import UBI curl-7.61.1-33.el8
This commit is contained in:
		
							parent
							
								
									ad7840c8f2
								
							
						
					
					
						commit
						b707ea5524
					
				| @ -1,17 +1,20 @@ | ||||
| From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001 | ||||
| From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001 | ||||
| From: Daniel Stenberg <daniel@haxx.se> | ||||
| Date: Fri, 10 Mar 2023 09:22:43 +0100 | ||||
| Subject: [PATCH] url: only reuse connections with same GSS delegation | ||||
| 
 | ||||
| Reported-by: Harry Sintonen | ||||
| Closes #10731 | ||||
| 
 | ||||
| Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 | ||||
| Signed-off-by: Kamil Dudka <kdudka@redhat.com> | ||||
| ---
 | ||||
|  lib/url.c     | 6 ++++++ | ||||
|  lib/urldata.h | 1 + | ||||
|  2 files changed, 7 insertions(+) | ||||
|  lib/urldata.h | 2 ++ | ||||
|  2 files changed, 8 insertions(+) | ||||
| 
 | ||||
| diff --git a/lib/url.c b/lib/url.c
 | ||||
| index df6ef1213..cc2f427dc 100644
 | ||||
| index 3b11b7e..cbbc7f3 100644
 | ||||
| --- a/lib/url.c
 | ||||
| +++ b/lib/url.c
 | ||||
| @@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
 | ||||
| @ -26,7 +29,8 @@ index df6ef1213..cc2f427dc 100644 | ||||
|        if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) { | ||||
|          if(!ssh_config_matches(needle, check)) | ||||
|            continue; | ||||
| @@ -1950,5 +1950,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
 | ||||
| @@ -1949,6 +1954,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
 | ||||
|       it may live on without (this specific) Curl_easy */ | ||||
|    conn->fclosesocket = data->set.fclosesocket; | ||||
|    conn->closesocket_client = data->set.closesocket_client; | ||||
| +  conn->gssapi_delegation = data->set.gssapi_delegation;
 | ||||
| @ -34,18 +38,18 @@ index df6ef1213..cc2f427dc 100644 | ||||
|    return conn; | ||||
|    error: | ||||
| diff --git a/lib/urldata.h b/lib/urldata.h
 | ||||
| index bf5daaf50..da5de5ba9 100644
 | ||||
| index ce90304..9e16f26 100644
 | ||||
| --- a/lib/urldata.h
 | ||||
| +++ b/lib/urldata.h
 | ||||
| @@ -1061,6 +1061,8 @@ struct connectdata {
 | ||||
|    char *unix_domain_socket; | ||||
|    bool abstract_unix_socket; | ||||
|  #endif | ||||
| +
 | ||||
| @@ -856,6 +856,8 @@ struct connectdata {
 | ||||
|    int httpversion;        /* the HTTP version*10 reported by the server */ | ||||
|    int rtspversion;        /* the RTSP version*10 reported by the server */ | ||||
|   | ||||
| +  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
 | ||||
|  }; | ||||
|   | ||||
|  /* The end of connectdata. */ | ||||
| +
 | ||||
|    struct curltime now;     /* "current" time */ | ||||
|    struct curltime created; /* creation time */ | ||||
|    curl_socket_t sock[2]; /* two sockets, the second is used for the data | ||||
| -- 
 | ||||
| 2.40.1 | ||||
| 2.39.2 | ||||
| 
 | ||||
| @ -1,7 +1,7 @@ | ||||
| Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | ||||
| Name: curl | ||||
| Version: 7.61.1 | ||||
| Release: 30%{?dist}.3 | ||||
| Release: 33%{?dist} | ||||
| License: MIT | ||||
| Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz | ||||
| 
 | ||||
| @ -139,17 +139,17 @@ Patch47:  0047-curl-7.61.1-CVE-2023-23916.patch | ||||
| # fix FTP too eager connection reuse (CVE-2023-27535) | ||||
| Patch48:  0048-curl-7.61.1-CVE-2023-27535.patch | ||||
| 
 | ||||
| # fix GSS delegation too eager connection re-use (CVE-2023-27536) | ||||
| Patch49:  0049-curl-7.61.1-CVE-2023-27536.patch | ||||
| 
 | ||||
| # sftp: do not specify O_APPEND when not in append mode (#2187717) | ||||
| Patch50:  0050-curl-7.61.1-sftp-upload-flags.patch | ||||
| 
 | ||||
| # fix GSS delegation too eager connection re-use | ||||
| Patch51:  0051-curl-7.61.1-CVE-2023-27536.patch | ||||
| # fix host name wildcard checking (CVE-2023-28321) | ||||
| Patch51:  0051-curl-7.61.1-CVE-2023-28321.patch | ||||
| 
 | ||||
| # rebuild certs with 2048-bit RSA keys | ||||
| Patch52:  0052-curl-7.61.1-rebuilt-certs.patch | ||||
| 
 | ||||
| # fix host name wildcard checking | ||||
| Patch53:  0053-curl-7.61.1-CVE-2023-28321.patch | ||||
| Patch52:  0052-curl-7.61.1-certs.patch | ||||
| 
 | ||||
| # patch making libcurl multilib ready | ||||
| Patch101: 0101-curl-7.32.0-multilib.patch | ||||
| @ -372,10 +372,10 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6} | ||||
| %patch46 -p1 | ||||
| %patch47 -p1 | ||||
| %patch48 -p1 | ||||
| %patch49 -p1 | ||||
| %patch50 -p1 | ||||
| %patch51 -p1 | ||||
| git apply %{PATCH52} | ||||
| %patch53 -p1 | ||||
| 
 | ||||
| # make tests/*.py use Python 3 | ||||
| sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py | ||||
| @ -538,15 +538,15 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la | ||||
| %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | ||||
| 
 | ||||
| %changelog | ||||
| * Tue Jun 13 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-30.el8_8.3 | ||||
| - fix GSS delegation too eager connection re-use (CVE-2023-27536) | ||||
| - rebuild certs with 2048-bit RSA keys | ||||
| * Tue Jun 27 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-33 | ||||
| - fix host name wildcard checking (CVE-2023-28321) | ||||
| - rebuild certs with 2048-bit RSA keys | ||||
| 
 | ||||
| * Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.2 | ||||
| * Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-32 | ||||
| - sftp: do not specify O_APPEND when not in append mode (#2187717) | ||||
| 
 | ||||
| * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.1 | ||||
| * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-31 | ||||
| - fix GSS delegation too eager connection re-use (CVE-2023-27536) | ||||
| - fix FTP too eager connection reuse (CVE-2023-27535) | ||||
| 
 | ||||
| * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user