diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-01-05 08:03:20 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-01-05 08:03:20 +0000 |
commit | 1ddcee0bd115d2f843f82061cb0d1741bf90151d (patch) | |
tree | 20e516fd0fd41ce7f9f04e7ea8e7d8d3139af3f4 /net-misc/curl/files | |
parent | c1c9e565a5696c10e991d8b5372f781ba5f13d5c (diff) |
gentoo auto-resync : 05:01:2024 - 08:03:20
Diffstat (limited to 'net-misc/curl/files')
5 files changed, 100 insertions, 382 deletions
diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch deleted file mode 100644 index 04603a8c01dc..000000000000 --- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38545.patch +++ /dev/null @@ -1,136 +0,0 @@ -https://bugs.gentoo.org/915195 - -From 1e1f915b73ab0895a68348ad1f96a5283a44ffd7 Mon Sep 17 00:00:00 2001 -From: Jay Satiro <raysatiro@yahoo.com> -Date: Mon, 9 Oct 2023 17:45:07 -0400 -Subject: [PATCH] socks: return error if hostname too long for remote resolve - -Prior to this change the state machine attempted to change the remote -resolve to a local resolve if the hostname was longer than 255 -characters. Unfortunately that did not work as intended and caused a -security issue. - -This patch applies to curl versions 8.2.0 - 8.3.0. Other versions -that are affected take a different patch. Refer to the CVE advisory -for more information. - -Bug: https://curl.se/docs/CVE-2023-38545.html ---- - lib/socks.c | 8 +++---- - tests/data/Makefile.inc | 2 +- - tests/data/test728 | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 69 insertions(+), 5 deletions(-) - create mode 100644 tests/data/test728 - -diff --git a/lib/socks.c b/lib/socks.c -index 25a3578..3d41c93 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { -- infof(data, "SOCKS5: server resolving disabled for hostnames of " -- "length > 255 [actual len=%zu]", hostname_len); -- socks5_resolve_local = TRUE; -+ failf(data, "SOCKS5: the destination hostname is too long to be " -+ "resolved remotely by the proxy."); -+ return CURLPX_LONG_HOSTNAME; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) -@@ -904,7 +904,7 @@ CONNECT_RESOLVE_REMOTE: - } - else { - socksreq[len++] = 3; -- socksreq[len++] = (char) hostname_len; /* one byte address length */ -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ - len += hostname_len; - } -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 8ee1394..3e2094e 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -100,7 +100,7 @@ test679 test680 test681 test682 test683 test684 test685 test686 \ - \ - test700 test701 test702 test703 test704 test705 test706 test707 test708 \ - test709 test710 test711 test712 test713 test714 test715 test716 test717 \ --test718 test719 test720 test721 \ -+test718 test719 test720 test721 test728 \ - \ - test799 test800 test801 test802 test803 test804 test805 test806 test807 \ - test808 test809 test810 test811 test812 test813 test814 test815 test816 \ -diff --git a/tests/data/test728 b/tests/data/test728 -new file mode 100644 -index 0000000..05bcf28 ---- /dev/null -+++ b/tests/data/test728 -@@ -0,0 +1,64 @@ -+<testcase> -+<info> -+<keywords> -+HTTP -+HTTP GET -+SOCKS5 -+SOCKS5h -+followlocation -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+# The hostname in this redirect is 256 characters and too long (> 255) for -+# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case. -+<data> -+HTTP/1.1 301 Moved Permanently -+Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ -+Content-Length: 0 -+Connection: close -+ -+</data> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+proxy -+</features> -+<server> -+http -+socks5 -+</server> -+ <name> -+SOCKS5h with HTTP redirect to hostname too long -+ </name> -+ <command> -+--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER -+</command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+<protocol crlf="yes"> -+GET /%TESTNUMBER HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+User-Agent: curl/%VERSION -+Accept: */* -+ -+</protocol> -+<errorcode> -+97 -+</errorcode> -+# the error message is verified because error code CURLE_PROXY (97) may be -+# returned for any number of reasons and we need to make sure it is -+# specifically for the reason below so that we know the check is working. -+<stderr mode="text"> -+curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy. -+</stderr> -+</verify> -+</testcase> --- -2.7.4 - diff --git a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch b/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch deleted file mode 100644 index 615ab26cb2a8..000000000000 --- a/net-misc/curl/files/curl-8.3.0-CVE-2023-38546.patch +++ /dev/null @@ -1,131 +0,0 @@ -https://bugs.gentoo.org/915195 -https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8 - -From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Thu, 14 Sep 2023 23:28:32 +0200 -Subject: [PATCH] cookie: remove unnecessary struct fields - -Plus: reduce the hash table size from 256 to 63. It seems unlikely to -make much of a speed difference for most use cases but saves 1.5KB of -data per instance. - -Closes #11862 ---- - lib/cookie.c | 13 +------------ - lib/cookie.h | 13 ++++--------- - lib/easy.c | 4 +--- - 3 files changed, 6 insertions(+), 24 deletions(-) - -diff --git a/lib/cookie.c b/lib/cookie.c -index 4345a84c6fd9d..e39c89a94a960 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co) - free(co->name); - free(co->value); - free(co->maxage); -- free(co->version); - free(co); - } - -@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data, - } - } - else if((nlen == 7) && strncasecompare("version", namep, 7)) { -- strstore(&co->version, valuep, vlen); -- if(!co->version) { -- badcookie = TRUE; -- break; -- } -+ /* just ignore */ - } - else if((nlen == 7) && strncasecompare("max-age", namep, 7)) { - /* -@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data, - free(clist->path); - free(clist->spath); - free(clist->expirestr); -- free(clist->version); - free(clist->maxage); - - *clist = *co; /* then store all the new data */ -@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, - c = calloc(1, sizeof(struct CookieInfo)); - if(!c) - return NULL; /* failed to get memory */ -- c->filename = strdup(file?file:"none"); /* copy the name just in case */ -- if(!c->filename) -- goto fail; /* failed to get memory */ - /* - * Initialize the next_expiration time to signal that we don't have enough - * information yet. -@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src) - CLONE(name); - CLONE(value); - CLONE(maxage); -- CLONE(version); - d->expires = src->expires; - d->tailmatch = src->tailmatch; - d->secure = src->secure; -@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c) - { - if(c) { - unsigned int i; -- free(c->filename); - for(i = 0; i < COOKIE_HASH_SIZE; i++) - Curl_cookie_freelist(c->cookies[i]); - free(c); /* free the base struct as well */ -diff --git a/lib/cookie.h b/lib/cookie.h -index b3c0063b2cfb2..41e9e7a6914e0 100644 ---- a/lib/cookie.h -+++ b/lib/cookie.h -@@ -36,11 +36,7 @@ struct Cookie { - char *domain; /* domain = <this> */ - curl_off_t expires; /* expires = <this> */ - char *expirestr; /* the plain text version */ -- -- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */ -- char *version; /* Version = <value> */ - char *maxage; /* Max-Age = <value> */ -- - bool tailmatch; /* whether we do tail-matching of the domain name */ - bool secure; /* whether the 'secure' keyword was used */ - bool livecookie; /* updated from a server, not a stored file */ -@@ -56,17 +52,16 @@ struct Cookie { - #define COOKIE_PREFIX__SECURE (1<<0) - #define COOKIE_PREFIX__HOST (1<<1) - --#define COOKIE_HASH_SIZE 256 -+#define COOKIE_HASH_SIZE 63 - - struct CookieInfo { - /* linked list of cookies we know of */ - struct Cookie *cookies[COOKIE_HASH_SIZE]; -- char *filename; /* file we read from/write to */ -- long numcookies; /* number of cookies in the "jar" */ -+ curl_off_t next_expiration; /* the next time at which expiration happens */ -+ int numcookies; /* number of cookies in the "jar" */ -+ int lastct; /* last creation-time used in the jar */ - bool running; /* state info, for cookie adding information */ - bool newsession; /* new session, discard session cookies on load */ -- int lastct; /* last creation-time used in the jar */ -- curl_off_t next_expiration; /* the next time at which expiration happens */ - }; - - /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says -diff --git a/lib/easy.c b/lib/easy.c -index 16bbd35251d40..03195481f9780 100644 ---- a/lib/easy.c -+++ b/lib/easy.c -@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) - if(data->cookies) { - /* If cookies are enabled in the parent handle, we enable them - in the clone as well! */ -- outcurl->cookies = Curl_cookie_init(data, -- data->cookies->filename, -- outcurl->cookies, -+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies, - data->set.cookiesession); - if(!outcurl->cookies) - goto fail; diff --git a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch b/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch deleted file mode 100644 index e07c13a04766..000000000000 --- a/net-misc/curl/files/curl-8.3.0-tests-arm-musl.patch +++ /dev/null @@ -1,115 +0,0 @@ -https://github.com/curl/curl/issues/11900 -https://github.com/curl/curl/commit/b226bd679a68b8bf94cbb6d58837f00251560e63 -https://github.com/curl/curl/commit/9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 - -From b226bd679a68b8bf94cbb6d58837f00251560e63 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Mon, 25 Sep 2023 13:03:26 +0200 -Subject: [PATCH] configure: sort AC_CHECK_FUNCS - -No functional changes. ---- - configure.ac | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 2fc9f2f01783c..a6f9066a133a4 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se - #include <sys/types.h>]]) - - --AC_CHECK_FUNCS([fnmatch \ -+AC_CHECK_FUNCS([\ -+ arc4random \ - fchmod \ -+ fnmatch \ - fork \ - geteuid \ - getpass_r \ -@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \ - snprintf \ - utime \ - utimes \ -- arc4random - ],[ - ],[ - func="$ac_func" - -From 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Fri, 22 Sep 2023 13:58:49 +0000 -Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback - -fseek uses long offset which does not match with curl_off_t. This leads -to undefined behavior when calling the callback and caused failure on -arm 32 bit. - -Use a wrapper to solve this and use fseeko which uses off_t instead of -long. - -Thanks to the nice people at Libera IRC #musl for helping finding this -out. - -Fixes #11882 -Fixes #11900 -Closes #11918 ---- - configure.ac | 2 ++ - lib/formdata.c | 17 +++++++++++++++-- - 3 files changed, 20 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a6f9066a133a4..5fa7c45c47430 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se - - - AC_CHECK_FUNCS([\ -+ _fseeki64 \ - arc4random \ - fchmod \ - fnmatch \ - fork \ -+ fseeko \ - geteuid \ - getpass_r \ - getppid \ -diff --git a/lib/formdata.c b/lib/formdata.c -index 8984b63223cc0..f370ce6854b5f 100644 ---- a/lib/formdata.c -+++ b/lib/formdata.c -@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) - return res; - } - -+/* wrap call to fseeko so it matches the calling convetion of callback */ -+static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) -+{ -+#if defined(HAVE_FSEEKO) -+ return fseeko(stream, (off_t)offset, whence); -+#elif defined(HAVE__FSEEKI64) -+ return _fseeki64(stream, (__int64)offset, whence); -+#else -+ if(offset > LONG_MAX) -+ return -1; -+ return fseek(stream, (long)offset, whence); -+#endif -+} -+ - /* - * Curl_getformdata() converts a linked list of "meta data" into a mime - * structure. The input list is in 'post', while the output is stored in -@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data, - compatibility: use of "-" pseudo file name should be avoided. */ - result = curl_mime_data_cb(part, (curl_off_t) -1, - (curl_read_callback) fread, -- CURLX_FUNCTION_CAST(curl_seek_callback, -- fseek), -+ fseeko_wrapper, - NULL, (void *) stdin); - } - else - diff --git a/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch b/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch new file mode 100644 index 000000000000..68830f8f4717 --- /dev/null +++ b/net-misc/curl/files/curl-8.5.0-ipv6-configure-c99.patch @@ -0,0 +1,31 @@ +https://github.com/curl/curl/commit/ae75db3527461248b0a7b1686df52200d28d83b9 + +From ae75db3527461248b0a7b1686df52200d28d83b9 Mon Sep 17 00:00:00 2001 +From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com> +Date: Fri, 29 Dec 2023 05:43:33 +0000 +Subject: [PATCH] configure: fix no default int compile error in ipv6 detection + +Closes #12607 +--- a/configure.ac ++++ b/configure.ac +@@ -1655,15 +1655,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), + # include <netinet/in6.h> + #endif + #endif +-#include <stdlib.h> /* for exit() */ +-main() ++ ++int main(void) + { + struct sockaddr_in6 s; + (void)s; +- if (socket(AF_INET6, SOCK_STREAM, 0) < 0) +- exit(1); +- else +- exit(0); ++ return socket(AF_INET6, SOCK_STREAM, 0) < 0; + } + ]]) + ], + + diff --git a/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch b/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch new file mode 100644 index 000000000000..79a16a2cc7b4 --- /dev/null +++ b/net-misc/curl/files/curl-8.5.0-mpd-stream-http-adjust_pollset.patch @@ -0,0 +1,69 @@ +https://github.com/MusicPlayerDaemon/MPD/issues/1952 +https://github.com/curl/curl/issues/12632 +https://github.com/curl/curl/commit/8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea + +From 8e2d7b9fa4264b94bd1d9838c84d16e4cd33fbea Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <stefan@eissing.org> +Date: Thu, 4 Jan 2024 10:06:17 +0100 +Subject: [PATCH] http: adjust_pollset fix + +do not add a socket for POLLIN when the transfer does not want to send +(for example is paused). + +Follow-up to 47f5b1a + +Reported-by: bubbleguuum on github +Fixes #12632 +Closes #12633 +--- a/lib/cf-socket.c ++++ b/lib/cf-socket.c +@@ -1243,7 +1243,7 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf, + if(ctx->sock != CURL_SOCKET_BAD) { + if(!cf->connected) + Curl_pollset_set_out_only(data, ps, ctx->sock); +- else ++ else if(CURL_WANT_RECV(data)) + Curl_pollset_add_in(data, ps, ctx->sock); + CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num); + } +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -2341,8 +2341,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, + bool c_exhaust, s_exhaust; + + CF_DATA_SAVE(save, cf, data); +- c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2); +- s_exhaust = stream && stream->id >= 0 && ++ c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2); ++ s_exhaust = want_send && stream && stream->id >= 0 && + !nghttp2_session_get_stream_remote_window_size(ctx->h2, + stream->id); + want_recv = (want_recv || c_exhaust || s_exhaust); +--- a/lib/vquic/curl_ngtcp2.c ++++ b/lib/vquic/curl_ngtcp2.c +@@ -1166,9 +1166,10 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf, + bool c_exhaust, s_exhaust; + + CF_DATA_SAVE(save, cf, data); +- c_exhaust = !ngtcp2_conn_get_cwnd_left(ctx->qconn) || +- !ngtcp2_conn_get_max_data_left(ctx->qconn); +- s_exhaust = stream && stream->id >= 0 && stream->quic_flow_blocked; ++ c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) || ++ !ngtcp2_conn_get_max_data_left(ctx->qconn)); ++ s_exhaust = want_send && stream && stream->id >= 0 && ++ stream->quic_flow_blocked; + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + !Curl_bufq_is_empty(&ctx->q.sendbuf); +--- a/lib/vquic/curl_quiche.c ++++ b/lib/vquic/curl_quiche.c +@@ -1189,7 +1189,7 @@ static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf, + + c_exhaust = FALSE; /* Have not found any call in quiche that tells + us if the connection itself is blocked */ +- s_exhaust = stream && stream->id >= 0 && ++ s_exhaust = want_send && stream && stream->id >= 0 && + (stream->quic_flow_blocked || !stream_is_writeable(cf, data)); + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + |