diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
commit | 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch) | |
tree | 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-support/curl/curl/CVE-2015-3153.patch | |
download | poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2015-3153.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2015-3153.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3153.patch b/meta/recipes-support/curl/curl/CVE-2015-3153.patch new file mode 100644 index 0000000000..089020a842 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3153.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 23 Apr 2015 15:58:21 +0200 | ||
4 | Subject: [PATCH] CURLOPT_HEADEROPT: default to separate | ||
5 | |||
6 | Make the HTTP headers separated by default for improved security and | ||
7 | reduced risk for information leakage. | ||
8 | |||
9 | Bug: http://curl.haxx.se/docs/adv_20150429.html | ||
10 | Reported-by: Yehezkel Horowitz, Oren Souroujon | ||
11 | --- | ||
12 | docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------ | ||
13 | lib/url.c | 1 + | ||
14 | tests/data/test1527 | 2 +- | ||
15 | tests/data/test287 | 2 +- | ||
16 | tests/libtest/lib1527.c | 1 + | ||
17 | 5 files changed, 10 insertions(+), 8 deletions(-) | ||
18 | |||
19 | Index: curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3 | ||
20 | =================================================================== | ||
21 | --- curl-7.37.1.orig/docs/libcurl/opts/CURLOPT_HEADEROPT.3 | ||
22 | +++ curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3 | ||
23 | @@ -5,7 +5,7 @@ | ||
24 | .\" * | (__| |_| | _ <| |___ | ||
25 | .\" * \___|\___/|_| \_\_____| | ||
26 | .\" * | ||
27 | -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
28 | +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
29 | .\" * | ||
30 | .\" * This software is licensed as described in the file COPYING, which | ||
31 | .\" * you should have received as part of this distribution. The terms | ||
32 | @@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil | ||
33 | headers only do the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to | ||
34 | the server. | ||
35 | .SH DEFAULT | ||
36 | -CURLHEADER_UNIFIED | ||
37 | +CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then) | ||
38 | .SH PROTOCOLS | ||
39 | HTTP | ||
40 | .SH EXAMPLE | ||
41 | Index: curl-7.37.1/tests/data/test1527 | ||
42 | =================================================================== | ||
43 | --- curl-7.37.1.orig/tests/data/test1527 | ||
44 | +++ curl-7.37.1/tests/data/test1527 | ||
45 | @@ -45,7 +45,7 @@ http-proxy | ||
46 | lib1527 | ||
47 | </tool> | ||
48 | <name> | ||
49 | -Check same headers are generated without CURLOPT_PROXYHEADER | ||
50 | +Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED | ||
51 | </name> | ||
52 | <command> | ||
53 | http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT | ||
54 | Index: curl-7.37.1/tests/data/test287 | ||
55 | =================================================================== | ||
56 | --- curl-7.37.1.orig/tests/data/test287 | ||
57 | +++ curl-7.37.1/tests/data/test287 | ||
58 | @@ -28,7 +28,7 @@ http | ||
59 | HTTP proxy CONNECT with custom User-Agent header | ||
60 | </name> | ||
61 | <command> | ||
62 | -http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel | ||
63 | +http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007" | ||
64 | </command> | ||
65 | </client> | ||
66 | |||
67 | Index: curl-7.37.1/tests/libtest/lib1527.c | ||
68 | =================================================================== | ||
69 | --- curl-7.37.1.orig/tests/libtest/lib1527.c | ||
70 | +++ curl-7.37.1/tests/libtest/lib1527.c | ||
71 | @@ -83,6 +83,7 @@ int test(char *URL) | ||
72 | test_setopt(curl, CURLOPT_READFUNCTION, read_callback); | ||
73 | test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); | ||
74 | test_setopt(curl, CURLOPT_INFILESIZE, strlen(data)); | ||
75 | + test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED); | ||
76 | |||
77 | res = curl_easy_perform(curl); | ||
78 | |||
79 | Index: curl-7.37.1/lib/url.c | ||
80 | =================================================================== | ||
81 | --- curl-7.37.1.orig/lib/url.c | ||
82 | +++ curl-7.37.1/lib/url.c | ||
83 | @@ -584,6 +584,7 @@ CURLcode Curl_init_userdefined(struct Us | ||
84 | set->ssl_enable_alpn = TRUE; | ||
85 | |||
86 | set->expect_100_timeout = 1000L; /* Wait for a second by default. */ | ||
87 | + set->sep_headers = TRUE; /* separated header lists by default */ | ||
88 | return res; | ||
89 | } | ||
90 | |||