import http-parser-2.8.0-9.el8
This commit is contained in:
CentOS Sources
parent
a083dee7fe
commit
357b63c2ae
@ -1,3 +1,13 @@
|
||||
From 05da7fb51cda374ae351829f67018924f931f18b Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Correia <scorreia@redhat.com>
|
||||
Date: Tue, 18 Feb 2020 09:10:18 -0300
|
||||
Subject: [PATCH] CVE-2018-12121
|
||||
|
||||
---
|
||||
http_parser.c | 15 +++++++++++----
|
||||
http_parser.h | 3 +++
|
||||
2 files changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/http_parser.c b/http_parser.c
|
||||
index f9991c3..aef4437 100644
|
||||
--- a/http_parser.c
|
||||
@ -67,3 +77,6 @@ index 1fbf30e..ea7bafe 100644
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
--
|
||||
2.18.2
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
From c39167dc260953184a1ccd45292947808b94507d Mon Sep 17 00:00:00 2001
|
||||
From 5756942f51426a24add619377da15b18ecae91ef Mon Sep 17 00:00:00 2001
|
||||
From: Ben Noordhuis <info@bnoordhuis.nl>
|
||||
Date: Tue, 27 Mar 2018 16:45:33 +0200
|
||||
Subject: [PATCH] deps: reject interior blanks in Content-Length
|
||||
@ -26,14 +26,14 @@ Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
|
||||
Reviewed-By: James M Snell <jasnell@gmail.com>
|
||||
Reviewed-By: Rod Vagg <rod@vagg.org>
|
||||
---
|
||||
deps/http_parser/http_parser.c | 19 ++++++++++++++++++-
|
||||
deps/http_parser/test.c | 21 +++++++++++++++++++++
|
||||
http_parser.c | 19 ++++++++++++++++++-
|
||||
test.c | 21 +++++++++++++++++++++
|
||||
2 files changed, 39 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/deps/http_parser/http_parser.c b/deps/http_parser/http_parser.c
|
||||
index 7a9c688b1ca7..6522618671d0 100644
|
||||
--- a/deps/http_parser/http_parser.c
|
||||
+++ b/deps/http_parser/http_parser.c
|
||||
diff --git a/http_parser.c b/http_parser.c
|
||||
index 5b5657b..f9991c3 100644
|
||||
--- a/http_parser.c
|
||||
+++ b/http_parser.c
|
||||
@@ -370,6 +370,8 @@ enum header_states
|
||||
|
||||
, h_connection
|
||||
@ -43,7 +43,7 @@ index 7a9c688b1ca7..6522618671d0 100644
|
||||
, h_transfer_encoding
|
||||
, h_upgrade
|
||||
|
||||
@@ -1406,6 +1408,7 @@ size_t http_parser_execute (http_parser *parser,
|
||||
@@ -1406,6 +1408,7 @@ reexecute:
|
||||
|
||||
parser->flags |= F_CONTENTLENGTH;
|
||||
parser->content_length = ch - '0';
|
||||
@ -51,7 +51,7 @@ index 7a9c688b1ca7..6522618671d0 100644
|
||||
break;
|
||||
|
||||
case h_connection:
|
||||
@@ -1493,10 +1496,18 @@ size_t http_parser_execute (http_parser *parser,
|
||||
@@ -1493,10 +1496,18 @@ reexecute:
|
||||
break;
|
||||
|
||||
case h_content_length:
|
||||
@ -71,7 +71,7 @@ index 7a9c688b1ca7..6522618671d0 100644
|
||||
|
||||
if (UNLIKELY(!IS_NUM(ch))) {
|
||||
SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
|
||||
@@ -1519,6 +1530,12 @@ size_t http_parser_execute (http_parser *parser,
|
||||
@@ -1519,6 +1530,12 @@ reexecute:
|
||||
break;
|
||||
}
|
||||
|
||||
@ -84,10 +84,10 @@ index 7a9c688b1ca7..6522618671d0 100644
|
||||
/* Transfer-Encoding: chunked */
|
||||
case h_matching_transfer_encoding_chunked:
|
||||
parser->index++;
|
||||
diff --git a/deps/http_parser/test.c b/deps/http_parser/test.c
|
||||
index bc4e664f5253..cb445cea8607 100644
|
||||
--- a/deps/http_parser/test.c
|
||||
+++ b/deps/http_parser/test.c
|
||||
diff --git a/test.c b/test.c
|
||||
index bc4e664..cb445ce 100644
|
||||
--- a/test.c
|
||||
+++ b/test.c
|
||||
@@ -4168,6 +4168,27 @@ main (void)
|
||||
test_invalid_header_field_token_error(HTTP_RESPONSE);
|
||||
test_invalid_header_field_content_error(HTTP_RESPONSE);
|
||||
@ -116,3 +116,6 @@ index bc4e664f5253..cb445cea8607 100644
|
||||
//// RESPONSES
|
||||
|
||||
test_simple_type("HTP/1.1 200 OK\r\n\r\n", HPE_INVALID_VERSION, HTTP_RESPONSE);
|
||||
--
|
||||
2.18.2
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
From c8703a57d4c3c45251c08f20b433421c72032c57 Mon Sep 17 00:00:00 2001
|
||||
From b41d69bedcdbb8fe0cd790d0bcccbb457d6170d3 Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Correia <scorreia@redhat.com>
|
||||
Date: Wed, 26 Feb 2020 17:03:26 -0300
|
||||
Subject: [PATCH] CVE-2019-15605 - HTTP request smuggling
|
||||
|
||||
@ -1,19 +1,26 @@
|
||||
commit 705e519bf56e5904c761a411b38a66e84bf7fc2d
|
||||
Author: Ben Noordhuis <info@bnoordhuis.nl>
|
||||
Date: Tue Feb 27 22:59:00 2018 +0100
|
||||
From d22c4c1e3ab9ffe5faaa08bacd993c814ca1c92e Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Correia <scorreia@redhat.com>
|
||||
Date: Tue, 18 Feb 2020 09:11:05 -0300
|
||||
Subject: [PATCH] Remove unused functions from test runner.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Remove unused functions from test runner.
|
||||
|
||||
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
|
||||
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
|
||||
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
||||
Reviewed-By: Evan Lucas <evanlucas@me.com>
|
||||
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
|
||||
Reviewed-By: James M Snell <jasnell@gmail.com>
|
||||
Reviewed-By: Rod Vagg <rod@vagg.org>
|
||||
Upstream: 705e519bf56e5904c761a411b38a66e84bf7fc2d
|
||||
|
||||
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
|
||||
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
|
||||
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
||||
Reviewed-By: Evan Lucas <evanlucas@me.com>
|
||||
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
|
||||
Reviewed-By: James M Snell <jasnell@gmail.com>
|
||||
Reviewed-By: Rod Vagg <rod@vagg.org>
|
||||
---
|
||||
test.c | 14 --------------
|
||||
1 file changed, 14 deletions(-)
|
||||
|
||||
diff --git a/test.c b/test.c
|
||||
index bc4e664..0cbe544 100644
|
||||
index cb445ce..a1fa0d3 100644
|
||||
--- a/test.c
|
||||
+++ b/test.c
|
||||
@@ -27,9 +27,7 @@
|
||||
@ -52,3 +59,6 @@ index bc4e664..0cbe544 100644
|
||||
int
|
||||
request_url_cb (http_parser *p, const char *buf, size_t len)
|
||||
{
|
||||
--
|
||||
2.18.2
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: http-parser
|
||||
Version: 2.8.0
|
||||
Release: 5%{?dist}.2
|
||||
Release: 9%{?dist}
|
||||
Summary: HTTP request/response parser for C
|
||||
|
||||
License: MIT
|
||||
@ -33,11 +33,7 @@ Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
Development headers and libraries for http-parser.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch01 -p3
|
||||
%patch02 -p1
|
||||
%patch03 -p1
|
||||
%patch04 -p1
|
||||
%autosetup -p1
|
||||
|
||||
# TODO: try to send upstream?
|
||||
cat > meson.build << EOF
|
||||
@ -83,12 +79,19 @@ EOF
|
||||
%{_libdir}/libhttp_parser_strict.so
|
||||
|
||||
%changelog
|
||||
* Wed Feb 26 2020 Sergio Correia <scorreia@redhat.com> - 2.8.0-5.2
|
||||
* Wed Feb 26 2020 Sergio Correia <scorreia@redhat.com> - 2.8.0-9
|
||||
- Do not break ABI with CVE-2019-15605 fix
|
||||
|
||||
* Thu Feb 20 2020 Sergio Correia <scorreia@redhat.com> - 2.8.0-5.1
|
||||
* Wed Feb 19 2020 Sergio Correia <scorreia@redhat.com> - 2.8.0-8
|
||||
- Update gating tests due to CVE-2019-15605
|
||||
|
||||
* Tue Feb 18 2020 Sergio Corrreia <scorreia@redhat.com> - 2.8.0-7
|
||||
- Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request
|
||||
smuggling using malformed Transfer-Encoding header
|
||||
smuggling using malformed Transfer-Encoding header
|
||||
|
||||
* Tue Oct 29 2019 Sergio Correia <scorreia@redhat.com> - 2.8.0-6
|
||||
- Provide -devel package
|
||||
Resolves: rhbz#1748765: http-parser-devel package not available in CRB
|
||||
|
||||
* Mon Aug 12 2019 Sergio Correia <scorreia@redhat.com> - 2.8.0-5
|
||||
- Resolves: rhbz#1686488: 'make test' fails with stringop-overflow error
|
||||
|
||||
Loading…
Reference in New Issue
Block a user