Sfoglia il codice sorgente

gnurl: update source to 7.43.0

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle 9 anni fa
parent
commit
3741ec4945

+ 3
- 3
net/gnurl/Makefile Vedi File

@@ -8,13 +8,13 @@
8 8
 include $(TOPDIR)/rules.mk
9 9
 
10 10
 PKG_NAME:=gnurl
11
-PKG_VERSION:=7.40.0
12
-PKG_RELEASE:=6
11
+PKG_VERSION:=7.43.0
12
+PKG_RELEASE:=1
13 13
 
14 14
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 15
 PKG_SOURCE_URL:=https://gnunet.org/sites/default/files
16 16
 
17
-PKG_MD5SUM:=f816deb0c1401c841780ec6b91985a14
17
+PKG_MD5SUM:=67c6667d8843cc514b230f2ce8d80f0e
18 18
 
19 19
 PKG_LICENSE:=MIT
20 20
 PKG_LICENSE_FILES:=COPYING

+ 0
- 89
net/gnurl/patches/010-backport-gtls-add-support-for-CURLOPT_CAPATH.patch Vedi File

@@ -1,89 +0,0 @@
1
-From 5a1614cecdd57cab8b4ae3e9bc19dfff5ba77e80 Mon Sep 17 00:00:00 2001
2
-From: Alessandro Ghedini <alessandro@ghedini.me>
3
-Date: Sun, 8 Mar 2015 20:11:06 +0100
4
-Subject: [PATCH] gtls: add support for CURLOPT_CAPATH
5
-
6
----
7
- acinclude.m4                       |  4 ++--
8
- docs/libcurl/opts/CURLOPT_CAPATH.3 |  5 ++---
9
- lib/vtls/gtls.c                    | 22 ++++++++++++++++++++++
10
- lib/vtls/gtls.h                    |  3 +++
11
- 4 files changed, 29 insertions(+), 5 deletions(-)
12
-
13
---- a/acinclude.m4
14
-+++ b/acinclude.m4
15
-@@ -2614,8 +2614,8 @@ AC_HELP_STRING([--without-ca-path], [Don
16
-     capath="no"
17
-   elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
18
-     dnl --with-ca-path given
19
--    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
20
--      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
21
-+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
22
-+      AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
23
-     fi
24
-     capath="$want_capath"
25
-     ca="no"
26
---- a/docs/libcurl/opts/CURLOPT_CAPATH.3
27
-+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
28
-@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IM
29
- .SH EXAMPLE
30
- TODO
31
- .SH AVAILABILITY
32
--This option is OpenSSL-specific and does nothing if libcurl is built to use
33
--GnuTLS. NSS-powered libcurl provides the option only for backward
34
--compatibility.
35
-+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
36
-+backend provides the option only for backward compatibility.
37
- .SH RETURN VALUE
38
- Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
39
- CURLE_OUT_OF_MEMORY if there was insufficient heap space.
40
---- a/lib/vtls/gtls.c
41
-+++ b/lib/vtls/gtls.c
42
-@@ -98,6 +98,10 @@ static bool gtls_inited = FALSE;
43
- #      define HAS_ALPN
44
- #    endif
45
- #  endif
46
-+
47
-+#  if (GNUTLS_VERSION_NUMBER >= 0x030306)
48
-+#    define HAS_CAPATH
49
-+#  endif
50
- #endif
51
- 
52
- /*
53
-@@ -463,6 +467,24 @@ gtls_connect_step1(struct connectdata *c
54
-             rc, data->set.ssl.CAfile);
55
-   }
56
- 
57
-+#ifdef HAS_CAPATH
58
-+  if(data->set.ssl.CApath) {
59
-+    /* set the trusted CA cert directory */
60
-+    rc = gnutls_certificate_set_x509_trust_dir(conn->ssl[sockindex].cred,
61
-+                                                data->set.ssl.CApath,
62
-+                                                GNUTLS_X509_FMT_PEM);
63
-+    if(rc < 0) {
64
-+      infof(data, "error reading ca cert file %s (%s)\n",
65
-+            data->set.ssl.CAfile, gnutls_strerror(rc));
66
-+      if(data->set.ssl.verifypeer)
67
-+        return CURLE_SSL_CACERT_BADFILE;
68
-+    }
69
-+    else
70
-+      infof(data, "found %d certificates in %s\n",
71
-+            rc, data->set.ssl.CApath);
72
-+  }
73
-+#endif
74
-+
75
-   if(data->set.ssl.CRLfile) {
76
-     /* set the CRL list file */
77
-     rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
78
---- a/lib/vtls/gtls.h
79
-+++ b/lib/vtls/gtls.h
80
-@@ -53,6 +53,9 @@ void Curl_gtls_md5sum(unsigned char *tmp
81
-                       unsigned char *md5sum, /* output */
82
-                       size_t md5len);
83
- 
84
-+/* this backend supports the CAPATH option */
85
-+#define have_curlssl_ca_path 1
86
-+
87
- /* API setup for GnuTLS */
88
- #define curlssl_init Curl_gtls_init
89
- #define curlssl_cleanup Curl_gtls_cleanup

+ 0
- 32
net/gnurl/patches/011-CVE-2015-3144.patch Vedi File

@@ -1,32 +0,0 @@
1
-From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001
2
-From: Daniel Stenberg <daniel@haxx.se>
3
-Date: Thu, 16 Apr 2015 23:52:04 +0200
4
-Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset
5
-MIME-Version: 1.0
6
-Content-Type: text/plain; charset=UTF-8
7
-Content-Transfer-Encoding: 8bit
8
-
9
-If a URL is given with a zero-length host name, like in "http://:80" or
10
-just ":80", `fix_hostname()` will index the host name pointer with a -1
11
-offset (as it blindly assumes a non-zero length) and both read and
12
-assign that address.
13
-
14
-CVE-2015-3144
15
-
16
-Bug: http://curl.haxx.se/docs/adv_20150422D.html
17
-Reported-by: Hanno Böck
18
----
19
- lib/url.c | 2 +-
20
- 1 file changed, 1 insertion(+), 1 deletion(-)
21
-
22
---- a/lib/url.c
23
-+++ b/lib/url.c
24
-@@ -3602,7 +3602,7 @@ static void fix_hostname(struct SessionH
25
-   host->dispname = host->name;
26
- 
27
-   len = strlen(host->name);
28
--  if(host->name[len-1] == '.')
29
-+  if(len && (host->name[len-1] == '.'))
30
-     /* strip off a single trailing dot if present, primarily for SNI but
31
-        there's no use for it */
32
-     host->name[len-1]=0;

+ 0
- 53
net/gnurl/patches/012-CVE-2015-3145.patch Vedi File

@@ -1,53 +0,0 @@
1
-From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001
2
-From: Daniel Stenberg <daniel@haxx.se>
3
-Date: Thu, 16 Apr 2015 16:37:40 +0200
4
-Subject: [PATCH] cookie: cookie parser out of boundary memory access
5
-MIME-Version: 1.0
6
-Content-Type: text/plain; charset=UTF-8
7
-Content-Transfer-Encoding: 8bit
8
-
9
-The internal libcurl function called sanitize_cookie_path() that cleans
10
-up the path element as given to it from a remote site or when read from
11
-a file, did not properly validate the input. If given a path that
12
-consisted of a single double-quote, libcurl would index a newly
13
-allocated memory area with index -1 and assign a zero to it, thus
14
-destroying heap memory it wasn't supposed to.
15
-
16
-CVE-2015-3145
17
-
18
-Bug: http://curl.haxx.se/docs/adv_20150422C.html
19
-Reported-by: Hanno Böck
20
----
21
- lib/cookie.c | 12 +++++++-----
22
- 1 file changed, 7 insertions(+), 5 deletions(-)
23
-
24
---- a/lib/cookie.c
25
-+++ b/lib/cookie.c
26
-@@ -236,11 +236,14 @@ static char *sanitize_cookie_path(const
27
-     return NULL;
28
- 
29
-   /* some stupid site sends path attribute with '"'. */
30
-+  len = strlen(new_path);
31
-   if(new_path[0] == '\"') {
32
--    memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
33
-+    memmove((void *)new_path, (const void *)(new_path + 1), len);
34
-+    len--;
35
-   }
36
--  if(new_path[strlen(new_path) - 1] == '\"') {
37
--    new_path[strlen(new_path) - 1] = 0x0;
38
-+  if(len && (new_path[len - 1] == '\"')) {
39
-+    new_path[len - 1] = 0x0;
40
-+    len--;
41
-   }
42
- 
43
-   /* RFC6265 5.2.4 The Path Attribute */
44
-@@ -252,8 +255,7 @@ static char *sanitize_cookie_path(const
45
-   }
46
- 
47
-   /* convert /hoge/ to /hoge */
48
--  len = strlen(new_path);
49
--  if(1 < len && new_path[len - 1] == '/') {
50
-+  if(len && new_path[len - 1] == '/') {
51
-     new_path[len - 1] = 0x0;
52
-   }
53
- 

+ 0
- 95
net/gnurl/patches/014-CVE-2015-3153.patch Vedi File

@@ -1,95 +0,0 @@
1
-From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001
2
-From: Daniel Stenberg <daniel@haxx.se>
3
-Date: Thu, 23 Apr 2015 15:58:21 +0200
4
-Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
5
-
6
-Make the HTTP headers separated by default for improved security and
7
-reduced risk for information leakage.
8
-
9
-Bug: http://curl.haxx.se/docs/adv_20150429.html
10
-Reported-by: Yehezkel Horowitz, Oren Souroujon
11
----
12
- docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------
13
- lib/url.c                             |  1 +
14
- tests/data/test1527                   |  2 +-
15
- tests/data/test287                    |  2 +-
16
- tests/libtest/lib1527.c               |  1 +
17
- 5 files changed, 10 insertions(+), 8 deletions(-)
18
-
19
---- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3
20
-+++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3
21
-@@ -5,7 +5,7 @@
22
- .\" *                            | (__| |_| |  _ <| |___
23
- .\" *                             \___|\___/|_| \_\_____|
24
- .\" *
25
--.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
26
-+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
27
- .\" *
28
- .\" * This software is licensed as described in the file COPYING, which
29
- .\" * you should have received as part of this distribution. The terms
30
-@@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle,
31
- Pass a long that is a bitmask of options of how to deal with headers. The two
32
- mutually exclusive options are:
33
- 
34
--\fBCURLHEADER_UNIFIED\fP - keep working as before. This means
35
--\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers
36
--and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not
37
--have any effect.
38
-+\fBCURLHEADER_UNIFIED\fP - the headers specified in
39
-+\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and
40
-+proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have
41
-+any effect.
42
- 
43
- \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get
44
- sent to a server and not to a proxy. Proxy headers must be set with
45
-@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil
46
- headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
47
- the server.
48
- .SH DEFAULT
49
--CURLHEADER_UNIFIED
50
-+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
51
- .SH PROTOCOLS
52
- HTTP
53
- .SH EXAMPLE
54
---- a/lib/url.c
55
-+++ b/lib/url.c
56
-@@ -605,6 +605,7 @@ CURLcode Curl_init_userdefined(struct Us
57
-   set->ssl_enable_alpn = TRUE;
58
- 
59
-   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
60
-+  set->sep_headers = TRUE; /* separated header lists by default */
61
-   return result;
62
- }
63
- 
64
---- a/tests/data/test1527
65
-+++ b/tests/data/test1527
66
-@@ -45,7 +45,7 @@ http-proxy
67
- lib1527
68
- </tool>
69
-  <name>
70
--Check same headers are generated without CURLOPT_PROXYHEADER
71
-+Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED
72
-  </name>
73
-  <command>
74
-  http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT
75
---- a/tests/data/test287
76
-+++ b/tests/data/test287
77
-@@ -28,7 +28,7 @@ http
78
- HTTP proxy CONNECT with custom User-Agent header
79
-  </name>
80
-  <command>
81
--http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel
82
-+http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
83
- </command>
84
- </client>
85
- 
86
---- a/tests/libtest/lib1527.c
87
-+++ b/tests/libtest/lib1527.c
88
-@@ -83,6 +83,7 @@ int test(char *URL)
89
-   test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
90
-   test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
91
-   test_setopt(curl, CURLOPT_INFILESIZE, strlen(data));
92
-+  test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
93
- 
94
-   res = curl_easy_perform(curl);
95
- 

+ 0
- 42
net/gnurl/patches/015-CVE-2015-3236.patch Vedi File

@@ -1,42 +0,0 @@
1
-From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
2
-From: Kamil Dudka <kdudka@redhat.com>
3
-Date: Thu, 28 May 2015 20:04:35 +0200
4
-Subject: [PATCH] http: do not leak basic auth credentials on re-used
5
- connections
6
-
7
-CVE-2015-3236
8
-
9
-This partially reverts commit curl-7_39_0-237-g87c4abb
10
-
11
-Bug: http://curl.haxx.se/docs/adv_20150617A.html
12
----
13
- lib/http.c | 16 ++++------------
14
- 1 file changed, 4 insertions(+), 12 deletions(-)
15
-
16
---- a/lib/http.c
17
-+++ b/lib/http.c
18
-@@ -2327,20 +2327,12 @@ CURLcode Curl_http(struct connectdata *c
19
-                      te
20
-       );
21
- 
22
--  /*
23
--   * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
24
--   * the connection and shouldn't be repeated over it either.
25
--   */
26
--  switch (data->state.authhost.picked) {
27
--  case CURLAUTH_NEGOTIATE:
28
--  case CURLAUTH_NTLM:
29
--  case CURLAUTH_NTLM_WB:
30
--    Curl_safefree(conn->allocptr.userpwd);
31
--    break;
32
--  }
33
-+  /* clear userpwd to avoid re-using credentials from re-used connections */
34
-+  Curl_safefree(conn->allocptr.userpwd);
35
- 
36
-   /*
37
--   * Same for proxyuserpwd
38
-+   * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
39
-+   * with the connection and shouldn't be repeated over it either.
40
-    */
41
-   switch (data->state.authproxy.picked) {
42
-   case CURLAUTH_NEGOTIATE:

+ 1
- 1
net/gnurl/patches/100-check_long_long.patch Vedi File

@@ -1,6 +1,6 @@
1 1
 --- a/configure.ac
2 2
 +++ b/configure.ac
3
-@@ -2879,6 +2879,7 @@ CURL_VERIFY_RUNTIMELIBS
3
+@@ -2954,6 +2954,7 @@ CURL_VERIFY_RUNTIMELIBS
4 4
  
5 5
  AC_CHECK_SIZEOF(size_t)
6 6
  AC_CHECK_SIZEOF(long)