new upstream release - 8.1.0
Resolves: CVE-2023-28321 - IDN wildcard match Resolves: CVE-2023-28322 - more POST-after-PUT confusion
This commit is contained in:
parent
65d0dfbac5
commit
c0b70e927f
@ -38,7 +38,7 @@ index 1889c93..ea43a49 100644
|
|||||||
--- a/tests/data/test3012
|
--- a/tests/data/test3012
|
||||||
+++ b/tests/data/test3012
|
+++ b/tests/data/test3012
|
||||||
@@ -56,5 +56,9 @@ Accept: */*
|
@@ -56,5 +56,9 @@ Accept: */*
|
||||||
<file name="log/MMM%TESTNUMBERMMM">
|
<file name="%LOGDIR/MMM%TESTNUMBERMMM">
|
||||||
-foo-
|
-foo-
|
||||||
</file>
|
</file>
|
||||||
+
|
+
|
||||||
|
@ -15,16 +15,16 @@ diff --git a/tests/runtests.pl b/tests/runtests.pl
|
|||||||
index 71644ad18..0cf85c3fe 100755
|
index 71644ad18..0cf85c3fe 100755
|
||||||
--- a/tests/runtests.pl
|
--- a/tests/runtests.pl
|
||||||
+++ b/tests/runtests.pl
|
+++ b/tests/runtests.pl
|
||||||
@@ -75,8 +75,7 @@ BEGIN {
|
@@ -55,8 +55,7 @@
|
||||||
}
|
# given, this won't be a problem.
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
-# Promote all warnings to fatal
|
-# Promote all warnings to fatal
|
||||||
-use warnings FATAL => 'all';
|
-use warnings FATAL => 'all';
|
||||||
+use warnings;
|
+use warnings;
|
||||||
use Cwd;
|
use 5.006;
|
||||||
use Digest::MD5 qw(md5);
|
|
||||||
use MIME::Base64;
|
# These should be the only variables that might be needed to get edited:
|
||||||
--
|
--
|
||||||
2.39.1
|
2.39.1
|
||||||
|
|
||||||
|
@ -1,97 +0,0 @@
|
|||||||
From c9a1d18e5f8f28b90c1b2fcc1f15699327067e59 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Fri, 21 Apr 2023 17:44:10 +0200
|
|
||||||
Subject: [PATCH] tests/runtests.pl: attempt to fix a conflict on port numbers
|
|
||||||
|
|
||||||
... where stunnel listens for legacy HTTPS and HTTP/2, which manifests
|
|
||||||
as a hard-to-explain failure of the following tests: 1630 1631 1632 1904
|
|
||||||
1941 1945 2050 2055 3028
|
|
||||||
```
|
|
||||||
[...]
|
|
||||||
startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https_server.pid" --logfile "log/https_stunnel.log" --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 42917 --accept 24642
|
|
||||||
RUN: HTTPS server is PID 114398 port 24642
|
|
||||||
* pid https => 114398 114402
|
|
||||||
[...]
|
|
||||||
startnew: perl -I../../tests ../../tests/secureserver.pl --pidfile ".https2_server.pid" --logfile "log/https2_stunnel.log" --id 2 --ipv4 --proto https --stunnel "/usr/bin/stunnel" --srcdir "../../tests" --connect 36763 --accept 24642
|
|
||||||
startnew: child process has died, server might start up
|
|
||||||
Warning: http2 server unexpectedly alive
|
|
||||||
RUN: Process with pid 73992 signalled to die
|
|
||||||
RUN: Process with pid 73992 forced to die with SIGKILL
|
|
||||||
== Contents of files in the log/ dir after test 1630
|
|
||||||
=== Start of file http2_server.log
|
|
||||||
14:01:21.881018 exit_signal_handler: 15
|
|
||||||
14:01:21.881372 signalled to die
|
|
||||||
14:01:21.881511 ========> IPv4 sws (port 36763 pid: 73992) exits with signal (15)
|
|
||||||
=== End of file http2_server.log
|
|
||||||
=== Start of file https2_stunnel.log
|
|
||||||
[ ] Initializing inetd mode configuration
|
|
||||||
[ ] Clients allowed=500
|
|
||||||
[.] stunnel 5.69 on x86_64-redhat-linux-gnu platform
|
|
||||||
[.] Compiled/running with OpenSSL 3.0.8 7 Feb 2023
|
|
||||||
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
|
|
||||||
[ ] errno: (*__errno_location ())
|
|
||||||
[ ] Initializing inetd mode configuration
|
|
||||||
[.] Reading configuration from file /builddir/build/BUILD/curl-8.0.1/build-minimal/tests/https_stunnel.conf
|
|
||||||
[.] UTF-8 byte order mark not detected
|
|
||||||
[.] FIPS mode disabled
|
|
||||||
[ ] Compression disabled
|
|
||||||
[ ] No PRNG seeding was required
|
|
||||||
[ ] Initializing service [curltest]
|
|
||||||
[ ] Using the default TLS minimum version as specified in crypto policies. Not setting explicitly.
|
|
||||||
[ ] Using the default TLS maximum version as specified in crypto policies. Not setting explicitly
|
|
||||||
[ ] stunnel default security level set: 2
|
|
||||||
[ ] Ciphers: PROFILE=SYSTEM
|
|
||||||
[ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
|
|
||||||
[ ] TLS options: 0x2100000 (+0x0, -0x0)
|
|
||||||
[ ] Session resumption enabled
|
|
||||||
[ ] Loading certificate from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
|
|
||||||
[ ] Certificate loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
|
|
||||||
[ ] Loading private key from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
|
|
||||||
[ ] Private key loaded from file: /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
|
|
||||||
[ ] Private key check succeeded
|
|
||||||
[!] No trusted certificates found
|
|
||||||
[ ] DH initialization needed for DHE-RSA-AES256-GCM-SHA384
|
|
||||||
[ ] DH initialization
|
|
||||||
[ ] Could not load DH parameters from /builddir/build/BUILD/curl-8.0.1/tests/stunnel.pem
|
|
||||||
[ ] Using dynamic DH parameters
|
|
||||||
[ ] ECDH initialization
|
|
||||||
[ ] ECDH initialized with curves X25519:P-256:X448:P-521:P-384
|
|
||||||
[.] Configuration successful
|
|
||||||
[ ] Deallocating deployed section defaults
|
|
||||||
[ ] Binding service [curltest]
|
|
||||||
[ ] Listening file descriptor created (FD=8)
|
|
||||||
[ ] Setting accept socket options (FD=8)
|
|
||||||
[ ] Option SO_REUSEADDR set on accept socket
|
|
||||||
[.] Binding service [curltest] to 0.0.0.0:24642: Address already in use (98)
|
|
||||||
[ ] Listening file descriptor created (FD=8)
|
|
||||||
[ ] Setting accept socket options (FD=8)
|
|
||||||
[ ] Option SO_REUSEADDR set on accept socket
|
|
||||||
[.] Binding service [curltest] to :::24642: Address already in use (98)
|
|
||||||
[!] Binding service [curltest] failed
|
|
||||||
[ ] Unbinding service [curltest]
|
|
||||||
[ ] Service [curltest] closed
|
|
||||||
[ ] Deallocating deployed section defaults
|
|
||||||
[ ] Deallocating section [curltest]
|
|
||||||
[ ] Initializing inetd mode configuration
|
|
||||||
=== End of file https2_stunnel.log
|
|
||||||
```
|
|
||||||
---
|
|
||||||
tests/runtests.pl | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
|
||||||
index 54f6923..bb362c9 100755
|
|
||||||
--- a/tests/runtests.pl
|
|
||||||
+++ b/tests/runtests.pl
|
|
||||||
@@ -1802,7 +1802,7 @@ sub runhttpsserver {
|
|
||||||
|
|
||||||
my $pid2;
|
|
||||||
my $httpspid;
|
|
||||||
- my $port = 24512; # start attempt
|
|
||||||
+ my $port = 24512 * $idnum; # start attempt
|
|
||||||
for (1 .. 10) {
|
|
||||||
$port += int(rand(600));
|
|
||||||
my $options = "$flags --accept $port";
|
|
||||||
--
|
|
||||||
2.39.2
|
|
||||||
|
|
13
curl.spec
13
curl.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 8.0.1
|
Version: 8.1.0
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: curl
|
License: curl
|
||||||
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||||
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
||||||
@ -22,9 +22,6 @@ Patch103: 0103-curl-7.87.0-test3012.patch
|
|||||||
# do not fail on warnings in the upstream test driver
|
# do not fail on warnings in the upstream test driver
|
||||||
Patch104: 0104-curl-7.88.0-tests-warnings.patch
|
Patch104: 0104-curl-7.88.0-tests-warnings.patch
|
||||||
|
|
||||||
# tests: attempt to fix a conflict on port numbers
|
|
||||||
Patch105: 0105-curl-8.0.1-tests-stunnel-port.patch
|
|
||||||
|
|
||||||
Provides: curl-full = %{version}-%{release}
|
Provides: curl-full = %{version}-%{release}
|
||||||
Provides: webclient
|
Provides: webclient
|
||||||
URL: https://curl.se/
|
URL: https://curl.se/
|
||||||
@ -84,6 +81,7 @@ BuildRequires: perl(File::Basename)
|
|||||||
BuildRequires: perl(File::Copy)
|
BuildRequires: perl(File::Copy)
|
||||||
BuildRequires: perl(File::Spec)
|
BuildRequires: perl(File::Spec)
|
||||||
BuildRequires: perl(IPC::Open2)
|
BuildRequires: perl(IPC::Open2)
|
||||||
|
BuildRequires: perl(Memoize)
|
||||||
BuildRequires: perl(MIME::Base64)
|
BuildRequires: perl(MIME::Base64)
|
||||||
BuildRequires: perl(Time::Local)
|
BuildRequires: perl(Time::Local)
|
||||||
BuildRequires: perl(Time::HiRes)
|
BuildRequires: perl(Time::HiRes)
|
||||||
@ -407,6 +405,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 17 2023 Kamil Dudka <kdudka@redhat.com> - 8.1.0-1
|
||||||
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
|
CVE-2023-28321 - IDN wildcard match
|
||||||
|
CVE-2023-28322 - more POST-after-PUT confusion
|
||||||
|
|
||||||
* Fri Apr 21 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.1-3
|
* Fri Apr 21 2023 Kamil Dudka <kdudka@redhat.com> - 8.0.1-3
|
||||||
- tests: re-enable temporarily disabled test-cases
|
- tests: re-enable temporarily disabled test-cases
|
||||||
- tests: attempt to fix a conflict on port numbers
|
- tests: attempt to fix a conflict on port numbers
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (curl-8.0.1.tar.xz) = 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
|
SHA512 (curl-8.1.0.tar.xz) = b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d
|
||||||
SHA512 (curl-8.0.1.tar.xz.asc) = 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
|
SHA512 (curl-8.1.0.tar.xz.asc) = 191a74c7a6b6aa78b7f36e1535fda0701bde8b333a61c90343e1f1b2d65cc5097b5febc5fa42b2f373795ef1b34078790deaaa71c8aaa45eed1c753729a45f3d
|
||||||
|
Loading…
Reference in New Issue
Block a user