Commit Graph

614 Commits

Author SHA1 Message Date
Kamil Dudka
768ce3965d test3026: disable valgrind
It fails on x86_64 with:
```
 Use --max-threads=INT to specify a larger number of threads
 and rerun valgrind
 valgrind: the 'impossible' happened:
    Max number of threads is too low
 host stacktrace:
 ==174357==    at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 ==174357==    by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux)
 sched status:
   running_tid=1
 Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357)
 ==174357==    at 0x4A07816: clone (in /usr/lib64/libc.so.6)
 ==174357==    by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6)
 ==174357==    by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6)
 ==174357==    by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
 ==174357==    by 0x1093B5: test.part.0 (lib3026.c:64)
 ==174357==    by 0x492454F: (below main) (in /usr/lib64/libc.so.6)
 client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998
 valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
[...]
```
2022-06-27 17:00:18 +02:00
Kamil Dudka
a4ed273b19 new upstream release - 7.84.0
Resolves: CVE-2022-32207 - Unpreserved file permissions
Resolves: CVE-2022-32205 - Set-Cookie denial of service
Resolves: CVE-2022-32206 - HTTP compression denial of service
Resolves: CVE-2022-32208 - FTP-KRB bad message verification
2022-06-27 13:00:50 +02:00
Lukáš Zaoral
dd6ee45b2d
tests/non-root-user-download: fix test failures 2022-05-12 10:15:57 +02:00
Kamil Dudka
4ad1229e9d new upstream release - 7.83.1
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
2022-05-11 10:03:28 +02:00
Kamil Dudka
f17162c526 new upstream release - 7.83.0
Resolves: CVE-2022-27774 - curl credential leak on redirect
Resolves: CVE-2022-27776 - curl auth/cookie leak on redirect
Resolves: CVE-2022-27775 - curl bad local IPv6 connection reuse
Resolves: CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
2022-04-27 13:52:54 +02:00
Kamil Dudka
cd99025ff8 curl.spec: bump release for the previous commit 2022-03-15 12:57:49 +01:00
Kamil Dudka
cbc7b73e10 openssl: fix incorrect CURLE_OUT_OF_MEMORY error
... on CN check failure, which was breaking the test-suite of pycurl.

Reported-by: Lukas Zaoral
2022-03-15 12:53:45 +01:00
Kamil Dudka
4f4da0817d new upstream release - 7.82.0 2022-03-05 11:17:52 +01:00
Kamil Dudka
cf3c14e497 enable IDN support also in libcurl-minimal
... as requested at fedora devel mailing-list:

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/SH5WAIBVF7GVSKL2VPMSQKY7BB4QYEB5/
2022-02-24 09:50:19 +01:00
Zbigniew Jędrzejewski-Szmek
d768f3c814 Pull in libcurl-minimal if installing curl-minimal
curl-minimal has an automatically generated dependency on libcurl.so.4(), so it'd
pull in either libcurl or libcurl-minimal. Let's make the second one preferred.

$ sudo dnf install --releasever=rawhide --installroot=/var/tmp/f36-test --setopt install_weak_deps=False curl-minimal
...
Total download size: 21 M
Installed size: 64 M

$ sudo dnf install --releasever=rawhide --installroot=/var/tmp/f36-test --setopt install_weak_deps=False curl-minimal libcurl-minimal
...
Total download size: 18 M
Installed size: 57 M
2022-02-10 20:52:05 +01:00
Fedora Release Engineering
c3286199cb - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 00:08:37 +00:00
Kamil Dudka
3e801a6f9f new upstream release - 7.81.0 2022-01-05 09:35:58 +01:00
Paul Howarth
503307b687 sshserver.pl (used in test suite) now requires the Digest::SHA perl module 2021-11-14 17:06:12 +00:00
Kamil Dudka
ef0743b641 new upstream release - 7.80.0 2021-11-10 09:03:50 +01:00
Kamil Dudka
ac00a5bac0 temporarily disable tests 300{0,1} on x86_64
stunnel clashes with itself
2021-10-27 13:57:07 +02:00
Kamil Dudka
94a3e807dd Related: #2005874 - re-enable HSTS in libcurl-minimal
... as a security feature
2021-10-26 17:15:50 +02:00
Miroslav Vadkerti
1b982b367e Migrate tests to tmt
Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
2021-10-05 06:26:42 +00:00
Kamil Dudka
a0acb0cc77 Related: #2005874 - use correct bug ID in the change log 2021-10-04 12:29:42 +02:00
Kamil Dudka
d4c5b54bf3 run upstream tests for both curl-minimal and curl-full
As we made libcurl-minimal more minimal, it differs more from
libcurl-full and it should be tested separately.  On the other
hand, the test-suite for libcurl-minimal runs faster now because
more tests are skipped.
2021-10-04 09:55:13 +02:00
Kamil Dudka
5ebead952b Resolves: #1994521 - disable more protocols and features in libcurl-minimal
... to limit vulnerability exposure in case there is a CVE in curl
in some of the rarer protocols
2021-10-04 09:55:11 +02:00
Kamil Dudka
54117120e4 explicitly disable zstd while configuring curl
... in order to make local builds closer to what we get from Koji
2021-10-04 09:54:25 +02:00
Kamil Dudka
c2f61abc1c curl.spec: align the lists of configure options
... to make it easier to extend the lists
2021-10-04 09:54:25 +02:00
Kamil Dudka
407e3960e4 new upstream release - 7.79.1 2021-09-22 09:16:36 +02:00
Kamil Dudka
e2155b2695 fix regression in http2 implementation
... introduced in the last release
2021-09-16 12:26:16 +02:00
Sahana Prasad
f97c73e9d7 Rebuilt with OpenSSL 3.0.0 2021-09-16 12:23:37 +02:00
Kamil Dudka
31329d9443 forgot to bump release in the previous commit 2021-09-16 08:51:26 +02:00
Kamil Dudka
25f443ae12 make SCP/SFTP tests work with openssh-8.7p1 2021-09-16 08:45:33 +02:00
Kamil Dudka
287da1ceec temporarily disable test 1184
... which occasionally fails on aarch64/armv7hl Koji builders
for no apparent reason
2021-09-15 10:55:21 +02:00
Kamil Dudka
d02617d325 new upstream release - 7.79.0
Resolves: CVE-2021-22947 - STARTTLS protocol injection via MITM
Resolves: CVE-2021-22946 - protocol downgrade required TLS bypassed
Resolves: CVE-2021-22945 - use-after-free and double-free in MQTT sending
2021-09-15 09:09:11 +02:00
Sahana Prasad
62e2b8d564 Rebuilt with OpenSSL 3.0.0 2021-09-14 19:00:02 +02:00
Kamil Dudka
f964aefff3 make explicit dependency on openssl work with alpha/beta builds of openssl
Reported-by: Daniel Rusek
2021-07-23 17:15:57 +02:00
Fedora Release Engineering
adeb2cb476 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 20:15:37 +00:00
Kamil Dudka
85619bdba3 disable tests 320..322 on ppc64le where it started to hang/fail
... in Koji environment only.  I was not able to reproduce the issues
with the fedora-rawhide-ppc64le buildroot in mock on a ppc64le machine.
2021-07-21 15:53:36 +02:00
Kamil Dudka
0ac0b6fbd1 prevent valgrind from being extremely slow 2021-07-21 12:39:45 +02:00
Kamil Dudka
c921b2c69d remove a valgrind-related patch no longer needed 2021-07-21 12:38:15 +02:00
Kamil Dudka
ef5a5be78e temporarily disable test 1452 on s390x
... where the client times out
2021-07-21 12:06:57 +02:00
Kamil Dudka
64bcb4bcc1 new upstream release - 7.78.0
Resolves: CVE-2021-22925 - TELNET stack contents disclosure again
Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks
Resolves: CVE-2021-22923 - metalink download sends credentials
Resolves: CVE-2021-22922 - wrong content via metalink not discarded
2021-07-21 10:22:33 +02:00
Stewart Smith
ece67bdd2f gpgverify source tarball
Signed-off-by: Stewart Smith <trawets@amazon.com>
2021-07-09 18:42:11 +00:00
Kamil Dudka
ddaf41062c Resolves: #1967213 - build the curl tool without metalink support
Today curl upstream announced that they are going to completely remove
support for metalink from curl already in the next release of curl due
to a number of difficult to fix security issues:

    https://curl.se/mail/archive-2021-06/0006.html
    https://github.com/curl/curl/pull/7176
2021-06-02 19:55:01 +02:00
Kamil Dudka
4c89d92ee7 new upstream release - 7.77.0
Resolves: CVE-2021-22901 - TLS session caching disaster
Resolves: CVE-2021-22898 - TELNET stack contents disclosure
2021-05-26 09:20:35 +02:00
Kamil Dudka
4b7b124d75 Resolves: #1938699 - http2: fix resource leaks detected by Coverity 2021-05-03 17:54:40 +02:00
Kamil Dudka
bf8bb4b5b4 new upstream release - 7.76.1 2021-04-14 09:54:33 +02:00
Kamil Dudka
a0d250c162 new upstream release - 7.76.0
Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
2021-03-31 10:47:25 +02:00
Kamil Dudka
25676e54ef replace 0104-curl-7.73.0-localhost6.patch by sed invocation
... to avoid conflict resolution on new upstream releases
2021-03-31 10:47:24 +02:00
Kamil Dudka
b57f5589af fix misplaced comment in %prep from the previous commit 2021-03-24 11:17:40 +01:00
Kamil Dudka
742526c048 Resolves: #1941925 - fix SIGSEGV upon disconnect of a ldaps:// transfer 2021-03-24 11:04:10 +01:00
Kamil Dudka
bd924f90f2 build-require python3-impacket only on Fedora
It might not be available in RHEL or CentOS Stream build repos.
2021-02-23 22:03:03 +01:00
Kamil Dudka
d781733304 %check: use unstripped library from the build dir
It results in more detailed backtraces in valgrind's output.
2021-02-11 11:51:32 +01:00
Kamil Dudka
7dada590f2 new upstream release - 7.75.0 2021-02-03 09:07:33 +01:00
Kamil Dudka
1cfc0aeb3b do not use stunnel for tests on s390x builds
... to avoid spurious failures
2021-01-26 15:13:50 +01:00