packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 update to 7.69.1

Browse Source 
Merge pull request !4 from orange-snn/master
This commit is contained in:
openeuler-ci-bot 2020-05-12 10:52:57 +08:00 committed by Gitee
commit 8da27392a6
7 changed files with 59 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
0001-curl-7.66.0-metalink-memleak.patch
View File

@ -1,71 +0,0 @@
From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Sep 2019 16:32:11 +0200
Subject: [PATCH] curl: fix memory leaked by parse_metalink()
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.
Closes #4326
Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/tool_metalink.c | 2 +-
src/tool_metalink.h | 3 +++
src/tool_operate.c | 4 ++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index 0740407f9..cd5a7d650 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res)
Curl_safefree(res);
}
-static void delete_metalinkfile(metalinkfile *mlfile)
+void delete_metalinkfile(metalinkfile *mlfile)
{
metalink_resource *res;
if(mlfile == NULL) {
diff --git a/src/tool_metalink.h b/src/tool_metalink.h
index 1e367033c..f5ec306f7 100644
--- a/src/tool_metalink.h
+++ b/src/tool_metalink.h
@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1];
* Counts the resource in the metalinkfile.
*/
int count_next_metalink_resource(metalinkfile *mlfile);
+
+void delete_metalinkfile(metalinkfile *mlfile);
void clean_metalink(struct OperationConfig *config);
/*
@@ -158,6 +160,7 @@ void metalink_cleanup(void);
#else /* USE_METALINK */
#define count_next_metalink_resource(x) 0
+#define delete_metalinkfile(x) (void)x
#define clean_metalink(x) (void)x
/* metalink_cleanup() takes no arguments */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index d2ad9642d..09dfc0c84 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
result = post_transfer(global, share, per, result, &retry);
if(retry)
continue;
+
+ /* Release metalink related resources here */
+ delete_metalinkfile(per->mlfile);
+
per = del_transfer(per);
/* Bail out upon critical errors or --fail-early */
--
2.20.1

28
0103-curl-7.59.0-python3.patch
View File

@ -9,8 +9,7 @@ there is no 'impacket' module available for Python 3:
https://github.com/CoreSecurity/impacket/issues/61
---
tests/negtelnetserver.py | 4 ++--
tests/smbserver.py | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
index 8cfd409..72ee771 100755
@ -30,28 +29,7 @@ index 8cfd409..72ee771 100755
except IOError:
log.exception("IOError hit during request")
diff --git a/tests/smbserver.py b/tests/smbserver.py
index 195ae39..b09cd44 100755
--- a/tests/smbserver.py
+++ b/tests/smbserver.py
@@ -24,7 +24,7 @@
from __future__ import (absolute_import, division, print_function)
# unicode_literals)
import argparse
-import ConfigParser
+import configparser
import os
import sys
import logging
@@ -58,7 +58,7 @@ def smbserver(options):
f.write("{0}".format(pid))
# Here we write a mini config for the server
- smb_config = ConfigParser.ConfigParser()
+ smb_config = configparser.ConfigParser()
smb_config.add_section("global")
smb_config.set("global", "server_name", "SERVICE")
smb_config.set("global", "server_os", "UNIX")
--
--
2.14.3

13
0105-curl-7.63.0-lib1560-valgrind.patch
View File

@ -2,16 +2,16 @@ From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 4 Feb 2019 17:32:56 +0100
Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
... to prevent valgrind from reporting false positives on x86_64:
Conditional jump or move depends on uninitialised value(s)
at 0x10BCAA: part2id (lib1560.c:489)
by 0x10BCAA: updateurl (lib1560.c:521)
by 0x10BCAA: set_parts (lib1560.c:630)
by 0x10BCAA: test (lib1560.c:802)
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
Conditional jump or move depends on uninitialised value(s)
at 0x10BCC3: part2id (lib1560.c:491)
by 0x10BCC3: updateurl (lib1560.c:521)
@ -21,19 +21,18 @@ Conditional jump or move depends on uninitialised value(s)
---
tests/libtest/Makefile.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 080421b..ea3b806 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
@@ -562,6 +562,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1559_LDADD = $(TESTUTIL_LIBS)
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
lib1560_LDADD = $(TESTUTIL_LIBS)
lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1564_SOURCES = lib1564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
--
2.17.2

45
0106-curl-fix-CVE-2019-15601.patch
View File

@ -1,45 +0,0 @@
From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 7 Nov 2019 10:13:01 +0100
Subject: [PATCH] file: on Windows, refuse paths that start with \\
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
... as that might cause an unexpected SMB connection to a given host
name.
Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
---
lib/file.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/file.c b/lib/file.c
index d349cd9..166931d 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
struct Curl_easy *data = conn->data;
char *real_path;
struct FILEPROTO *file = data->req.protop;
- int fd;
+ int fd = -1;
#ifdef DOS_FILESYSTEM
size_t i;
char *actual_path;
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
return CURLE_URL_MALFORMAT;
}
- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+ if(strncmp("\\\\", actual_path, 2))
+ /* refuse to open path that starts with two backslashes */
+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
file->path = actual_path;
#else
if(memchr(real_path, 0, real_path_len)) {
--
1.8.3.1

BIN
curl-7.66.0.tar.xz
View File

Binary file not shown.

BIN
curl-7.69.1.tar.gz Normal file
View File

Binary file not shown.

90
curl.spec
View File

@ -5,20 +5,18 @@
%global _configure ../configure
Name: curl
Version: 7.66.0
Release: 2
Version: 7.69.1
Release: 1
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
Source: https://curl.haxx.se/download/curl-%{version}.tar.gz
Patch1: 0001-curl-7.66.0-metalink-memleak.patch
Patch101: 0101-curl-7.32.0-multilib.patch
Patch102: 0102-curl-7.36.0-debug.patch
Patch103: 0103-curl-7.59.0-python3.patch
Patch104: 0104-curl-7.19.7-localhost6.patch
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
Patch106: 0106-curl-fix-CVE-2019-15601.patch
Patch6000: 0101-curl-7.32.0-multilib.patch
Patch6001: 0102-curl-7.36.0-debug.patch
Patch6002: 0103-curl-7.59.0-python3.patch
Patch6003: 0104-curl-7.19.7-localhost6.patch
Patch6004: 0105-curl-7.63.0-lib1560-valgrind.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
@ -33,34 +31,33 @@ BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars)
BuildRequires: valgrind
%endif
Requires: libpsl >= %{libpsl_version} libssh >= %{libssh_version}
Requires: openssl-libs >= 1:%{openssl_version}
Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release}
Provides: webclient libcurl = %{version}-%{release}
Obsoletes: libcurl < %{version}-%{release}
Requires: libcurl == %{version}-%{release}
Provides: curl-full = %{version}-%{release} webclient = %{version}-%{release}
Obsoletes: curl-full < %{version}-%{release} webclient < %{version}-%{release}
%description
cURL is a computer software project providing a library (libcurl) and
command-line tool (curl) for transferring data using various protocols.
%package devel
Summary: Files needed for building applications with libcurl
Requires: curl = %{version}-%{release}
Provides: curl-devel = %{version}-%{release}
Provides: libcurl-devel = %{version}-%{release}
Obsoletes: curl-devel < %{version}-%{release}
Obsoletes: libcurl-devel < %{version}-%{release}
%package -n libcurl
Summary: A library for getting files from web servers
Requires: libssh >= %{libssh_version} libpsl >= %{libpsl_version}
Requires: openssl-libs >= 1:%{openssl_version}
Provides: libcurl-full = %{version}-%{release}
%description devel
The curl-devel package includes header files and libraries necessary for developing programs.
%description -n libcurl
A library for getting files from web servers.
%package help
Summary: Documents for autogen
Buildarch: noarch
%package -n libcurl-devel
Summary: Header files for libcurl
Requires: libcurl = %{version}-%{release}
Provides: curl-devel = %{version}-%{release}
Obsoletes: curl-devel < %{version}-%{release}
%description -n libcurl-devel
Header files for libcurl.
%description help
Man pages and other related documents.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
@ -79,15 +76,10 @@ sed -e 's/^35$/35,52/' -i tests/data/test323
%build
install -d build-full
export common_configure_opts=" \
--cache-file=../config.cache \
--disable-static \
--enable-symbol-hiding \
--enable-ipv6 \
--enable-threaded-resolver \
--with-gssapi \
--with-nghttp2 \
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
export common_configure_opts="--cache-file=../config.cache \
--enable-symbol-hiding --enable-ipv6 --enable-threaded-resolver \
--with-gssapi --with-nghttp2 --with-ssl \
--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
# configure full build
(
@ -126,19 +118,25 @@ LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C sc
# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.a
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%ldconfig_scriptlets
%ldconfig_scriptlets -n libcurl
%files
%defattr(-,root,root)
%license COPYING
%{_bindir}/curl
%{_datadir}/zsh
%files -n libcurl
%defattr(-,root,root)
%{_libdir}/libcurl.so.4
%{_libdir}/libcurl.so.4.[0-9].[0-9]
%files devel
%files -n libcurl-devel
%defattr(-,root,root)
%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
%doc docs/CONTRIBUTE.md docs/libcurl/ABI
@ -158,6 +156,18 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Fri Apr 17 2020 songnannan <songnannan2@huawei.com> - 7.69.1-1
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:update to 7.69.1
* Tue Apr 14 2020 songnannan <songnannan2@huawei.com> - 7.66.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:split out the libcurl and libcurl-devel package
* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 7.66.0-2
- Type:cves
- ID:CVE-2019-15601