Jacek Migacz
36c10becf4
http2: push headers better cleanup
...
Resolves: RHEL-29809
2024-08-22 12:48:23 +02:00
Renaud Métrich
474e312022
Unconditionally set OpenSSL option SSL_OP_IGNORE_UNEXPECTED_EOF
...
This is needed to avoid an error when server doesn't close correctly, e.g.:
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
Resolves: RHEL-39995
2024-07-02 22:01:27 +02:00
Jacek Migacz
d26c8eeebb
Temporarily disable several tests related to openssl and failing in valgrind
...
Related: RHEL-39995
2024-07-02 22:01:24 +02:00
Jacek Migacz
909db667c8
Rebuild for 9.4 GA
...
Related: RHEL-17600
2024-03-06 23:45:46 +01:00
Jacek Migacz
dd1ed1db23
Lowercase the domain names before PSL checks
...
Resolves: RHEL-17600
2023-12-09 18:06:41 +01:00
Jacek Migacz
1582dc453e
Cap SFTP packet size sent
...
Resolves: RHEL-14697
2023-11-28 11:17:05 +01:00
Jacek Migacz
06c4d34bb1
Fix cookie injection with none file
...
Resolves: RHEL-12692
2023-11-24 10:28:40 +01:00
Jacek Migacz
0783247f07
Return error if hostname too long for remote resolve
...
Resolves: RHEL-11467
2023-10-10 18:35:37 +02:00
Jacek Migacz
c20fcd3e87
When keyboard-interactive auth fails; try password
...
Resolves: RHEL-3625
2023-09-14 21:27:58 +02:00
Jacek Migacz
bb4d7d8d9f
Resolves: CVE-2023-28321 - fix host name wildcard checking
2023-06-27 19:42:23 +02:00
Jacek Migacz
d0d9c1f19b
Resolves: CVE-2023-28322 - unify the upload/method handling
2023-06-12 00:07:07 +02:00
Kamil Dudka
40387c061f
Resolves: CVE-2023-27535 - adapt the fix for RHEL 9 curl
...
... where USE_SSH is not defined. The problem with the backport was
detected by OpenScanHub:
https://cov01.lab.eng.brq2.redhat.com/covscanhub/task/279249//log/added.html
2023-04-12 16:52:10 +02:00
Kamil Dudka
d35c512f12
Resolves: CVE-2023-27538 - fix SSH connection too eager reuse still
2023-03-24 15:47:56 +01:00
Kamil Dudka
9d1931d0ec
Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use
2023-03-24 15:44:26 +01:00
Kamil Dudka
bd2517cc9b
Resolves: CVE-2023-27535 - fix FTP too eager connection reuse
2023-03-24 15:40:12 +01:00
Kamil Dudka
2a890c9910
Resolves: CVE-2023-27534 - fix SFTP path ~ resolving discrepancy
2023-03-24 15:34:12 +01:00
Kamil Dudka
798eff6a99
Resolves: CVE-2023-27533 - fix TELNET option IAC injection
2023-03-24 15:26:51 +01:00
Kamil Dudka
27cd064020
Resolves: CVE-2023-23916 - fix HTTP multi-header compression denial of service
2023-02-16 13:38:22 +01:00
Kamil Dudka
eab48830b3
Resolves: CVE-2022-43552 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel
2022-12-21 16:11:04 +01:00
Kamil Dudka
09780ef69d
Related: CVE-2022-32221 - temporarily disable tests 2034 2037 2041 on aarch64
...
They consistently fail on CentOS Koji for no apparent reason. All the
tests first succeed while testing libcurl-minimal but they subsequently
fail while testing libcurl-full. I suspect some failed cleanup issue
in the upstream test-suite which manifests on CentOS aarch64 builders
only.
2022-10-27 16:29:43 +02:00
Kamil Dudka
f618f2c219
Resolves: CVE-2022-32221 - fix POST following PUT confusion
2022-10-27 10:14:52 +02:00
Kamil Dudka
641c248102
Resolves: CVE-2022-35252 - control code in cookie denial of service
2022-09-20 13:56:11 +02:00
Kamil Dudka
6333bbf495
Related: CVE-2022-32207 - fix build failure caused by openldap rebase
...
[...]
make[2]: Leaving directory '/builddir/build/BUILD/curl-7.76.1/build-full/lib'
../../lib/openldap.c:83:17: error: conflicting types for 'ldap_connect'; have 'CURLcode(struct Curl_easy *, _Bool *)'
83 | static CURLcode ldap_connect(struct Curl_easy *data, bool *done);
| ^~~~~~~~~~~~
In file included from ../../lib/openldap.c:39:
/usr/include/ldap.h:1555:1: note: previous declaration of 'ldap_connect' with type 'int(LDAP *)' {aka 'int(struct ldap *)'}
1555 | ldap_connect( LDAP *ld );
| ^~~~~~~~~~~~
2022-06-29 17:44:35 +02:00
Kamil Dudka
22475de7fb
Resolves: CVE-2022-32207 - fix unpreserved file permissions
2022-06-29 15:47:31 +02:00
Kamil Dudka
2e18ec1da4
Resolves: CVE-2022-32206 - fix HTTP compression denial of service
2022-06-29 14:53:47 +02:00
Kamil Dudka
0d71fe9a40
Resolves: CVE-2022-32208 - fix FTP-KRB bad message verification
2022-06-29 14:53:14 +02:00
Kamil Dudka
d613827bea
Related: CVE-2022-27782 - make upstream tests work with openssh-8.7p1
2022-05-11 15:06:48 +02:00
Kamil Dudka
8c425de1b3
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
2022-05-11 14:13:31 +02:00
Kamil Dudka
36d4ce9e14
Resolves: CVE-2022-27774 - fix leak of SRP credentials in redirects
2022-05-02 10:34:03 +02:00
Kamil Dudka
858e381746
Related: CVE-2022-27774 - add missing tests to Makefile
2022-04-29 14:47:02 +02:00
Kamil Dudka
8929aa4b81
Resolves: CVE-2022-27774 - fix credential leak on redirect
2022-04-28 13:35:41 +02:00
Kamil Dudka
0a149a1ed9
Resolves: CVE-2022-27776 - fix auth/cookie leak on redirect
2022-04-28 13:35:30 +02:00
Kamil Dudka
ebff9aa2cc
Resolves: CVE-2022-27775 - fix bad local IPv6 connection reuse
2022-04-28 13:35:10 +02:00
Kamil Dudka
7c695ff325
Resolves: CVE-2022-22576 - fix OAUTH2 bearer bypass in connection re-use
2022-04-28 13:34:45 +02:00
Kamil Dudka
a3da9b9ac3
Related: #2005874 - re-disable HSTS in libcurl
...
... as an experimental feature
2021-10-26 17:35:49 +02:00
Kamil Dudka
64fed6be02
Related: #2005874 - run upstream tests for both curl-minimal and curl-full
...
As we made libcurl-minimal more minimal, it differs more from
libcurl-full and it should be tested separately. On the other
hand, the test-suite for libcurl-minimal runs faster now because
more tests are skipped.
2021-10-06 13:44:09 +02:00
Kamil Dudka
91252b5be5
Resolves : #2005874 - disable more protocols and features in libcurl-minimal
...
... to limit vulnerability exposure in case there is a CVE in curl
in some of the rarer protocols
2021-10-06 13:42:01 +02:00
Kamil Dudka
6f12b4a106
Related: #2005874 - explicitly disable zstd while configuring curl
...
... in order to make local builds closer to what we get from Koji
2021-10-06 13:41:57 +02:00
Kamil Dudka
b4895633ac
Related: #2005874 - curl.spec: align the lists of configure options
...
... to make it easier to extend the lists
2021-10-06 13:41:44 +02:00
Kamil Dudka
18dc6a0508
Resolves: CVE-2021-22947 - fix STARTTLS protocol injection via MITM
2021-09-17 10:35:40 +02:00
Kamil Dudka
29681cbdd7
Resolves: CVE-2021-22946 - fix protocol downgrade required TLS bypass
2021-09-17 10:35:38 +02:00
Kamil Dudka
f58185cd40
Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending
2021-09-17 10:35:29 +02:00
Mohan Boddu
e32e427920
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 19:44:44 +00:00
Florian Weimer
f2c10b31eb
Rebuild to pick up OpenSSL 3.0 Beta ABI ( #1984097 )
...
Related: #1984097
2021-07-28 11:50:14 +02:00
Kamil Dudka
a1aeccc458
Related: CVE-2021-22924 - make explicit dependency on openssl work
...
... with alpha/beta builds of openssl
Reported-by: Daniel Rusek
2021-07-23 17:37:28 +02:00
Kamil Dudka
ad77edcfa4
Related: CVE-2021-22924 - bump release to pick gating.yaml
...
Ideally such commits and builds should not be needed. The following
ticket asks for an extension of OSCI to avoid them in the future:
https://issues.redhat.com/browse/OSCI-2320 - unable to apply a new test configuration on an existing brew build
2021-07-23 15:56:43 +02:00
Kamil Dudka
62ea6c3a17
Resolves: CVE-2021-22925 - fix TELNET stack contents disclosure again
2021-07-22 09:30:56 +02:00
Kamil Dudka
422b232978
Resolves: CVE-2021-22924 - fix bad connection reuse due to flawed path name checks
2021-07-22 09:30:43 +02:00
Mohan Boddu
d580cec333
- Rebuilt for RHEL 9 BETA for openssl 3.0
...
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-15 20:29:00 +00:00
Kamil Dudka
05f59553df
Resolves : #1967213 - build the curl tool without metalink support
...
Today curl upstream announced that they are going to completely remove
support for metalink from curl already in the next release of curl due
to a number of difficult to fix security issues:
https://curl.se/mail/archive-2021-06/0006.html
https://github.com/curl/curl/pull/7176
2021-06-03 08:18:46 +02:00