diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-11-15 10:08:20 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-18 13:14:20 +0100 |
commit | 384801e82724e81d13f982e86c8aa8738db235c7 (patch) | |
tree | a787328d411121b6e7d9feeb10f37a0ce009089f /meta/recipes-support | |
parent | 5c9148ff6acd96fd20ca989e74edccba186dad17 (diff) | |
download | poky-384801e82724e81d13f982e86c8aa8738db235c7.tar.gz |
curl: CVE-2016-8625
IDNA 2003 makes curl use wrong host
Affected versions: curl 7.12.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102K.html
(From OE-Core rev: bf8d4e9c8a7fed4e190d600a6a26d314d4b15a08)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
3 files changed, 646 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8625.patch b/meta/recipes-support/curl/curl/CVE-2016-8625.patch new file mode 100755 index 0000000000..b61827729a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-8625.patch | |||
@@ -0,0 +1,615 @@ | |||
1 | commit 914aae739463ec72340130ea9ad42e04b02a5338 | ||
2 | Author: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Wed Oct 12 09:01:06 2016 +0200 | ||
4 | |||
5 | idn: switch to libidn2 use and IDNA2008 support | ||
6 | |||
7 | CVE: CVE-2016-8625 | ||
8 | Upstream-Status: Backport | ||
9 | |||
10 | Bug: https://curl.haxx.se/docs/adv_20161102K.html | ||
11 | Reported-by: Christian Heimes | ||
12 | |||
13 | Conflicts: | ||
14 | CMakeLists.txt | ||
15 | lib/url.c | ||
16 | |||
17 | Signed-off-by: Martin Borg <martin.borg@enea.com> | ||
18 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
19 | diff --git a/CMakeLists.txt b/CMakeLists.txt | ||
20 | index 06f18cf..c3e5c7c 100644 | ||
21 | --- a/CMakeLists.txt | ||
22 | +++ b/CMakeLists.txt | ||
23 | @@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS) | ||
24 | endif() | ||
25 | |||
26 | # Check for idn | ||
27 | -check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN) | ||
28 | +check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) | ||
29 | |||
30 | # Check for symbol dlopen (same as HAVE_LIBDL) | ||
31 | check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) | ||
32 | @@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H) | ||
33 | check_include_file_concat("err.h" HAVE_ERR_H) | ||
34 | check_include_file_concat("errno.h" HAVE_ERRNO_H) | ||
35 | check_include_file_concat("fcntl.h" HAVE_FCNTL_H) | ||
36 | -check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H) | ||
37 | +check_include_file_concat("idn2.h" HAVE_IDN2_H) | ||
38 | check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) | ||
39 | check_include_file_concat("io.h" HAVE_IO_H) | ||
40 | check_include_file_concat("krb.h" HAVE_KRB_H) | ||
41 | @@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H) | ||
42 | check_include_file_concat("termio.h" HAVE_TERMIO_H) | ||
43 | check_include_file_concat("termios.h" HAVE_TERMIOS_H) | ||
44 | check_include_file_concat("time.h" HAVE_TIME_H) | ||
45 | -check_include_file_concat("tld.h" HAVE_TLD_H) | ||
46 | check_include_file_concat("unistd.h" HAVE_UNISTD_H) | ||
47 | check_include_file_concat("utime.h" HAVE_UTIME_H) | ||
48 | check_include_file_concat("x509.h" HAVE_X509_H) | ||
49 | @@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) | ||
50 | check_include_file_concat("stdint.h" HAVE_STDINT_H) | ||
51 | check_include_file_concat("sockio.h" HAVE_SOCKIO_H) | ||
52 | check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H) | ||
53 | -check_include_file_concat("idna.h" HAVE_IDNA_H) | ||
54 | - | ||
55 | - | ||
56 | |||
57 | check_type_size(size_t SIZEOF_SIZE_T) | ||
58 | check_type_size(ssize_t SIZEOF_SSIZE_T) | ||
59 | @@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) | ||
60 | check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) | ||
61 | check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) | ||
62 | check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) | ||
63 | -check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE) | ||
64 | -check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR) | ||
65 | -check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR) | ||
66 | check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) | ||
67 | check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) | ||
68 | check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) | ||
69 | @@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6) | ||
70 | _add_if("unix-sockets" USE_UNIX_SOCKETS) | ||
71 | _add_if("libz" HAVE_LIBZ) | ||
72 | _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) | ||
73 | -_add_if("IDN" HAVE_LIBIDN) | ||
74 | +_add_if("IDN" HAVE_LIBIDN2) | ||
75 | # TODO SSP1 (WinSSL) check is missing | ||
76 | _add_if("SSPI" USE_WINDOWS_SSPI) | ||
77 | _add_if("GSS-API" HAVE_GSSAPI) | ||
78 | diff --git a/configure.ac b/configure.ac | ||
79 | index 4c9862f..c8e2721 100644 | ||
80 | --- a/configure.ac | ||
81 | +++ b/configure.ac | ||
82 | @@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)" | ||
83 | curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" | ||
84 | curl_ipv6_msg="no (--enable-ipv6)" | ||
85 | curl_unix_sockets_msg="no (--enable-unix-sockets)" | ||
86 | - curl_idn_msg="no (--with-{libidn,winidn})" | ||
87 | + curl_idn_msg="no (--with-{libidn2,winidn})" | ||
88 | curl_manual_msg="no (--enable-manual)" | ||
89 | curl_libcurl_msg="enabled (--disable-libcurl-option)" | ||
90 | curl_verbose_msg="enabled (--disable-verbose)" | ||
91 | @@ -2825,15 +2825,15 @@ dnl ********************************************************************** | ||
92 | dnl Check for the presence of IDN libraries and headers | ||
93 | dnl ********************************************************************** | ||
94 | |||
95 | -AC_MSG_CHECKING([whether to build with libidn]) | ||
96 | +AC_MSG_CHECKING([whether to build with libidn2]) | ||
97 | OPT_IDN="default" | ||
98 | AC_ARG_WITH(libidn, | ||
99 | -AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage]) | ||
100 | -AC_HELP_STRING([--without-libidn],[Disable libidn usage]), | ||
101 | +AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) | ||
102 | +AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), | ||
103 | [OPT_IDN=$withval]) | ||
104 | case "$OPT_IDN" in | ||
105 | no) | ||
106 | - dnl --without-libidn option used | ||
107 | + dnl --without-libidn2 option used | ||
108 | want_idn="no" | ||
109 | AC_MSG_RESULT([no]) | ||
110 | ;; | ||
111 | @@ -2844,13 +2844,13 @@ case "$OPT_IDN" in | ||
112 | AC_MSG_RESULT([(assumed) yes]) | ||
113 | ;; | ||
114 | yes) | ||
115 | - dnl --with-libidn option used without path | ||
116 | + dnl --with-libidn2 option used without path | ||
117 | want_idn="yes" | ||
118 | want_idn_path="default" | ||
119 | AC_MSG_RESULT([yes]) | ||
120 | ;; | ||
121 | *) | ||
122 | - dnl --with-libidn option used with path | ||
123 | + dnl --with-libidn2 option used with path | ||
124 | want_idn="yes" | ||
125 | want_idn_path="$withval" | ||
126 | AC_MSG_RESULT([yes ($withval)]) | ||
127 | @@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then | ||
128 | if test "$want_idn_path" != "default"; then | ||
129 | dnl path has been specified | ||
130 | IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig" | ||
131 | - CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR]) | ||
132 | + CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR]) | ||
133 | if test "$PKGCONFIG" != "no"; then | ||
134 | IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl | ||
135 | - $PKGCONFIG --libs-only-l libidn 2>/dev/null` | ||
136 | + $PKGCONFIG --libs-only-l libidn2 2>/dev/null` | ||
137 | IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl | ||
138 | - $PKGCONFIG --libs-only-L libidn 2>/dev/null` | ||
139 | + $PKGCONFIG --libs-only-L libidn2 2>/dev/null` | ||
140 | IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl | ||
141 | - $PKGCONFIG --cflags-only-I libidn 2>/dev/null` | ||
142 | + $PKGCONFIG --cflags-only-I libidn2 2>/dev/null` | ||
143 | IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` | ||
144 | else | ||
145 | dnl pkg-config not available or provides no info | ||
146 | - IDN_LIBS="-lidn" | ||
147 | + IDN_LIBS="-lidn2" | ||
148 | IDN_LDFLAGS="-L$want_idn_path/lib$libsuff" | ||
149 | IDN_CPPFLAGS="-I$want_idn_path/include" | ||
150 | IDN_DIR="$want_idn_path/lib$libsuff" | ||
151 | fi | ||
152 | else | ||
153 | dnl path not specified | ||
154 | - CURL_CHECK_PKGCONFIG(libidn) | ||
155 | + CURL_CHECK_PKGCONFIG(libidn2) | ||
156 | if test "$PKGCONFIG" != "no"; then | ||
157 | - IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null` | ||
158 | - IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null` | ||
159 | - IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null` | ||
160 | + IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null` | ||
161 | + IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null` | ||
162 | + IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null` | ||
163 | IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` | ||
164 | else | ||
165 | dnl pkg-config not available or provides no info | ||
166 | - IDN_LIBS="-lidn" | ||
167 | + IDN_LIBS="-lidn2" | ||
168 | fi | ||
169 | fi | ||
170 | # | ||
171 | @@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then | ||
172 | LDFLAGS="$IDN_LDFLAGS $LDFLAGS" | ||
173 | LIBS="$IDN_LIBS $LIBS" | ||
174 | # | ||
175 | - AC_MSG_CHECKING([if idna_to_ascii_4i can be linked]) | ||
176 | + AC_MSG_CHECKING([if idn2_lookup_ul can be linked]) | ||
177 | AC_LINK_IFELSE([ | ||
178 | - AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i]) | ||
179 | + AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul]) | ||
180 | ],[ | ||
181 | AC_MSG_RESULT([yes]) | ||
182 | tst_links_libidn="yes" | ||
183 | @@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then | ||
184 | AC_MSG_RESULT([no]) | ||
185 | tst_links_libidn="no" | ||
186 | ]) | ||
187 | - if test "$tst_links_libidn" = "no"; then | ||
188 | - AC_MSG_CHECKING([if idna_to_ascii_lz can be linked]) | ||
189 | - AC_LINK_IFELSE([ | ||
190 | - AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz]) | ||
191 | - ],[ | ||
192 | - AC_MSG_RESULT([yes]) | ||
193 | - tst_links_libidn="yes" | ||
194 | - ],[ | ||
195 | - AC_MSG_RESULT([no]) | ||
196 | - tst_links_libidn="no" | ||
197 | - ]) | ||
198 | - fi | ||
199 | # | ||
200 | + AC_CHECK_HEADERS( idn2.h ) | ||
201 | + | ||
202 | if test "$tst_links_libidn" = "yes"; then | ||
203 | - AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).]) | ||
204 | + AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).]) | ||
205 | dnl different versions of libidn have different setups of these: | ||
206 | - AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror ) | ||
207 | - AC_CHECK_HEADERS( idn-free.h tld.h ) | ||
208 | - if test "x$ac_cv_header_tld_h" = "xyes"; then | ||
209 | - AC_SUBST([IDN_ENABLED], [1]) | ||
210 | - curl_idn_msg="enabled" | ||
211 | - if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then | ||
212 | - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR" | ||
213 | - export LD_LIBRARY_PATH | ||
214 | - AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH]) | ||
215 | - fi | ||
216 | - else | ||
217 | - AC_MSG_WARN([Libraries for IDN support too old: IDN disabled]) | ||
218 | - CPPFLAGS="$clean_CPPFLAGS" | ||
219 | - LDFLAGS="$clean_LDFLAGS" | ||
220 | - LIBS="$clean_LIBS" | ||
221 | + | ||
222 | + AC_SUBST([IDN_ENABLED], [1]) | ||
223 | + curl_idn_msg="enabled (libidn2)" | ||
224 | + if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then | ||
225 | + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR" | ||
226 | + export LD_LIBRARY_PATH | ||
227 | + AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH]) | ||
228 | fi | ||
229 | else | ||
230 | AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) | ||
231 | diff --git a/lib/curl_setup.h b/lib/curl_setup.h | ||
232 | index 33ad129..5fb241b 100644 | ||
233 | --- a/lib/curl_setup.h | ||
234 | +++ b/lib/curl_setup.h | ||
235 | @@ -590,10 +590,9 @@ int netware_init(void); | ||
236 | #endif | ||
237 | #endif | ||
238 | |||
239 | -#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H) | ||
240 | -/* The lib was present and the tld.h header (which is missing in libidn 0.3.X | ||
241 | - but we only work with libidn 0.4.1 or later) */ | ||
242 | -#define USE_LIBIDN | ||
243 | +#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) | ||
244 | +/* The lib and header are present */ | ||
245 | +#define USE_LIBIDN2 | ||
246 | #endif | ||
247 | |||
248 | #ifndef SIZEOF_TIME_T | ||
249 | diff --git a/lib/easy.c b/lib/easy.c | ||
250 | index d529da8..51d57e3 100644 | ||
251 | --- a/lib/easy.c | ||
252 | +++ b/lib/easy.c | ||
253 | @@ -144,28 +144,6 @@ static CURLcode win32_init(void) | ||
254 | return CURLE_OK; | ||
255 | } | ||
256 | |||
257 | -#ifdef USE_LIBIDN | ||
258 | -/* | ||
259 | - * Initialise use of IDNA library. | ||
260 | - * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for | ||
261 | - * idna_to_ascii_lz(). | ||
262 | - */ | ||
263 | -static void idna_init (void) | ||
264 | -{ | ||
265 | -#ifdef WIN32 | ||
266 | - char buf[60]; | ||
267 | - UINT cp = GetACP(); | ||
268 | - | ||
269 | - if(!getenv("CHARSET") && cp > 0) { | ||
270 | - snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp); | ||
271 | - putenv(buf); | ||
272 | - } | ||
273 | -#else | ||
274 | - /* to do? */ | ||
275 | -#endif | ||
276 | -} | ||
277 | -#endif /* USE_LIBIDN */ | ||
278 | - | ||
279 | /* true globals -- for curl_global_init() and curl_global_cleanup() */ | ||
280 | static unsigned int initialized; | ||
281 | static long init_flags; | ||
282 | @@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs) | ||
283 | } | ||
284 | #endif | ||
285 | |||
286 | -#ifdef USE_LIBIDN | ||
287 | - idna_init(); | ||
288 | -#endif | ||
289 | - | ||
290 | if(Curl_resolver_global_init()) { | ||
291 | DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n")); | ||
292 | return CURLE_FAILED_INIT; | ||
293 | diff --git a/lib/strerror.c b/lib/strerror.c | ||
294 | index d222a1f..bf4faae 100644 | ||
295 | --- a/lib/strerror.c | ||
296 | +++ b/lib/strerror.c | ||
297 | @@ -35,8 +35,8 @@ | ||
298 | |||
299 | #include <curl/curl.h> | ||
300 | |||
301 | -#ifdef USE_LIBIDN | ||
302 | -#include <idna.h> | ||
303 | +#ifdef USE_LIBIDN2 | ||
304 | +#include <idn2.h> | ||
305 | #endif | ||
306 | |||
307 | #ifdef USE_WINDOWS_SSPI | ||
308 | @@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err) | ||
309 | return buf; | ||
310 | } | ||
311 | |||
312 | -#ifdef USE_LIBIDN | ||
313 | -/* | ||
314 | - * Return error-string for libidn status as returned from idna_to_ascii_lz(). | ||
315 | - */ | ||
316 | -const char *Curl_idn_strerror (struct connectdata *conn, int err) | ||
317 | -{ | ||
318 | -#ifdef HAVE_IDNA_STRERROR | ||
319 | - (void)conn; | ||
320 | - return idna_strerror((Idna_rc) err); | ||
321 | -#else | ||
322 | - const char *str; | ||
323 | - char *buf; | ||
324 | - size_t max; | ||
325 | - | ||
326 | - DEBUGASSERT(conn); | ||
327 | - | ||
328 | - buf = conn->syserr_buf; | ||
329 | - max = sizeof(conn->syserr_buf)-1; | ||
330 | - *buf = '\0'; | ||
331 | - | ||
332 | -#ifndef CURL_DISABLE_VERBOSE_STRINGS | ||
333 | - switch ((Idna_rc)err) { | ||
334 | - case IDNA_SUCCESS: | ||
335 | - str = "No error"; | ||
336 | - break; | ||
337 | - case IDNA_STRINGPREP_ERROR: | ||
338 | - str = "Error in string preparation"; | ||
339 | - break; | ||
340 | - case IDNA_PUNYCODE_ERROR: | ||
341 | - str = "Error in Punycode operation"; | ||
342 | - break; | ||
343 | - case IDNA_CONTAINS_NON_LDH: | ||
344 | - str = "Illegal ASCII characters"; | ||
345 | - break; | ||
346 | - case IDNA_CONTAINS_MINUS: | ||
347 | - str = "Contains minus"; | ||
348 | - break; | ||
349 | - case IDNA_INVALID_LENGTH: | ||
350 | - str = "Invalid output length"; | ||
351 | - break; | ||
352 | - case IDNA_NO_ACE_PREFIX: | ||
353 | - str = "No ACE prefix (\"xn--\")"; | ||
354 | - break; | ||
355 | - case IDNA_ROUNDTRIP_VERIFY_ERROR: | ||
356 | - str = "Round trip verify error"; | ||
357 | - break; | ||
358 | - case IDNA_CONTAINS_ACE_PREFIX: | ||
359 | - str = "Already have ACE prefix (\"xn--\")"; | ||
360 | - break; | ||
361 | - case IDNA_ICONV_ERROR: | ||
362 | - str = "Locale conversion failed"; | ||
363 | - break; | ||
364 | - case IDNA_MALLOC_ERROR: | ||
365 | - str = "Allocation failed"; | ||
366 | - break; | ||
367 | - case IDNA_DLOPEN_ERROR: | ||
368 | - str = "dlopen() error"; | ||
369 | - break; | ||
370 | - default: | ||
371 | - snprintf(buf, max, "error %d", err); | ||
372 | - str = NULL; | ||
373 | - break; | ||
374 | - } | ||
375 | -#else | ||
376 | - if((Idna_rc)err == IDNA_SUCCESS) | ||
377 | - str = "No error"; | ||
378 | - else | ||
379 | - str = "Error"; | ||
380 | -#endif | ||
381 | - if(str) | ||
382 | - strncpy(buf, str, max); | ||
383 | - buf[max] = '\0'; | ||
384 | - return (buf); | ||
385 | -#endif | ||
386 | -} | ||
387 | -#endif /* USE_LIBIDN */ | ||
388 | - | ||
389 | #ifdef USE_WINDOWS_SSPI | ||
390 | const char *Curl_sspi_strerror (struct connectdata *conn, int err) | ||
391 | { | ||
392 | diff --git a/lib/strerror.h b/lib/strerror.h | ||
393 | index ae8c96b..627273e 100644 | ||
394 | --- a/lib/strerror.h | ||
395 | +++ b/lib/strerror.h | ||
396 | @@ -7,7 +7,7 @@ | ||
397 | * | (__| |_| | _ <| |___ | ||
398 | * \___|\___/|_| \_\_____| | ||
399 | * | ||
400 | - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
401 | + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
402 | * | ||
403 | * This software is licensed as described in the file COPYING, which | ||
404 | * you should have received as part of this distribution. The terms | ||
405 | @@ -26,7 +26,7 @@ | ||
406 | |||
407 | const char *Curl_strerror (struct connectdata *conn, int err); | ||
408 | |||
409 | -#ifdef USE_LIBIDN | ||
410 | +#ifdef USE_LIBIDN2 | ||
411 | const char *Curl_idn_strerror (struct connectdata *conn, int err); | ||
412 | #endif | ||
413 | |||
414 | diff --git a/lib/url.c b/lib/url.c | ||
415 | index 8832989..8d52152 100644 | ||
416 | --- a/lib/url.c | ||
417 | +++ b/lib/url.c | ||
418 | @@ -59,24 +59,15 @@ | ||
419 | #include <limits.h> | ||
420 | #endif | ||
421 | |||
422 | -#ifdef USE_LIBIDN | ||
423 | -#include <idna.h> | ||
424 | -#include <tld.h> | ||
425 | -#include <stringprep.h> | ||
426 | -#ifdef HAVE_IDN_FREE_H | ||
427 | -#include <idn-free.h> | ||
428 | -#else | ||
429 | -/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */ | ||
430 | -void idn_free (void *ptr); | ||
431 | -#endif | ||
432 | -#ifndef HAVE_IDN_FREE | ||
433 | -/* if idn_free() was not found in this version of libidn use free() instead */ | ||
434 | -#define idn_free(x) (free)(x) | ||
435 | -#endif | ||
436 | +#ifdef USE_LIBIDN2 | ||
437 | +#include <idn2.h> | ||
438 | + | ||
439 | #elif defined(USE_WIN32_IDN) | ||
440 | /* prototype for curl_win32_idn_to_ascii() */ | ||
441 | int curl_win32_idn_to_ascii(const char *in, char **out); | ||
442 | -#endif /* USE_LIBIDN */ | ||
443 | +#endif /* USE_LIBIDN2 */ | ||
444 | + | ||
445 | +#include <idn2.h> | ||
446 | |||
447 | #include "urldata.h" | ||
448 | #include "netrc.h" | ||
449 | @@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname) | ||
450 | return TRUE; | ||
451 | } | ||
452 | |||
453 | -#ifdef USE_LIBIDN | ||
454 | -/* | ||
455 | - * Check if characters in hostname is allowed in Top Level Domain. | ||
456 | - */ | ||
457 | -static bool tld_check_name(struct SessionHandle *data, | ||
458 | - const char *ace_hostname) | ||
459 | -{ | ||
460 | - size_t err_pos; | ||
461 | - char *uc_name = NULL; | ||
462 | - int rc; | ||
463 | -#ifndef CURL_DISABLE_VERBOSE_STRINGS | ||
464 | - const char *tld_errmsg = "<no msg>"; | ||
465 | -#else | ||
466 | - (void)data; | ||
467 | -#endif | ||
468 | - | ||
469 | - /* Convert (and downcase) ACE-name back into locale's character set */ | ||
470 | - rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0); | ||
471 | - if(rc != IDNA_SUCCESS) | ||
472 | - return FALSE; | ||
473 | - | ||
474 | - rc = tld_check_lz(uc_name, &err_pos, NULL); | ||
475 | -#ifndef CURL_DISABLE_VERBOSE_STRINGS | ||
476 | -#ifdef HAVE_TLD_STRERROR | ||
477 | - if(rc != TLD_SUCCESS) | ||
478 | - tld_errmsg = tld_strerror((Tld_rc)rc); | ||
479 | -#endif | ||
480 | - if(rc == TLD_INVALID) | ||
481 | - infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n", | ||
482 | - tld_errmsg, err_pos, uc_name[err_pos], | ||
483 | - uc_name[err_pos] & 255); | ||
484 | - else if(rc != TLD_SUCCESS) | ||
485 | - infof(data, "WARNING: TLD check for %s failed; %s\n", | ||
486 | - uc_name, tld_errmsg); | ||
487 | -#endif /* CURL_DISABLE_VERBOSE_STRINGS */ | ||
488 | - if(uc_name) | ||
489 | - idn_free(uc_name); | ||
490 | - if(rc != TLD_SUCCESS) | ||
491 | - return FALSE; | ||
492 | - | ||
493 | - return TRUE; | ||
494 | -} | ||
495 | -#endif | ||
496 | - | ||
497 | /* | ||
498 | * Perform any necessary IDN conversion of hostname | ||
499 | */ | ||
500 | -static void fix_hostname(struct SessionHandle *data, | ||
501 | - struct connectdata *conn, struct hostname *host) | ||
502 | +static void fix_hostname(struct connectdata *conn, struct hostname *host) | ||
503 | { | ||
504 | size_t len; | ||
505 | + struct Curl_easy *data = conn->data; | ||
506 | |||
507 | -#ifndef USE_LIBIDN | ||
508 | +#ifndef USE_LIBIDN2 | ||
509 | (void)data; | ||
510 | (void)conn; | ||
511 | #elif defined(CURL_DISABLE_VERBOSE_STRINGS) | ||
512 | @@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data, | ||
513 | host->name[len-1]=0; | ||
514 | |||
515 | if(!is_ASCII_name(host->name)) { | ||
516 | -#ifdef USE_LIBIDN | ||
517 | - /************************************************************* | ||
518 | - * Check name for non-ASCII and convert hostname to ACE form. | ||
519 | - *************************************************************/ | ||
520 | - if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) { | ||
521 | - char *ace_hostname = NULL; | ||
522 | - int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0); | ||
523 | - infof (data, "Input domain encoded as `%s'\n", | ||
524 | - stringprep_locale_charset ()); | ||
525 | - if(rc != IDNA_SUCCESS) | ||
526 | - infof(data, "Failed to convert %s to ACE; %s\n", | ||
527 | - host->name, Curl_idn_strerror(conn, rc)); | ||
528 | - else { | ||
529 | - /* tld_check_name() displays a warning if the host name contains | ||
530 | - "illegal" characters for this TLD */ | ||
531 | - (void)tld_check_name(data, ace_hostname); | ||
532 | - | ||
533 | - host->encalloc = ace_hostname; | ||
534 | - /* change the name pointer to point to the encoded hostname */ | ||
535 | - host->name = host->encalloc; | ||
536 | +#ifdef USE_LIBIDN2 | ||
537 | + if(idn2_check_version(IDN2_VERSION)) { | ||
538 | + char *ace_hostname = NULL; | ||
539 | + int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0); | ||
540 | + if(rc == IDN2_OK) { | ||
541 | + host->encalloc = (char *)ace_hostname; | ||
542 | + /* change the name pointer to point to the encoded hostname */ | ||
543 | + host->name = host->encalloc; | ||
544 | + } | ||
545 | + else | ||
546 | + infof(data, "Failed to convert %s to ACE; %s\n", host->name, | ||
547 | + idn2_strerror(rc)); | ||
548 | } | ||
549 | } | ||
550 | #elif defined(USE_WIN32_IDN) | ||
551 | @@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data, | ||
552 | */ | ||
553 | static void free_fixed_hostname(struct hostname *host) | ||
554 | { | ||
555 | -#if defined(USE_LIBIDN) | ||
556 | +#if defined(USE_LIBIDN2) | ||
557 | if(host->encalloc) { | ||
558 | - idn_free(host->encalloc); /* must be freed with idn_free() since this was | ||
559 | + idn2_free(host->encalloc); /* must be freed with idn2_free() since this was | ||
560 | allocated by libidn */ | ||
561 | host->encalloc = NULL; | ||
562 | } | ||
563 | @@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data, | ||
564 | /************************************************************* | ||
565 | * IDN-fix the hostnames | ||
566 | *************************************************************/ | ||
567 | - fix_hostname(data, conn, &conn->host); | ||
568 | + fix_hostname(conn, &conn->host); | ||
569 | if(conn->proxy.name && *conn->proxy.name) | ||
570 | - fix_hostname(data, conn, &conn->proxy); | ||
571 | + fix_hostname(conn, &conn->proxy); | ||
572 | |||
573 | /************************************************************* | ||
574 | * Setup internals depending on protocol. Needs to be done after | ||
575 | diff --git a/lib/version.c b/lib/version.c | ||
576 | index 7f14fa5..a5c9811 100644 | ||
577 | --- a/lib/version.c | ||
578 | +++ b/lib/version.c | ||
579 | @@ -36,8 +36,8 @@ | ||
580 | # include <ares.h> | ||
581 | #endif | ||
582 | |||
583 | -#ifdef USE_LIBIDN | ||
584 | -#include <stringprep.h> | ||
585 | +#ifdef USE_LIBIDN2 | ||
586 | +#include <idn2.h> | ||
587 | #endif | ||
588 | |||
589 | #ifdef USE_LIBPSL | ||
590 | @@ -97,9 +97,9 @@ char *curl_version(void) | ||
591 | left -= len; | ||
592 | ptr += len; | ||
593 | #endif | ||
594 | -#ifdef USE_LIBIDN | ||
595 | - if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) { | ||
596 | - len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL)); | ||
597 | +#ifdef USE_LIBIDN2 | ||
598 | + if(idn2_check_version(IDN2_VERSION)) { | ||
599 | + len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL)); | ||
600 | left -= len; | ||
601 | ptr += len; | ||
602 | } | ||
603 | @@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp) | ||
604 | version_info.ares_num = aresnum; | ||
605 | } | ||
606 | #endif | ||
607 | -#ifdef USE_LIBIDN | ||
608 | +#ifdef USE_LIBIDN2 | ||
609 | /* This returns a version string if we use the given version or later, | ||
610 | otherwise it returns NULL */ | ||
611 | - version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION); | ||
612 | + version_info.libidn = idn2_check_version(IDN2_VERSION); | ||
613 | if(version_info.libidn) | ||
614 | version_info.features |= CURL_VERSION_IDN; | ||
615 | #elif defined(USE_WIN32_IDN) | ||
diff --git a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch new file mode 100644 index 0000000000..3549101020 --- /dev/null +++ b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 31 Oct 2016 09:49:50 +0100 | ||
4 | Subject: [PATCH] url: remove unconditional idn2.h include | ||
5 | |||
6 | Mistake brought by 9c91ec778104a [fix to CVE-2016-8625] | ||
7 | Upstream-Status: Backport | ||
8 | |||
9 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
10 | --- | ||
11 | lib/url.c | 2 -- | ||
12 | 1 file changed, 2 deletions(-) | ||
13 | |||
14 | diff --git a/lib/url.c b/lib/url.c | ||
15 | index c90a1c5..b997f41 100644 | ||
16 | --- a/lib/url.c | ||
17 | +++ b/lib/url.c | ||
18 | @@ -67,8 +67,6 @@ | ||
19 | bool curl_win32_idn_to_ascii(const char *in, char **out); | ||
20 | #endif /* USE_LIBIDN2 */ | ||
21 | |||
22 | -#include <idn2.h> | ||
23 | - | ||
24 | #include "urldata.h" | ||
25 | #include "netrc.h" | ||
26 | |||
27 | -- | ||
28 | 1.9.1 | ||
29 | |||
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb index 3c877e4dc2..7fab7cf7e8 100644 --- a/meta/recipes-support/curl/curl_7.47.1.bb +++ b/meta/recipes-support/curl/curl_7.47.1.bb | |||
@@ -25,6 +25,8 @@ SRC_URI += " file://configure_ac.patch \ | |||
25 | file://CVE-2016-8622.patch \ | 25 | file://CVE-2016-8622.patch \ |
26 | file://CVE-2016-8623.patch \ | 26 | file://CVE-2016-8623.patch \ |
27 | file://CVE-2016-8624.patch \ | 27 | file://CVE-2016-8624.patch \ |
28 | file://CVE-2016-8625.patch \ | ||
29 | file://url-remove-unconditional-idn2.h-include.patch \ | ||
28 | " | 30 | " |
29 | 31 | ||
30 | SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" | 32 | SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" |