Djam/curl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/curl.git synced 2025-02-23 15:52:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Automatic import for version 7.21.7

Browse source
This commit is contained in:
Rosa 2012-08-07 09:54:37 +00:00
parent d52b78bbbb
commit a5f31cdd68
5 changed files with 530 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
curl-7.21.7-CVE-2011-3389-0.diff Normal file
View file

@ -0,0 +1,62 @@
From 33feba63fc645f4db5e3c18a54203252c172314f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 19 Jan 2012 20:07:44 +0100
Subject: [PATCH] OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.
The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.
In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.
Reported by: product-security at Apple
Origin: upstream, http://curl.haxx.se/docs/adv_20120124B.html
--- lib/ssluse.c 2011-06-06 20:10:13.000000000 +0000
+++ lib/ssluse.c.oden 2012-04-13 08:01:59.000000000 +0000
@@ -1425,6 +1425,7 @@ ossl_connect_step1(struct connectdata *c
X509_LOOKUP *lookup=NULL;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long ctx_options;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
bool sni;
#ifdef ENABLE_IPV6
@@ -1526,16 +1527,27 @@ ossl_connect_step1(struct connectdata *c
If someone writes an application with libcurl and openssl who wants to
enable the feature, one can do this in the SSL callback.
+ OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
+ (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+ SSL_OP_ALL that _disables_ that work-around despite the fact that
+ SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
+ keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
+ must not be set.
+
*/
+
+ ctx_options = SSL_OP_ALL;
+
#ifdef SSL_OP_NO_TICKET
/* expect older openssl releases to not have this define so only use it if
present */
-#define CURL_CTX_OPTIONS SSL_OP_ALL|SSL_OP_NO_TICKET
-#else
-#define CURL_CTX_OPTIONS SSL_OP_ALL
+ ctx_options |= SSL_OP_NO_TICKET;
+#endif
+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
- SSL_CTX_set_options(connssl->ctx, CURL_CTX_OPTIONS);
+ SSL_CTX_set_options(connssl->ctx, ctx_options);
/* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */
if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)

157
curl-7.21.7-CVE-2011-3389-1.diff Normal file
View file

@ -0,0 +1,157 @@
From 2a699bc6e94b8223d900e8880ad628aebf17ab6d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Feb 2012 22:12:06 +0100
Subject: [PATCH 1/2] CURLOPT_SSL_OPTIONS: added
Allow an appliction to set libcurl specific SSL options. The first and
only options supported right now is CURLSSLOPT_ALLOW_BEAST.
It will make libcurl to disable any work-arounds the underlying SSL
library may have to address a known security flaw in the SSL3 and TLS1.0
protocol versions.
This is a reaction to us unconditionally removing that behavior after
this security advisory:
http://curl.haxx.se/docs/adv_20120124B.html
... it did however cause a lot of programs to fail because of old
servers not liking this work-around. Now programs can opt to decrease
the security in order to interoperate with old servers better.
diff -Naurp curl-7.21.7/docs/libcurl/curl_easy_setopt.3 curl-7.21.7.oden/docs/libcurl/curl_easy_setopt.3
--- curl-7.21.7/docs/libcurl/curl_easy_setopt.3 2011-06-13 21:09:52.000000000 +0000
+++ curl-7.21.7.oden/docs/libcurl/curl_easy_setopt.3 2012-04-13 08:03:54.000000000 +0000
@@ -2097,6 +2097,16 @@ this to 1 to enable it. By default all t
cache. While nothing ever should get hurt by attempting to reuse SSL
session-IDs, there seem to be broken SSL implementations in the wild that may
require you to disable this in order for you to succeed. (Added in 7.16.0)
+.IP CURLOPT_SSL_OPTIONS
+Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
+
+CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
+will tell libcurl to not attempt to use any work-arounds for a security flaw
+in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is
+set to 0, the SSL layer libcurl uses may use a work-around for this flaw
+although it might cause interoperability problems with some (older) SSL
+implementations. WARNING: avoiding this work-around loosens the security, and
+by setting this option to 1 you ask for exactly that. (Added in 7.25.0)
.IP CURLOPT_KRBLEVEL
Pass a char * as parameter. Set the kerberos security level for FTP; this also
enables kerberos awareness. This is a string, \&'clear', \&'safe',
diff -Naurp curl-7.21.7/docs/libcurl/symbols-in-versions curl-7.21.7.oden/docs/libcurl/symbols-in-versions
--- curl-7.21.7/docs/libcurl/symbols-in-versions 2011-05-18 20:56:46.000000000 +0000
+++ curl-7.21.7.oden/docs/libcurl/symbols-in-versions 2012-04-13 08:03:54.000000000 +0000
@@ -473,6 +473,7 @@ CURLOPT_SSLVERSION 7.1
CURLOPT_SSL_CIPHER_LIST 7.9
CURLOPT_SSL_CTX_DATA 7.10.6
CURLOPT_SSL_CTX_FUNCTION 7.10.6
+CURLOPT_SSL_OPTIONS 7.25.0
CURLOPT_SSL_SESSIONID_CACHE 7.16.0
CURLOPT_SSL_VERIFYHOST 7.8.1
CURLOPT_SSL_VERIFYPEER 7.4.2
@@ -560,6 +561,7 @@ CURLSSH_AUTH_KEYBOARD 7.16.1
CURLSSH_AUTH_NONE 7.16.1
CURLSSH_AUTH_PASSWORD 7.16.1
CURLSSH_AUTH_PUBLICKEY 7.16.1
+CURLSSLOPT_ALLOW_BEAST 7.25.0
CURLUSESSL_ALL 7.17.0
CURLUSESSL_CONTROL 7.17.0
CURLUSESSL_NONE 7.17.0
diff -Naurp curl-7.21.7/include/curl/curl.h curl-7.21.7.oden/include/curl/curl.h
--- curl-7.21.7/include/curl/curl.h 2011-05-18 20:56:46.000000000 +0000
+++ curl-7.21.7.oden/include/curl/curl.h 2012-04-13 08:03:54.000000000 +0000
@@ -664,6 +664,15 @@ typedef enum {
CURLUSESSL_LAST /* not an option, never use */
} curl_usessl;
+/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */
+
+/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the
+ name of improving interoperability with older servers. Some SSL libraries
+ have introduced work-arounds for this flaw but those work-arounds sometimes
+ make the SSL communication fail. To regain functionality with those broken
+ servers, a user can this way allow the vulnerability back. */
+#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+
#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
the obsolete stuff removed! */
@@ -1483,6 +1492,9 @@ typedef enum {
CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
+ /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
+ CINIT(SSL_OPTIONS, LONG, 216),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff -Naurp curl-7.21.7/lib/ssluse.c curl-7.21.7.oden/lib/ssluse.c
--- curl-7.21.7/lib/ssluse.c 2012-04-13 08:04:20.000000000 +0000
+++ curl-7.21.7.oden/lib/ssluse.c 2012-04-13 08:03:54.000000000 +0000
@@ -1544,7 +1544,10 @@ ossl_connect_step1(struct connectdata *c
ctx_options |= SSL_OP_NO_TICKET;
#endif
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ /* unless the user explicitly ask to allow the protocol vulnerability we
+ use the work-around */
+ if(!conn->data->set.ssl_enable_beast)
+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSL_CTX_set_options(connssl->ctx, ctx_options);
diff -Naurp curl-7.21.7/lib/url.c curl-7.21.7.oden/lib/url.c
--- curl-7.21.7/lib/url.c 2011-06-13 21:09:52.000000000 +0000
+++ curl-7.21.7.oden/lib/url.c 2012-04-13 08:03:54.000000000 +0000
@@ -832,6 +832,7 @@ CURLcode Curl_setopt(struct SessionHandl
{
char *argptr;
CURLcode result = CURLE_OK;
+ long arg;
#ifndef CURL_DISABLE_HTTP
curl_off_t bigsize;
#endif
@@ -841,12 +842,9 @@ CURLcode Curl_setopt(struct SessionHandl
data->set.dns_cache_timeout = va_arg(param, long);
break;
case CURLOPT_DNS_USE_GLOBAL_CACHE:
- {
- /* remember we want this enabled */
- long use_cache = va_arg(param, long);
- data->set.global_dns_cache = (bool)(0 != use_cache);
- }
- break;
+ arg = va_arg(param, long);
+ data->set.global_dns_cache = (0 != arg)?TRUE:FALSE;
+ break;
case CURLOPT_SSL_CIPHER_LIST:
/* set a list of cipher we want to use in the SSL connection */
result = setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
@@ -2017,6 +2015,12 @@ CURLcode Curl_setopt(struct SessionHandl
case CURLOPT_CERTINFO:
data->set.ssl.certinfo = (bool)(0 != va_arg(param, long));
break;
+
+ case CURLOPT_SSL_OPTIONS:
+ arg = va_arg(param, long);
+ data->set.ssl_enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
+ break;
+
#endif
case CURLOPT_CAINFO:
/*
diff -Naurp curl-7.21.7/lib/urldata.h curl-7.21.7.oden/lib/urldata.h
--- curl-7.21.7/lib/urldata.h 2011-06-07 17:31:53.000000000 +0000
+++ curl-7.21.7.oden/lib/urldata.h 2012-04-13 08:03:54.000000000 +0000
@@ -1489,6 +1489,8 @@ struct UserDefined {
bool ftp_skip_ip; /* skip the IP address the FTP server passes on to
us */
bool connect_only; /* make connection, let application use the socket */
+ bool ssl_enable_beast; /* especially allow this flaw for interoperability's
+ sake*/
long ssh_auth_types; /* allowed SSH auth types */
bool http_te_skip; /* pass the raw body data to the user, even when
transfer-encoded (chunked, compressed) */

74
curl-7.21.7-CVE-2011-3389-2.diff Normal file
View file

@ -0,0 +1,74 @@
From 62d15f159e163bf4e1a27ac1b0ffd9b84e02bf56 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Feb 2012 22:25:04 +0100
Subject: [PATCH 2/2] --ssl-allow-beast added
This new option tells curl to not work around a security flaw in the
SSL3 and TLS1.0 protocols. It uses the new libcurl option
CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.
diff -Naurp curl-7.21.7/docs/curl.1 curl-7.21.7.oden/docs/curl.1
--- curl-7.21.7/docs/curl.1 2011-05-05 10:17:17.000000000 +0000
+++ curl-7.21.7.oden/docs/curl.1 2012-04-13 08:05:38.000000000 +0000
@@ -534,6 +534,12 @@ control channel communication will be un
NAT routers to follow the FTP transaction. The default mode is
passive. See --ftp-ssl-ccc-mode for other modes.
(Added in 7.16.1)
+.IP "--ssl-allow-beast"
+(SSL) This option tells curl to not work around a security flaw in the SSL3
+and TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer
+may use work-arounds known to cause interoperability problems with some older
+SSL implementations. WARNING: this option loosens the SSL security, and by
+using this flag you ask for exactly that. (Added in 7.25.0)
.IP "--ftp-ssl-ccc-mode [active/passive]"
(FTP) Use CCC (Clear Command Channel)
Sets the CCC mode. The passive mode will not initiate the shutdown, but
diff -Naurp curl-7.21.7/src/main.c curl-7.21.7.oden/src/main.c
--- curl-7.21.7/src/main.c 2011-05-30 09:59:13.000000000 +0000
+++ curl-7.21.7.oden/src/main.c 2012-04-13 08:05:38.000000000 +0000
@@ -657,6 +657,7 @@ struct Configurable {
int default_node_flags; /* default flags to search for each 'node', which is
basically each given URL to transfer */
+ bool ssl_allow_beast; /* allow this SSL vulnerability */
struct OutStruct *outs;
bool xattr; /* store metadata in extended attributes */
};
@@ -938,6 +939,7 @@ static void help(void)
" --ssl-reqd Require SSL/TLS (FTP, IMAP, POP3, SMTP)",
" -2/--sslv2 Use SSLv2 (SSL)",
" -3/--sslv3 Use SSLv3 (SSL)",
+ " --ssl-allow-beast Allow security flaw to improve interop (SSL)",
" --stderr <file> Where to redirect stderr. - means stdout",
" --tcp-nodelay Use the TCP_NODELAY option",
" -t/--telnet-option <OPT=val> Set telnet option",
@@ -1970,6 +1972,7 @@ static ParameterError getparameter(char
{"Eg","capath ", TRUE},
{"Eh","pubkey", TRUE},
{"Ei", "hostpubmd5", TRUE},
+ {"En", "ssl-allow-beast", FALSE},
{"Ej","crlfile", TRUE},
{"Ek","tlsuser", TRUE},
{"El","tlspassword", TRUE},
@@ -2828,6 +2831,10 @@ static ParameterError getparameter(char
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+ case 'n': /* no empty SSL fragments */
+ if(curlinfo->features & CURL_VERSION_SSL)
+ config->ssl_allow_beast = toggle;
+ break;
default: /* certificate file */
{
char *ptr = strchr(nextarg, ':');
@@ -4733,6 +4740,10 @@ operate(struct Configurable *config, int
}
}
+ /* new in 7.25.0 */
+ if(config->ssl_allow_beast)
+ my_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_ALLOW_BEAST);
+
retry_sleep_default = config->retry_delay?
config->retry_delay*1000:RETRY_SLEEP_DEFAULT; /* ms */
retry_sleep = retry_sleep_default;

223
curl-7.21.7-CVE-2012-0036.diff Normal file
View file

@ -0,0 +1,223 @@
From 4fd13aca70443b2a206e2a32e876be45c2f9a918 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 23 Dec 2011 13:24:16 +0100
Subject: [PATCH] URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).
URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.
This flaw is considered a security vulnerability: CVE-2012-0036
Security advisory at: http://curl.haxx.se/docs/adv_20120124.html
Reported by: Dan Fandrich
diff -Naurp curl-7.21.7/lib/escape.c curl-7.21.7.oden/lib/escape.c
--- curl-7.21.7/lib/escape.c 2011-05-23 17:08:12.000000000 +0000
+++ curl-7.21.7.oden/lib/escape.c 2012-04-13 08:07:48.000000000 +0000
@@ -34,6 +34,7 @@
#include "urldata.h"
#include "warnless.h"
#include "non-ascii.h"
+#include "escape.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
@@ -87,7 +88,7 @@ char *curl_easy_escape(CURL *handle, con
char *testing_ptr = NULL;
unsigned char in; /* we need to treat the characters unsigned */
size_t newlen = alloc;
- int strindex=0;
+ size_t strindex=0;
size_t length;
CURLcode res;
@@ -135,23 +136,29 @@ char *curl_easy_escape(CURL *handle, con
}
/*
- * Unescapes the given URL escaped string of given length. Returns a
- * pointer to a malloced string with length given in *olen.
- * If length == 0, the length is assumed to be strlen(string).
- * If olen == NULL, no output length is stored.
+ * Curl_urldecode() URL decodes the given string.
+ *
+ * Optionally detects control characters (byte codes lower than 32) in the
+ * data and rejects such data.
+ *
+ * Returns a pointer to a malloced string in *ostring with length given in
+ * *olen. If length == 0, the length is assumed to be strlen(string).
+ *
*/
-char *curl_easy_unescape(CURL *handle, const char *string, int length,
- int *olen)
+CURLcode Curl_urldecode(struct SessionHandle *data,
+ const char *string, size_t length,
+ char **ostring, size_t *olen,
+ bool reject_ctrl)
{
- int alloc = (length?length:(int)strlen(string))+1;
+ size_t alloc = (length?length:strlen(string))+1;
char *ns = malloc(alloc);
unsigned char in;
- int strindex=0;
+ size_t strindex=0;
unsigned long hex;
CURLcode res;
if(!ns)
- return NULL;
+ return CURLE_OUT_OF_MEMORY;
while(--alloc > 0) {
in = *string;
@@ -167,16 +174,20 @@ char *curl_easy_unescape(CURL *handle, c
in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
- res = Curl_convert_from_network(handle, &in, 1);
+ res = Curl_convert_from_network(data, &in, 1);
if(res) {
/* Curl_convert_from_network calls failf if unsuccessful */
free(ns);
- return NULL;
+ return res;
}
string+=2;
alloc-=2;
}
+ if(reject_ctrl && (in < 0x20)) {
+ free(ns);
+ return CURLE_URL_MALFORMAT;
+ }
ns[strindex++] = in;
string++;
@@ -186,7 +197,33 @@ char *curl_easy_unescape(CURL *handle, c
if(olen)
/* store output size */
*olen = strindex;
- return ns;
+
+ if(ostring)
+ /* store output string */
+ *ostring = ns;
+
+ return CURLE_OK;
+}
+
+/*
+ * Unescapes the given URL escaped string of given length. Returns a
+ * pointer to a malloced string with length given in *olen.
+ * If length == 0, the length is assumed to be strlen(string).
+ * If olen == NULL, no output length is stored.
+ */
+char *curl_easy_unescape(CURL *handle, const char *string, int length,
+ int *olen)
+{
+ char *str = NULL;
+ size_t inputlen = length;
+ size_t outputlen;
+ CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
+ FALSE);
+ if(res)
+ return NULL;
+ if(olen)
+ *olen = curlx_uztosi(outputlen);
+ return str;
}
/* For operating systems/environments that use different malloc/free
diff -Naurp curl-7.21.7/lib/escape.h curl-7.21.7.oden/lib/escape.h
--- curl-7.21.7/lib/escape.h 2011-03-19 15:16:07.000000000 +0000
+++ curl-7.21.7.oden/lib/escape.h 2012-04-13 08:07:48.000000000 +0000
@@ -1,5 +1,5 @@
-#ifndef __ESCAPE_H
-#define __ESCAPE_H
+#ifndef HEADER_CURL_ESCAPE_H
+#define HEADER_CURL_ESCAPE_H
/***************************************************************************
* _ _ ____ _
@@ -8,7 +8,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,5 +25,9 @@
/* Escape and unescape URL encoding in strings. The functions return a new
* allocated string or NULL if an error occurred. */
+CURLcode Curl_urldecode(struct SessionHandle *data,
+ const char *string, size_t length,
+ char **ostring, size_t *olen,
+ bool reject_crlf);
#endif
diff -Naurp curl-7.21.7/lib/imap.c curl-7.21.7.oden/lib/imap.c
--- curl-7.21.7/lib/imap.c 2011-05-09 08:20:30.000000000 +0000
+++ curl-7.21.7.oden/lib/imap.c 2012-04-13 08:07:48.000000000 +0000
@@ -951,17 +951,12 @@ static CURLcode imap_parse_url_path(stru
struct imap_conn *imapc = &conn->proto.imapc;
struct SessionHandle *data = conn->data;
const char *path = data->state.path;
- int len;
if(!*path)
path = "INBOX";
/* url decode the path and use this mailbox */
- imapc->mailbox = curl_easy_unescape(data, path, 0, &len);
- if(!imapc->mailbox)
- return CURLE_OUT_OF_MEMORY;
-
- return CURLE_OK;
+ return Curl_urldecode(data, path, 0, &imapc->mailbox, NULL, TRUE);
}
/* call this when the DO phase has completed */
diff -Naurp curl-7.21.7/lib/pop3.c curl-7.21.7.oden/lib/pop3.c
--- curl-7.21.7/lib/pop3.c 2011-06-21 15:55:39.000000000 +0000
+++ curl-7.21.7.oden/lib/pop3.c 2012-04-13 08:07:48.000000000 +0000
@@ -900,11 +900,7 @@ static CURLcode pop3_parse_url_path(stru
const char *path = data->state.path;
/* url decode the path and use this mailbox */
- pop3c->mailbox = curl_easy_unescape(data, path, 0, NULL);
- if(!pop3c->mailbox)
- return CURLE_OUT_OF_MEMORY;
-
- return CURLE_OK;
+ return Curl_urldecode(data, path, 0, &pop3c->mailbox, NULL, TRUE);
}
/* call this when the DO phase has completed */
diff -Naurp curl-7.21.7/lib/smtp.c curl-7.21.7.oden/lib/smtp.c
--- curl-7.21.7/lib/smtp.c 2011-05-09 08:20:30.000000000 +0000
+++ curl-7.21.7.oden/lib/smtp.c 2012-04-13 08:07:48.000000000 +0000
@@ -1171,9 +1171,9 @@ static CURLcode smtp_connect(struct conn
}
/* url decode the path and use it as domain with EHLO */
- smtpc->domain = curl_easy_unescape(conn->data, path, 0, &len);
- if(!smtpc->domain)
- return CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
+ if(result)
+ return result;
/* When we connect, we start in the state where we await the server greeting
*/

17
curl.spec
View file

@ -5,7 +5,8 @@
Summary: Gets a file from a FTP, GOPHER or HTTP server
Name: curl
Version: 7.21.7
Release: %mkrel 2
%define subrel 1
Release: %mkrel 1
Epoch: 1
License: BSD-like
Group: Networking/Other
@ -15,6 +16,10 @@ Source1: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc
Patch3: %{name}-7.21.5-privlibs.patch
Patch4: %{name}-7.15.3-multilib.patch
Patch6: %{name}-7.18.2-do-not-build-examples.patch
Patch7: curl-7.21.7-CVE-2011-3389-0.diff
Patch8: curl-7.21.7-CVE-2011-3389-1.diff
Patch9: curl-7.21.7-CVE-2011-3389-2.diff
Patch10: curl-7.21.7-CVE-2012-0036.diff
BuildRequires: groff-for-man
BuildRequires: openssl-devel
BuildRequires: zlib-devel
@ -83,6 +88,10 @@ Example files for %{name} development.
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch7 -p0 -b .CVE-2011-3389-0
%patch8 -p1 -b .CVE-2011-3389-1
%patch9 -p1 -b .CVE-2011-3389-2
%patch10 -p1 -b .CVE-2012-0036
%build
autoreconf -fiv
@ -171,8 +180,10 @@ rm -rf %{buildroot}
%changelog
* Wed Feb 22 2012 abf
- The release updated by ABF
* Fri Apr 13 2012 Oden Eriksson <oeriksson@mandriva.com> 1:7.21.7-1.1
- P7: security fix for CVE-2011-3389 (debian)
- P8 and P9: helpers to cope with the CVE-2011-3389 fix (debian)
- P10: security fix for CVE-2012-0036 (upstream)
* Thu Jun 23 2011 Funda Wang <fwang@mandriva.org> 1:7.21.7-1mdv2011.0
+ Revision: 686821