summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-11-15 09:08:20 (GMT)
committerSona Sarmadi <sona.sarmadi@enea.com>2017-02-10 11:21:37 (GMT)
commit9cc3e1c2ce4a572dce6329f161e549029d84ad30 (patch)
treef61a923a3624678e21dcf6e4d2b98985ccf5643d
parent848ec2723a569c847f61f50e677f9a38ed03552a (diff)
downloadpoky-9cc3e1c2ce4a572dce6329f161e549029d84ad30.tar.gz
curl: CVE-2016-8625
IDNA 2003 makes curl use wrong host Affected versions: curl 7.12.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102K.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rwxr-xr-xmeta/recipes-support/curl/curl/CVE-2016-8625.patch615
-rw-r--r--meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch29
-rw-r--r--meta/recipes-support/curl/curl_7.47.1.bb2
3 files changed, 646 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8625.patch b/meta/recipes-support/curl/curl/CVE-2016-8625.patch
new file mode 100755
index 0000000..b618277
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8625.patch
@@ -0,0 +1,615 @@
1commit 914aae739463ec72340130ea9ad42e04b02a5338
2Author: Daniel Stenberg <daniel@haxx.se>
3Date: Wed Oct 12 09:01:06 2016 +0200
4
5idn: switch to libidn2 use and IDNA2008 support
6
7CVE: CVE-2016-8625
8Upstream-Status: Backport
9
10Bug: https://curl.haxx.se/docs/adv_20161102K.html
11Reported-by: Christian Heimes
12
13Conflicts:
14 CMakeLists.txt
15 lib/url.c
16
17Signed-off-by: Martin Borg <martin.borg@enea.com>
18Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
19diff --git a/CMakeLists.txt b/CMakeLists.txt
20index 06f18cf..c3e5c7c 100644
21--- a/CMakeLists.txt
22+++ b/CMakeLists.txt
23@@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS)
24 endif()
25
26 # Check for idn
27-check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
28+check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)
29
30 # Check for symbol dlopen (same as HAVE_LIBDL)
31 check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
32@@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H)
33 check_include_file_concat("err.h" HAVE_ERR_H)
34 check_include_file_concat("errno.h" HAVE_ERRNO_H)
35 check_include_file_concat("fcntl.h" HAVE_FCNTL_H)
36-check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H)
37+check_include_file_concat("idn2.h" HAVE_IDN2_H)
38 check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H)
39 check_include_file_concat("io.h" HAVE_IO_H)
40 check_include_file_concat("krb.h" HAVE_KRB_H)
41@@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H)
42 check_include_file_concat("termio.h" HAVE_TERMIO_H)
43 check_include_file_concat("termios.h" HAVE_TERMIOS_H)
44 check_include_file_concat("time.h" HAVE_TIME_H)
45-check_include_file_concat("tld.h" HAVE_TLD_H)
46 check_include_file_concat("unistd.h" HAVE_UNISTD_H)
47 check_include_file_concat("utime.h" HAVE_UTIME_H)
48 check_include_file_concat("x509.h" HAVE_X509_H)
49@@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
50 check_include_file_concat("stdint.h" HAVE_STDINT_H)
51 check_include_file_concat("sockio.h" HAVE_SOCKIO_H)
52 check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H)
53-check_include_file_concat("idna.h" HAVE_IDNA_H)
54-
55-
56
57 check_type_size(size_t SIZEOF_SIZE_T)
58 check_type_size(ssize_t SIZEOF_SSIZE_T)
59@@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE)
60 check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE)
61 check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
62 check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT)
63-check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE)
64-check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
65-check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
66 check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE)
67 check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT)
68 check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL)
69@@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6)
70 _add_if("unix-sockets" USE_UNIX_SOCKETS)
71 _add_if("libz" HAVE_LIBZ)
72 _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX)
73-_add_if("IDN" HAVE_LIBIDN)
74+_add_if("IDN" HAVE_LIBIDN2)
75 # TODO SSP1 (WinSSL) check is missing
76 _add_if("SSPI" USE_WINDOWS_SSPI)
77 _add_if("GSS-API" HAVE_GSSAPI)
78diff --git a/configure.ac b/configure.ac
79index 4c9862f..c8e2721 100644
80--- a/configure.ac
81+++ b/configure.ac
82@@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)"
83 curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
84 curl_ipv6_msg="no (--enable-ipv6)"
85 curl_unix_sockets_msg="no (--enable-unix-sockets)"
86- curl_idn_msg="no (--with-{libidn,winidn})"
87+ curl_idn_msg="no (--with-{libidn2,winidn})"
88 curl_manual_msg="no (--enable-manual)"
89 curl_libcurl_msg="enabled (--disable-libcurl-option)"
90 curl_verbose_msg="enabled (--disable-verbose)"
91@@ -2825,15 +2825,15 @@ dnl **********************************************************************
92 dnl Check for the presence of IDN libraries and headers
93 dnl **********************************************************************
94
95-AC_MSG_CHECKING([whether to build with libidn])
96+AC_MSG_CHECKING([whether to build with libidn2])
97 OPT_IDN="default"
98 AC_ARG_WITH(libidn,
99-AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage])
100-AC_HELP_STRING([--without-libidn],[Disable libidn usage]),
101+AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage])
102+AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]),
103 [OPT_IDN=$withval])
104 case "$OPT_IDN" in
105 no)
106- dnl --without-libidn option used
107+ dnl --without-libidn2 option used
108 want_idn="no"
109 AC_MSG_RESULT([no])
110 ;;
111@@ -2844,13 +2844,13 @@ case "$OPT_IDN" in
112 AC_MSG_RESULT([(assumed) yes])
113 ;;
114 yes)
115- dnl --with-libidn option used without path
116+ dnl --with-libidn2 option used without path
117 want_idn="yes"
118 want_idn_path="default"
119 AC_MSG_RESULT([yes])
120 ;;
121 *)
122- dnl --with-libidn option used with path
123+ dnl --with-libidn2 option used with path
124 want_idn="yes"
125 want_idn_path="$withval"
126 AC_MSG_RESULT([yes ($withval)])
127@@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then
128 if test "$want_idn_path" != "default"; then
129 dnl path has been specified
130 IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig"
131- CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR])
132+ CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR])
133 if test "$PKGCONFIG" != "no"; then
134 IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
135- $PKGCONFIG --libs-only-l libidn 2>/dev/null`
136+ $PKGCONFIG --libs-only-l libidn2 2>/dev/null`
137 IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
138- $PKGCONFIG --libs-only-L libidn 2>/dev/null`
139+ $PKGCONFIG --libs-only-L libidn2 2>/dev/null`
140 IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
141- $PKGCONFIG --cflags-only-I libidn 2>/dev/null`
142+ $PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
143 IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
144 else
145 dnl pkg-config not available or provides no info
146- IDN_LIBS="-lidn"
147+ IDN_LIBS="-lidn2"
148 IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
149 IDN_CPPFLAGS="-I$want_idn_path/include"
150 IDN_DIR="$want_idn_path/lib$libsuff"
151 fi
152 else
153 dnl path not specified
154- CURL_CHECK_PKGCONFIG(libidn)
155+ CURL_CHECK_PKGCONFIG(libidn2)
156 if test "$PKGCONFIG" != "no"; then
157- IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null`
158- IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null`
159- IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null`
160+ IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null`
161+ IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null`
162+ IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
163 IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
164 else
165 dnl pkg-config not available or provides no info
166- IDN_LIBS="-lidn"
167+ IDN_LIBS="-lidn2"
168 fi
169 fi
170 #
171@@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then
172 LDFLAGS="$IDN_LDFLAGS $LDFLAGS"
173 LIBS="$IDN_LIBS $LIBS"
174 #
175- AC_MSG_CHECKING([if idna_to_ascii_4i can be linked])
176+ AC_MSG_CHECKING([if idn2_lookup_ul can be linked])
177 AC_LINK_IFELSE([
178- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i])
179+ AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul])
180 ],[
181 AC_MSG_RESULT([yes])
182 tst_links_libidn="yes"
183@@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then
184 AC_MSG_RESULT([no])
185 tst_links_libidn="no"
186 ])
187- if test "$tst_links_libidn" = "no"; then
188- AC_MSG_CHECKING([if idna_to_ascii_lz can be linked])
189- AC_LINK_IFELSE([
190- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz])
191- ],[
192- AC_MSG_RESULT([yes])
193- tst_links_libidn="yes"
194- ],[
195- AC_MSG_RESULT([no])
196- tst_links_libidn="no"
197- ])
198- fi
199 #
200+ AC_CHECK_HEADERS( idn2.h )
201+
202 if test "$tst_links_libidn" = "yes"; then
203- AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).])
204+ AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).])
205 dnl different versions of libidn have different setups of these:
206- AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror )
207- AC_CHECK_HEADERS( idn-free.h tld.h )
208- if test "x$ac_cv_header_tld_h" = "xyes"; then
209- AC_SUBST([IDN_ENABLED], [1])
210- curl_idn_msg="enabled"
211- if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
212- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
213- export LD_LIBRARY_PATH
214- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
215- fi
216- else
217- AC_MSG_WARN([Libraries for IDN support too old: IDN disabled])
218- CPPFLAGS="$clean_CPPFLAGS"
219- LDFLAGS="$clean_LDFLAGS"
220- LIBS="$clean_LIBS"
221+
222+ AC_SUBST([IDN_ENABLED], [1])
223+ curl_idn_msg="enabled (libidn2)"
224+ if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
225+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
226+ export LD_LIBRARY_PATH
227+ AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
228 fi
229 else
230 AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
231diff --git a/lib/curl_setup.h b/lib/curl_setup.h
232index 33ad129..5fb241b 100644
233--- a/lib/curl_setup.h
234+++ b/lib/curl_setup.h
235@@ -590,10 +590,9 @@ int netware_init(void);
236 #endif
237 #endif
238
239-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
240-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
241- but we only work with libidn 0.4.1 or later) */
242-#define USE_LIBIDN
243+#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H)
244+/* The lib and header are present */
245+#define USE_LIBIDN2
246 #endif
247
248 #ifndef SIZEOF_TIME_T
249diff --git a/lib/easy.c b/lib/easy.c
250index d529da8..51d57e3 100644
251--- a/lib/easy.c
252+++ b/lib/easy.c
253@@ -144,28 +144,6 @@ static CURLcode win32_init(void)
254 return CURLE_OK;
255 }
256
257-#ifdef USE_LIBIDN
258-/*
259- * Initialise use of IDNA library.
260- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
261- * idna_to_ascii_lz().
262- */
263-static void idna_init (void)
264-{
265-#ifdef WIN32
266- char buf[60];
267- UINT cp = GetACP();
268-
269- if(!getenv("CHARSET") && cp > 0) {
270- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
271- putenv(buf);
272- }
273-#else
274- /* to do? */
275-#endif
276-}
277-#endif /* USE_LIBIDN */
278-
279 /* true globals -- for curl_global_init() and curl_global_cleanup() */
280 static unsigned int initialized;
281 static long init_flags;
282@@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs)
283 }
284 #endif
285
286-#ifdef USE_LIBIDN
287- idna_init();
288-#endif
289-
290 if(Curl_resolver_global_init()) {
291 DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
292 return CURLE_FAILED_INIT;
293diff --git a/lib/strerror.c b/lib/strerror.c
294index d222a1f..bf4faae 100644
295--- a/lib/strerror.c
296+++ b/lib/strerror.c
297@@ -35,8 +35,8 @@
298
299 #include <curl/curl.h>
300
301-#ifdef USE_LIBIDN
302-#include <idna.h>
303+#ifdef USE_LIBIDN2
304+#include <idn2.h>
305 #endif
306
307 #ifdef USE_WINDOWS_SSPI
308@@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err)
309 return buf;
310 }
311
312-#ifdef USE_LIBIDN
313-/*
314- * Return error-string for libidn status as returned from idna_to_ascii_lz().
315- */
316-const char *Curl_idn_strerror (struct connectdata *conn, int err)
317-{
318-#ifdef HAVE_IDNA_STRERROR
319- (void)conn;
320- return idna_strerror((Idna_rc) err);
321-#else
322- const char *str;
323- char *buf;
324- size_t max;
325-
326- DEBUGASSERT(conn);
327-
328- buf = conn->syserr_buf;
329- max = sizeof(conn->syserr_buf)-1;
330- *buf = '\0';
331-
332-#ifndef CURL_DISABLE_VERBOSE_STRINGS
333- switch ((Idna_rc)err) {
334- case IDNA_SUCCESS:
335- str = "No error";
336- break;
337- case IDNA_STRINGPREP_ERROR:
338- str = "Error in string preparation";
339- break;
340- case IDNA_PUNYCODE_ERROR:
341- str = "Error in Punycode operation";
342- break;
343- case IDNA_CONTAINS_NON_LDH:
344- str = "Illegal ASCII characters";
345- break;
346- case IDNA_CONTAINS_MINUS:
347- str = "Contains minus";
348- break;
349- case IDNA_INVALID_LENGTH:
350- str = "Invalid output length";
351- break;
352- case IDNA_NO_ACE_PREFIX:
353- str = "No ACE prefix (\"xn--\")";
354- break;
355- case IDNA_ROUNDTRIP_VERIFY_ERROR:
356- str = "Round trip verify error";
357- break;
358- case IDNA_CONTAINS_ACE_PREFIX:
359- str = "Already have ACE prefix (\"xn--\")";
360- break;
361- case IDNA_ICONV_ERROR:
362- str = "Locale conversion failed";
363- break;
364- case IDNA_MALLOC_ERROR:
365- str = "Allocation failed";
366- break;
367- case IDNA_DLOPEN_ERROR:
368- str = "dlopen() error";
369- break;
370- default:
371- snprintf(buf, max, "error %d", err);
372- str = NULL;
373- break;
374- }
375-#else
376- if((Idna_rc)err == IDNA_SUCCESS)
377- str = "No error";
378- else
379- str = "Error";
380-#endif
381- if(str)
382- strncpy(buf, str, max);
383- buf[max] = '\0';
384- return (buf);
385-#endif
386-}
387-#endif /* USE_LIBIDN */
388-
389 #ifdef USE_WINDOWS_SSPI
390 const char *Curl_sspi_strerror (struct connectdata *conn, int err)
391 {
392diff --git a/lib/strerror.h b/lib/strerror.h
393index ae8c96b..627273e 100644
394--- a/lib/strerror.h
395+++ b/lib/strerror.h
396@@ -7,7 +7,7 @@
397 * | (__| |_| | _ <| |___
398 * \___|\___/|_| \_\_____|
399 *
400- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
401+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
402 *
403 * This software is licensed as described in the file COPYING, which
404 * you should have received as part of this distribution. The terms
405@@ -26,7 +26,7 @@
406
407 const char *Curl_strerror (struct connectdata *conn, int err);
408
409-#ifdef USE_LIBIDN
410+#ifdef USE_LIBIDN2
411 const char *Curl_idn_strerror (struct connectdata *conn, int err);
412 #endif
413
414diff --git a/lib/url.c b/lib/url.c
415index 8832989..8d52152 100644
416--- a/lib/url.c
417+++ b/lib/url.c
418@@ -59,24 +59,15 @@
419 #include <limits.h>
420 #endif
421
422-#ifdef USE_LIBIDN
423-#include <idna.h>
424-#include <tld.h>
425-#include <stringprep.h>
426-#ifdef HAVE_IDN_FREE_H
427-#include <idn-free.h>
428-#else
429-/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
430-void idn_free (void *ptr);
431-#endif
432-#ifndef HAVE_IDN_FREE
433-/* if idn_free() was not found in this version of libidn use free() instead */
434-#define idn_free(x) (free)(x)
435-#endif
436+#ifdef USE_LIBIDN2
437+#include <idn2.h>
438+
439 #elif defined(USE_WIN32_IDN)
440 /* prototype for curl_win32_idn_to_ascii() */
441 int curl_win32_idn_to_ascii(const char *in, char **out);
442-#endif /* USE_LIBIDN */
443+#endif /* USE_LIBIDN2 */
444+
445+#include <idn2.h>
446
447 #include "urldata.h"
448 #include "netrc.h"
449@@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname)
450 return TRUE;
451 }
452
453-#ifdef USE_LIBIDN
454-/*
455- * Check if characters in hostname is allowed in Top Level Domain.
456- */
457-static bool tld_check_name(struct SessionHandle *data,
458- const char *ace_hostname)
459-{
460- size_t err_pos;
461- char *uc_name = NULL;
462- int rc;
463-#ifndef CURL_DISABLE_VERBOSE_STRINGS
464- const char *tld_errmsg = "<no msg>";
465-#else
466- (void)data;
467-#endif
468-
469- /* Convert (and downcase) ACE-name back into locale's character set */
470- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
471- if(rc != IDNA_SUCCESS)
472- return FALSE;
473-
474- rc = tld_check_lz(uc_name, &err_pos, NULL);
475-#ifndef CURL_DISABLE_VERBOSE_STRINGS
476-#ifdef HAVE_TLD_STRERROR
477- if(rc != TLD_SUCCESS)
478- tld_errmsg = tld_strerror((Tld_rc)rc);
479-#endif
480- if(rc == TLD_INVALID)
481- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
482- tld_errmsg, err_pos, uc_name[err_pos],
483- uc_name[err_pos] & 255);
484- else if(rc != TLD_SUCCESS)
485- infof(data, "WARNING: TLD check for %s failed; %s\n",
486- uc_name, tld_errmsg);
487-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
488- if(uc_name)
489- idn_free(uc_name);
490- if(rc != TLD_SUCCESS)
491- return FALSE;
492-
493- return TRUE;
494-}
495-#endif
496-
497 /*
498 * Perform any necessary IDN conversion of hostname
499 */
500-static void fix_hostname(struct SessionHandle *data,
501- struct connectdata *conn, struct hostname *host)
502+static void fix_hostname(struct connectdata *conn, struct hostname *host)
503 {
504 size_t len;
505+ struct Curl_easy *data = conn->data;
506
507-#ifndef USE_LIBIDN
508+#ifndef USE_LIBIDN2
509 (void)data;
510 (void)conn;
511 #elif defined(CURL_DISABLE_VERBOSE_STRINGS)
512@@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data,
513 host->name[len-1]=0;
514
515 if(!is_ASCII_name(host->name)) {
516-#ifdef USE_LIBIDN
517- /*************************************************************
518- * Check name for non-ASCII and convert hostname to ACE form.
519- *************************************************************/
520- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
521- char *ace_hostname = NULL;
522- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
523- infof (data, "Input domain encoded as `%s'\n",
524- stringprep_locale_charset ());
525- if(rc != IDNA_SUCCESS)
526- infof(data, "Failed to convert %s to ACE; %s\n",
527- host->name, Curl_idn_strerror(conn, rc));
528- else {
529- /* tld_check_name() displays a warning if the host name contains
530- "illegal" characters for this TLD */
531- (void)tld_check_name(data, ace_hostname);
532-
533- host->encalloc = ace_hostname;
534- /* change the name pointer to point to the encoded hostname */
535- host->name = host->encalloc;
536+#ifdef USE_LIBIDN2
537+ if(idn2_check_version(IDN2_VERSION)) {
538+ char *ace_hostname = NULL;
539+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0);
540+ if(rc == IDN2_OK) {
541+ host->encalloc = (char *)ace_hostname;
542+ /* change the name pointer to point to the encoded hostname */
543+ host->name = host->encalloc;
544+ }
545+ else
546+ infof(data, "Failed to convert %s to ACE; %s\n", host->name,
547+ idn2_strerror(rc));
548 }
549 }
550 #elif defined(USE_WIN32_IDN)
551@@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data,
552 */
553 static void free_fixed_hostname(struct hostname *host)
554 {
555-#if defined(USE_LIBIDN)
556+#if defined(USE_LIBIDN2)
557 if(host->encalloc) {
558- idn_free(host->encalloc); /* must be freed with idn_free() since this was
559+ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
560 allocated by libidn */
561 host->encalloc = NULL;
562 }
563@@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data,
564 /*************************************************************
565 * IDN-fix the hostnames
566 *************************************************************/
567- fix_hostname(data, conn, &conn->host);
568+ fix_hostname(conn, &conn->host);
569 if(conn->proxy.name && *conn->proxy.name)
570- fix_hostname(data, conn, &conn->proxy);
571+ fix_hostname(conn, &conn->proxy);
572
573 /*************************************************************
574 * Setup internals depending on protocol. Needs to be done after
575diff --git a/lib/version.c b/lib/version.c
576index 7f14fa5..a5c9811 100644
577--- a/lib/version.c
578+++ b/lib/version.c
579@@ -36,8 +36,8 @@
580 # include <ares.h>
581 #endif
582
583-#ifdef USE_LIBIDN
584-#include <stringprep.h>
585+#ifdef USE_LIBIDN2
586+#include <idn2.h>
587 #endif
588
589 #ifdef USE_LIBPSL
590@@ -97,9 +97,9 @@ char *curl_version(void)
591 left -= len;
592 ptr += len;
593 #endif
594-#ifdef USE_LIBIDN
595- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
596- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
597+#ifdef USE_LIBIDN2
598+ if(idn2_check_version(IDN2_VERSION)) {
599+ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL));
600 left -= len;
601 ptr += len;
602 }
603@@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
604 version_info.ares_num = aresnum;
605 }
606 #endif
607-#ifdef USE_LIBIDN
608+#ifdef USE_LIBIDN2
609 /* This returns a version string if we use the given version or later,
610 otherwise it returns NULL */
611- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
612+ version_info.libidn = idn2_check_version(IDN2_VERSION);
613 if(version_info.libidn)
614 version_info.features |= CURL_VERSION_IDN;
615 #elif defined(USE_WIN32_IDN)
diff --git a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
new file mode 100644
index 0000000..3549101
--- /dev/null
+++ b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
@@ -0,0 +1,29 @@
1From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Mon, 31 Oct 2016 09:49:50 +0100
4Subject: [PATCH] url: remove unconditional idn2.h include
5
6Mistake brought by 9c91ec778104a [fix to CVE-2016-8625]
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/url.c | 2 --
12 1 file changed, 2 deletions(-)
13
14diff --git a/lib/url.c b/lib/url.c
15index c90a1c5..b997f41 100644
16--- a/lib/url.c
17+++ b/lib/url.c
18@@ -67,8 +67,6 @@
19 bool curl_win32_idn_to_ascii(const char *in, char **out);
20 #endif /* USE_LIBIDN2 */
21
22-#include <idn2.h>
23-
24 #include "urldata.h"
25 #include "netrc.h"
26
27--
281.9.1
29
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 3c877e4..7fab7cf 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -25,6 +25,8 @@ SRC_URI += " file://configure_ac.patch \
25 file://CVE-2016-8622.patch \ 25 file://CVE-2016-8622.patch \
26 file://CVE-2016-8623.patch \ 26 file://CVE-2016-8623.patch \
27 file://CVE-2016-8624.patch \ 27 file://CVE-2016-8624.patch \
28 file://CVE-2016-8625.patch \
29 file://url-remove-unconditional-idn2.h-include.patch \
28 " 30 "
29 31
30SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" 32SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"