Commit 8edfe52b authored by David Mondou's avatar David Mondou
Browse files

Updated to curl 7.61

parent 5e1c01f6
[PATCH] replace krb5-config with pkg-config
From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Tue, 26 Apr 2016 13:13:01 +0800
Subject: [PATCH] replace krb5-config with pkg-config
Upstream-Status: Pending
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index e99b303..dc93f39 100644
index 5569a26..56b0380 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1196,7 +1196,7 @@ AC_ARG_WITH(gssapi,
@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi,
fi
])
......@@ -20,7 +24,7 @@ index e99b303..dc93f39 100644
save_CPPFLAGS="$CPPFLAGS"
AC_MSG_CHECKING([if GSS-API support is requested])
@@ -1207,7 +1207,7 @@ if test x"$want_gss" = xyes; then
@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then
if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
elif test -f "$KRB5CONFIG"; then
......@@ -29,7 +33,7 @@ index e99b303..dc93f39 100644
elif test "$GSSAPI_ROOT" != "yes"; then
GSSAPI_INCS="-I$GSSAPI_ROOT/include"
fi
@@ -1300,7 +1300,7 @@ if test x"$want_gss" = xyes; then
@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then
elif test -f "$KRB5CONFIG"; then
dnl krb5-config doesn't have --libs-only-L or similar, put everything
dnl into LIBS
......@@ -38,6 +42,3 @@ index e99b303..dc93f39 100644
LIBS="$gss_libs $LIBS"
else
case $host in
--
1.9.1
From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Tue, 1 Aug 2017 17:17:06 +0200
Subject: [PATCH] file: output the correct buffer to the user
Regression brought by 7c312f84ea930d8 (April 2017)
CVE: CVE-2017-1000099
Bug: https://curl.haxx.se/docs/adv_20170809C.html
Credit to OSS-Fuzz for the discovery
Upstream-Status: Backport
https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
lib/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/file.c b/lib/file.c
index bd426eac2..666cbe75b 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
Curl_month[tm->tm_mon],
tm->tm_year + 1900,
tm->tm_hour,
tm->tm_min,
tm->tm_sec);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
if(!result)
/* set the file size to make it available post transfer */
Curl_pgrsSetDownloadSize(data, expected_size);
return result;
}
--
2.13.3
From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 1 Aug 2017 17:16:46 +0200
Subject: [PATCH] tftp: reject file name lengths that don't fit
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!
CVE: CVE-2017-1000100
Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault
Credit to OSS-Fuzz for the discovery
Upstream-Status: Backport
https://github.com/curl/curl/commit/358b2b131ad6c095696f20dcfa62b8305263f898
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
lib/tftp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/tftp.c b/lib/tftp.c
index 02bd842..f6f4bce 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
if(result)
return result;
+ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
+ failf(data, "TFTP file name too long\n");
+ return CURLE_TFTP_ILLEGAL; /* too long file name field */
+ }
+
snprintf((char *)state->spacket.data+2,
state->blksize,
"%s%c%s%c", filename, '\0', mode, '\0');
--
1.7.9.5
From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 1 Aug 2017 17:16:07 +0200
Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
range
Added test 1289 to verify.
CVE: CVE-2017-1000101
Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
Upstream-Status: Backport
https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7
Rebase the tests/data/Makefile.inc changes for curl 7.54.1.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
src/tool_urlglob.c | 5 ++++-
tests/data/Makefile.inc | 2 +-
tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+), 2 deletions(-)
create mode 100644 tests/data/test1289
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index 6b1ece0..d56dcd9 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
}
errno = 0;
max_n = strtoul(pattern, &endp, 10);
- if(errno || (*endp == ':')) {
+ if(errno)
+ /* overflow */
+ endp = NULL;
+ else if(*endp == ':') {
pattern = endp+1;
errno = 0;
step_n = strtoul(pattern, &endp, 10);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 155320a..7adbee6 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
test1260 test1261 test1262 \
\
test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
-test1288 \
+test1288 test1289 \
\
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
diff --git a/tests/data/test1289 b/tests/data/test1289
new file mode 100644
index 0000000..d679cc0
--- /dev/null
+++ b/tests/data/test1289
@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+globbing
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+globbing with overflow and bad syntxx
+</name>
+<command>
+http://ur%20[0-60000000000000000000
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# curl: (3) [globbing] bad range in column
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
--
2.11.0
From 29b251362e1839d7094993edbed8f9467069773f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 25 Sep 2017 00:35:22 +0200
Subject: [PATCH] FTP: zero terminate the entry path even on bad input
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254
Test 1152 added to verify.
Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
---
lib/ftp.c | 7 ++++--
tests/data/Makefile.inc | 1 +
tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 67 insertions(+), 2 deletions(-)
create mode 100644 tests/data/test1152
diff --git a/lib/ftp.c b/lib/ftp.c
index 4860509f3..54ba4057f 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2777,10 +2777,11 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
if(ftpcode == 257) {
char *ptr = &data->state.buffer[4]; /* start on the first letter */
const size_t buf_size = data->set.buffer_size;
char *dir;
char *store;
+ bool entry_extracted = FALSE;
dir = malloc(nread + 1);
if(!dir)
return CURLE_OUT_OF_MEMORY;
@@ -2808,20 +2809,22 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
*store = ptr[1];
ptr++;
}
else {
/* end of path */
- *store = '\0'; /* zero terminate */
+ entry_extracted = TRUE;
break; /* get out of this loop */
}
}
else
*store = *ptr;
store++;
ptr++;
}
-
+ *store = '\0'; /* zero terminate */
+ }
+ if(entry_extracted) {
/* If the path name does not look like an absolute path (i.e.: it
does not start with a '/'), we probably need some server-dependent
adjustments. For example, this is the case when connecting to
an OS400 FTP server: this server supports two name syntaxes,
the default one being incompatible with standard paths. In
Upstream-Status: Pending
--- a/configure.ac
+++ b/configure.ac
@@ -281,7 +281,7 @@ dnl ************************************
CURL_CHECK_COMPILER
CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
+dnl CURL_SET_COMPILER_DEBUG_OPTS
CURL_SET_COMPILER_OPTIMIZE_OPTS
CURL_SET_COMPILER_WARNING_OPTS
......@@ -7,36 +7,32 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e66
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
file://CVE-2017-1000099.patch \
file://CVE-2017-1000100.patch \
file://CVE-2017-1000101.patch \
file://CVE-2017-1000254.patch \
"
# curl likes to set -g0 in CFLAGS, so we stop it
# from mucking around with debug options
#
SRC_URI += " file://configure_ac.patch"
SRC_URI[md5sum] = "6b6eb722f512e7a24855ff084f54fe55"
SRC_URI[sha256sum] = "fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c"
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib"
PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} gnutls proxy threaded-resolver zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver zlib"
# 'ares' and 'threaded-resolver' are mutually exclusive
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
......@@ -48,8 +44,6 @@ PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
EXTRA_OECONF = " \
--enable-crypto-auth \
......@@ -58,13 +52,13 @@ EXTRA_OECONF = " \
--without-libpsl \
"
do_install_append() {
oe_multilib_header curl/curlbuild.h
}
do_install_append_class-target() {
# cleanup buildpaths from curl-config
sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config
sed -i \
-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
${D}${bindir}/curl-config
}
PACKAGES =+ "lib${BPN}"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment