
|
||||||
# sftp: do not specify O_APPEND when not in append mode (#2187717)
|
# sftp: do not specify O_APPEND when not in append mode (#2187717)
|
||||||
Patch50: 0050-curl-7.61.1-sftp-upload-flags.patch
|
Patch50: 0050-curl-7.61.1-sftp-upload-flags.patch
|
||||||
|
|
||||||
# fix GSS delegation too eager connection re-use
|
# fix host name wildcard checking (CVE-2023-28321)
|
||||||
Patch51: 0051-curl-7.61.1-CVE-2023-27536.patch
|
Patch51: 0051-curl-7.61.1-CVE-2023-28321.patch
|
||||||
|
|
||||||
# rebuild certs with 2048-bit RSA keys
|
# rebuild certs with 2048-bit RSA keys
|
||||||
Patch52: 0052-curl-7.61.1-rebuilt-certs.patch
|
Patch52: 0052-curl-7.61.1-certs.patch
|
||||||
|
|
||||||
# fix host name wildcard checking
|
|
||||||
Patch53: 0053-curl-7.61.1-CVE-2023-28321.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
@ -372,10 +372,10 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
|||||||
%patch46 -p1
|
%patch46 -p1
|
||||||
%patch47 -p1
|
%patch47 -p1
|
||||||
%patch48 -p1
|
%patch48 -p1
|
||||||
|
%patch49 -p1
|
||||||
%patch50 -p1
|
%patch50 -p1
|
||||||
%patch51 -p1
|
%patch51 -p1
|
||||||
git apply %{PATCH52}
|
git apply %{PATCH52}
|
||||||
%patch53 -p1
|
|
||||||
|
|
||||||
# make tests/*.py use Python 3
|
# make tests/*.py use Python 3
|
||||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||||
@ -538,15 +538,15 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jun 13 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-30.el8_8.3
|
* Tue Jun 27 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-33
|
||||||
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
|
||||||
- rebuild certs with 2048-bit RSA keys
|
|
||||||
- fix host name wildcard checking (CVE-2023-28321)
|
- fix host name wildcard checking (CVE-2023-28321)
|
||||||
|
- rebuild certs with 2048-bit RSA keys
|
||||||
|
|
||||||
* Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.2
|
* Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-32
|
||||||
- sftp: do not specify O_APPEND when not in append mode (#2187717)
|
- sftp: do not specify O_APPEND when not in append mode (#2187717)
|
||||||
|
|
||||||
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.1
|
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-31
|
||||||
|
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||||
- fix FTP too eager connection reuse (CVE-2023-27535)
|
- fix FTP too eager connection reuse (CVE-2023-27535)
|
||||||
|
|
||||||
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30
|
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user