1 files changed, 210 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8284.patch b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
new file mode 100644
index 0000000000..4ae514ffa8
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
@@ -0,0 +1,210 @@
+From ec9cc725d598ac77de7b6df8afeec292b3c8ad46 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 24 Nov 2020 14:56:57 +0100
+Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default
+The command line tool also independently sets --ftp-skip-pasv-ip by
+default.
+Ten test cases updated to adapt the modified --libcurl output.
+Bug: https://curl.se/docs/CVE-2020-8284.html
+CVE-2020-8284
+Reported-by: Varnavas Papaioannou
+Upstream-Status: Backport [https://github.com/curl/curl/commit/ec9cc725d598ac]
+CVE: CVE-2020-8284
+Signed-off-by: Daniel Stenberg <daniel@haxx.se>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ docs/cmdline-opts/ftp-skip-pasv-ip.d         |   2 ++
+ docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 |   8 +++++---
+ lib/url.c                                    |   1 +
+ src/tool_cfgable.c                           |   1 +
+ tests/data/test1400                          |   1 +
+ tests/data/test1401                          |   1 +
+ tests/data/test1402                          |   1 +
+ tests/data/test1403                          |   1 +
+ tests/data/test1404                          |   1 +
+ tests/data/test1405                          |   1 +
+ tests/data/test1406                          |   1 +
+ tests/data/test1407                          |   1 +
+ tests/data/test1420                          |   1 +
+ 14 files changed, 18 insertions(+), 3 deletions(-)
+diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d
+index d6fd4589b1e..bcf4e7e62f2 100644
+--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d
+++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d
+@@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl
+ will re-use the same IP address it already uses for the control
+ connection.
+ 
+Since curl 7.74.0 this option is enabled by default.
+
+ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
+diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+index d6217d0d8ca..fa87ddce769 100644
+--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+@@ -5,7 +5,7 @@
+ .\" *                            | (__| |_| |  _ <| |___
+ .\" *                             \___|\___/|_| \_\_____|
+ .\" *
+-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ .\" *
+ .\" * This software is licensed as described in the file COPYING, which
+ .\" * you should have received as part of this distribution. The terms
+@@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port
+ number from the 227-response.
+ 
+ This option thus allows libcurl to work around broken server installations
+-that due to NATs, firewalls or incompetence report the wrong IP address back.
+that due to NATs, firewalls or incompetence report the wrong IP address
+back. Setting the option also reduces the risk for various sorts of client
+abuse by malicious servers.
+ 
+ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
+ .SH DEFAULT
+-0
+1 since 7.74.0, was 0 before then.
+ .SH PROTOCOLS
+ FTP
+ .SH EXAMPLE
+diff --git a/lib/url.c b/lib/url.c
+index f8b2a0030de..2b0ba87ba87 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
+   set->ftp_use_eprt = TRUE;   /* FTP defaults to EPRT operations */
+   set->ftp_use_pret = FALSE;  /* mainly useful for drftpd servers */
+   set->ftp_filemethod = FTPFILE_MULTICWD;
+  set->ftp_skip_ip = TRUE;    /* skip PASV IP by default */
+ #endif
+   set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
+ 
+diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
+index c52d8e1c6bb..4c06d3557b7 100644
+--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
+@@ -44,6 +44,7 @@ void config_init(struct OperationConfig *config)
+   config->tcp_nodelay = TRUE; /* enabled by default */
+   config->happy_eyeballs_timeout_ms = CURL_HET_DEFAULT;
+   config->http09_allowed = FALSE;
+  config->ftp_skip_ip = TRUE;
+ }
+ 
+ static void free_config_fields(struct OperationConfig *config)
+diff --git a/tests/data/test1400 b/tests/data/test1400
+index 812ad0b88d9..b7060eca58e 100644
+--- a/tests/data/test1400
+++ b/tests/data/test1400
+@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1401 b/tests/data/test1401
+index f93b3d637de..a2629683aff 100644
+--- a/tests/data/test1401
+++ b/tests/data/test1401
+@@ -87,6 +87,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+   curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE |
+                                            (long)CURLPROTO_FTP |
+diff --git a/tests/data/test1402 b/tests/data/test1402
+index 7593c516da1..1bd55cb4e3b 100644
+--- a/tests/data/test1402
+++ b/tests/data/test1402
+@@ -78,6 +78,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1403 b/tests/data/test1403
+index ecb4dd3dcab..a7c9fcca322 100644
+--- a/tests/data/test1403
+++ b/tests/data/test1403
+@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1404 b/tests/data/test1404
+index 97622b63948..1d8e8cf7779 100644
+--- a/tests/data/test1404
+++ b/tests/data/test1404
+@@ -147,6 +147,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1405 b/tests/data/test1405
+index 2bac79eda74..b4087704f7b 100644
+--- a/tests/data/test1405
+++ b/tests/data/test1405
+@@ -89,6 +89,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2);
+   curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1406 b/tests/data/test1406
+index 51a166adff2..38f68d11ee1 100644
+--- a/tests/data/test1406
+++ b/tests/data/test1406
+@@ -79,6 +79,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/1406");
+   curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+   curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com");
+   curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1);
+diff --git a/tests/data/test1407 b/tests/data/test1407
+index f6879008fb2..a7e13ba7585 100644
+--- a/tests/data/test1407
+++ b/tests/data/test1407
+@@ -62,6 +62,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L);
+   curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated
+diff --git a/tests/data/test1420 b/tests/data/test1420
+index 057ecc4773a..4b8d7bbf418 100644
+--- a/tests/data/test1420
+++ b/tests/data/test1420
+@@ -67,6 +67,7 @@ int main(int argc, char *argv[])
+   curl_easy_setopt(hnd, CURLOPT_URL, "imap://%HOSTIP:%IMAPPORT/1420/;MAILINDEX=1");
+   curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
+   curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
+   curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+ 
+   /* Here is a list of options the curl code used that cannot get generated

diff --git a/meta/recipes-support/curl/curl/CVE-2020-8284.patch b/meta/recipes-support/curl/curl/CVE-2020-8284.patch new file mode 100644 index 0000000000..4ae514ffa8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
@@ -0,0 +1,210 @@
	1	From ec9cc725d598ac77de7b6df8afeec292b3c8ad46 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Tue, 24 Nov 2020 14:56:57 +0100
	4	Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default
	5
	6	The command line tool also independently sets --ftp-skip-pasv-ip by
	7	default.
	8
	9	Ten test cases updated to adapt the modified --libcurl output.
	10
	11	Bug: https://curl.se/docs/CVE-2020-8284.html
	12	CVE-2020-8284
	13
	14	Reported-by: Varnavas Papaioannou
	15
	16	Upstream-Status: Backport [https://github.com/curl/curl/commit/ec9cc725d598ac]
	17
	18	CVE: CVE-2020-8284
	19
	20	Signed-off-by: Daniel Stenberg <daniel@haxx.se>
	21	Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
	22	---
	23	docs/cmdline-opts/ftp-skip-pasv-ip.d \| 2 ++
	24	docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 \| 8 +++++---
	25	lib/url.c \| 1 +
	26	src/tool_cfgable.c \| 1 +
	27	tests/data/test1400 \| 1 +
	28	tests/data/test1401 \| 1 +
	29	tests/data/test1402 \| 1 +
	30	tests/data/test1403 \| 1 +
	31	tests/data/test1404 \| 1 +
	32	tests/data/test1405 \| 1 +
	33	tests/data/test1406 \| 1 +
	34	tests/data/test1407 \| 1 +
	35	tests/data/test1420 \| 1 +
	36	14 files changed, 18 insertions(+), 3 deletions(-)
	37
	38	diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d
	39	index d6fd4589b1e..bcf4e7e62f2 100644
	40	--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d
	41	+++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d
	42	@@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl
	43	will re-use the same IP address it already uses for the control
	44	connection.
	45
	46	+Since curl 7.74.0 this option is enabled by default.
	47	+
	48	This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
	49	diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
	50	index d6217d0d8ca..fa87ddce769 100644
	51	--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
	52	+++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
	53	@@ -5,7 +5,7 @@
	54	.\" * \| (__\| \|_\| \| _ <\| \|___
	55	.\" * \___\|\___/\|_\| \_\_____\|
	56	.\" *
	57	-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
	58	+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
	59	.\" *
	60	.\" * This software is licensed as described in the file COPYING, which
	61	.\" * you should have received as part of this distribution. The terms
	62	@@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port
	63	number from the 227-response.
	64
	65	This option thus allows libcurl to work around broken server installations
	66	-that due to NATs, firewalls or incompetence report the wrong IP address back.
	67	+that due to NATs, firewalls or incompetence report the wrong IP address
	68	+back. Setting the option also reduces the risk for various sorts of client
	69	+abuse by malicious servers.
	70
	71	This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
	72	.SH DEFAULT
	73	-0
	74	+1 since 7.74.0, was 0 before then.
	75	.SH PROTOCOLS
	76	FTP
	77	.SH EXAMPLE
	78	diff --git a/lib/url.c b/lib/url.c
	79	index f8b2a0030de..2b0ba87ba87 100644
	80	--- a/lib/url.c
	81	+++ b/lib/url.c
	82	@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
	83	set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */
	84	set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */
	85	set->ftp_filemethod = FTPFILE_MULTICWD;
	86	+ set->ftp_skip_ip = TRUE; /* skip PASV IP by default */
	87	#endif
	88	set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
	89
	90	diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
	91	index c52d8e1c6bb..4c06d3557b7 100644
	92	--- a/src/tool_cfgable.c
	93	+++ b/src/tool_cfgable.c
	94	@@ -44,6 +44,7 @@ void config_init(struct OperationConfig *config)
	95	config->tcp_nodelay = TRUE; /* enabled by default */
	96	config->happy_eyeballs_timeout_ms = CURL_HET_DEFAULT;
	97	config->http09_allowed = FALSE;
	98	+ config->ftp_skip_ip = TRUE;
	99	}
	100
	101	static void free_config_fields(struct OperationConfig *config)
	102	diff --git a/tests/data/test1400 b/tests/data/test1400
	103	index 812ad0b88d9..b7060eca58e 100644
	104	--- a/tests/data/test1400
	105	+++ b/tests/data/test1400
	106	@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
	107	curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
	108	curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
	109	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	110	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	111	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	112
	113	/* Here is a list of options the curl code used that cannot get generated
	114	diff --git a/tests/data/test1401 b/tests/data/test1401
	115	index f93b3d637de..a2629683aff 100644
	116	--- a/tests/data/test1401
	117	+++ b/tests/data/test1401
	118	@@ -87,6 +87,7 @@ int main(int argc, char *argv[])
	119	curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
	120	curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip");
	121	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	122	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	123	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	124	curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE \|
	125	(long)CURLPROTO_FTP \|
	126	diff --git a/tests/data/test1402 b/tests/data/test1402
	127	index 7593c516da1..1bd55cb4e3b 100644
	128	--- a/tests/data/test1402
	129	+++ b/tests/data/test1402
	130	@@ -78,6 +78,7 @@ int main(int argc, char *argv[])
	131	curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
	132	curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
	133	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	134	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	135	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	136
	137	/* Here is a list of options the curl code used that cannot get generated
	138	diff --git a/tests/data/test1403 b/tests/data/test1403
	139	index ecb4dd3dcab..a7c9fcca322 100644
	140	--- a/tests/data/test1403
	141	+++ b/tests/data/test1403
	142	@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
	143	curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
	144	curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
	145	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	146	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	147	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	148
	149	/* Here is a list of options the curl code used that cannot get generated
	150	diff --git a/tests/data/test1404 b/tests/data/test1404
	151	index 97622b63948..1d8e8cf7779 100644
	152	--- a/tests/data/test1404
	153	+++ b/tests/data/test1404
	154	@@ -147,6 +147,7 @@ int main(int argc, char *argv[])
	155	curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
	156	curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
	157	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	158	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	159	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	160
	161	/* Here is a list of options the curl code used that cannot get generated
	162	diff --git a/tests/data/test1405 b/tests/data/test1405
	163	index 2bac79eda74..b4087704f7b 100644
	164	--- a/tests/data/test1405
	165	+++ b/tests/data/test1405
	166	@@ -89,6 +89,7 @@ int main(int argc, char *argv[])
	167	curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2);
	168	curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3);
	169	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	170	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	171	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	172
	173	/* Here is a list of options the curl code used that cannot get generated
	174	diff --git a/tests/data/test1406 b/tests/data/test1406
	175	index 51a166adff2..38f68d11ee1 100644
	176	--- a/tests/data/test1406
	177	+++ b/tests/data/test1406
	178	@@ -79,6 +79,7 @@ int main(int argc, char *argv[])
	179	curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/1406");
	180	curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
	181	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	182	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	183	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	184	curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com");
	185	curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1);
	186	diff --git a/tests/data/test1407 b/tests/data/test1407
	187	index f6879008fb2..a7e13ba7585 100644
	188	--- a/tests/data/test1407
	189	+++ b/tests/data/test1407
	190	@@ -62,6 +62,7 @@ int main(int argc, char *argv[])
	191	curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L);
	192	curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
	193	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	194	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	195	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	196
	197	/* Here is a list of options the curl code used that cannot get generated
	198	diff --git a/tests/data/test1420 b/tests/data/test1420
	199	index 057ecc4773a..4b8d7bbf418 100644
	200	--- a/tests/data/test1420
	201	+++ b/tests/data/test1420
	202	@@ -67,6 +67,7 @@ int main(int argc, char *argv[])
	203	curl_easy_setopt(hnd, CURLOPT_URL, "imap://%HOSTIP:%IMAPPORT/1420/;MAILINDEX=1");
	204	curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
	205	curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
	206	+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
	207	curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
	208
	209	/* Here is a list of options the curl code used that cannot get generated
	210