Resolves: #1308791 - do not refuse cookies for localhost

2016-03-02 11:23:46 +01:00 · 2016-03-02 11:23:46 +01:00 · e2daf98253
commit e2daf98253
parent e57a741556
2 changed files with 55 additions and 2 deletions
--- a/0001-curl-7.47.1-psl-localhost.patch
+++ b/0001-curl-7.47.1-psl-localhost.patch
@ -0,0 +1,47 @@
+From 090ee789dda468fe0d9b715ec4e5dc47a948a239 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 2 Mar 2016 11:07:16 +0100
+Subject: [PATCH] cookie: do not refuse cookies for localhost
+
+Closes #658
+---
+ lib/cookie.c        | 10 ++++++----
+ tests/data/test1136 |  1 +
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index d62f446..e5c7b7e 100644
+--- a/lib/cookie.c
+++ b/lib/cookie.c
+@@ -788,10 +788,12 @@ Curl_cookie_add(struct SessionHandle *data,
+ #ifdef USE_LIBPSL
+   /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
+      This needs a libpsl compiled with builtin data. */
+-  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
+-    if(psl_is_public_suffix(psl, co->domain)) {
+-      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
+-            co->name, co->domain);
+  if(domain && co->domain && !isip(co->domain)) {
+    if (((psl = psl_builtin()) != NULL)
+        && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+      infof(data,
+            "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+            co->name, domain, co->domain);
+       freecookie(co);
+       return NULL;
+     }
+diff --git a/tests/data/test1136 b/tests/data/test1136
+index e42ca06..d3327e8 100644
+--- a/tests/data/test1136
+++ b/tests/data/test1136
+@@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com
+ 
+ .www.example.ck	TRUE	/	FALSE	0	test2	allowed2
+ .www.ck	TRUE	/	FALSE	0	test4	allowed4
+.z-1.compute-1.amazonaws.com	TRUE	/	FALSE	0	test5	forbidden5
+ </file>
+ </verify>
+ </testcase>
+-- 
+2.5.0
+
--- a/curl.spec
+++ b/curl.spec
@ -1,12 +1,15 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.47.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h

+# do not refuse cookies for localhost (#1308791)
+Patch1: 0001-curl-7.47.1-psl-localhost.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -118,7 +121,7 @@ documentation of the library, too.
 %setup -q

 # upstream patches
-# (none)
+%patch1 -p1

 # Fedora patches
 %patch101 -p1
@ -231,6 +234,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Wed Mar 02 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
+- do not refuse cookies for localhost (#1308791)
+
 * Wed Feb 17 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-3
 - make SCP and SFTP test-cases work with up2date OpenSSH