summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-04-21 10:29:17 (GMT)
committerAdrian Dudau <adrian.dudau@enea.com>2017-04-21 11:54:14 (GMT)
commit3fc5d271f554e07c88b1195812e48a0d86291395 (patch)
treeaa886d608aee07639e7a841d0618ccd0bda97bc7
parent9ee38b3a027470c98f7337dceac67ba06420c075 (diff)
downloadpoky-3fc5d271f554e07c88b1195812e48a0d86291395.tar.gz
curl: Upgrade 7.47.1 -> 7.53.1
Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions: ================================================================= TLS session resumption client cert bypass (again): CVE-2017-XXXX --write-out out of buffer read: CVE-2017-7407 SSL_VERIFYSTATUS ignored: CVE-2017-2629 uninitialized random: CVE-2016-9594 printf floating point buffer overflow: CVE-2016-9586 Win CE schannel cert wildcard matches too much: CVE-2016-9952 Win CE schannel cert name out of buffer read: CVE-2016-9953 cookie injection for other servers: CVE-2016-8615 case insensitive password comparison: CVE-2016-8616 OOB write via unchecked multiplication: CVE-2016-8617 double-free in curl_maprintf: CVE-2016-8618 double-free in krb5 code: CVE-2016-8619 glob parser write/read out of bounds: CVE-2016-8620 curl_getdate read out of bounds: CVE-2016-8621 URL unescape heap overflow via integer truncation: CVE-2016-8622 Use-after-free via shared cookies: CVE-2016-8623 invalid URL parsing with '#': CVE-2016-8624 IDNA 2003 makes curl use wrong host: CVE-2016-8625 curl escape and unescape integer overflows: CVE-2016-7167 Incorrect reuse of client certificates: CVE-2016-7141 TLS session resumption client cert bypass: CVE-2016-5419 Re-using connections with wrong client cert: CVE-2016-5420 use of connection struct after free: CVE-2016-5421 Windows DLL hijacking: CVE-2016-4802 TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739 Reference: https://curl.haxx.se/docs/security.html https://curl.haxx.se/changes.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-5419.patch76
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-5420.patch31
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-5421.patch36
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-7141.patch50
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8615.patch77
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8616.patch49
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8617.patch28
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8618.patch52
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8619.patch52
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8620.patch44
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8621.patch120
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8622.patch94
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8623.patch209
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8624.patch51
-rwxr-xr-xmeta/recipes-support/curl/curl/CVE-2016-8625.patch615
-rw-r--r--meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch29
-rw-r--r--meta/recipes-support/curl/curl_7.53.1.bb (renamed from meta/recipes-support/curl/curl_7.47.1.bb)23
17 files changed, 3 insertions, 1633 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-5419.patch b/meta/recipes-support/curl/curl/CVE-2016-5419.patch
deleted file mode 100644
index 2bea362..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-5419.patch
+++ /dev/null
@@ -1,76 +0,0 @@
1From 247d890da88f9ee817079e246c59f3d7d12fde5f Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Fri, 1 Jul 2016 13:32:31 +0200
4Subject: [PATCH] TLS: switch off SSL session id when client cert is used
5
6
7Bug: https://curl.haxx.se/docs/adv_20160803A.html
8Reported-by: Bru Rom
9Contributions-by: Eric Rescorla and Ray Satiro
10
11Upstream-Status: Backport
12https://curl.haxx.se/CVE-2016-5419.patch
13
14CVE: CVE-2016-5419
15Signed-off-by: Maxin B. John <maxin.john@intel.com>
16---
17 lib/url.c | 1 +
18 lib/urldata.h | 1 +
19 lib/vtls/vtls.c | 10 ++++++++++
20 3 files changed, 12 insertions(+)
21
22diff --git a/lib/url.c b/lib/url.c
23index 258a286..e547e5c 100644
24--- a/lib/url.c
25+++ b/lib/url.c
26@@ -6123,6 +6123,7 @@ static CURLcode create_conn(struct Curl_easy *data,
27 data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
28 data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
29 data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST];
30+ data->set.ssl.clientcert = data->set.str[STRING_CERT];
31 #ifdef USE_TLS_SRP
32 data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
33 data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
34diff --git a/lib/urldata.h b/lib/urldata.h
35index 611c5a7..3cf7ed9 100644
36--- a/lib/urldata.h
37+++ b/lib/urldata.h
38@@ -351,6 +351,7 @@ struct ssl_config_data {
39 char *CAfile; /* certificate to verify peer against */
40 const char *CRLfile; /* CRL to check certificate revocation */
41 const char *issuercert;/* optional issuer certificate filename */
42+ char *clientcert;
43 char *random_file; /* path to file containing "random" data */
44 char *egdsocket; /* path to file containing the EGD daemon socket */
45 char *cipher_list; /* list of ciphers to use */
46diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
47index d3e41cd..33e209d 100644
48--- a/lib/vtls/vtls.c
49+++ b/lib/vtls/vtls.c
50@@ -156,6 +156,15 @@ Curl_clone_ssl_config(struct ssl_config_data *source,
51 else
52 dest->random_file = NULL;
53
54+ if(source->clientcert) {
55+ dest->clientcert = strdup(source->clientcert);
56+ if(!dest->clientcert)
57+ return FALSE;
58+ dest->sessionid = FALSE;
59+ }
60+ else
61+ dest->clientcert = NULL;
62+
63 return TRUE;
64 }
65
66@@ -166,6 +175,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc)
67 Curl_safefree(sslc->cipher_list);
68 Curl_safefree(sslc->egdsocket);
69 Curl_safefree(sslc->random_file);
70+ Curl_safefree(sslc->clientcert);
71 }
72
73
74--
752.4.0
76
diff --git a/meta/recipes-support/curl/curl/CVE-2016-5420.patch b/meta/recipes-support/curl/curl/CVE-2016-5420.patch
deleted file mode 100644
index 6bfacd7..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-5420.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 11ec5ad4352bba384404c56e77c7fab9382fd22d Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Sun, 31 Jul 2016 00:51:48 +0200
4Subject: [PATCH] TLS: only reuse connections with the same client cert
5
6Bug: https://curl.haxx.se/docs/adv_20160803B.html
7
8Upstream-Status: Backport
9https://curl.haxx.se/CVE-2016-5420.patch
10
11CVE: CVE-2016-5420
12Signed-off-by: Maxin B. John <maxin.john@intel.com>
13---
14 lib/vtls/vtls.c | 1 +
15 1 file changed, 1 insertion(+)
16
17diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
18index 33e209d..3863777 100644
19--- a/lib/vtls/vtls.c
20+++ b/lib/vtls/vtls.c
21@@ -99,6 +99,7 @@ Curl_ssl_config_matches(struct ssl_config_data* data,
22 (data->verifyhost == needle->verifyhost) &&
23 safe_strequal(data->CApath, needle->CApath) &&
24 safe_strequal(data->CAfile, needle->CAfile) &&
25+ safe_strequal(data->clientcert, needle->clientcert) &&
26 safe_strequal(data->random_file, needle->random_file) &&
27 safe_strequal(data->egdsocket, needle->egdsocket) &&
28 safe_strequal(data->cipher_list, needle->cipher_list))
29--
302.4.0
31
diff --git a/meta/recipes-support/curl/curl/CVE-2016-5421.patch b/meta/recipes-support/curl/curl/CVE-2016-5421.patch
deleted file mode 100644
index 862da75..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-5421.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 75dc096e01ef1e21b6c57690d99371dedb2c0b80 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Sun, 31 Jul 2016 01:09:04 +0200
4Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Bug: https://curl.haxx.se/docs/adv_20160803C.html
10Reported-by: Marcelo Echeverria and Fernando Muñoz
11
12Upstream-Status: Backport
13https://curl.haxx.se/CVE-2016-5421.patch
14
15CVE: CVE-2016-5421
16Signed-off-by: Maxin B. John <maxin.john@intel.com>
17---
18 lib/multi.c | 2 ++
19 1 file changed, 2 insertions(+)
20
21diff --git a/lib/multi.c b/lib/multi.c
22index 9ee3523..8bb9366 100644
23--- a/lib/multi.c
24+++ b/lib/multi.c
25@@ -2157,6 +2157,8 @@ static void close_all_connections(struct Curl_multi *multi)
26 conn->data = multi->closure_handle;
27
28 sigpipe_ignore(conn->data, &pipe_st);
29+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
30+ pointer */
31 /* This will remove the connection from the cache */
32 (void)Curl_disconnect(conn, FALSE);
33 sigpipe_restore(&pipe_st);
34--
352.4.0
36
diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch
deleted file mode 100644
index eb03afd..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-7141.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
2From: Kamil Dudka <kdudka@redhat.com>
3Date: Mon, 22 Aug 2016 10:24:35 +0200
4Subject: [PATCH] nss: refuse previously loaded certificate from file
5
6... when we are not asked to use a certificate from file
7
8Bug: https://curl.haxx.se/docs/adv_20160907.html
9Reported-by: kdudka@redhat.com
10
11Upstream-Status: Backport
12https://curl.haxx.se/CVE-2016-5421.patch
13
14CVE: CVE-2016-7141
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 lib/vtls/nss.c | 8 +++++++-
18 1 file changed, 7 insertions(+), 1 deletion(-)
19
20diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
21index 20c4277..cfb2263 100644
22--- a/lib/vtls/nss.c
23+++ b/lib/vtls/nss.c
24@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
25 struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
26 struct Curl_easy *data = connssl->data;
27 const char *nickname = connssl->client_nickname;
28+ static const char pem_slotname[] = "PEM Token #1";
29
30 if(connssl->obj_clicert) {
31 /* use the cert/key provided by PEM reader */
32- static const char pem_slotname[] = "PEM Token #1";
33 SECItem cert_der = { 0, NULL, 0 };
34 void *proto_win = SSL_RevealPinArg(sock);
35 struct CERTCertificateStr *cert;
36@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
37 if(NULL == nickname)
38 nickname = "[unknown]";
39
40+ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
41+ failf(data, "NSS: refusing previously loaded certificate from file: %s",
42+ nickname);
43+ return SECFailure;
44+ }
45+
46 if(NULL == *pRetKey) {
47 failf(data, "NSS: private key not found for certificate: %s", nickname);
48 return SECFailure;
49--
502.7.4
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8615.patch b/meta/recipes-support/curl/curl/CVE-2016-8615.patch
deleted file mode 100644
index 5faa423..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8615.patch
+++ /dev/null
@@ -1,77 +0,0 @@
1From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 27 Sep 2016 17:36:19 +0200
4Subject: [PATCH] cookie: replace use of fgets() with custom version
5
6... that will ignore lines that are too long to fit in the buffer.
7
8CVE: CVE-2016-8615
9Upstream-Status: Backport
10
11Bug: https://curl.haxx.se/docs/adv_20161102A.html
12Reported-by: Cure53
13Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
14---
15 lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
16 1 file changed, 30 insertions(+), 1 deletion(-)
17
18diff --git a/lib/cookie.c b/lib/cookie.c
19index 0f05da2..e5097d3 100644
20--- a/lib/cookie.c
21+++ b/lib/cookie.c
22@@ -901,10 +901,39 @@ Curl_cookie_add(struct Curl_easy *data,
23 }
24
25 return co;
26 }
27
28+/*
29+ * get_line() makes sure to only return complete whole lines that fit in 'len'
30+ * bytes and end with a newline.
31+ */
32+static char *get_line(char *buf, int len, FILE *input)
33+{
34+ bool partial = FALSE;
35+ while(1) {
36+ char *b = fgets(buf, len, input);
37+ if(b) {
38+ size_t rlen = strlen(b);
39+ if(rlen && (b[rlen-1] == '\n')) {
40+ if(partial) {
41+ partial = FALSE;
42+ continue;
43+ }
44+ return b;
45+ }
46+ else
47+ /* read a partial, discard the next piece that ends with newline */
48+ partial = TRUE;
49+ }
50+ else
51+ break;
52+ }
53+ return NULL;
54+}
55+
56+
57 /*****************************************************************************
58 *
59 * Curl_cookie_init()
60 *
61 * Inits a cookie struct to read data from a local file. This is always
62@@ -957,11 +986,11 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
63 bool headerline;
64
65 line = malloc(MAX_COOKIE_LINE);
66 if(!line)
67 goto fail;
68- while(fgets(line, MAX_COOKIE_LINE, fp)) {
69+ while(get_line(line, MAX_COOKIE_LINE, fp)) {
70 if(checkprefix("Set-Cookie:", line)) {
71 /* This is a cookie line, get it! */
72 lineptr=&line[11];
73 headerline=TRUE;
74 }
75--
762.9.3
77
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8616.patch b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
deleted file mode 100644
index d5d78fc..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8616.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 27 Sep 2016 18:01:53 +0200
4Subject: [PATCH] connectionexists: use case sensitive user/password
5 comparisons
6
7CVE: CVE-2016-8616
8Upstream-Status: Backport
9
10Bug: https://curl.haxx.se/docs/adv_20161102B.html
11Reported-by: Cure53
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13
14diff -ruN a/lib/url.c b/lib/url.c
15--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
16+++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100
17@@ -3305,8 +3305,8 @@
18 if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
19 /* This protocol requires credentials per connection,
20 so verify that we're using the same name and password as well */
21- if(!strequal(needle->user, check->user) ||
22- !strequal(needle->passwd, check->passwd)) {
23+ if(strcmp(needle->user, check->user) ||
24+ strcmp(needle->passwd, check->passwd)) {
25 /* one of them was different */
26 continue;
27 }
28@@ -3369,8 +3369,8 @@
29 possible. (Especially we must not reuse the same connection if
30 partway through a handshake!) */
31 if(wantNTLMhttp) {
32- if(!strequal(needle->user, check->user) ||
33- !strequal(needle->passwd, check->passwd))
34+ if(strcmp(needle->user, check->user) ||
35+ strcmp(needle->passwd, check->passwd))
36 continue;
37 }
38 else if(check->ntlm.state != NTLMSTATE_NONE) {
39@@ -3380,8 +3380,8 @@
40
41 /* Same for Proxy NTLM authentication */
42 if(wantProxyNTLMhttp) {
43- if(!strequal(needle->proxyuser, check->proxyuser) ||
44- !strequal(needle->proxypasswd, check->proxypasswd))
45+ if(strcmp(needle->proxyuser, check->proxyuser) ||
46+ strcmp(needle->proxypasswd, check->proxypasswd))
47 continue;
48 }
49 else if(check->proxyntlm.state != NTLMSTATE_NONE) {
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8617.patch b/meta/recipes-support/curl/curl/CVE-2016-8617.patch
deleted file mode 100644
index d16c2f5..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8617.patch
+++ /dev/null
@@ -1,28 +0,0 @@
1From efd24d57426bd77c9b5860e6b297904703750412 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Wed, 28 Sep 2016 00:05:12 +0200
4Subject: [PATCH] base64: check for integer overflow on large input
5
6CVE: CVE-2016-8617
7Upstream-Status: Backport
8
9Bug: https://curl.haxx.se/docs/adv_20161102C.html
10Reported-by: Cure53
11
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13---
14diff -ruN a/lib/base64.c b/lib/base64.c
15--- a/lib/base64.c 2016-02-03 00:02:43.000000000 +0100
16+++ b/lib/base64.c 2016-11-07 09:22:07.918167530 +0100
17@@ -190,6 +190,11 @@
18 if(0 == insize)
19 insize = strlen(indata);
20
21+#if SIZEOF_SIZE_T == 4
22+ if(insize > UINT_MAX/4)
23+ return CURLE_OUT_OF_MEMORY;
24+#endif
25+
26 base64data = output = malloc(insize*4/3+4);
27 if(NULL == output)
28 return CURLE_OUT_OF_MEMORY;
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8618.patch b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
deleted file mode 100644
index 2fd4749..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8618.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Wed, 28 Sep 2016 10:15:34 +0200
4Subject: [PATCH] aprintf: detect wrap-around when growing allocation
5
6On 32bit systems we could otherwise wrap around after 2GB and allocate 0
7bytes and crash.
8
9CVE: CVE-2016-8618
10Upstream-Status: Backport
11
12Bug: https://curl.haxx.se/docs/adv_20161102D.html
13Reported-by: Cure53
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 lib/mprintf.c | 9 ++++++---
17 1 file changed, 6 insertions(+), 3 deletions(-)
18
19diff --git a/lib/mprintf.c b/lib/mprintf.c
20index dbedeaa..2c88aa8 100644
21--- a/lib/mprintf.c
22+++ b/lib/mprintf.c
23@@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data)
24 }
25 infop->alloc = 32;
26 infop->len =0;
27 }
28 else if(infop->len+1 >= infop->alloc) {
29- char *newptr;
30+ char *newptr = NULL;
31+ size_t newsize = infop->alloc*2;
32
33- newptr = realloc(infop->buffer, infop->alloc*2);
34+ /* detect wrap-around or other overflow problems */
35+ if(newsize > infop->alloc)
36+ newptr = realloc(infop->buffer, newsize);
37
38 if(!newptr) {
39 infop->fail = 1;
40 return -1; /* fail */
41 }
42 infop->buffer = newptr;
43- infop->alloc *= 2;
44+ infop->alloc = newsize;
45 }
46
47 infop->buffer[ infop->len ] = outc;
48
49 infop->len++;
50--
512.9.3
52
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8619.patch b/meta/recipes-support/curl/curl/CVE-2016-8619.patch
deleted file mode 100644
index fb21cf6..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8619.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 91239f7040b1f026d4d15765e7e3f58e92e93761 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Wed, 28 Sep 2016 12:56:02 +0200
4Subject: [PATCH] krb5: avoid realloc(0)
5
6If the requested size is zero, bail out with error instead of doing a
7realloc() that would cause a double-free: realloc(0) acts as a free()
8and then there's a second free in the cleanup path.
9
10CVE: CVE-2016-8619
11Upstream-Status: Backport
12
13Bug: https://curl.haxx.se/docs/adv_20161102E.html
14Reported-by: Cure53
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 lib/security.c | 9 ++++++---
18 1 file changed, 6 insertions(+), 3 deletions(-)
19
20diff --git a/lib/security.c b/lib/security.c
21index a268d4a..4cef8f8 100644
22--- a/lib/security.c
23+++ b/lib/security.c
24@@ -190,19 +190,22 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
25 static CURLcode read_data(struct connectdata *conn,
26 curl_socket_t fd,
27 struct krb5buffer *buf)
28 {
29 int len;
30- void* tmp;
31+ void *tmp = NULL;
32 CURLcode result;
33
34 result = socket_read(fd, &len, sizeof(len));
35 if(result)
36 return result;
37
38- len = ntohl(len);
39- tmp = realloc(buf->data, len);
40+ if(len) {
41+ /* only realloc if there was a length */
42+ len = ntohl(len);
43+ tmp = realloc(buf->data, len);
44+ }
45 if(tmp == NULL)
46 return CURLE_OUT_OF_MEMORY;
47
48 buf->data = tmp;
49 result = socket_read(fd, buf->data, len);
50--
512.9.3
52
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8620.patch b/meta/recipes-support/curl/curl/CVE-2016-8620.patch
deleted file mode 100644
index 613ace3..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8620.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1From fbb5f1aa0326d485d5a7ac643b48481897ca667f Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Mon, 3 Oct 2016 17:27:16 +0200
4Subject: [PATCH] range: prevent negative end number in a glob range
5
6CVE: CVE-2016-8620
7
8Upstream-Status: Backport
9
10Bug: https://curl.haxx.se/docs/adv_20161102F.html
11Reported-by: Luật Nguyễn
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13---
14 src/tool_urlglob.c | 7 +++++++
15 1 file changed, 7 insertions(+)
16
17diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
18index a357b8b..64c75ba 100644
19--- a/src/tool_urlglob.c
20+++ b/src/tool_urlglob.c
21@@ -257,6 +257,12 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
22 endp = NULL;
23 else {
24 pattern = endp+1;
25+ while(*pattern && ISBLANK(*pattern))
26+ pattern++;
27+ if(!ISDIGIT(*pattern)) {
28+ endp = NULL;
29+ goto fail;
30+ }
31 errno = 0;
32 max_n = strtoul(pattern, &endp, 10);
33 if(errno || (*endp == ':')) {
34@@ -277,6 +283,7 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
35 }
36 }
37
38+ fail:
39 *posp += (pattern - *patternp);
40
41 if(!endp || (min_n > max_n) || (step_n > (max_n - min_n)) || !step_n)
42--
431.9.1
44
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8621.patch b/meta/recipes-support/curl/curl/CVE-2016-8621.patch
deleted file mode 100644
index 7345838..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8621.patch
+++ /dev/null
@@ -1,120 +0,0 @@
1From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 4 Oct 2016 16:59:38 +0200
4Subject: [PATCH] parsedate: handle cut off numbers better
5
6... and don't read outside of the given buffer!
7
8CVE: CVE-2016-8621
9Upstream-Status: Backport
10
11bug: https://curl.haxx.se/docs/adv_20161102G.html
12Reported-by: Luật Nguyễn
13Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
14---
15 lib/parsedate.c | 12 +++++++-----
16 tests/data/test517 | 6 ++++++
17 tests/libtest/lib517.c | 8 +++++++-
18 3 files changed, 20 insertions(+), 6 deletions(-)
19
20diff --git a/lib/parsedate.c b/lib/parsedate.c
21index dfcf855..8e932f4 100644
22--- a/lib/parsedate.c
23+++ b/lib/parsedate.c
24@@ -3,11 +3,11 @@
25 * Project ___| | | | _ \| |
26 * / __| | | | |_) | |
27 * | (__| |_| | _ <| |___
28 * \___|\___/|_| \_\_____|
29 *
30- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
31+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
32 *
33 * This software is licensed as described in the file COPYING, which
34 * you should have received as part of this distribution. The terms
35 * are also available at https://curl.haxx.se/docs/copyright.html.
36 *
37@@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output)
38 }
39 else if(ISDIGIT(*date)) {
40 /* a digit */
41 int val;
42 char *end;
43+ int len=0;
44 if((secnum == -1) &&
45- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
46+ (3 == sscanf(date, "%02d:%02d:%02d%n",
47+ &hournum, &minnum, &secnum, &len))) {
48 /* time stamp! */
49- date += 8;
50+ date += len;
51 }
52 else if((secnum == -1) &&
53- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
54+ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
55 /* time stamp without seconds */
56- date += 5;
57+ date += len;
58 secnum = 0;
59 }
60 else {
61 long lval;
62 int error;
63diff --git a/tests/data/test517 b/tests/data/test517
64index c81a45e..513634f 100644
65--- a/tests/data/test517
66+++ b/tests/data/test517
67@@ -114,10 +114,16 @@ nothing
68 79: 20110632 12:34:56 => -1
69 80: 20110623 56:34:56 => -1
70 81: 20111323 12:34:56 => -1
71 82: 20110623 12:34:79 => -1
72 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
73+84: 20110623 12:3 => 1308830580
74+85: 20110623 1:3 => 1308790980
75+86: 20110623 1:30 => 1308792600
76+87: 20110623 12:12:3 => 1308831123
77+88: 20110623 01:12:3 => 1308791523
78+89: 20110623 01:99:30 => -1
79 </stdout>
80
81 # This test case previously tested an overflow case ("2094 Nov 6 =>
82 # 2147483647") for 32bit time_t, but since some systems have 64bit time_t and
83 # handles this (returning 3939840000), and some 64bit-time_t systems don't
84diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
85index 2f68ebd..22162ff 100644
86--- a/tests/libtest/lib517.c
87+++ b/tests/libtest/lib517.c
88@@ -3,11 +3,11 @@
89 * Project ___| | | | _ \| |
90 * / __| | | | |_) | |
91 * | (__| |_| | _ <| |___
92 * \___|\___/|_| \_\_____|
93 *
94- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
95+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
96 *
97 * This software is licensed as described in the file COPYING, which
98 * you should have received as part of this distribution. The terms
99 * are also available at https://curl.haxx.se/docs/copyright.html.
100 *
101@@ -114,10 +114,16 @@ static const char * const dates[]={
102 "20110632 12:34:56",
103 "20110623 56:34:56",
104 "20111323 12:34:56",
105 "20110623 12:34:79",
106 "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
107+ "20110623 12:3",
108+ "20110623 1:3",
109+ "20110623 1:30",
110+ "20110623 12:12:3",
111+ "20110623 01:12:3",
112+ "20110623 01:99:30",
113 NULL
114 };
115
116 int test(char *URL)
117 {
118--
1192.9.3
120
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8622.patch b/meta/recipes-support/curl/curl/CVE-2016-8622.patch
deleted file mode 100644
index 8edad01..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8622.patch
+++ /dev/null
@@ -1,94 +0,0 @@
1From 53e71e47d6b81650d26ec33a58d0dca24c7ffb2c Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 4 Oct 2016 18:56:45 +0200
4Subject: [PATCH] unescape: avoid integer overflow
5
6CVE: CVE-2016-8622
7Upstream-Status: Backport
8
9Bug: https://curl.haxx.se/docs/adv_20161102H.html
10Reported-by: Cure53
11
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13
14diff -ruN a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3
15--- a/docs/libcurl/curl_easy_unescape.3 2016-02-03 00:08:02.000000000 +0100
16+++ b/docs/libcurl/curl_easy_unescape.3 2016-11-07 09:25:45.999933275 +0100
17@@ -5,7 +5,7 @@
18 .\" * | (__| |_| | _ <| |___
19 .\" * \___|\___/|_| \_\_____|
20 .\" *
21-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
22+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
23 .\" *
24 .\" * This software is licensed as described in the file COPYING, which
25 .\" * you should have received as part of this distribution. The terms
26@@ -40,7 +40,10 @@
27
28 If \fBoutlength\fP is non-NULL, the function will write the length of the
29 returned string in the integer it points to. This allows an escaped string
30-containing %00 to still get used properly after unescaping.
31+containing %00 to still get used properly after unescaping. Since this is a
32+pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no
33+longer string can be unescaped if the string length is returned in this
34+parameter.
35
36 You must \fIcurl_free(3)\fP the returned string when you're done with it.
37 .SH AVAILABILITY
38diff -ruN a/lib/dict.c b/lib/dict.c
39--- a/lib/dict.c 2016-02-03 00:02:44.000000000 +0100
40+++ b/lib/dict.c 2016-11-07 09:25:45.999933275 +0100
41@@ -5,7 +5,7 @@
42 * | (__| |_| | _ <| |___
43 * \___|\___/|_| \_\_____|
44 *
45- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
46+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
47 *
48 * This software is licensed as described in the file COPYING, which
49 * you should have received as part of this distribution. The terms
50@@ -52,7 +52,7 @@
51 #include <curl/curl.h>
52 #include "transfer.h"
53 #include "sendf.h"
54-
55+#include "escape.h"
56 #include "progress.h"
57 #include "strequal.h"
58 #include "dict.h"
59@@ -96,12 +96,12 @@
60 char *newp;
61 char *dictp;
62 char *ptr;
63- int len;
64+ size_t len;
65 char ch;
66 int olen=0;
67
68- newp = curl_easy_unescape(data, inputbuff, 0, &len);
69- if(!newp)
70+ CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE);
71+ if(!newp || result)
72 return NULL;
73
74 dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
75diff -ruN a/lib/escape.c b/lib/escape.c
76--- a/lib/escape.c 2016-02-05 10:02:03.000000000 +0100
77+++ b/lib/escape.c 2016-11-07 09:29:43.073671606 +0100
78@@ -217,8 +217,14 @@
79 FALSE);
80 if(res)
81 return NULL;
82- if(olen)
83- *olen = curlx_uztosi(outputlen);
84+
85+ if(olen) {
86+ if(outputlen <= (size_t) INT_MAX)
87+ *olen = curlx_uztosi(outputlen);
88+ else
89+ /* too large to return in an int, fail! */
90+ Curl_safefree(str);
91+ }
92 return str;
93 }
94
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8623.patch b/meta/recipes-support/curl/curl/CVE-2016-8623.patch
deleted file mode 100644
index d9ddef6..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8623.patch
+++ /dev/null
@@ -1,209 +0,0 @@
1From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 4 Oct 2016 23:26:13 +0200
4Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
5
6Previously it only held references to them, which was reckless as the
7thread lock was released so the cookies could get modified by other
8handles that share the same cookie jar over the share interface.
9
10CVE: CVE-2016-8623
11Upstream-Status: Backport
12
13Bug: https://curl.haxx.se/docs/adv_20161102I.html
14Reported-by: Cure53
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------
18 lib/cookie.h | 4 ++--
19 lib/http.c | 2 +-
20 3 files changed, 43 insertions(+), 24 deletions(-)
21
22diff --git a/lib/cookie.c b/lib/cookie.c
23index 0f05da2..8607ce3 100644
24--- a/lib/cookie.c
25+++ b/lib/cookie.c
26@@ -1022,10 +1022,44 @@ static int cookie_sort(const void *p1, const void *p2)
27
28 /* sorry, can't be more deterministic */
29 return 0;
30 }
31
32+#define CLONE(field) \
33+ do { \
34+ if(src->field) { \
35+ dup->field = strdup(src->field); \
36+ if(!dup->field) \
37+ goto fail; \
38+ } \
39+ } while(0)
40+
41+static struct Cookie *dup_cookie(struct Cookie *src)
42+{
43+ struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
44+ if(dup) {
45+ CLONE(expirestr);
46+ CLONE(domain);
47+ CLONE(path);
48+ CLONE(spath);
49+ CLONE(name);
50+ CLONE(value);
51+ CLONE(maxage);
52+ CLONE(version);
53+ dup->expires = src->expires;
54+ dup->tailmatch = src->tailmatch;
55+ dup->secure = src->secure;
56+ dup->livecookie = src->livecookie;
57+ dup->httponly = src->httponly;
58+ }
59+ return dup;
60+
61+ fail:
62+ freecookie(dup);
63+ return NULL;
64+}
65+
66 /*****************************************************************************
67 *
68 * Curl_cookie_getlist()
69 *
70 * For a given host and path, return a linked list of cookies that the
71@@ -1077,15 +1111,12 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
72 if(!co->spath || pathmatch(co->spath, path) ) {
73
74 /* and now, we know this is a match and we should create an
75 entry for the return-linked-list */
76
77- newco = malloc(sizeof(struct Cookie));
78+ newco = dup_cookie(co);
79 if(newco) {
80- /* first, copy the whole source cookie: */
81- memcpy(newco, co, sizeof(struct Cookie));
82-
83 /* then modify our next */
84 newco->next = mainco;
85
86 /* point the main to us */
87 mainco = newco;
88@@ -1093,16 +1124,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
89 matches++;
90 }
91 else {
92 fail:
93 /* failure, clear up the allocated chain and return NULL */
94- while(mainco) {
95- co = mainco->next;
96- free(mainco);
97- mainco = co;
98- }
99-
100+ Curl_cookie_freelist(mainco);
101 return NULL;
102 }
103 }
104 }
105 }
106@@ -1150,11 +1176,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
107 *
108 ****************************************************************************/
109 void Curl_cookie_clearall(struct CookieInfo *cookies)
110 {
111 if(cookies) {
112- Curl_cookie_freelist(cookies->cookies, TRUE);
113+ Curl_cookie_freelist(cookies->cookies);
114 cookies->cookies = NULL;
115 cookies->numcookies = 0;
116 }
117 }
118
119@@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
120 *
121 * Curl_cookie_freelist()
122 *
123 * Free a list of cookies previously returned by Curl_cookie_getlist();
124 *
125- * The 'cookiestoo' argument tells this function whether to just free the
126- * list or actually also free all cookies within the list as well.
127- *
128 ****************************************************************************/
129
130-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
131+void Curl_cookie_freelist(struct Cookie *co)
132 {
133 struct Cookie *next;
134 while(co) {
135 next = co->next;
136- if(cookiestoo)
137- freecookie(co);
138- else
139- free(co); /* we only free the struct since the "members" are all just
140- pointed out in the main cookie list! */
141+ freecookie(co);
142 co = next;
143 }
144 }
145
146
147@@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
148 ****************************************************************************/
149 void Curl_cookie_cleanup(struct CookieInfo *c)
150 {
151 if(c) {
152 free(c->filename);
153- Curl_cookie_freelist(c->cookies, TRUE);
154+ Curl_cookie_freelist(c->cookies);
155 free(c); /* free the base struct as well */
156 }
157 }
158
159 /* get_netscape_format()
160diff --git a/lib/cookie.h b/lib/cookie.h
161index cd7c54a..a9a4578 100644
162--- a/lib/cookie.h
163+++ b/lib/cookie.h
164@@ -5,11 +5,11 @@
165 * Project ___| | | | _ \| |
166 * / __| | | | |_) | |
167 * | (__| |_| | _ <| |___
168 * \___|\___/|_| \_\_____|
169 *
170- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
171+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
172 *
173 * This software is licensed as described in the file COPYING, which
174 * you should have received as part of this distribution. The terms
175 * are also available at https://curl.haxx.se/docs/copyright.html.
176 *
177@@ -80,11 +80,11 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
178 struct CookieInfo *, bool header, char *lineptr,
179 const char *domain, const char *path);
180
181 struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
182 const char *, bool);
183-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
184+void Curl_cookie_freelist(struct Cookie *cookies);
185 void Curl_cookie_clearall(struct CookieInfo *cookies);
186 void Curl_cookie_clearsess(struct CookieInfo *cookies);
187
188 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
189 #define Curl_cookie_list(x) NULL
190diff --git a/lib/http.c b/lib/http.c
191index 65c145a..e6e7d37 100644
192--- a/lib/http.c
193+++ b/lib/http.c
194@@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
195 break;
196 count++;
197 }
198 co = co->next; /* next cookie please */
199 }
200- Curl_cookie_freelist(store, FALSE); /* free the cookie list */
201+ Curl_cookie_freelist(store);
202 }
203 if(addcookies && !result) {
204 if(!count)
205 result = Curl_add_bufferf(req_buffer, "Cookie: ");
206 if(!result) {
207--
2082.9.3
209
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8624.patch b/meta/recipes-support/curl/curl/CVE-2016-8624.patch
deleted file mode 100644
index 009f7d0..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8624.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From 3bb273db7e40ebc284cff45f3ce3f0475c8339c2 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 11 Oct 2016 00:48:35 +0200
4Subject: [PATCH] urlparse: accept '#' as end of host name
5
6'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
7for the '/' document with the rest of the URL being a fragment.
8
9CVE: CVE-2016-8624
10Upstream-Status: Backport
11
12Bug: https://curl.haxx.se/docs/adv_20161102J.html
13Reported-by: Fernando Muñoz
14
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16
17diff -ruN a/lib/url.c b/lib/url.c
18--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
19+++ b/lib/url.c 2016-11-07 10:16:13.562089428 +0100
20@@ -4086,7 +4086,7 @@
21 path[0]=0;
22
23 if(2 > sscanf(data->change.url,
24- "%15[^\n:]://%[^\n/?]%[^\n]",
25+ "%15[^\n:]://%[^\n/?#]%[^\n]",
26 protobuf,
27 conn->host.name, path)) {
28
29@@ -4094,7 +4094,7 @@
30 * The URL was badly formatted, let's try the browser-style _without_
31 * protocol specified like 'http://'.
32 */
33- rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path);
34+ rc = sscanf(data->change.url, "%[^\n/?#]%[^\n]", conn->host.name, path);
35 if(1 > rc) {
36 /*
37 * We couldn't even get this format.
38@@ -4184,10 +4184,10 @@
39 }
40
41 /* If the URL is malformatted (missing a '/' after hostname before path) we
42- * insert a slash here. The only letter except '/' we accept to start a path
43- * is '?'.
44+ * insert a slash here. The only letters except '/' that can start a path is
45+ * '?' and '#' - as controlled by the two sscanf() patterns above.
46 */
47- if(path[0] == '?') {
48+ if(path[0] != '/') {
49 /* We need this function to deal with overlapping memory areas. We know
50 that the memory area 'path' points to is 'urllen' bytes big and that
51 is bigger than the path. Use +1 to move the zero byte too. */
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8625.patch b/meta/recipes-support/curl/curl/CVE-2016-8625.patch
deleted file mode 100755
index b618277..0000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8625.patch
+++ /dev/null
@@ -1,615 +0,0 @@
1commit 914aae739463ec72340130ea9ad42e04b02a5338
2Author: Daniel Stenberg <daniel@haxx.se>
3Date: Wed Oct 12 09:01:06 2016 +0200
4
5idn: switch to libidn2 use and IDNA2008 support
6
7CVE: CVE-2016-8625
8Upstream-Status: Backport
9
10Bug: https://curl.haxx.se/docs/adv_20161102K.html
11Reported-by: Christian Heimes
12
13Conflicts:
14 CMakeLists.txt
15 lib/url.c
16
17Signed-off-by: Martin Borg <martin.borg@enea.com>
18Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
19diff --git a/CMakeLists.txt b/CMakeLists.txt
20index 06f18cf..c3e5c7c 100644
21--- a/CMakeLists.txt
22+++ b/CMakeLists.txt
23@@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS)
24 endif()
25
26 # Check for idn
27-check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
28+check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)
29
30 # Check for symbol dlopen (same as HAVE_LIBDL)
31 check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
32@@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H)
33 check_include_file_concat("err.h" HAVE_ERR_H)
34 check_include_file_concat("errno.h" HAVE_ERRNO_H)
35 check_include_file_concat("fcntl.h" HAVE_FCNTL_H)
36-check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H)
37+check_include_file_concat("idn2.h" HAVE_IDN2_H)
38 check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H)
39 check_include_file_concat("io.h" HAVE_IO_H)
40 check_include_file_concat("krb.h" HAVE_KRB_H)
41@@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H)
42 check_include_file_concat("termio.h" HAVE_TERMIO_H)
43 check_include_file_concat("termios.h" HAVE_TERMIOS_H)
44 check_include_file_concat("time.h" HAVE_TIME_H)
45-check_include_file_concat("tld.h" HAVE_TLD_H)
46 check_include_file_concat("unistd.h" HAVE_UNISTD_H)
47 check_include_file_concat("utime.h" HAVE_UTIME_H)
48 check_include_file_concat("x509.h" HAVE_X509_H)
49@@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
50 check_include_file_concat("stdint.h" HAVE_STDINT_H)
51 check_include_file_concat("sockio.h" HAVE_SOCKIO_H)
52 check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H)
53-check_include_file_concat("idna.h" HAVE_IDNA_H)
54-
55-
56
57 check_type_size(size_t SIZEOF_SIZE_T)
58 check_type_size(ssize_t SIZEOF_SSIZE_T)
59@@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE)
60 check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE)
61 check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
62 check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT)
63-check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE)
64-check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
65-check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
66 check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE)
67 check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT)
68 check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL)
69@@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6)
70 _add_if("unix-sockets" USE_UNIX_SOCKETS)
71 _add_if("libz" HAVE_LIBZ)
72 _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX)
73-_add_if("IDN" HAVE_LIBIDN)
74+_add_if("IDN" HAVE_LIBIDN2)
75 # TODO SSP1 (WinSSL) check is missing
76 _add_if("SSPI" USE_WINDOWS_SSPI)
77 _add_if("GSS-API" HAVE_GSSAPI)
78diff --git a/configure.ac b/configure.ac
79index 4c9862f..c8e2721 100644
80--- a/configure.ac
81+++ b/configure.ac
82@@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)"
83 curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
84 curl_ipv6_msg="no (--enable-ipv6)"
85 curl_unix_sockets_msg="no (--enable-unix-sockets)"
86- curl_idn_msg="no (--with-{libidn,winidn})"
87+ curl_idn_msg="no (--with-{libidn2,winidn})"
88 curl_manual_msg="no (--enable-manual)"
89 curl_libcurl_msg="enabled (--disable-libcurl-option)"
90 curl_verbose_msg="enabled (--disable-verbose)"
91@@ -2825,15 +2825,15 @@ dnl **********************************************************************
92 dnl Check for the presence of IDN libraries and headers
93 dnl **********************************************************************
94
95-AC_MSG_CHECKING([whether to build with libidn])
96+AC_MSG_CHECKING([whether to build with libidn2])
97 OPT_IDN="default"
98 AC_ARG_WITH(libidn,
99-AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage])
100-AC_HELP_STRING([--without-libidn],[Disable libidn usage]),
101+AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage])
102+AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]),
103 [OPT_IDN=$withval])
104 case "$OPT_IDN" in
105 no)
106- dnl --without-libidn option used
107+ dnl --without-libidn2 option used
108 want_idn="no"
109 AC_MSG_RESULT([no])
110 ;;
111@@ -2844,13 +2844,13 @@ case "$OPT_IDN" in
112 AC_MSG_RESULT([(assumed) yes])
113 ;;
114 yes)
115- dnl --with-libidn option used without path
116+ dnl --with-libidn2 option used without path
117 want_idn="yes"
118 want_idn_path="default"
119 AC_MSG_RESULT([yes])
120 ;;
121 *)
122- dnl --with-libidn option used with path
123+ dnl --with-libidn2 option used with path
124 want_idn="yes"
125 want_idn_path="$withval"
126 AC_MSG_RESULT([yes ($withval)])
127@@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then
128 if test "$want_idn_path" != "default"; then
129 dnl path has been specified
130 IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig"
131- CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR])
132+ CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR])
133 if test "$PKGCONFIG" != "no"; then
134 IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
135- $PKGCONFIG --libs-only-l libidn 2>/dev/null`
136+ $PKGCONFIG --libs-only-l libidn2 2>/dev/null`
137 IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
138- $PKGCONFIG --libs-only-L libidn 2>/dev/null`
139+ $PKGCONFIG --libs-only-L libidn2 2>/dev/null`
140 IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
141- $PKGCONFIG --cflags-only-I libidn 2>/dev/null`
142+ $PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
143 IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
144 else
145 dnl pkg-config not available or provides no info
146- IDN_LIBS="-lidn"
147+ IDN_LIBS="-lidn2"
148 IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
149 IDN_CPPFLAGS="-I$want_idn_path/include"
150 IDN_DIR="$want_idn_path/lib$libsuff"
151 fi
152 else
153 dnl path not specified
154- CURL_CHECK_PKGCONFIG(libidn)
155+ CURL_CHECK_PKGCONFIG(libidn2)
156 if test "$PKGCONFIG" != "no"; then
157- IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null`
158- IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null`
159- IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null`
160+ IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null`
161+ IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null`
162+ IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
163 IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
164 else
165 dnl pkg-config not available or provides no info
166- IDN_LIBS="-lidn"
167+ IDN_LIBS="-lidn2"
168 fi
169 fi
170 #
171@@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then
172 LDFLAGS="$IDN_LDFLAGS $LDFLAGS"
173 LIBS="$IDN_LIBS $LIBS"
174 #
175- AC_MSG_CHECKING([if idna_to_ascii_4i can be linked])
176+ AC_MSG_CHECKING([if idn2_lookup_ul can be linked])
177 AC_LINK_IFELSE([
178- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i])
179+ AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul])
180 ],[
181 AC_MSG_RESULT([yes])
182 tst_links_libidn="yes"
183@@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then
184 AC_MSG_RESULT([no])
185 tst_links_libidn="no"
186 ])
187- if test "$tst_links_libidn" = "no"; then
188- AC_MSG_CHECKING([if idna_to_ascii_lz can be linked])
189- AC_LINK_IFELSE([
190- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz])
191- ],[
192- AC_MSG_RESULT([yes])
193- tst_links_libidn="yes"
194- ],[
195- AC_MSG_RESULT([no])
196- tst_links_libidn="no"
197- ])
198- fi
199 #
200+ AC_CHECK_HEADERS( idn2.h )
201+
202 if test "$tst_links_libidn" = "yes"; then
203- AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).])
204+ AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).])
205 dnl different versions of libidn have different setups of these:
206- AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror )
207- AC_CHECK_HEADERS( idn-free.h tld.h )
208- if test "x$ac_cv_header_tld_h" = "xyes"; then
209- AC_SUBST([IDN_ENABLED], [1])
210- curl_idn_msg="enabled"
211- if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
212- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
213- export LD_LIBRARY_PATH
214- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
215- fi
216- else
217- AC_MSG_WARN([Libraries for IDN support too old: IDN disabled])
218- CPPFLAGS="$clean_CPPFLAGS"
219- LDFLAGS="$clean_LDFLAGS"
220- LIBS="$clean_LIBS"
221+
222+ AC_SUBST([IDN_ENABLED], [1])
223+ curl_idn_msg="enabled (libidn2)"
224+ if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
225+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
226+ export LD_LIBRARY_PATH
227+ AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
228 fi
229 else
230 AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
231diff --git a/lib/curl_setup.h b/lib/curl_setup.h
232index 33ad129..5fb241b 100644
233--- a/lib/curl_setup.h
234+++ b/lib/curl_setup.h
235@@ -590,10 +590,9 @@ int netware_init(void);
236 #endif
237 #endif
238
239-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
240-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
241- but we only work with libidn 0.4.1 or later) */
242-#define USE_LIBIDN
243+#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H)
244+/* The lib and header are present */
245+#define USE_LIBIDN2
246 #endif
247
248 #ifndef SIZEOF_TIME_T
249diff --git a/lib/easy.c b/lib/easy.c
250index d529da8..51d57e3 100644
251--- a/lib/easy.c
252+++ b/lib/easy.c
253@@ -144,28 +144,6 @@ static CURLcode win32_init(void)
254 return CURLE_OK;
255 }
256
257-#ifdef USE_LIBIDN
258-/*
259- * Initialise use of IDNA library.
260- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
261- * idna_to_ascii_lz().
262- */
263-static void idna_init (void)
264-{
265-#ifdef WIN32
266- char buf[60];
267- UINT cp = GetACP();
268-
269- if(!getenv("CHARSET") && cp > 0) {
270- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
271- putenv(buf);
272- }
273-#else
274- /* to do? */
275-#endif
276-}
277-#endif /* USE_LIBIDN */
278-
279 /* true globals -- for curl_global_init() and curl_global_cleanup() */
280 static unsigned int initialized;
281 static long init_flags;
282@@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs)
283 }
284 #endif
285
286-#ifdef USE_LIBIDN
287- idna_init();
288-#endif
289-
290 if(Curl_resolver_global_init()) {
291 DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
292 return CURLE_FAILED_INIT;
293diff --git a/lib/strerror.c b/lib/strerror.c
294index d222a1f..bf4faae 100644
295--- a/lib/strerror.c
296+++ b/lib/strerror.c
297@@ -35,8 +35,8 @@
298
299 #include <curl/curl.h>
300
301-#ifdef USE_LIBIDN
302-#include <idna.h>
303+#ifdef USE_LIBIDN2
304+#include <idn2.h>
305 #endif
306
307 #ifdef USE_WINDOWS_SSPI
308@@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err)
309 return buf;
310 }
311
312-#ifdef USE_LIBIDN
313-/*
314- * Return error-string for libidn status as returned from idna_to_ascii_lz().
315- */
316-const char *Curl_idn_strerror (struct connectdata *conn, int err)
317-{
318-#ifdef HAVE_IDNA_STRERROR
319- (void)conn;
320- return idna_strerror((Idna_rc) err);
321-#else
322- const char *str;
323- char *buf;
324- size_t max;
325-
326- DEBUGASSERT(conn);
327-
328- buf = conn->syserr_buf;
329- max = sizeof(conn->syserr_buf)-1;
330- *buf = '\0';
331-
332-#ifndef CURL_DISABLE_VERBOSE_STRINGS
333- switch ((Idna_rc)err) {
334- case IDNA_SUCCESS:
335- str = "No error";
336- break;
337- case IDNA_STRINGPREP_ERROR:
338- str = "Error in string preparation";
339- break;
340- case IDNA_PUNYCODE_ERROR:
341- str = "Error in Punycode operation";
342- break;
343- case IDNA_CONTAINS_NON_LDH:
344- str = "Illegal ASCII characters";
345- break;
346- case IDNA_CONTAINS_MINUS:
347- str = "Contains minus";
348- break;
349- case IDNA_INVALID_LENGTH:
350- str = "Invalid output length";
351- break;
352- case IDNA_NO_ACE_PREFIX:
353- str = "No ACE prefix (\"xn--\")";
354- break;
355- case IDNA_ROUNDTRIP_VERIFY_ERROR:
356- str = "Round trip verify error";
357- break;
358- case IDNA_CONTAINS_ACE_PREFIX:
359- str = "Already have ACE prefix (\"xn--\")";
360- break;
361- case IDNA_ICONV_ERROR:
362- str = "Locale conversion failed";
363- break;
364- case IDNA_MALLOC_ERROR:
365- str = "Allocation failed";
366- break;
367- case IDNA_DLOPEN_ERROR:
368- str = "dlopen() error";
369- break;
370- default:
371- snprintf(buf, max, "error %d", err);
372- str = NULL;
373- break;
374- }
375-#else
376- if((Idna_rc)err == IDNA_SUCCESS)
377- str = "No error";
378- else
379- str = "Error";
380-#endif
381- if(str)
382- strncpy(buf, str, max);
383- buf[max] = '\0';
384- return (buf);
385-#endif
386-}
387-#endif /* USE_LIBIDN */
388-
389 #ifdef USE_WINDOWS_SSPI
390 const char *Curl_sspi_strerror (struct connectdata *conn, int err)
391 {
392diff --git a/lib/strerror.h b/lib/strerror.h
393index ae8c96b..627273e 100644
394--- a/lib/strerror.h
395+++ b/lib/strerror.h
396@@ -7,7 +7,7 @@
397 * | (__| |_| | _ <| |___
398 * \___|\___/|_| \_\_____|
399 *
400- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
401+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
402 *
403 * This software is licensed as described in the file COPYING, which
404 * you should have received as part of this distribution. The terms
405@@ -26,7 +26,7 @@
406
407 const char *Curl_strerror (struct connectdata *conn, int err);
408
409-#ifdef USE_LIBIDN
410+#ifdef USE_LIBIDN2
411 const char *Curl_idn_strerror (struct connectdata *conn, int err);
412 #endif
413
414diff --git a/lib/url.c b/lib/url.c
415index 8832989..8d52152 100644
416--- a/lib/url.c
417+++ b/lib/url.c
418@@ -59,24 +59,15 @@
419 #include <limits.h>
420 #endif
421
422-#ifdef USE_LIBIDN
423-#include <idna.h>
424-#include <tld.h>
425-#include <stringprep.h>
426-#ifdef HAVE_IDN_FREE_H
427-#include <idn-free.h>
428-#else
429-/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
430-void idn_free (void *ptr);
431-#endif
432-#ifndef HAVE_IDN_FREE
433-/* if idn_free() was not found in this version of libidn use free() instead */
434-#define idn_free(x) (free)(x)
435-#endif
436+#ifdef USE_LIBIDN2
437+#include <idn2.h>
438+
439 #elif defined(USE_WIN32_IDN)
440 /* prototype for curl_win32_idn_to_ascii() */
441 int curl_win32_idn_to_ascii(const char *in, char **out);
442-#endif /* USE_LIBIDN */
443+#endif /* USE_LIBIDN2 */
444+
445+#include <idn2.h>
446
447 #include "urldata.h"
448 #include "netrc.h"
449@@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname)
450 return TRUE;
451 }
452
453-#ifdef USE_LIBIDN
454-/*
455- * Check if characters in hostname is allowed in Top Level Domain.
456- */
457-static bool tld_check_name(struct SessionHandle *data,
458- const char *ace_hostname)
459-{
460- size_t err_pos;
461- char *uc_name = NULL;
462- int rc;
463-#ifndef CURL_DISABLE_VERBOSE_STRINGS
464- const char *tld_errmsg = "<no msg>";
465-#else
466- (void)data;
467-#endif
468-
469- /* Convert (and downcase) ACE-name back into locale's character set */
470- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
471- if(rc != IDNA_SUCCESS)
472- return FALSE;
473-
474- rc = tld_check_lz(uc_name, &err_pos, NULL);
475-#ifndef CURL_DISABLE_VERBOSE_STRINGS
476-#ifdef HAVE_TLD_STRERROR
477- if(rc != TLD_SUCCESS)
478- tld_errmsg = tld_strerror((Tld_rc)rc);
479-#endif
480- if(rc == TLD_INVALID)
481- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
482- tld_errmsg, err_pos, uc_name[err_pos],
483- uc_name[err_pos] & 255);
484- else if(rc != TLD_SUCCESS)
485- infof(data, "WARNING: TLD check for %s failed; %s\n",
486- uc_name, tld_errmsg);
487-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
488- if(uc_name)
489- idn_free(uc_name);
490- if(rc != TLD_SUCCESS)
491- return FALSE;
492-
493- return TRUE;
494-}
495-#endif
496-
497 /*
498 * Perform any necessary IDN conversion of hostname
499 */
500-static void fix_hostname(struct SessionHandle *data,
501- struct connectdata *conn, struct hostname *host)
502+static void fix_hostname(struct connectdata *conn, struct hostname *host)
503 {
504 size_t len;
505+ struct Curl_easy *data = conn->data;
506
507-#ifndef USE_LIBIDN
508+#ifndef USE_LIBIDN2
509 (void)data;
510 (void)conn;
511 #elif defined(CURL_DISABLE_VERBOSE_STRINGS)
512@@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data,
513 host->name[len-1]=0;
514
515 if(!is_ASCII_name(host->name)) {
516-#ifdef USE_LIBIDN
517- /*************************************************************
518- * Check name for non-ASCII and convert hostname to ACE form.
519- *************************************************************/
520- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
521- char *ace_hostname = NULL;
522- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
523- infof (data, "Input domain encoded as `%s'\n",
524- stringprep_locale_charset ());
525- if(rc != IDNA_SUCCESS)
526- infof(data, "Failed to convert %s to ACE; %s\n",
527- host->name, Curl_idn_strerror(conn, rc));
528- else {
529- /* tld_check_name() displays a warning if the host name contains
530- "illegal" characters for this TLD */
531- (void)tld_check_name(data, ace_hostname);
532-
533- host->encalloc = ace_hostname;
534- /* change the name pointer to point to the encoded hostname */
535- host->name = host->encalloc;
536+#ifdef USE_LIBIDN2
537+ if(idn2_check_version(IDN2_VERSION)) {
538+ char *ace_hostname = NULL;
539+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0);
540+ if(rc == IDN2_OK) {
541+ host->encalloc = (char *)ace_hostname;
542+ /* change the name pointer to point to the encoded hostname */
543+ host->name = host->encalloc;
544+ }
545+ else
546+ infof(data, "Failed to convert %s to ACE; %s\n", host->name,
547+ idn2_strerror(rc));
548 }
549 }
550 #elif defined(USE_WIN32_IDN)
551@@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data,
552 */
553 static void free_fixed_hostname(struct hostname *host)
554 {
555-#if defined(USE_LIBIDN)
556+#if defined(USE_LIBIDN2)
557 if(host->encalloc) {
558- idn_free(host->encalloc); /* must be freed with idn_free() since this was
559+ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
560 allocated by libidn */
561 host->encalloc = NULL;
562 }
563@@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data,
564 /*************************************************************
565 * IDN-fix the hostnames
566 *************************************************************/
567- fix_hostname(data, conn, &conn->host);
568+ fix_hostname(conn, &conn->host);
569 if(conn->proxy.name && *conn->proxy.name)
570- fix_hostname(data, conn, &conn->proxy);
571+ fix_hostname(conn, &conn->proxy);
572
573 /*************************************************************
574 * Setup internals depending on protocol. Needs to be done after
575diff --git a/lib/version.c b/lib/version.c
576index 7f14fa5..a5c9811 100644
577--- a/lib/version.c
578+++ b/lib/version.c
579@@ -36,8 +36,8 @@
580 # include <ares.h>
581 #endif
582
583-#ifdef USE_LIBIDN
584-#include <stringprep.h>
585+#ifdef USE_LIBIDN2
586+#include <idn2.h>
587 #endif
588
589 #ifdef USE_LIBPSL
590@@ -97,9 +97,9 @@ char *curl_version(void)
591 left -= len;
592 ptr += len;
593 #endif
594-#ifdef USE_LIBIDN
595- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
596- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
597+#ifdef USE_LIBIDN2
598+ if(idn2_check_version(IDN2_VERSION)) {
599+ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL));
600 left -= len;
601 ptr += len;
602 }
603@@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
604 version_info.ares_num = aresnum;
605 }
606 #endif
607-#ifdef USE_LIBIDN
608+#ifdef USE_LIBIDN2
609 /* This returns a version string if we use the given version or later,
610 otherwise it returns NULL */
611- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
612+ version_info.libidn = idn2_check_version(IDN2_VERSION);
613 if(version_info.libidn)
614 version_info.features |= CURL_VERSION_IDN;
615 #elif defined(USE_WIN32_IDN)
diff --git a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
deleted file mode 100644
index 3549101..0000000
--- a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Mon, 31 Oct 2016 09:49:50 +0100
4Subject: [PATCH] url: remove unconditional idn2.h include
5
6Mistake brought by 9c91ec778104a [fix to CVE-2016-8625]
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/url.c | 2 --
12 1 file changed, 2 deletions(-)
13
14diff --git a/lib/url.c b/lib/url.c
15index c90a1c5..b997f41 100644
16--- a/lib/url.c
17+++ b/lib/url.c
18@@ -67,8 +67,6 @@
19 bool curl_win32_idn_to_ascii(const char *in, char **out);
20 #endif /* USE_LIBIDN2 */
21
22-#include <idn2.h>
23-
24 #include "urldata.h"
25 #include "netrc.h"
26
27--
281.9.1
29
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb
index 7fab7cf..9eb9720 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.53.1.bb
@@ -10,27 +10,10 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2"
10# curl likes to set -g0 in CFLAGS, so we stop it 10# curl likes to set -g0 in CFLAGS, so we stop it
11# from mucking around with debug options 11# from mucking around with debug options
12# 12#
13SRC_URI += " file://configure_ac.patch \ 13SRC_URI += " file://configure_ac.patch"
14 file://CVE-2016-5419.patch \
15 file://CVE-2016-5420.patch \
16 file://CVE-2016-5421.patch \
17 file://CVE-2016-7141.patch \
18 file://CVE-2016-8615.patch \
19 file://CVE-2016-8616.patch \
20 file://CVE-2016-8617.patch \
21 file://CVE-2016-8618.patch \
22 file://CVE-2016-8619.patch \
23 file://CVE-2016-8620.patch \
24 file://CVE-2016-8621.patch \
25 file://CVE-2016-8622.patch \
26 file://CVE-2016-8623.patch \
27 file://CVE-2016-8624.patch \
28 file://CVE-2016-8625.patch \
29 file://url-remove-unconditional-idn2.h-include.patch \
30 "
31 14
32SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" 15SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542"
33SRC_URI[sha256sum] = "ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f" 16SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8"
34 17
35inherit autotools pkgconfig binconfig multilib_header 18inherit autotools pkgconfig binconfig multilib_header
36 19