diff options
Diffstat (limited to 'net-misc/curl/files/curl-8.2.0-basic-auth.patch')
| -rw-r--r-- | net-misc/curl/files/curl-8.2.0-basic-auth.patch | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/net-misc/curl/files/curl-8.2.0-basic-auth.patch b/net-misc/curl/files/curl-8.2.0-basic-auth.patch new file mode 100644 index 000000000000..899ffb75a878 --- /dev/null +++ b/net-misc/curl/files/curl-8.2.0-basic-auth.patch @@ -0,0 +1,127 @@ +Patch-Source: https://github.com/curl/curl/pull/11492 +-- +From 0470577eb4524f09d245e9e6afd42ba8677a5a19 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 20 Jul 2023 23:20:50 +0200 +Subject: [PATCH 1/2] test979: test -u with redirect to (the same) absolute + host + +--- + tests/data/Makefile.inc | 1 + + tests/data/test979 | 64 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 65 insertions(+) + create mode 100644 tests/data/test979 + +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 8ee1394d4e562..12aefb14c0d1b 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -122,6 +122,7 @@ test943 test944 test945 test946 test947 test948 test949 test950 test951 \ + test952 test953 test954 test955 test956 test957 test958 test959 test960 \ + test961 test962 test963 test964 test965 test966 test967 test968 test969 \ + test970 test971 test972 test973 test974 test975 test976 test977 test978 \ ++test979 \ + \ + test980 test981 test982 test983 test984 test985 test986 test987 test988 \ + test989 \ +diff --git a/tests/data/test979 b/tests/data/test979 +new file mode 100644 +index 0000000000000..40cc35044d9f6 +--- /dev/null ++++ b/tests/data/test979 +@@ -0,0 +1,64 @@ ++<testcase> ++<info> ++<keywords> ++HTTP ++HTTP GET ++Basic ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++<data crlf="yes" nocheck="yes"> ++HTTP/1.1 302 go go go ++Content-Length: 8 ++Location: http://%HOSTIP:%HTTPPORT/user/%TESTNUMBER0002 ++Content-Type: text/html ++Funny-head: yesyes ++ ++notreal ++</data> ++<data2 crlf="yes"> ++HTTP/1.1 200 OK ++Content-Length: 6 ++Content-Type: text/html ++Funny-head: yesyes ++ ++final ++</data2> ++</reply> ++ ++# ++# Client-side ++<client> ++<server> ++http ++</server> ++<name> ++-u with redirect to absolute URL using same origin and auth ++</name> ++<command> ++http://first:secret@%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u smith:doggie ++</command> ++</client> ++ ++# ++# Verify data after the test has been "shot" ++<verify> ++<protocol crlf="yes"> ++GET /%TESTNUMBER HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic c21pdGg6ZG9nZ2ll ++User-Agent: curl/%VERSION ++Accept: */* ++ ++GET /user/%TESTNUMBER0002 HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic c21pdGg6ZG9nZ2ll ++User-Agent: curl/%VERSION ++Accept: */* ++ ++</protocol> ++</verify> ++</testcase> + +From c1effdfe658ae505e8ea65e5f46d810c4b8d81cb Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 20 Jul 2023 23:28:19 +0200 +Subject: [PATCH 2/2] transfer: do not clear the credentials on redirect to + absolute URL + +Makes test 979 work. Regression shipped in 8.2.0 from commit +dd4d1a26959f63a2c + +Fixes #11486 +Reported-by: Cloudogu Siebels +--- + lib/transfer.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/transfer.c b/lib/transfer.c +index 52cd6a0153673..b678004b95ad2 100644 +--- a/lib/transfer.c ++++ b/lib/transfer.c +@@ -1558,10 +1558,6 @@ CURLcode Curl_follow(struct Curl_easy *data, + /* If this is not redirect due to a 401 or 407 response and an absolute + URL: don't allow a custom port number */ + disallowport = TRUE; +- if(!data->set.allow_auth_to_other_hosts) { +- Curl_safefree(data->state.aptr.user); +- Curl_safefree(data->state.aptr.passwd); +- } + } + + DEBUGASSERT(data->state.uh); |