Browse Source
gnurl: update source to 7.43.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>lilik-openwrt-22.03
Daniel Golle
9 years ago
7 changed files with 4 additions and 315 deletions
Split View
Diff Options
-
+3 -3net/gnurl/Makefile
-
+0 -89net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch
-
+0 -32net/gnurl/patches/011-CVE-2015-3144.patch
-
+0 -53net/gnurl/patches/012-CVE-2015-3145.patch
-
+0 -95net/gnurl/patches/014-CVE-2015-3153.patch
-
+0 -42net/gnurl/patches/015-CVE-2015-3236.patch
-
+1 -1net/gnurl/patches/100-check_long_long.patch
+ 3
- 3
net/gnurl/Makefile
View File
+ 0
- 89
net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch
View File
| @ -1,89 +0,0 @@ | |||
| From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001 | |||
| From: Alessandro Ghedini <alessandro@ghedini.me> | |||
| Date: Sun, 8 Mar 2015 20:11:06 +0100 | |||
| Subject: [PATCH] gtls: add support for CURLOPT_CAPATH | |||
| --- | |||
| acinclude.m4 | 4 ++-- | |||
| docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++--- | |||
| lib/vtls/gtls.c | 22 ++++++++++++++++++++++ | |||
| lib/vtls/gtls.h | 3 +++ | |||
| 4 files changed, 29 insertions(+), 5 deletions(-) | |||
| --- a/acinclude.m4 | |||
| +++ b/acinclude.m4 | |||
| @@ -2614,8 +2614,8 @@ AC_HELP_STRING([--without-ca-path], [Don | |||
| capath="no" | |||
| elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then | |||
| dnl --with-ca-path given | |||
| - if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then | |||
| - AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) | |||
| + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then | |||
| + AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) | |||
| fi | |||
| capath="$want_capath" | |||
| ca="no" | |||
| --- a/docs/libcurl/opts/CURLOPT_CAPATH.3 | |||
| +++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 | |||
| @@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IM | |||
| .SH EXAMPLE | |||
| TODO | |||
| .SH AVAILABILITY | |||
| -This option is OpenSSL-specific and does nothing if libcurl is built to use | |||
| -GnuTLS. NSS-powered libcurl provides the option only for backward | |||
| -compatibility. | |||
| +This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS | |||
| +backend provides the option only for backward compatibility. | |||
| .SH RETURN VALUE | |||
| Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or | |||
| CURLE_OUT_OF_MEMORY if there was insufficient heap space. | |||
| --- a/lib/vtls/gtls.c | |||
| +++ b/lib/vtls/gtls.c | |||
| @@ -98,6 +98,10 @@ static bool gtls_inited = FALSE; | |||
| # define HAS_ALPN | |||
| # endif | |||
| # endif | |||
| + | |||
| +# if (GNUTLS_VERSION_NUMBER >= 0x030306) | |||
| +# define HAS_CAPATH | |||
| +# endif | |||
| #endif | |||
| /* | |||
| @@ -463,6 +467,24 @@ gtls_connect_step1(struct connectdata *c | |||
| rc, data->set.ssl.CAfile); | |||
| } | |||
| +#ifdef HAS_CAPATH | |||
| + if(data->set.ssl.CApath) { | |||
| + /* set the trusted CA cert directory */ | |||
| + rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, | |||
| + data->set.ssl.CApath, | |||
| + GNUTLS_X509_FMT_PEM); | |||
| + if(rc < 0) { | |||
| + infof(data, "error reading ca cert file %s (%s)\n", | |||
| + data->set.ssl.CAfile, gnutls_strerror(rc)); | |||
| + if(data->set.ssl.verifypeer) | |||
| + return CURLE_SSL_CACERT_BADFILE; | |||
| + } | |||
| + else | |||
| + infof(data, "found %d certificates in %s\n", | |||
| + rc, data->set.ssl.CApath); | |||
| + } | |||
| +#endif | |||
| + | |||
| if(data->set.ssl.CRLfile) { | |||
| /* set the CRL list file */ | |||
| rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, | |||
| --- a/lib/vtls/gtls.h | |||
| +++ b/lib/vtls/gtls.h | |||
| @@ -53,6 +53,9 @@ void Curl_gtls_md5sum(unsigned char *tmp | |||
| unsigned char *md5sum, /* output */ | |||
| size_t md5len); | |||
| +/* this backend supports the CAPATH option */ | |||
| +#define have_curlssl_ca_path 1 | |||
| + | |||
| /* API setup for GnuTLS */ | |||
| #define curlssl_init Curl_gtls_init | |||
| #define curlssl_cleanup Curl_gtls_cleanup | |||
+ 0
- 32
net/gnurl/patches/011-CVE-2015-3144.patch
View File
| @ -1,32 +0,0 @@ | |||
| From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001 | |||
| From: Daniel Stenberg <daniel@haxx.se> | |||
| Date: Thu, 16 Apr 2015 23:52:04 +0200 | |||
| Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset | |||
| MIME-Version: 1.0 | |||
| Content-Type: text/plain; charset=UTF-8 | |||
| Content-Transfer-Encoding: 8bit | |||
| If a URL is given with a zero-length host name, like in "http://:80" or | |||
| just ":80", `fix_hostname()` will index the host name pointer with a -1 | |||
| offset (as it blindly assumes a non-zero length) and both read and | |||
| assign that address. | |||
| CVE-2015-3144 | |||
| Bug: http://curl.haxx.se/docs/adv_20150422D.html | |||
| Reported-by: Hanno Böck | |||
| --- | |||
| lib/url.c | 2 +- | |||
| 1 file changed, 1 insertion(+), 1 deletion(-) | |||
| --- a/lib/url.c | |||
| +++ b/lib/url.c | |||
| @@ -3602,7 +3602,7 @@ static void fix_hostname(struct SessionH | |||
| host->dispname = host->name; | |||
| len = strlen(host->name); | |||
| - if(host->name[len-1] == '.') | |||
| + if(len && (host->name[len-1] == '.')) | |||
| /* strip off a single trailing dot if present, primarily for SNI but | |||
| there's no use for it */ | |||
| host->name[len-1]=0; | |||
+ 0
- 53
net/gnurl/patches/012-CVE-2015-3145.patch
View File
| @ -1,53 +0,0 @@ | |||
| From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001 | |||
| From: Daniel Stenberg <daniel@haxx.se> | |||
| Date: Thu, 16 Apr 2015 16:37:40 +0200 | |||
| Subject: [PATCH] cookie: cookie parser out of boundary memory access | |||
| MIME-Version: 1.0 | |||
| Content-Type: text/plain; charset=UTF-8 | |||
| Content-Transfer-Encoding: 8bit | |||
| The internal libcurl function called sanitize_cookie_path() that cleans | |||
| up the path element as given to it from a remote site or when read from | |||
| a file, did not properly validate the input. If given a path that | |||
| consisted of a single double-quote, libcurl would index a newly | |||
| allocated memory area with index -1 and assign a zero to it, thus | |||
| destroying heap memory it wasn't supposed to. | |||
| CVE-2015-3145 | |||
| Bug: http://curl.haxx.se/docs/adv_20150422C.html | |||
| Reported-by: Hanno Böck | |||
| --- | |||
| lib/cookie.c | 12 +++++++----- | |||
| 1 file changed, 7 insertions(+), 5 deletions(-) | |||
| --- a/lib/cookie.c | |||
| +++ b/lib/cookie.c | |||
| @@ -236,11 +236,14 @@ static char *sanitize_cookie_path(const | |||
| return NULL; | |||
| /* some stupid site sends path attribute with '"'. */ | |||
| + len = strlen(new_path); | |||
| if(new_path[0] == '\"') { | |||
| - memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path)); | |||
| + memmove((void *)new_path, (const void *)(new_path + 1), len); | |||
| + len--; | |||
| } | |||
| - if(new_path[strlen(new_path) - 1] == '\"') { | |||
| - new_path[strlen(new_path) - 1] = 0x0; | |||
| + if(len && (new_path[len - 1] == '\"')) { | |||
| + new_path[len - 1] = 0x0; | |||
| + len--; | |||
| } | |||
| /* RFC6265 5.2.4 The Path Attribute */ | |||
| @@ -252,8 +255,7 @@ static char *sanitize_cookie_path(const | |||
| } | |||
| /* convert /hoge/ to /hoge */ | |||
| - len = strlen(new_path); | |||
| - if(1 < len && new_path[len - 1] == '/') { | |||
| + if(len && new_path[len - 1] == '/') { | |||
| new_path[len - 1] = 0x0; | |||
| } | |||
+ 0
- 95
net/gnurl/patches/014-CVE-2015-3153.patch
View File
| @ -1,95 +0,0 @@ | |||
| From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001 | |||
| From: Daniel Stenberg <daniel@haxx.se> | |||
| Date: Thu, 23 Apr 2015 15:58:21 +0200 | |||
| Subject: [PATCH] CURLOPT_HEADEROPT: default to separate | |||
| Make the HTTP headers separated by default for improved security and | |||
| reduced risk for information leakage. | |||
| Bug: http://curl.haxx.se/docs/adv_20150429.html | |||
| Reported-by: Yehezkel Horowitz, Oren Souroujon | |||
| --- | |||
| docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------ | |||
| lib/url.c | 1 + | |||
| tests/data/test1527 | 2 +- | |||
| tests/data/test287 | 2 +- | |||
| tests/libtest/lib1527.c | 1 + | |||
| 5 files changed, 10 insertions(+), 8 deletions(-) | |||
| --- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3 | |||
| +++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3 | |||
| @@ -5,7 +5,7 @@ | |||
| .\" * | (__| |_| | _ <| |___ | |||
| .\" * \___|\___/|_| \_\_____| | |||
| .\" * | |||
| -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. | |||
| +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. | |||
| .\" * | |||
| .\" * This software is licensed as described in the file COPYING, which | |||
| .\" * you should have received as part of this distribution. The terms | |||
| @@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle, | |||
| Pass a long that is a bitmask of options of how to deal with headers. The two | |||
| mutually exclusive options are: | |||
| -\fBCURLHEADER_UNIFIED\fP - keep working as before. This means | |||
| -\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers | |||
| -and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not | |||
| -have any effect. | |||
| +\fBCURLHEADER_UNIFIED\fP - the headers specified in | |||
| +\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and | |||
| +proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have | |||
| +any effect. | |||
| \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get | |||
| sent to a server and not to a proxy. Proxy headers must be set with | |||
| @@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil | |||
| headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to | |||
| the server. | |||
| .SH DEFAULT | |||
| -CURLHEADER_UNIFIED | |||
| +CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then) | |||
| .SH PROTOCOLS | |||
| HTTP | |||
| .SH EXAMPLE | |||
| --- a/lib/url.c | |||
| +++ b/lib/url.c | |||
| @@ -605,6 +605,7 @@ CURLcode Curl_init_userdefined(struct Us | |||
| set->ssl_enable_alpn = TRUE; | |||
| set->expect_100_timeout = 1000L; /* Wait for a second by default. */ | |||
| + set->sep_headers = TRUE; /* separated header lists by default */ | |||
| return result; | |||
| } | |||
| --- a/tests/data/test1527 | |||
| +++ b/tests/data/test1527 | |||
| @@ -45,7 +45,7 @@ http-proxy | |||
| lib1527 | |||
| </tool> | |||
| <name> | |||
| -Check same headers are generated without CURLOPT_PROXYHEADER | |||
| +Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED | |||
| </name> | |||
| <command> | |||
| http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT | |||
| --- a/tests/data/test287 | |||
| +++ b/tests/data/test287 | |||
| @@ -28,7 +28,7 @@ http | |||
| HTTP proxy CONNECT with custom User-Agent header | |||
| </name> | |||
| <command> | |||
| -http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel | |||
| +http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007" | |||
| </command> | |||
| </client> | |||
| --- a/tests/libtest/lib1527.c | |||
| +++ b/tests/libtest/lib1527.c | |||
| @@ -83,6 +83,7 @@ int test(char *URL) | |||
| test_setopt(curl, CURLOPT_READFUNCTION, read_callback); | |||
| test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); | |||
| test_setopt(curl, CURLOPT_INFILESIZE, strlen(data)); | |||
| + test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED); | |||
| res = curl_easy_perform(curl); | |||
+ 0
- 42
net/gnurl/patches/015-CVE-2015-3236.patch
View File
| @ -1,42 +0,0 @@ | |||
| From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001 | |||
| From: Kamil Dudka <kdudka@redhat.com> | |||
| Date: Thu, 28 May 2015 20:04:35 +0200 | |||
| Subject: [PATCH] http: do not leak basic auth credentials on re-used | |||
| connections | |||
| CVE-2015-3236 | |||
| This partially reverts commit curl-7_39_0-237-g87c4abb | |||
| Bug: http://curl.haxx.se/docs/adv_20150617A.html | |||
| --- | |||
| lib/http.c | 16 ++++------------ | |||
| 1 file changed, 4 insertions(+), 12 deletions(-) | |||
| --- a/lib/http.c | |||
| +++ b/lib/http.c | |||
| @@ -2327,20 +2327,12 @@ CURLcode Curl_http(struct connectdata *c | |||
| te | |||
| ); | |||
| - /* | |||
| - * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with | |||
| - * the connection and shouldn't be repeated over it either. | |||
| - */ | |||
| - switch (data->state.authhost.picked) { | |||
| - case CURLAUTH_NEGOTIATE: | |||
| - case CURLAUTH_NTLM: | |||
| - case CURLAUTH_NTLM_WB: | |||
| - Curl_safefree(conn->allocptr.userpwd); | |||
| - break; | |||
| - } | |||
| + /* clear userpwd to avoid re-using credentials from re-used connections */ | |||
| + Curl_safefree(conn->allocptr.userpwd); | |||
| /* | |||
| - * Same for proxyuserpwd | |||
| + * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated | |||
| + * with the connection and shouldn't be repeated over it either. | |||
| */ | |||
| switch (data->state.authproxy.picked) { | |||
| case CURLAUTH_NEGOTIATE: | |||