From 3741ec494582aa220f1173d6ab0aeb93b0f2e8e1 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 13 Aug 2015 10:24:14 +0200 Subject: [PATCH] gnurl: update source to 7.43.0 Signed-off-by: Daniel Golle --- net/gnurl/Makefile | 6 +- ...-gtls-add-support-for-CURLOPT_CAPATH.patch | 89 ----------------- net/gnurl/patches/011-CVE-2015-3144.patch | 32 ------- net/gnurl/patches/012-CVE-2015-3145.patch | 53 ----------- net/gnurl/patches/014-CVE-2015-3153.patch | 95 ------------------- net/gnurl/patches/015-CVE-2015-3236.patch | 42 -------- net/gnurl/patches/100-check_long_long.patch | 2 +- 7 files changed, 4 insertions(+), 315 deletions(-) delete mode 100644 net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch delete mode 100644 net/gnurl/patches/011-CVE-2015-3144.patch delete mode 100644 net/gnurl/patches/012-CVE-2015-3145.patch delete mode 100644 net/gnurl/patches/014-CVE-2015-3153.patch delete mode 100644 net/gnurl/patches/015-CVE-2015-3236.patch diff --git a/net/gnurl/Makefile b/net/gnurl/Makefile index b9dea2fea..141bb9b31 100644 --- a/net/gnurl/Makefile +++ b/net/gnurl/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gnurl -PKG_VERSION:=7.40.0 -PKG_RELEASE:=6 +PKG_VERSION:=7.43.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://gnunet.org/sites/default/files -PKG_MD5SUM:=f816deb0c1401c841780ec6b91985a14 +PKG_MD5SUM:=67c6667d8843cc514b230f2ce8d80f0e PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING diff --git a/net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch b/net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch deleted file mode 100644 index 563f5f3a5..000000000 --- a/net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini -Date: Sun, 8 Mar 2015 20:11:06 +0100 -Subject: [PATCH] gtls: add support for CURLOPT_CAPATH - ---- - acinclude.m4 | 4 ++-- - docs/libcurl/opts/CURLOPT_CAPATH.3 | 5 ++--- - lib/vtls/gtls.c | 22 ++++++++++++++++++++++ - lib/vtls/gtls.h | 3 +++ - 4 files changed, 29 insertions(+), 5 deletions(-) - ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -2614,8 +2614,8 @@ AC_HELP_STRING([--without-ca-path], [Don - capath="no" - elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - dnl --with-ca-path given -- if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then -- AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) -+ if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then -+ AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) - fi - capath="$want_capath" - ca="no" ---- a/docs/libcurl/opts/CURLOPT_CAPATH.3 -+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3 -@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IM - .SH EXAMPLE - TODO - .SH AVAILABILITY --This option is OpenSSL-specific and does nothing if libcurl is built to use --GnuTLS. NSS-powered libcurl provides the option only for backward --compatibility. -+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS -+backend provides the option only for backward compatibility. - .SH RETURN VALUE - Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or - CURLE_OUT_OF_MEMORY if there was insufficient heap space. ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -98,6 +98,10 @@ static bool gtls_inited = FALSE; - # define HAS_ALPN - # endif - # endif -+ -+# if (GNUTLS_VERSION_NUMBER >= 0x030306) -+# define HAS_CAPATH -+# endif - #endif - - /* -@@ -463,6 +467,24 @@ gtls_connect_step1(struct connectdata *c - rc, data->set.ssl.CAfile); - } - -+#ifdef HAS_CAPATH -+ if(data->set.ssl.CApath) { -+ /* set the trusted CA cert directory */ -+ rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred, -+ data->set.ssl.CApath, -+ GNUTLS_X509_FMT_PEM); -+ if(rc < 0) { -+ infof(data, "error reading ca cert file %s (%s)\n", -+ data->set.ssl.CAfile, gnutls_strerror(rc)); -+ if(data->set.ssl.verifypeer) -+ return CURLE_SSL_CACERT_BADFILE; -+ } -+ else -+ infof(data, "found %d certificates in %s\n", -+ rc, data->set.ssl.CApath); -+ } -+#endif -+ - if(data->set.ssl.CRLfile) { - /* set the CRL list file */ - rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred, ---- a/lib/vtls/gtls.h -+++ b/lib/vtls/gtls.h -@@ -53,6 +53,9 @@ void Curl_gtls_md5sum(unsigned char *tmp - unsigned char *md5sum, /* output */ - size_t md5len); - -+/* this backend supports the CAPATH option */ -+#define have_curlssl_ca_path 1 -+ - /* API setup for GnuTLS */ - #define curlssl_init Curl_gtls_init - #define curlssl_cleanup Curl_gtls_cleanup diff --git a/net/gnurl/patches/011-CVE-2015-3144.patch b/net/gnurl/patches/011-CVE-2015-3144.patch deleted file mode 100644 index 3d752167a..000000000 --- a/net/gnurl/patches/011-CVE-2015-3144.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 16 Apr 2015 23:52:04 +0200 -Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If a URL is given with a zero-length host name, like in "http://:80" or -just ":80", `fix_hostname()` will index the host name pointer with a -1 -offset (as it blindly assumes a non-zero length) and both read and -assign that address. - -CVE-2015-3144 - -Bug: http://curl.haxx.se/docs/adv_20150422D.html -Reported-by: Hanno Böck ---- - lib/url.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/lib/url.c -+++ b/lib/url.c -@@ -3602,7 +3602,7 @@ static void fix_hostname(struct SessionH - host->dispname = host->name; - - len = strlen(host->name); -- if(host->name[len-1] == '.') -+ if(len && (host->name[len-1] == '.')) - /* strip off a single trailing dot if present, primarily for SNI but - there's no use for it */ - host->name[len-1]=0; diff --git a/net/gnurl/patches/012-CVE-2015-3145.patch b/net/gnurl/patches/012-CVE-2015-3145.patch deleted file mode 100644 index c7ecbe9c2..000000000 --- a/net/gnurl/patches/012-CVE-2015-3145.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 16 Apr 2015 16:37:40 +0200 -Subject: [PATCH] cookie: cookie parser out of boundary memory access -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The internal libcurl function called sanitize_cookie_path() that cleans -up the path element as given to it from a remote site or when read from -a file, did not properly validate the input. If given a path that -consisted of a single double-quote, libcurl would index a newly -allocated memory area with index -1 and assign a zero to it, thus -destroying heap memory it wasn't supposed to. - -CVE-2015-3145 - -Bug: http://curl.haxx.se/docs/adv_20150422C.html -Reported-by: Hanno Böck ---- - lib/cookie.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -236,11 +236,14 @@ static char *sanitize_cookie_path(const - return NULL; - - /* some stupid site sends path attribute with '"'. */ -+ len = strlen(new_path); - if(new_path[0] == '\"') { -- memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path)); -+ memmove((void *)new_path, (const void *)(new_path + 1), len); -+ len--; - } -- if(new_path[strlen(new_path) - 1] == '\"') { -- new_path[strlen(new_path) - 1] = 0x0; -+ if(len && (new_path[len - 1] == '\"')) { -+ new_path[len - 1] = 0x0; -+ len--; - } - - /* RFC6265 5.2.4 The Path Attribute */ -@@ -252,8 +255,7 @@ static char *sanitize_cookie_path(const - } - - /* convert /hoge/ to /hoge */ -- len = strlen(new_path); -- if(1 < len && new_path[len - 1] == '/') { -+ if(len && new_path[len - 1] == '/') { - new_path[len - 1] = 0x0; - } - diff --git a/net/gnurl/patches/014-CVE-2015-3153.patch b/net/gnurl/patches/014-CVE-2015-3153.patch deleted file mode 100644 index f6d37d4b5..000000000 --- a/net/gnurl/patches/014-CVE-2015-3153.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 23 Apr 2015 15:58:21 +0200 -Subject: [PATCH] CURLOPT_HEADEROPT: default to separate - -Make the HTTP headers separated by default for improved security and -reduced risk for information leakage. - -Bug: http://curl.haxx.se/docs/adv_20150429.html -Reported-by: Yehezkel Horowitz, Oren Souroujon ---- - docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------ - lib/url.c | 1 + - tests/data/test1527 | 2 +- - tests/data/test287 | 2 +- - tests/libtest/lib1527.c | 1 + - 5 files changed, 10 insertions(+), 8 deletions(-) - ---- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3 -+++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3 -@@ -5,7 +5,7 @@ - .\" * | (__| |_| | _ <| |___ - .\" * \___|\___/|_| \_\_____| - .\" * --.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. - .\" * - .\" * This software is licensed as described in the file COPYING, which - .\" * you should have received as part of this distribution. The terms -@@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle, - Pass a long that is a bitmask of options of how to deal with headers. The two - mutually exclusive options are: - --\fBCURLHEADER_UNIFIED\fP - keep working as before. This means --\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers --and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not --have any effect. -+\fBCURLHEADER_UNIFIED\fP - the headers specified in -+\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and -+proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have -+any effect. - - \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get - sent to a server and not to a proxy. Proxy headers must be set with -@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil - headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to - the server. - .SH DEFAULT --CURLHEADER_UNIFIED -+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then) - .SH PROTOCOLS - HTTP - .SH EXAMPLE ---- a/lib/url.c -+++ b/lib/url.c -@@ -605,6 +605,7 @@ CURLcode Curl_init_userdefined(struct Us - set->ssl_enable_alpn = TRUE; - - set->expect_100_timeout = 1000L; /* Wait for a second by default. */ -+ set->sep_headers = TRUE; /* separated header lists by default */ - return result; - } - ---- a/tests/data/test1527 -+++ b/tests/data/test1527 -@@ -45,7 +45,7 @@ http-proxy - lib1527 - - --Check same headers are generated without CURLOPT_PROXYHEADER -+Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED - - - http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT ---- a/tests/data/test287 -+++ b/tests/data/test287 -@@ -28,7 +28,7 @@ http - HTTP proxy CONNECT with custom User-Agent header - - --http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel -+http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007" - - - ---- a/tests/libtest/lib1527.c -+++ b/tests/libtest/lib1527.c -@@ -83,6 +83,7 @@ int test(char *URL) - test_setopt(curl, CURLOPT_READFUNCTION, read_callback); - test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); - test_setopt(curl, CURLOPT_INFILESIZE, strlen(data)); -+ test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED); - - res = curl_easy_perform(curl); - diff --git a/net/gnurl/patches/015-CVE-2015-3236.patch b/net/gnurl/patches/015-CVE-2015-3236.patch deleted file mode 100644 index 41197a265..000000000 --- a/net/gnurl/patches/015-CVE-2015-3236.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Thu, 28 May 2015 20:04:35 +0200 -Subject: [PATCH] http: do not leak basic auth credentials on re-used - connections - -CVE-2015-3236 - -This partially reverts commit curl-7_39_0-237-g87c4abb - -Bug: http://curl.haxx.se/docs/adv_20150617A.html ---- - lib/http.c | 16 ++++------------ - 1 file changed, 4 insertions(+), 12 deletions(-) - ---- a/lib/http.c -+++ b/lib/http.c -@@ -2327,20 +2327,12 @@ CURLcode Curl_http(struct connectdata *c - te - ); - -- /* -- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with -- * the connection and shouldn't be repeated over it either. -- */ -- switch (data->state.authhost.picked) { -- case CURLAUTH_NEGOTIATE: -- case CURLAUTH_NTLM: -- case CURLAUTH_NTLM_WB: -- Curl_safefree(conn->allocptr.userpwd); -- break; -- } -+ /* clear userpwd to avoid re-using credentials from re-used connections */ -+ Curl_safefree(conn->allocptr.userpwd); - - /* -- * Same for proxyuserpwd -+ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated -+ * with the connection and shouldn't be repeated over it either. - */ - switch (data->state.authproxy.picked) { - case CURLAUTH_NEGOTIATE: diff --git a/net/gnurl/patches/100-check_long_long.patch b/net/gnurl/patches/100-check_long_long.patch index 7faa45169..21e45647e 100644 --- a/net/gnurl/patches/100-check_long_long.patch +++ b/net/gnurl/patches/100-check_long_long.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -2879,6 +2879,7 @@ CURL_VERIFY_RUNTIMELIBS +@@ -2954,6 +2954,7 @@ CURL_VERIFY_RUNTIMELIBS AC_CHECK_SIZEOF(size_t) AC_CHECK_SIZEOF(long)