From 9debe160e9b4e6b5a8a1bfa53072123c425fab5f Mon Sep 17 00:00:00 2001 From: xinghe Date: Thu, 9 Mar 2023 03:00:23 +0000 Subject: [PATCH] enable test (cherry picked from commit a6541b26e510bc2d966c031d3808ed8a0e851c13) --- backport-CVE-2021-22876.patch | 96 +----- backport-CVE-2023-23916.patch | 284 ++++-------------- ...-fix-test973-test974-test975-test976.patch | 50 +++ curl.spec | 38 ++- 4 files changed, 144 insertions(+), 324 deletions(-) create mode 100644 backport-fix-test973-test974-test975-test976.patch diff --git a/backport-CVE-2021-22876.patch b/backport-CVE-2021-22876.patch index e4f0be7..e81f1d6 100644 --- a/backport-CVE-2021-22876.patch +++ b/backport-CVE-2021-22876.patch @@ -9,12 +9,12 @@ Added test 2081 to verify. CVE-2021-22876 Bug: https://curl.se/docs/CVE-2021-22876.html + +Conflict: remove tests/data/Makefile.inc tests/data/test2081 +Reference: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c --- lib/transfer.c | 25 ++++++++++++++-- - tests/data/Makefile.inc | 2 +- - tests/data/test2081 | 66 +++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 90 insertions(+), 3 deletions(-) - create mode 100644 tests/data/test2081 + 1 files changed, 23 insertions(+), 3 deletions(-) diff --git a/lib/transfer.c b/lib/transfer.c index 1976bc033..a68c021c8 100644 @@ -60,91 +60,5 @@ index 1976bc033..a68c021c8 100644 data->change.referer_alloc = TRUE; /* yes, free this later */ } } -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 2c7a0ca89..ea52683d2 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -221,7 +221,7 @@ test2064 test2065 test2066 test2067 test2068 test2069 \ - test2064 test2065 test2066 test2067 test2068 test2069 test2070 \ - test2071 test2072 test2073 test2074 test2075 test2076 test2077 \ - test2078 \ --test2080 \ -+test2080 test2081 \ - test2100 \ - \ - test3000 test3001 \ -diff --git a/tests/data/test2081 b/tests/data/test2081 -new file mode 100644 -index 000000000..a6733e737 ---- /dev/null -+++ b/tests/data/test2081 -@@ -0,0 +1,66 @@ -+ -+ -+ -+HTTP -+HTTP GET -+referer -+followlocation -+--write-out -+ -+ -+ -+# Server-side -+ -+ -+HTTP/1.1 301 This is a weirdo text message swsclose -+Location: data/%TESTNUMBER0002.txt?coolsite=yes -+Content-Length: 62 -+Connection: close -+ -+This server reply is for testing a simple Location: following -+ -+ -+ -+# Client-side -+ -+ -+http -+ -+ -+Automatic referrer credential and anchor stripping check -+ -+ -+http://user:pass@%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER#anchor --location --referer ';auto' --write-out '%{referer}\n' -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+ -+52 -+ -+ -+GET /we/want/our/%TESTNUMBER HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+Authorization: Basic dXNlcjpwYXNz -+User-Agent: curl/%VERSION -+Accept: */* -+ -+GET /we/want/our/data/%TESTNUMBER0002.txt?coolsite=yes HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+Authorization: Basic dXNlcjpwYXNz -+User-Agent: curl/%VERSION -+Accept: */* -+Referer: http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER -+ -+ -+ -+HTTP/1.1 301 This is a weirdo text message swsclose -+Location: data/%TESTNUMBER0002.txt?coolsite=yes -+Content-Length: 62 -+Connection: close -+ -+http://%HOSTIP:%HTTPPORT/we/want/our/%TESTNUMBER -+ -+ -+ -- -2.23.0 - +2.23.0 \ No newline at end of file diff --git a/backport-CVE-2023-23916.patch b/backport-CVE-2023-23916.patch index a9089cc..affe116 100644 --- a/backport-CVE-2023-23916.patch +++ b/backport-CVE-2023-23916.patch @@ -1,229 +1,55 @@ -From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Mon, 13 Feb 2023 08:33:09 +0100 -Subject: [PATCH] content_encoding: do not reset stage counter for each header - -Test 418 verifies - -Closes #10492 - -Conflict: remove tests/data/test387 -Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc ---- - lib/content_encoding.c | 7 +- - lib/urldata.h | 1 + - tests/data/Makefile.inc | 2 +- - tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 157 insertions(+), 5 deletions(-) - create mode 100644 tests/data/test418 - -diff --git a/lib/content_encoding.c b/lib/content_encoding.c -index 4a20142..3633791 100644 ---- a/lib/content_encoding.c -+++ b/lib/content_encoding.c -@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, - { - struct Curl_easy *data = conn->data; - struct SingleRequest *k = &data->req; -- int counter = 0; - - do { - const char *name; -@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, - if(!encoding) - encoding = &error_encoding; /* Defer error at stack use. */ - -- if(++counter >= MAX_ENCODE_STACK) { -- failf(data, "Reject response due to %u content encodings", -- counter); -+ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) { -+ failf(data, "Reject response due to more than %u content encodings", -+ MAX_ENCODE_STACK); - return CURLE_BAD_CONTENT_ENCODING; - } - /* Stack the unencoding stage. */ -diff --git a/lib/urldata.h b/lib/urldata.h -index dc77061..27ee1b5 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -653,6 +653,7 @@ struct SingleRequest { - struct dohdata doh; /* DoH specific data for this request */ - #endif - unsigned char setcookies; -+ unsigned char writer_stack_depth; /* Unencoding stack depth. */ - BIT(header); /* incoming data has HTTP header */ - BIT(content_range); /* set TRUE if Content-Range: was found */ - BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index f57f45e..5b943ab 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -65,7 +65,7 @@ test393 test394 test395 \ - \ - test400 test401 test402 test403 test404 test405 test406 test407 test408 \ - test409 \ --\ -+test418 \ - test430 test431 test432 \ - \ - test490 test491 test492 \ -diff --git a/tests/data/test418 b/tests/data/test418 -new file mode 100644 -index 0000000..50e974e ---- /dev/null -+++ b/tests/data/test418 -@@ -0,0 +1,152 @@ -+ -+ -+ -+HTTP -+gzip -+ -+ -+ -+# -+# Server-side -+ -+ -+HTTP/1.1 200 OK -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+Transfer-Encoding: gzip -+ -+-foo- -+ -+ -+ -+# -+# Client-side -+ -+ -+http -+ -+ -+Response with multiple Transfer-Encoding headers -+ -+ -+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+GET /%TESTNUMBER HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+User-Agent: curl/%VERSION -+Accept: */* -+ -+ -+ -+# CURLE_BAD_CONTENT_ENCODING is 61 -+ -+61 -+ -+ -+curl: (61) Reject response due to more than 5 content encodings -+ -+ -+ --- -2.27.0 +From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001 +From: Patrick Monnerat +Date: Mon, 13 Feb 2023 08:33:09 +0100 +Subject: [PATCH] content_encoding: do not reset stage counter for each header + +Test 418 verifies + +Closes #10492 + +Conflict: remove tests/data/test387 tests/data/test418 tests/data/Makefile.inc +Reference: https://github.com/curl/curl/commit/119fb187192a9ea13dc +--- + lib/content_encoding.c | 7 +- + lib/urldata.h | 1 + + 2 files changed, 7 insertions(+), 1 deletions(-) + +diff --git a/lib/content_encoding.c b/lib/content_encoding.c +index 4a20142..3633791 100644 +--- a/lib/content_encoding.c ++++ b/lib/content_encoding.c +@@ -945,7 +945,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + { + struct Curl_easy *data = conn->data; + struct SingleRequest *k = &data->req; +- int counter = 0; + + do { + const char *name; +@@ -980,9 +979,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, + if(!encoding) + encoding = &error_encoding; /* Defer error at stack use. */ + +- if(++counter >= MAX_ENCODE_STACK) { +- failf(data, "Reject response due to %u content encodings", +- counter); ++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) { ++ failf(data, "Reject response due to more than %u content encodings", ++ MAX_ENCODE_STACK); + return CURLE_BAD_CONTENT_ENCODING; + } + /* Stack the unencoding stage. */ +diff --git a/lib/urldata.h b/lib/urldata.h +index dc77061..27ee1b5 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -653,6 +653,7 @@ struct SingleRequest { + struct dohdata doh; /* DoH specific data for this request */ + #endif + unsigned char setcookies; ++ unsigned char writer_stack_depth; /* Unencoding stack depth. */ + BIT(header); /* incoming data has HTTP header */ + BIT(content_range); /* set TRUE if Content-Range: was found */ + BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding +-- +2.27.0 \ No newline at end of file diff --git a/backport-fix-test973-test974-test975-test976.patch b/backport-fix-test973-test974-test975-test976.patch new file mode 100644 index 0000000..9dfa699 --- /dev/null +++ b/backport-fix-test973-test974-test975-test976.patch @@ -0,0 +1,50 @@ +From 6d2b603c9f0d7b97f235b4b9930f3192c8b809a0 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 8 Mar 2023 16:23:04 +0800 +Subject: [PATCH] fix test973 test974 test975 test976 + +e6b21d runtests: provide curl's version string as %VERSION for tests +f60f51 runtests: init $VERSION to avoid warnings when using -l + +merge f60f51721c656a96afa5ba9b6a5913a705f6bc60 and e6b21d422e631a7c0cc81abf956af179b3b4c5e8 + +Conflict: remove all files in the tests/data directory, remove tests/FILEFORMAT.md +Reference: https://github.com/curl/curl/commit/f60f51721c656a96afa5ba9b6a5913a705f6bc60 +https://github.com/curl/curl/commit/e6b21d422e631a7c0cc81abf956af179b3b4c5e8 +--- + tests/runtests.pl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tests/runtests.pl b/tests/runtests.pl +index 0743d49..94f265a 100755 +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -166,6 +166,7 @@ my $NEGTELNETPORT=$noport; # TELNET server port with negotiation + my $HTTPUNIXPATH; # HTTP server Unix domain socket path + + my $SSHSRVMD5 = "[uninitialized]"; # MD5 of ssh server public key ++my $VERSION=""; # curl's reported version number + + my $srcdir = $ENV{'srcdir'} || '.'; + my $CURL="../src/curl".exe_ext('TOOL'); # what curl executable to run on the tests +@@ -2897,8 +2898,9 @@ sub checksystem { + for(@version) { + chomp; + +- if($_ =~ /^curl/) { ++ if($_ =~ /^curl ([^ ]*)/) { + $curl = $_; ++ $VERSION = $1; + $curl =~ s/^(.*)(libcurl.*)/$1/g; + + $libcurl = $2; +@@ -3302,6 +3304,7 @@ sub subVariables { + $$thing =~ s/${prefix}CURL/$CURL/g; + $$thing =~ s/${prefix}PWD/$pwd/g; + $$thing =~ s/${prefix}POSIX_PWD/$posix_pwd/g; ++ $$thing =~ s/${prefix}VERSION/$VERSION/g; + + my $file_pwd = $pwd; + if($file_pwd !~ /^\//) { +-- +2.27.0 diff --git a/curl.spec b/curl.spec index c67091b..669ab2e 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Name: curl Version: 7.71.1 -Release: 21 +Release: 22 Summary: Curl is used in command lines or scripts to transfer data License: MIT URL: https://curl.haxx.se/ @@ -51,6 +51,7 @@ Patch137: backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes Patch138: backport-CVE-2022-32221.patch Patch139: backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch Patch140: backport-CVE-2023-23916.patch +Patch141: backport-fix-test973-test974-test975-test976.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel @@ -61,9 +62,6 @@ BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings) BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars) -%ifarch x86_64 -BuildRequires: valgrind -%endif Requires: libcurl = %{version}-%{release} Provides: curl-full = %{version}-%{release} webclient @@ -137,6 +135,32 @@ sed -e 's/^runpath_var=.*/runpath_var=/' \ %make_build V=1 -C build-full +%check +# compile upstream test-cases +%make_build V=1 -C build-full/tests + +# relax crypto policy for the test-suite to make it pass again (#1610888) +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX +export OPENSSL_CONF= + +# make runtests.pl work for out-of-tree builds +export srcdir=../../tests + +# prevent valgrind from being extremely slow (#1662656) +unset DEBUGINFOD_URLS + +# run the upstream test-suite for curl-full +for size in full; do ( + cd build-${size} + + # we have to override LD_LIBRARY_PATH because we eliminated rpath + export LD_LIBRARY_PATH="${PWD}/lib/.libs" + + cd tests + perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' +) +done + %install rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} @@ -192,6 +216,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %changelog +* Thu Mar 09 2023 xinghe - 7.71.1-22 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:enable test + * Sat Feb 18 2023 xinghe - 7.71.1-21 - Type:cves - CVE:CVE-2023-23916