summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/apr/apr-util_1.6.1.bb7
-rw-r--r--meta/recipes-support/boost/boost/arm-intrinsics.patch55
-rw-r--r--meta/recipes-support/boost/boost_1.74.0.bb2
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch37
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20210119.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20200601.bb)9
-rw-r--r--meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch1609
-rw-r--r--meta/recipes-support/curl/curl/CVE-2020-8284.patch210
-rw-r--r--meta/recipes-support/curl/curl/CVE-2020-8285.patch257
-rw-r--r--meta/recipes-support/curl/curl/CVE-2020-8286.patch131
-rw-r--r--meta/recipes-support/curl/curl_7.72.0.bb4
-rw-r--r--meta/recipes-support/gpgme/gpgme_1.14.0.bb2
-rw-r--r--meta/recipes-support/iso-codes/iso-codes_4.5.0.bb2
-rw-r--r--meta/recipes-support/libcroco/files/CVE-2020-12825.patch192
-rw-r--r--meta/recipes-support/libcroco/libcroco_0.6.13.bb3
-rw-r--r--meta/recipes-support/libevdev/libevdev/determinism.patch3
-rw-r--r--meta/recipes-support/libexif/files/CVE-2020-0198.patch66
-rw-r--r--meta/recipes-support/libexif/files/CVE-2020-0452.patch39
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.22.bb2
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.8.6.bb3
-rw-r--r--meta/recipes-support/lz4/lz4_1.9.2.bb2
-rw-r--r--meta/recipes-support/p11-kit/p11-kit_0.23.22.bb (renamed from meta/recipes-support/p11-kit/p11-kit_0.23.21.bb)7
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.33.0.bb2
-rw-r--r--meta/recipes-support/vim/files/racefix.patch33
-rw-r--r--meta/recipes-support/vim/vim.inc3
24 files changed, 2572 insertions, 108 deletions
diff --git a/meta/recipes-support/apr/apr-util_1.6.1.bb b/meta/recipes-support/apr/apr-util_1.6.1.bb
index 0dd8f025e8..4e183ca374 100644
--- a/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -19,10 +19,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
19SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f" 19SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
20SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459" 20SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
21 21
22EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \ 22EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
23 --without-odbc \ 23 --without-odbc \
24 --without-pgsql \ 24 --without-pgsql \
25 --with-dbm=gdbm \
26 --without-sqlite2 \ 25 --without-sqlite2 \
27 --with-expat=${STAGING_DIR_HOST}${prefix}" 26 --with-expat=${STAGING_DIR_HOST}${prefix}"
28 27
@@ -36,6 +35,7 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'"
36do_configure_append() { 35do_configure_append() {
37 if [ "${CLASSOVERRIDE}" = "class-target" ]; then 36 if [ "${CLASSOVERRIDE}" = "class-target" ]; then
38 cp ${STAGING_DATADIR}/apr/apr_rules.mk ${B}/build/rules.mk 37 cp ${STAGING_DATADIR}/apr/apr_rules.mk ${B}/build/rules.mk
38 sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${B}/build/rules.mk
39 fi 39 fi
40} 40}
41do_configure_prepend_class-native() { 41do_configure_prepend_class-native() {
@@ -50,6 +50,7 @@ do_configure_append_class-native() {
50 50
51do_configure_prepend_class-nativesdk() { 51do_configure_prepend_class-nativesdk() {
52 cp ${STAGING_DATADIR}/apr/apr_rules.mk ${S}/build/rules.mk 52 cp ${STAGING_DATADIR}/apr/apr_rules.mk ${S}/build/rules.mk
53 sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${S}/build/rules.mk
53} 54}
54 55
55do_configure_append_class-nativesdk() { 56do_configure_append_class-nativesdk() {
@@ -69,7 +70,7 @@ PACKAGECONFIG ??= "crypto gdbm"
69PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" 70PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
70PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl" 71PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl"
71PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3" 72PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3"
72PACKAGECONFIG[gdbm] = "--with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm" 73PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
73 74
74#files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN} 75#files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN}
75FILES_${PN} += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}" 76FILES_${PN} += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}"
diff --git a/meta/recipes-support/boost/boost/arm-intrinsics.patch b/meta/recipes-support/boost/boost/arm-intrinsics.patch
deleted file mode 100644
index fe85c69a82..0000000000
--- a/meta/recipes-support/boost/boost/arm-intrinsics.patch
+++ /dev/null
@@ -1,55 +0,0 @@
1Upstream-Status: Backport
2
38/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com>
4
5diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp
6index b6359b5..78b1cc2 100644
7--- a/boost/smart_ptr/detail/atomic_count_sync.hpp
8+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp
9@@ -33,17 +33,46 @@ public:
10
11 long operator++()
12 {
13+#ifdef __ARM_ARCH_7A__
14+ int v1, tmp;
15+ asm volatile ("1: \n\t"
16+ "ldrex %0, %1 \n\t"
17+ "add %0 ,%0, #1 \n\t"
18+ "strex %2, %0, %1 \n\t"
19+ "cmp %2, #0 \n\t"
20+ "bne 1b \n\t"
21+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
22+ );
23+#else
24 return __sync_add_and_fetch( &value_, 1 );
25+#endif
26 }
27
28 long operator--()
29 {
30+#ifdef __ARM_ARCH_7A__
31+ int v1, tmp;
32+ asm volatile ("1: \n\t"
33+ "ldrex %0, %1 \n\t"
34+ "sub %0 ,%0, #1 \n\t"
35+ "strex %2, %0, %1 \n\t"
36+ "cmp %2, #0 \n\t"
37+ "bne 1b \n\t"
38+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
39+ );
40+ return value_;
41+#else
42 return __sync_add_and_fetch( &value_, -1 );
43+#endif
44 }
45
46 operator long() const
47 {
48+#if __ARM_ARCH_7A__
49+ return value_;
50+#else
51 return __sync_fetch_and_add( &value_, 0 );
52+#endif
53 }
54
55 private:
diff --git a/meta/recipes-support/boost/boost_1.74.0.bb b/meta/recipes-support/boost/boost_1.74.0.bb
index b01b390a59..9188303195 100644
--- a/meta/recipes-support/boost/boost_1.74.0.bb
+++ b/meta/recipes-support/boost/boost_1.74.0.bb
@@ -1,7 +1,7 @@
1require boost-${PV}.inc 1require boost-${PV}.inc
2require boost.inc 2require boost.inc
3 3
4SRC_URI += "file://arm-intrinsics.patch \ 4SRC_URI += " \
5 file://boost-CVE-2012-2677.patch \ 5 file://boost-CVE-2012-2677.patch \
6 file://boost-math-disable-pch-for-gcc.patch \ 6 file://boost-math-disable-pch-for-gcc.patch \
7 file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ 7 file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
deleted file mode 100644
index aa2c85ff43..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Wed, 28 Aug 2019 19:18:14 +0200
4Subject: [PATCH] certdata2pem.py: use python3
5
6Comments in that file imply it is already py3 compatible.
7
8Upstream-Status: Pending
9Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
10---
11 mozilla/Makefile | 2 +-
12 mozilla/certdata2pem.py | 2 +-
13 2 files changed, 2 insertions(+), 2 deletions(-)
14
15diff --git a/mozilla/Makefile b/mozilla/Makefile
16index 6f46118..f98877c 100644
17--- a/mozilla/Makefile
18+++ b/mozilla/Makefile
19@@ -3,7 +3,7 @@
20 #
21
22 all:
23- python certdata2pem.py
24+ python3 certdata2pem.py
25
26 clean:
27 -rm -f *.crt
28diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
29index 0b02b2a..7d796f1 100644
30--- a/mozilla/certdata2pem.py
31+++ b/mozilla/certdata2pem.py
32@@ -1,4 +1,4 @@
33-#!/usr/bin/python
34+#!/usr/bin/python3
35 # vim:set et sw=4:
36 #
37 # certdata2pem.py - splits certdata.txt into multiple files
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
index 6f39df7985..7dcc86fdc1 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
@@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native"
14# Need rehash from openssl and run-parts from debianutils 14# Need rehash from openssl and run-parts from debianutils
15PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" 15PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16 16
17SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b" 17SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
18 18
19SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ 19SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
20 file://0002-update-ca-certificates-use-SYSROOT.patch \ 20 file://0002-update-ca-certificates-use-SYSROOT.patch \
@@ -23,7 +23,6 @@ SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
23 file://default-sysroot.patch \ 23 file://default-sysroot.patch \
24 file://sbindir.patch \ 24 file://sbindir.patch \
25 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ 25 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
26 file://0001-certdata2pem.py-use-python3.patch \
27 " 26 "
28UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" 27UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
29 28
@@ -84,8 +83,8 @@ do_install_append_class-native () {
84 SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates 83 SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
85} 84}
86 85
87RDEPENDS_${PN}_class-target = "openssl-bin" 86RDEPENDS_${PN}_append_class-target = " openssl-bin openssl"
88RDEPENDS_${PN}_class-native = "openssl-native" 87RDEPENDS_${PN}_append_class-native = " openssl-native"
89RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" 88RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
90 89
91BBCLASSEXTEND = "native nativesdk" 90BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch b/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch
new file mode 100644
index 0000000000..d0d01fb97c
--- /dev/null
+++ b/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch
@@ -0,0 +1,1609 @@
1From bfdb7ee65fc8b96f1fce10ef23871acb092b74b6 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Mon, 23 Nov 2020 08:32:41 +0100
4Subject: [PATCH] urldata: remove 'void *protop' and create the union 'p'
5
6... to avoid the use of 'void *' for the protocol specific structs done
7per transfer.
8
9Closes #6238
10
11Upstream-Status: Backport [https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7]
12
13CVE: CVE-2020-8285
14
15Signed-off-by: Daniel Stenberg <daniel@haxx.se>
16Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
17
18---
19 docs/INTERNALS.md | 4 ++--
20 lib/file.c | 14 +++++++-------
21 lib/ftp.c | 36 ++++++++++++++++++------------------
22 lib/http.c | 14 +++++++-------
23 lib/http2.c | 50 +++++++++++++++++++++++++-------------------------
24 lib/http_proxy.c | 6 +++---
25 lib/imap.c | 26 +++++++++++++-------------
26 lib/mqtt.c | 10 +++++-----
27 lib/openldap.c | 8 ++++----
28 lib/pop3.c | 14 +++++++-------
29 lib/rtsp.c | 8 ++++----
30 lib/smb.c | 20 ++++++++++----------
31 lib/smtp.c | 22 +++++++++++-----------
32 lib/telnet.c | 30 +++++++++++++++---------------
33 lib/transfer.c | 8 ++++----
34 lib/url.c | 2 +-
35 lib/urldata.h | 19 +++++++++++++++++--
36 lib/vquic/ngtcp2.c | 24 ++++++++++++------------
37 lib/vquic/quiche.c | 10 +++++-----
38 lib/vssh/libssh.c | 10 +++++-----
39 lib/vssh/libssh2.c | 8 ++++----
40 lib/vssh/wolfssh.c | 8 ++++----
41 22 files changed, 183 insertions(+), 168 deletions(-)
42
43diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md
44index 635e7b2..ca8988e 100644
45--- a/docs/INTERNALS.md
46+++ b/docs/INTERNALS.md
47@@ -980,8 +980,8 @@ for older and later versions as things don't change drastically that often.
48 protocol specific data that then gets associated with that `Curl_easy` for
49 the rest of this transfer. It gets freed again at the end of the transfer.
50 It will be called before the `connectdata` for the transfer has been
51- selected/created. Most protocols will allocate its private
52- `struct [PROTOCOL]` here and assign `Curl_easy->req.protop` to point to it.
53+ selected/created. Most protocols will allocate its private `struct
54+ [PROTOCOL]` here and assign `Curl_easy->req.p.[protocol]` to it.
55
56 `->connect_it` allows a protocol to do some specific actions after the TCP
57 connect is done, that can still be considered part of the connection phase.
58diff --git a/lib/file.c b/lib/file.c
59index cd3e49c..110e5c2 100644
60--- a/lib/file.c
61+++ b/lib/file.c
62@@ -119,8 +119,8 @@ const struct Curl_handler Curl_handler_file = {
63 static CURLcode file_setup_connection(struct connectdata *conn)
64 {
65 /* allocate the FILE specific struct */
66- conn->data->req.protop = calloc(1, sizeof(struct FILEPROTO));
67- if(!conn->data->req.protop)
68+ conn->data->req.p.file = calloc(1, sizeof(struct FILEPROTO));
69+ if(!conn->data->req.p.file)
70 return CURLE_OUT_OF_MEMORY;
71
72 return CURLE_OK;
73@@ -135,7 +135,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
74 {
75 struct Curl_easy *data = conn->data;
76 char *real_path;
77- struct FILEPROTO *file = data->req.protop;
78+ struct FILEPROTO *file = data->req.p.file;
79 int fd;
80 #ifdef DOS_FILESYSTEM
81 size_t i;
82@@ -209,7 +209,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
83 static CURLcode file_done(struct connectdata *conn,
84 CURLcode status, bool premature)
85 {
86- struct FILEPROTO *file = conn->data->req.protop;
87+ struct FILEPROTO *file = conn->data->req.p.file;
88 (void)status; /* not used */
89 (void)premature; /* not used */
90
91@@ -227,7 +227,7 @@ static CURLcode file_done(struct connectdata *conn,
92 static CURLcode file_disconnect(struct connectdata *conn,
93 bool dead_connection)
94 {
95- struct FILEPROTO *file = conn->data->req.protop;
96+ struct FILEPROTO *file = conn->data->req.p.file;
97 (void)dead_connection; /* not used */
98
99 if(file) {
100@@ -249,7 +249,7 @@ static CURLcode file_disconnect(struct connectdata *conn,
101
102 static CURLcode file_upload(struct connectdata *conn)
103 {
104- struct FILEPROTO *file = conn->data->req.protop;
105+ struct FILEPROTO *file = conn->data->req.p.file;
106 const char *dir = strchr(file->path, DIRSEP);
107 int fd;
108 int mode;
109@@ -391,7 +391,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
110 if(data->set.upload)
111 return file_upload(conn);
112
113- file = conn->data->req.protop;
114+ file = conn->data->req.p.file;
115
116 /* get the fd from the connection phase */
117 fd = file->fd;
118diff --git a/lib/ftp.c b/lib/ftp.c
119index 9fadac5..d1a9447 100644
120--- a/lib/ftp.c
121+++ b/lib/ftp.c
122@@ -1345,7 +1345,7 @@ static CURLcode ftp_state_use_pasv(struct connectdata *conn)
123 static CURLcode ftp_state_prepare_transfer(struct connectdata *conn)
124 {
125 CURLcode result = CURLE_OK;
126- struct FTP *ftp = conn->data->req.protop;
127+ struct FTP *ftp = conn->data->req.p.ftp;
128 struct Curl_easy *data = conn->data;
129
130 if(ftp->transfer != FTPTRANSFER_BODY) {
131@@ -1388,7 +1388,7 @@ static CURLcode ftp_state_prepare_transfer(struct connectdata *conn)
132 static CURLcode ftp_state_rest(struct connectdata *conn)
133 {
134 CURLcode result = CURLE_OK;
135- struct FTP *ftp = conn->data->req.protop;
136+ struct FTP *ftp = conn->data->req.p.ftp;
137 struct ftp_conn *ftpc = &conn->proto.ftpc;
138
139 if((ftp->transfer != FTPTRANSFER_BODY) && ftpc->file) {
140@@ -1409,7 +1409,7 @@ static CURLcode ftp_state_rest(struct connectdata *conn)
141 static CURLcode ftp_state_size(struct connectdata *conn)
142 {
143 CURLcode result = CURLE_OK;
144- struct FTP *ftp = conn->data->req.protop;
145+ struct FTP *ftp = conn->data->req.p.ftp;
146 struct ftp_conn *ftpc = &conn->proto.ftpc;
147
148 if((ftp->transfer == FTPTRANSFER_INFO) && ftpc->file) {
149@@ -1430,7 +1430,7 @@ static CURLcode ftp_state_list(struct connectdata *conn)
150 {
151 CURLcode result = CURLE_OK;
152 struct Curl_easy *data = conn->data;
153- struct FTP *ftp = data->req.protop;
154+ struct FTP *ftp = data->req.p.ftp;
155
156 /* If this output is to be machine-parsed, the NLST command might be better
157 to use, since the LIST command output is not specified or standard in any
158@@ -1508,7 +1508,7 @@ static CURLcode ftp_state_stor_prequote(struct connectdata *conn)
159 static CURLcode ftp_state_type(struct connectdata *conn)
160 {
161 CURLcode result = CURLE_OK;
162- struct FTP *ftp = conn->data->req.protop;
163+ struct FTP *ftp = conn->data->req.p.ftp;
164 struct Curl_easy *data = conn->data;
165 struct ftp_conn *ftpc = &conn->proto.ftpc;
166
167@@ -1565,7 +1565,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
168 bool sizechecked)
169 {
170 CURLcode result = CURLE_OK;
171- struct FTP *ftp = conn->data->req.protop;
172+ struct FTP *ftp = conn->data->req.p.ftp;
173 struct Curl_easy *data = conn->data;
174 struct ftp_conn *ftpc = &conn->proto.ftpc;
175
176@@ -1664,7 +1664,7 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
177 {
178 CURLcode result = CURLE_OK;
179 struct Curl_easy *data = conn->data;
180- struct FTP *ftp = data->req.protop;
181+ struct FTP *ftp = data->req.p.ftp;
182 struct ftp_conn *ftpc = &conn->proto.ftpc;
183 bool quote = FALSE;
184 struct curl_slist *item;
185@@ -2033,7 +2033,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
186 {
187 CURLcode result = CURLE_OK;
188 struct Curl_easy *data = conn->data;
189- struct FTP *ftp = data->req.protop;
190+ struct FTP *ftp = data->req.p.ftp;
191 struct ftp_conn *ftpc = &conn->proto.ftpc;
192
193 switch(ftpcode) {
194@@ -2166,7 +2166,7 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
195 {
196 CURLcode result = CURLE_OK;
197 struct Curl_easy *data = conn->data;
198- struct FTP *ftp = data->req.protop;
199+ struct FTP *ftp = data->req.p.ftp;
200 struct ftp_conn *ftpc = &conn->proto.ftpc;
201
202 if(data->set.max_filesize && (filesize > data->set.max_filesize)) {
203@@ -2378,7 +2378,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
204 {
205 CURLcode result = CURLE_OK;
206 struct Curl_easy *data = conn->data;
207- struct FTP *ftp = data->req.protop;
208+ struct FTP *ftp = data->req.p.ftp;
209
210 if((ftpcode == 150) || (ftpcode == 125)) {
211
212@@ -3138,7 +3138,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
213 bool premature)
214 {
215 struct Curl_easy *data = conn->data;
216- struct FTP *ftp = data->req.protop;
217+ struct FTP *ftp = data->req.p.ftp;
218 struct ftp_conn *ftpc = &conn->proto.ftpc;
219 struct pingpong *pp = &ftpc->pp;
220 ssize_t nread;
221@@ -3492,7 +3492,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
222 bool complete = FALSE;
223
224 /* the ftp struct is inited in ftp_connect() */
225- struct FTP *ftp = data->req.protop;
226+ struct FTP *ftp = data->req.p.ftp;
227
228 /* if the second connection isn't done yet, wait for it */
229 if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
230@@ -3657,7 +3657,7 @@ CURLcode ftp_perform(struct connectdata *conn,
231
232 if(conn->data->set.opt_no_body) {
233 /* requested no body means no transfer... */
234- struct FTP *ftp = conn->data->req.protop;
235+ struct FTP *ftp = conn->data->req.p.ftp;
236 ftp->transfer = FTPTRANSFER_INFO;
237 }
238
239@@ -3692,7 +3692,7 @@ static void wc_data_dtor(void *ptr)
240 static CURLcode init_wc_data(struct connectdata *conn)
241 {
242 char *last_slash;
243- struct FTP *ftp = conn->data->req.protop;
244+ struct FTP *ftp = conn->data->req.p.ftp;
245 char *path = ftp->path;
246 struct WildcardData *wildcard = &(conn->data->wildcard);
247 CURLcode result = CURLE_OK;
248@@ -3826,7 +3826,7 @@ static CURLcode wc_statemach(struct connectdata *conn)
249 /* filelist has at least one file, lets get first one */
250 struct ftp_conn *ftpc = &conn->proto.ftpc;
251 struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
252- struct FTP *ftp = conn->data->req.protop;
253+ struct FTP *ftp = conn->data->req.p.ftp;
254
255 char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
256 if(!tmp_path)
257@@ -4099,7 +4099,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
258 {
259 struct Curl_easy *data = conn->data;
260 /* the ftp struct is already inited in ftp_connect() */
261- struct FTP *ftp = data->req.protop;
262+ struct FTP *ftp = data->req.p.ftp;
263 struct ftp_conn *ftpc = &conn->proto.ftpc;
264 const char *slashPos = NULL;
265 const char *fileName = NULL;
266@@ -4244,7 +4244,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
267 static CURLcode ftp_dophase_done(struct connectdata *conn,
268 bool connected)
269 {
270- struct FTP *ftp = conn->data->req.protop;
271+ struct FTP *ftp = conn->data->req.p.ftp;
272 struct ftp_conn *ftpc = &conn->proto.ftpc;
273
274 if(connected) {
275@@ -4341,7 +4341,7 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
276 char *type;
277 struct FTP *ftp;
278
279- conn->data->req.protop = ftp = calloc(sizeof(struct FTP), 1);
280+ conn->data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
281 if(NULL == ftp)
282 return CURLE_OUT_OF_MEMORY;
283
284diff --git a/lib/http.c b/lib/http.c
285index 8fcdd43..31d9112 100644
286--- a/lib/http.c
287+++ b/lib/http.c
288@@ -162,14 +162,14 @@ static CURLcode http_setup_conn(struct connectdata *conn)
289 during this request */
290 struct HTTP *http;
291 struct Curl_easy *data = conn->data;
292- DEBUGASSERT(data->req.protop == NULL);
293+ DEBUGASSERT(data->req.p.http == NULL);
294
295 http = calloc(1, sizeof(struct HTTP));
296 if(!http)
297 return CURLE_OUT_OF_MEMORY;
298
299 Curl_mime_initpart(&http->form, conn->data);
300- data->req.protop = http;
301+ data->req.p.http = http;
302
303 if(data->set.httpversion == CURL_HTTP_VERSION_3) {
304 if(conn->handler->flags & PROTOPT_SSL)
305@@ -425,7 +425,7 @@ static bool pickoneauth(struct auth *pick, unsigned long mask)
306 static CURLcode http_perhapsrewind(struct connectdata *conn)
307 {
308 struct Curl_easy *data = conn->data;
309- struct HTTP *http = data->req.protop;
310+ struct HTTP *http = data->req.p.http;
311 curl_off_t bytessent;
312 curl_off_t expectsend = -1; /* default is unknown */
313
314@@ -1109,7 +1109,7 @@ static size_t readmoredata(char *buffer,
315 void *userp)
316 {
317 struct connectdata *conn = (struct connectdata *)userp;
318- struct HTTP *http = conn->data->req.protop;
319+ struct HTTP *http = conn->data->req.p.http;
320 size_t fullsize = size * nitems;
321
322 if(!http->postsize)
323@@ -1167,7 +1167,7 @@ CURLcode Curl_buffer_send(struct dynbuf *in,
324 char *ptr;
325 size_t size;
326 struct Curl_easy *data = conn->data;
327- struct HTTP *http = data->req.protop;
328+ struct HTTP *http = data->req.p.http;
329 size_t sendsize;
330 curl_socket_t sockfd;
331 size_t headersize;
332@@ -1517,7 +1517,7 @@ CURLcode Curl_http_done(struct connectdata *conn,
333 CURLcode status, bool premature)
334 {
335 struct Curl_easy *data = conn->data;
336- struct HTTP *http = data->req.protop;
337+ struct HTTP *http = data->req.p.http;
338
339 /* Clear multipass flag. If authentication isn't done yet, then it will get
340 * a chance to be set back to true when we output the next auth header */
341@@ -1978,7 +1978,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
342 return result;
343 }
344 }
345- http = data->req.protop;
346+ http = data->req.p.http;
347 DEBUGASSERT(http);
348
349 if(!data->state.this_is_a_follow) {
350diff --git a/lib/http2.c b/lib/http2.c
351index d316da8..c41a1c2 100644
352--- a/lib/http2.c
353+++ b/lib/http2.c
354@@ -257,7 +257,7 @@ static unsigned int http2_conncheck(struct connectdata *check,
355 /* called from http_setup_conn */
356 void Curl_http2_setup_req(struct Curl_easy *data)
357 {
358- struct HTTP *http = data->req.protop;
359+ struct HTTP *http = data->req.p.http;
360 http->bodystarted = FALSE;
361 http->status_code = -1;
362 http->pausedata = NULL;
363@@ -391,7 +391,7 @@ char *curl_pushheader_bynum(struct curl_pushheaders *h, size_t num)
364 if(!h || !GOOD_EASY_HANDLE(h->data))
365 return NULL;
366 else {
367- struct HTTP *stream = h->data->req.protop;
368+ struct HTTP *stream = h->data->req.p.http;
369 if(num < stream->push_headers_used)
370 return stream->push_headers[num];
371 }
372@@ -413,7 +413,7 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
373 !strcmp(header, ":") || strchr(header + 1, ':'))
374 return NULL;
375 else {
376- struct HTTP *stream = h->data->req.protop;
377+ struct HTTP *stream = h->data->req.p.http;
378 size_t len = strlen(header);
379 size_t i;
380 for(i = 0; i<stream->push_headers_used; i++) {
381@@ -460,7 +460,7 @@ static struct Curl_easy *duphandle(struct Curl_easy *data)
382 (void)Curl_close(&second);
383 }
384 else {
385- second->req.protop = http;
386+ second->req.p.http = http;
387 Curl_dyn_init(&http->header_recvbuf, DYN_H2_HEADERS);
388 Curl_http2_setup_req(second);
389 second->state.stream_weight = data->state.stream_weight;
390@@ -537,7 +537,7 @@ static int push_promise(struct Curl_easy *data,
391 /* ask the application */
392 H2BUGF(infof(data, "Got PUSH_PROMISE, ask application!\n"));
393
394- stream = data->req.protop;
395+ stream = data->req.p.http;
396 if(!stream) {
397 failf(data, "Internal NULL stream!\n");
398 (void)Curl_close(&newhandle);
399@@ -567,13 +567,13 @@ static int push_promise(struct Curl_easy *data,
400 if(rv) {
401 DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT));
402 /* denied, kill off the new handle again */
403- http2_stream_free(newhandle->req.protop);
404- newhandle->req.protop = NULL;
405+ http2_stream_free(newhandle->req.p.http);
406+ newhandle->req.p.http = NULL;
407 (void)Curl_close(&newhandle);
408 goto fail;
409 }
410
411- newstream = newhandle->req.protop;
412+ newstream = newhandle->req.p.http;
413 newstream->stream_id = frame->promised_stream_id;
414 newhandle->req.maxdownload = -1;
415 newhandle->req.size = -1;
416@@ -583,8 +583,8 @@ static int push_promise(struct Curl_easy *data,
417 rc = Curl_multi_add_perform(data->multi, newhandle, conn);
418 if(rc) {
419 infof(data, "failed to add handle to multi\n");
420- http2_stream_free(newhandle->req.protop);
421- newhandle->req.protop = NULL;
422+ http2_stream_free(newhandle->req.p.http);
423+ newhandle->req.p.http = NULL;
424 Curl_close(&newhandle);
425 rv = CURL_PUSH_DENY;
426 goto fail;
427@@ -667,7 +667,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
428 return 0;
429 }
430
431- stream = data_s->req.protop;
432+ stream = data_s->req.p.http;
433 if(!stream) {
434 H2BUGF(infof(data_s, "No proto pointer for stream: %x\n",
435 stream_id));
436@@ -783,7 +783,7 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
437 internal error more than anything else! */
438 return NGHTTP2_ERR_CALLBACK_FAILURE;
439
440- stream = data_s->req.protop;
441+ stream = data_s->req.p.http;
442 if(!stream)
443 return NGHTTP2_ERR_CALLBACK_FAILURE;
444
445@@ -849,7 +849,7 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id,
446 }
447 H2BUGF(infof(data_s, "on_stream_close(), %s (err %d), stream %u\n",
448 nghttp2_http2_strerror(error_code), error_code, stream_id));
449- stream = data_s->req.protop;
450+ stream = data_s->req.p.http;
451 if(!stream)
452 return NGHTTP2_ERR_CALLBACK_FAILURE;
453
454@@ -894,7 +894,7 @@ static int on_begin_headers(nghttp2_session *session,
455 return 0;
456 }
457
458- stream = data_s->req.protop;
459+ stream = data_s->req.p.http;
460 if(!stream || !stream->bodystarted) {
461 return 0;
462 }
463@@ -952,7 +952,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
464 internal error more than anything else! */
465 return NGHTTP2_ERR_CALLBACK_FAILURE;
466
467- stream = data_s->req.protop;
468+ stream = data_s->req.p.http;
469 if(!stream) {
470 failf(data_s, "Internal NULL stream! 5\n");
471 return NGHTTP2_ERR_CALLBACK_FAILURE;
472@@ -1100,7 +1100,7 @@ static ssize_t data_source_read_callback(nghttp2_session *session,
473 internal error more than anything else! */
474 return NGHTTP2_ERR_CALLBACK_FAILURE;
475
476- stream = data_s->req.protop;
477+ stream = data_s->req.p.http;
478 if(!stream)
479 return NGHTTP2_ERR_CALLBACK_FAILURE;
480 }
481@@ -1161,7 +1161,7 @@ static void populate_settings(struct connectdata *conn,
482
483 void Curl_http2_done(struct Curl_easy *data, bool premature)
484 {
485- struct HTTP *http = data->req.protop;
486+ struct HTTP *http = data->req.p.http;
487 struct http_conn *httpc = &data->conn->proto.httpc;
488
489 /* there might be allocated resources done before this got the 'h2' pointer
490@@ -1398,7 +1398,7 @@ CURLcode Curl_http2_done_sending(struct connectdata *conn)
491 (conn->handler == &Curl_handler_http2)) {
492 /* make sure this is only attempted for HTTP/2 transfers */
493
494- struct HTTP *stream = conn->data->req.protop;
495+ struct HTTP *stream = conn->data->req.p.http;
496
497 struct http_conn *httpc = &conn->proto.httpc;
498 nghttp2_session *h2 = httpc->h2;
499@@ -1522,7 +1522,7 @@ static void h2_pri_spec(struct Curl_easy *data,
500 nghttp2_priority_spec *pri_spec)
501 {
502 struct HTTP *depstream = (data->set.stream_depends_on?
503- data->set.stream_depends_on->req.protop:NULL);
504+ data->set.stream_depends_on->req.p.http:NULL);
505 int32_t depstream_id = depstream? depstream->stream_id:0;
506 nghttp2_priority_spec_init(pri_spec, depstream_id, data->set.stream_weight,
507 data->set.stream_depends_e);
508@@ -1539,7 +1539,7 @@ static void h2_pri_spec(struct Curl_easy *data,
509 static int h2_session_send(struct Curl_easy *data,
510 nghttp2_session *h2)
511 {
512- struct HTTP *stream = data->req.protop;
513+ struct HTTP *stream = data->req.p.http;
514 if((data->set.stream_weight != data->state.stream_weight) ||
515 (data->set.stream_depends_e != data->state.stream_depends_e) ||
516 (data->set.stream_depends_on != data->state.stream_depends_on) ) {
517@@ -1569,7 +1569,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
518 ssize_t nread;
519 struct http_conn *httpc = &conn->proto.httpc;
520 struct Curl_easy *data = conn->data;
521- struct HTTP *stream = data->req.protop;
522+ struct HTTP *stream = data->req.p.http;
523
524 (void)sockindex; /* we always do HTTP2 on sockindex 0 */
525
526@@ -1874,7 +1874,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
527 */
528 int rv;
529 struct http_conn *httpc = &conn->proto.httpc;
530- struct HTTP *stream = conn->data->req.protop;
531+ struct HTTP *stream = conn->data->req.p.http;
532 nghttp2_nv *nva = NULL;
533 size_t nheader;
534 size_t i;
535@@ -2183,7 +2183,7 @@ CURLcode Curl_http2_setup(struct connectdata *conn)
536 {
537 CURLcode result;
538 struct http_conn *httpc = &conn->proto.httpc;
539- struct HTTP *stream = conn->data->req.protop;
540+ struct HTTP *stream = conn->data->req.p.http;
541
542 DEBUGASSERT(conn->data->state.buffer);
543
544@@ -2238,7 +2238,7 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
545 int rv;
546 ssize_t nproc;
547 struct Curl_easy *data = conn->data;
548- struct HTTP *stream = conn->data->req.protop;
549+ struct HTTP *stream = conn->data->req.p.http;
550
551 result = Curl_http2_setup(conn);
552 if(result)
553@@ -2358,7 +2358,7 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
554 return CURLE_OK;
555 #ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
556 else {
557- struct HTTP *stream = data->req.protop;
558+ struct HTTP *stream = data->req.p.http;
559 struct http_conn *httpc = &data->conn->proto.httpc;
560 uint32_t window = !pause * HTTP2_HUGE_WINDOW_SIZE;
561 int rv = nghttp2_session_set_local_window_size(httpc->h2,
562diff --git a/lib/http_proxy.c b/lib/http_proxy.c
563index f188cbf..69aacb4 100644
564--- a/lib/http_proxy.c
565+++ b/lib/http_proxy.c
566@@ -102,9 +102,9 @@ CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
567 * This function might be called several times in the multi interface case
568 * if the proxy's CONNECT response is not instant.
569 */
570- prot_save = conn->data->req.protop;
571+ prot_save = conn->data->req.p.http;
572 memset(&http_proxy, 0, sizeof(http_proxy));
573- conn->data->req.protop = &http_proxy;
574+ conn->data->req.p.http = &http_proxy;
575 connkeep(conn, "HTTP proxy CONNECT");
576
577 /* for the secondary socket (FTP), use the "connect to host"
578@@ -125,7 +125,7 @@ CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
579 else
580 remote_port = conn->remote_port;
581 result = Curl_proxyCONNECT(conn, sockindex, hostname, remote_port);
582- conn->data->req.protop = prot_save;
583+ conn->data->req.p.http = prot_save;
584 if(CURLE_OK != result)
585 return result;
586 Curl_safefree(data->state.aptr.proxyuserpwd);
587diff --git a/lib/imap.c b/lib/imap.c
588index cad0e59..bda23a5 100644
589--- a/lib/imap.c
590+++ b/lib/imap.c
591@@ -244,7 +244,7 @@ static bool imap_matchresp(const char *line, size_t len, const char *cmd)
592 static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
593 int *resp)
594 {
595- struct IMAP *imap = conn->data->req.protop;
596+ struct IMAP *imap = conn->data->req.p.imap;
597 struct imap_conn *imapc = &conn->proto.imapc;
598 const char *id = imapc->resptag;
599 size_t id_len = strlen(id);
600@@ -605,7 +605,7 @@ static CURLcode imap_perform_list(struct connectdata *conn)
601 {
602 CURLcode result = CURLE_OK;
603 struct Curl_easy *data = conn->data;
604- struct IMAP *imap = data->req.protop;
605+ struct IMAP *imap = data->req.p.imap;
606
607 if(imap->custom)
608 /* Send the custom request */
609@@ -640,7 +640,7 @@ static CURLcode imap_perform_select(struct connectdata *conn)
610 {
611 CURLcode result = CURLE_OK;
612 struct Curl_easy *data = conn->data;
613- struct IMAP *imap = data->req.protop;
614+ struct IMAP *imap = data->req.p.imap;
615 struct imap_conn *imapc = &conn->proto.imapc;
616 char *mailbox;
617
618@@ -679,7 +679,7 @@ static CURLcode imap_perform_select(struct connectdata *conn)
619 static CURLcode imap_perform_fetch(struct connectdata *conn)
620 {
621 CURLcode result = CURLE_OK;
622- struct IMAP *imap = conn->data->req.protop;
623+ struct IMAP *imap = conn->data->req.p.imap;
624 /* Check we have a UID */
625 if(imap->uid) {
626
627@@ -727,7 +727,7 @@ static CURLcode imap_perform_append(struct connectdata *conn)
628 {
629 CURLcode result = CURLE_OK;
630 struct Curl_easy *data = conn->data;
631- struct IMAP *imap = data->req.protop;
632+ struct IMAP *imap = data->req.p.imap;
633 char *mailbox;
634
635 /* Check we have a mailbox */
636@@ -797,7 +797,7 @@ static CURLcode imap_perform_append(struct connectdata *conn)
637 static CURLcode imap_perform_search(struct connectdata *conn)
638 {
639 CURLcode result = CURLE_OK;
640- struct IMAP *imap = conn->data->req.protop;
641+ struct IMAP *imap = conn->data->req.p.imap;
642
643 /* Check we have a query string */
644 if(!imap->query) {
645@@ -1051,7 +1051,7 @@ static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode,
646 {
647 CURLcode result = CURLE_OK;
648 struct Curl_easy *data = conn->data;
649- struct IMAP *imap = conn->data->req.protop;
650+ struct IMAP *imap = conn->data->req.p.imap;
651 struct imap_conn *imapc = &conn->proto.imapc;
652 const char *line = data->state.buffer;
653
654@@ -1380,7 +1380,7 @@ static CURLcode imap_init(struct connectdata *conn)
655 struct Curl_easy *data = conn->data;
656 struct IMAP *imap;
657
658- imap = data->req.protop = calloc(sizeof(struct IMAP), 1);
659+ imap = data->req.p.imap = calloc(sizeof(struct IMAP), 1);
660 if(!imap)
661 result = CURLE_OUT_OF_MEMORY;
662
663@@ -1457,7 +1457,7 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
664 {
665 CURLcode result = CURLE_OK;
666 struct Curl_easy *data = conn->data;
667- struct IMAP *imap = data->req.protop;
668+ struct IMAP *imap = data->req.p.imap;
669
670 (void)premature;
671
672@@ -1517,7 +1517,7 @@ static CURLcode imap_perform(struct connectdata *conn, bool *connected,
673 /* This is IMAP and no proxy */
674 CURLcode result = CURLE_OK;
675 struct Curl_easy *data = conn->data;
676- struct IMAP *imap = data->req.protop;
677+ struct IMAP *imap = data->req.p.imap;
678 struct imap_conn *imapc = &conn->proto.imapc;
679 bool selected = FALSE;
680
681@@ -1640,7 +1640,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection)
682 /* Call this when the DO phase has completed */
683 static CURLcode imap_dophase_done(struct connectdata *conn, bool connected)
684 {
685- struct IMAP *imap = conn->data->req.protop;
686+ struct IMAP *imap = conn->data->req.p.imap;
687
688 (void)connected;
689
690@@ -1942,7 +1942,7 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
691 /* The imap struct is already initialised in imap_connect() */
692 CURLcode result = CURLE_OK;
693 struct Curl_easy *data = conn->data;
694- struct IMAP *imap = data->req.protop;
695+ struct IMAP *imap = data->req.p.imap;
696 const char *begin = &data->state.up.path[1]; /* skip leading slash */
697 const char *ptr = begin;
698
699@@ -2074,7 +2074,7 @@ static CURLcode imap_parse_custom_request(struct connectdata *conn)
700 {
701 CURLcode result = CURLE_OK;
702 struct Curl_easy *data = conn->data;
703- struct IMAP *imap = data->req.protop;
704+ struct IMAP *imap = data->req.p.imap;
705 const char *custom = data->set.str[STRING_CUSTOMREQUEST];
706
707 if(custom) {
708diff --git a/lib/mqtt.c b/lib/mqtt.c
709index f6f4416..86b22b8 100644
710--- a/lib/mqtt.c
711+++ b/lib/mqtt.c
712@@ -95,12 +95,12 @@ static CURLcode mqtt_setup_conn(struct connectdata *conn)
713 during this request */
714 struct MQTT *mq;
715 struct Curl_easy *data = conn->data;
716- DEBUGASSERT(data->req.protop == NULL);
717+ DEBUGASSERT(data->req.p.mqtt == NULL);
718
719 mq = calloc(1, sizeof(struct MQTT));
720 if(!mq)
721 return CURLE_OUT_OF_MEMORY;
722- data->req.protop = mq;
723+ data->req.p.mqtt = mq;
724 return CURLE_OK;
725 }
726
727@@ -110,7 +110,7 @@ static CURLcode mqtt_send(struct connectdata *conn,
728 CURLcode result = CURLE_OK;
729 curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
730 struct Curl_easy *data = conn->data;
731- struct MQTT *mq = data->req.protop;
732+ struct MQTT *mq = data->req.p.mqtt;
733 ssize_t n;
734 result = Curl_write(conn, sockfd, buf, len, &n);
735 if(!result && data->set.verbose)
736@@ -426,7 +426,7 @@ static CURLcode mqtt_read_publish(struct connectdata *conn,
737 unsigned char *pkt = (unsigned char *)data->state.buffer;
738 size_t remlen;
739 struct mqtt_conn *mqtt = &conn->proto.mqtt;
740- struct MQTT *mq = data->req.protop;
741+ struct MQTT *mq = data->req.p.mqtt;
742 unsigned char packet;
743
744 switch(mqtt->state) {
745@@ -533,7 +533,7 @@ static CURLcode mqtt_doing(struct connectdata *conn, bool *done)
746 CURLcode result = CURLE_OK;
747 struct mqtt_conn *mqtt = &conn->proto.mqtt;
748 struct Curl_easy *data = conn->data;
749- struct MQTT *mq = data->req.protop;
750+ struct MQTT *mq = data->req.p.mqtt;
751 ssize_t nread;
752 curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
753 unsigned char *pkt = (unsigned char *)data->state.buffer;
754diff --git a/lib/openldap.c b/lib/openldap.c
755index 782d6a0..c955df6 100644
756--- a/lib/openldap.c
757+++ b/lib/openldap.c
758@@ -410,7 +410,7 @@ static CURLcode ldap_do(struct connectdata *conn, bool *done)
759 if(!lr)
760 return CURLE_OUT_OF_MEMORY;
761 lr->msgid = msgid;
762- data->req.protop = lr;
763+ data->req.p.ldap = lr;
764 Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
765 *done = TRUE;
766 return CURLE_OK;
767@@ -419,7 +419,7 @@ static CURLcode ldap_do(struct connectdata *conn, bool *done)
768 static CURLcode ldap_done(struct connectdata *conn, CURLcode res,
769 bool premature)
770 {
771- struct ldapreqinfo *lr = conn->data->req.protop;
772+ struct ldapreqinfo *lr = conn->data->req.p.ldap;
773
774 (void)res;
775 (void)premature;
776@@ -431,7 +431,7 @@ static CURLcode ldap_done(struct connectdata *conn, CURLcode res,
777 ldap_abandon_ext(li->ld, lr->msgid, NULL, NULL);
778 lr->msgid = 0;
779 }
780- conn->data->req.protop = NULL;
781+ conn->data->req.p.ldap = NULL;
782 free(lr);
783 }
784
785@@ -443,7 +443,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
786 {
787 struct ldapconninfo *li = conn->proto.ldapc;
788 struct Curl_easy *data = conn->data;
789- struct ldapreqinfo *lr = data->req.protop;
790+ struct ldapreqinfo *lr = data->req.p.ldap;
791 int rc, ret;
792 LDAPMessage *msg = NULL;
793 LDAPMessage *ent;
794diff --git a/lib/pop3.c b/lib/pop3.c
795index 9ff5c78..04cc887 100644
796--- a/lib/pop3.c
797+++ b/lib/pop3.c
798@@ -551,7 +551,7 @@ static CURLcode pop3_perform_command(struct connectdata *conn)
799 {
800 CURLcode result = CURLE_OK;
801 struct Curl_easy *data = conn->data;
802- struct POP3 *pop3 = data->req.protop;
803+ struct POP3 *pop3 = data->req.p.pop3;
804 const char *command = NULL;
805
806 /* Calculate the default command */
807@@ -884,7 +884,7 @@ static CURLcode pop3_state_command_resp(struct connectdata *conn,
808 {
809 CURLcode result = CURLE_OK;
810 struct Curl_easy *data = conn->data;
811- struct POP3 *pop3 = data->req.protop;
812+ struct POP3 *pop3 = data->req.p.pop3;
813 struct pop3_conn *pop3c = &conn->proto.pop3c;
814 struct pingpong *pp = &pop3c->pp;
815
816@@ -1046,7 +1046,7 @@ static CURLcode pop3_init(struct connectdata *conn)
817 struct Curl_easy *data = conn->data;
818 struct POP3 *pop3;
819
820- pop3 = data->req.protop = calloc(sizeof(struct POP3), 1);
821+ pop3 = data->req.p.pop3 = calloc(sizeof(struct POP3), 1);
822 if(!pop3)
823 result = CURLE_OUT_OF_MEMORY;
824
825@@ -1120,7 +1120,7 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
826 {
827 CURLcode result = CURLE_OK;
828 struct Curl_easy *data = conn->data;
829- struct POP3 *pop3 = data->req.protop;
830+ struct POP3 *pop3 = data->req.p.pop3;
831
832 (void)premature;
833
834@@ -1154,7 +1154,7 @@ static CURLcode pop3_perform(struct connectdata *conn, bool *connected,
835 {
836 /* This is POP3 and no proxy */
837 CURLcode result = CURLE_OK;
838- struct POP3 *pop3 = conn->data->req.protop;
839+ struct POP3 *pop3 = conn->data->req.p.pop3;
840
841 DEBUGF(infof(conn->data, "DO phase starts\n"));
842
843@@ -1386,7 +1386,7 @@ static CURLcode pop3_parse_url_path(struct connectdata *conn)
844 {
845 /* The POP3 struct is already initialised in pop3_connect() */
846 struct Curl_easy *data = conn->data;
847- struct POP3 *pop3 = data->req.protop;
848+ struct POP3 *pop3 = data->req.p.pop3;
849 const char *path = &data->state.up.path[1]; /* skip leading path */
850
851 /* URL decode the path for the message ID */
852@@ -1403,7 +1403,7 @@ static CURLcode pop3_parse_custom_request(struct connectdata *conn)
853 {
854 CURLcode result = CURLE_OK;
855 struct Curl_easy *data = conn->data;
856- struct POP3 *pop3 = data->req.protop;
857+ struct POP3 *pop3 = data->req.p.pop3;
858 const char *custom = data->set.str[STRING_CUSTOMREQUEST];
859
860 /* URL decode the custom request */
861diff --git a/lib/rtsp.c b/lib/rtsp.c
862index dbd7dc6..29e6d58 100644
863--- a/lib/rtsp.c
864+++ b/lib/rtsp.c
865@@ -114,7 +114,7 @@ static CURLcode rtsp_setup_connection(struct connectdata *conn)
866 {
867 struct RTSP *rtsp;
868
869- conn->data->req.protop = rtsp = calloc(1, sizeof(struct RTSP));
870+ conn->data->req.p.rtsp = rtsp = calloc(1, sizeof(struct RTSP));
871 if(!rtsp)
872 return CURLE_OUT_OF_MEMORY;
873
874@@ -199,7 +199,7 @@ static CURLcode rtsp_done(struct connectdata *conn,
875 CURLcode status, bool premature)
876 {
877 struct Curl_easy *data = conn->data;
878- struct RTSP *rtsp = data->req.protop;
879+ struct RTSP *rtsp = data->req.p.rtsp;
880 CURLcode httpStatus;
881
882 /* Bypass HTTP empty-reply checks on receive */
883@@ -232,7 +232,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
884 struct Curl_easy *data = conn->data;
885 CURLcode result = CURLE_OK;
886 Curl_RtspReq rtspreq = data->set.rtspreq;
887- struct RTSP *rtsp = data->req.protop;
888+ struct RTSP *rtsp = data->req.p.rtsp;
889 struct dynbuf req_buffer;
890 curl_off_t postsize = 0; /* for ANNOUNCE and SET_PARAMETER */
891 curl_off_t putsize = 0; /* for ANNOUNCE and SET_PARAMETER */
892@@ -764,7 +764,7 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
893 /* Store the received CSeq. Match is verified in rtsp_done */
894 int nc = sscanf(&header[4], ": %ld", &CSeq);
895 if(nc == 1) {
896- struct RTSP *rtsp = data->req.protop;
897+ struct RTSP *rtsp = data->req.p.rtsp;
898 rtsp->CSeq_recv = CSeq; /* mark the request */
899 data->state.rtsp_CSeq_recv = CSeq; /* update the handle */
900 }
901diff --git a/lib/smb.c b/lib/smb.c
902index d493adc..9eba7ab 100644
903--- a/lib/smb.c
904+++ b/lib/smb.c
905@@ -204,7 +204,7 @@ static void conn_state(struct connectdata *conn, enum smb_conn_state newstate)
906 static void request_state(struct connectdata *conn,
907 enum smb_req_state newstate)
908 {
909- struct smb_request *req = conn->data->req.protop;
910+ struct smb_request *req = conn->data->req.p.smb;
911 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
912 /* For debug purposes */
913 static const char * const names[] = {
914@@ -234,7 +234,7 @@ static CURLcode smb_setup_connection(struct connectdata *conn)
915 struct smb_request *req;
916
917 /* Initialize the request state */
918- conn->data->req.protop = req = calloc(1, sizeof(struct smb_request));
919+ conn->data->req.p.smb = req = calloc(1, sizeof(struct smb_request));
920 if(!req)
921 return CURLE_OUT_OF_MEMORY;
922
923@@ -342,7 +342,7 @@ static void smb_format_message(struct connectdata *conn, struct smb_header *h,
924 unsigned char cmd, size_t len)
925 {
926 struct smb_conn *smbc = &conn->proto.smbc;
927- struct smb_request *req = conn->data->req.protop;
928+ struct smb_request *req = conn->data->req.p.smb;
929 unsigned int pid;
930
931 memset(h, 0, sizeof(*h));
932@@ -505,7 +505,7 @@ static CURLcode smb_send_tree_connect(struct connectdata *conn)
933
934 static CURLcode smb_send_open(struct connectdata *conn)
935 {
936- struct smb_request *req = conn->data->req.protop;
937+ struct smb_request *req = conn->data->req.p.smb;
938 struct smb_nt_create msg;
939 size_t byte_count;
940
941@@ -535,7 +535,7 @@ static CURLcode smb_send_open(struct connectdata *conn)
942
943 static CURLcode smb_send_close(struct connectdata *conn)
944 {
945- struct smb_request *req = conn->data->req.protop;
946+ struct smb_request *req = conn->data->req.p.smb;
947 struct smb_close msg;
948
949 memset(&msg, 0, sizeof(msg));
950@@ -556,7 +556,7 @@ static CURLcode smb_send_tree_disconnect(struct connectdata *conn)
951
952 static CURLcode smb_send_read(struct connectdata *conn)
953 {
954- struct smb_request *req = conn->data->req.protop;
955+ struct smb_request *req = conn->data->req.p.smb;
956 curl_off_t offset = conn->data->req.offset;
957 struct smb_read msg;
958
959@@ -575,7 +575,7 @@ static CURLcode smb_send_read(struct connectdata *conn)
960 static CURLcode smb_send_write(struct connectdata *conn)
961 {
962 struct smb_write *msg;
963- struct smb_request *req = conn->data->req.protop;
964+ struct smb_request *req = conn->data->req.p.smb;
965 curl_off_t offset = conn->data->req.offset;
966 curl_off_t upload_size = conn->data->req.size - conn->data->req.bytecount;
967 CURLcode result = Curl_get_upload_buffer(conn->data);
968@@ -738,7 +738,7 @@ static void get_posix_time(time_t *out, curl_off_t timestamp)
969
970 static CURLcode smb_request_state(struct connectdata *conn, bool *done)
971 {
972- struct smb_request *req = conn->data->req.protop;
973+ struct smb_request *req = conn->data->req.p.smb;
974 struct smb_header *h;
975 struct smb_conn *smbc = &conn->proto.smbc;
976 enum smb_req_state next_state = SMB_DONE;
977@@ -923,7 +923,7 @@ static CURLcode smb_done(struct connectdata *conn, CURLcode status,
978 bool premature)
979 {
980 (void) premature;
981- Curl_safefree(conn->data->req.protop);
982+ Curl_safefree(conn->data->req.p.smb);
983 return status;
984 }
985
986@@ -957,7 +957,7 @@ static CURLcode smb_do(struct connectdata *conn, bool *done)
987 static CURLcode smb_parse_url_path(struct connectdata *conn)
988 {
989 struct Curl_easy *data = conn->data;
990- struct smb_request *req = data->req.protop;
991+ struct smb_request *req = data->req.p.smb;
992 struct smb_conn *smbc = &conn->proto.smbc;
993 char *path;
994 char *slash;
995diff --git a/lib/smtp.c b/lib/smtp.c
996index aea41bb..c5d0296 100644
997--- a/lib/smtp.c
998+++ b/lib/smtp.c
999@@ -484,7 +484,7 @@ static CURLcode smtp_perform_command(struct connectdata *conn)
1000 {
1001 CURLcode result = CURLE_OK;
1002 struct Curl_easy *data = conn->data;
1003- struct SMTP *smtp = data->req.protop;
1004+ struct SMTP *smtp = data->req.p.smtp;
1005
1006 if(smtp->rcpt) {
1007 /* We notify the server we are sending UTF-8 data if a) it supports the
1008@@ -697,7 +697,7 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
1009 any there do, as we need to correctly identify our support for SMTPUTF8
1010 in the envelope, as per RFC-6531 sect. 3.4 */
1011 if(conn->proto.smtpc.utf8_supported && !utf8) {
1012- struct SMTP *smtp = data->req.protop;
1013+ struct SMTP *smtp = data->req.p.smtp;
1014 struct curl_slist *rcpt = smtp->rcpt;
1015
1016 while(rcpt && !utf8) {
1017@@ -741,7 +741,7 @@ static CURLcode smtp_perform_rcpt_to(struct connectdata *conn)
1018 {
1019 CURLcode result = CURLE_OK;
1020 struct Curl_easy *data = conn->data;
1021- struct SMTP *smtp = data->req.protop;
1022+ struct SMTP *smtp = data->req.p.smtp;
1023 char *address = NULL;
1024 struct hostname host = { NULL, NULL, NULL, NULL };
1025
1026@@ -989,7 +989,7 @@ static CURLcode smtp_state_command_resp(struct connectdata *conn, int smtpcode,
1027 {
1028 CURLcode result = CURLE_OK;
1029 struct Curl_easy *data = conn->data;
1030- struct SMTP *smtp = data->req.protop;
1031+ struct SMTP *smtp = data->req.p.smtp;
1032 char *line = data->state.buffer;
1033 size_t len = strlen(line);
1034
1035@@ -1055,7 +1055,7 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode,
1036 {
1037 CURLcode result = CURLE_OK;
1038 struct Curl_easy *data = conn->data;
1039- struct SMTP *smtp = data->req.protop;
1040+ struct SMTP *smtp = data->req.p.smtp;
1041 bool is_smtp_err = FALSE;
1042 bool is_smtp_blocking_err = FALSE;
1043
1044@@ -1278,7 +1278,7 @@ static CURLcode smtp_init(struct connectdata *conn)
1045 struct Curl_easy *data = conn->data;
1046 struct SMTP *smtp;
1047
1048- smtp = data->req.protop = calloc(sizeof(struct SMTP), 1);
1049+ smtp = data->req.p.smtp = calloc(sizeof(struct SMTP), 1);
1050 if(!smtp)
1051 result = CURLE_OUT_OF_MEMORY;
1052
1053@@ -1356,7 +1356,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
1054 {
1055 CURLcode result = CURLE_OK;
1056 struct Curl_easy *data = conn->data;
1057- struct SMTP *smtp = data->req.protop;
1058+ struct SMTP *smtp = data->req.p.smtp;
1059 struct pingpong *pp = &conn->proto.smtpc.pp;
1060 char *eob;
1061 ssize_t len;
1062@@ -1442,7 +1442,7 @@ static CURLcode smtp_perform(struct connectdata *conn, bool *connected,
1063 /* This is SMTP and no proxy */
1064 CURLcode result = CURLE_OK;
1065 struct Curl_easy *data = conn->data;
1066- struct SMTP *smtp = data->req.protop;
1067+ struct SMTP *smtp = data->req.p.smtp;
1068
1069 DEBUGF(infof(conn->data, "DO phase starts\n"));
1070
1071@@ -1550,7 +1550,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn, bool dead_connection)
1072 /* Call this when the DO phase has completed */
1073 static CURLcode smtp_dophase_done(struct connectdata *conn, bool connected)
1074 {
1075- struct SMTP *smtp = conn->data->req.protop;
1076+ struct SMTP *smtp = conn->data->req.p.smtp;
1077
1078 (void)connected;
1079
1080@@ -1703,7 +1703,7 @@ static CURLcode smtp_parse_custom_request(struct connectdata *conn)
1081 {
1082 CURLcode result = CURLE_OK;
1083 struct Curl_easy *data = conn->data;
1084- struct SMTP *smtp = data->req.protop;
1085+ struct SMTP *smtp = data->req.p.smtp;
1086 const char *custom = data->set.str[STRING_CUSTOMREQUEST];
1087
1088 /* URL decode the custom request */
1089@@ -1796,7 +1796,7 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
1090 ssize_t i;
1091 ssize_t si;
1092 struct Curl_easy *data = conn->data;
1093- struct SMTP *smtp = data->req.protop;
1094+ struct SMTP *smtp = data->req.p.smtp;
1095 char *scratch = data->state.scratch;
1096 char *newscratch = NULL;
1097 char *oldscratch = NULL;
1098diff --git a/lib/telnet.c b/lib/telnet.c
1099index c3b58e5..1fc5af1 100644
1100--- a/lib/telnet.c
1101+++ b/lib/telnet.c
1102@@ -247,7 +247,7 @@ CURLcode init_telnet(struct connectdata *conn)
1103 if(!tn)
1104 return CURLE_OUT_OF_MEMORY;
1105
1106- conn->data->req.protop = tn; /* make us known */
1107+ conn->data->req.p.telnet = tn; /* make us known */
1108
1109 tn->telrcv_state = CURL_TS_DATA;
1110
1111@@ -292,7 +292,7 @@ CURLcode init_telnet(struct connectdata *conn)
1112 static void negotiate(struct connectdata *conn)
1113 {
1114 int i;
1115- struct TELNET *tn = (struct TELNET *) conn->data->req.protop;
1116+ struct TELNET *tn = (struct TELNET *) conn->data->req.p.telnet;
1117
1118 for(i = 0; i < CURL_NTELOPTS; i++) {
1119 if(i == CURL_TELOPT_ECHO)
1120@@ -365,7 +365,7 @@ static void send_negotiation(struct connectdata *conn, int cmd, int option)
1121 static
1122 void set_remote_option(struct connectdata *conn, int option, int newstate)
1123 {
1124- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1125+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1126 if(newstate == CURL_YES) {
1127 switch(tn->him[option]) {
1128 case CURL_NO:
1129@@ -439,7 +439,7 @@ void set_remote_option(struct connectdata *conn, int option, int newstate)
1130 static
1131 void rec_will(struct connectdata *conn, int option)
1132 {
1133- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1134+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1135 switch(tn->him[option]) {
1136 case CURL_NO:
1137 if(tn->him_preferred[option] == CURL_YES) {
1138@@ -487,7 +487,7 @@ void rec_will(struct connectdata *conn, int option)
1139 static
1140 void rec_wont(struct connectdata *conn, int option)
1141 {
1142- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1143+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1144 switch(tn->him[option]) {
1145 case CURL_NO:
1146 /* Already disabled */
1147@@ -529,7 +529,7 @@ void rec_wont(struct connectdata *conn, int option)
1148 static void
1149 set_local_option(struct connectdata *conn, int option, int newstate)
1150 {
1151- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1152+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1153 if(newstate == CURL_YES) {
1154 switch(tn->us[option]) {
1155 case CURL_NO:
1156@@ -603,7 +603,7 @@ set_local_option(struct connectdata *conn, int option, int newstate)
1157 static
1158 void rec_do(struct connectdata *conn, int option)
1159 {
1160- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1161+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1162 switch(tn->us[option]) {
1163 case CURL_NO:
1164 if(tn->us_preferred[option] == CURL_YES) {
1165@@ -663,7 +663,7 @@ void rec_do(struct connectdata *conn, int option)
1166 static
1167 void rec_dont(struct connectdata *conn, int option)
1168 {
1169- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1170+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1171 switch(tn->us[option]) {
1172 case CURL_NO:
1173 /* Already disabled */
1174@@ -822,7 +822,7 @@ static CURLcode check_telnet_options(struct connectdata *conn)
1175 char option_keyword[128] = "";
1176 char option_arg[256] = "";
1177 struct Curl_easy *data = conn->data;
1178- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1179+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1180 CURLcode result = CURLE_OK;
1181 int binary_option;
1182
1183@@ -929,7 +929,7 @@ static void suboption(struct connectdata *conn)
1184 char varname[128] = "";
1185 char varval[128] = "";
1186 struct Curl_easy *data = conn->data;
1187- struct TELNET *tn = (struct TELNET *)data->req.protop;
1188+ struct TELNET *tn = (struct TELNET *)data->req.p.telnet;
1189
1190 printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn) + 2);
1191 switch(CURL_SB_GET(tn)) {
1192@@ -1004,7 +1004,7 @@ static void sendsuboption(struct connectdata *conn, int option)
1193 unsigned char *uc1, *uc2;
1194
1195 struct Curl_easy *data = conn->data;
1196- struct TELNET *tn = (struct TELNET *)data->req.protop;
1197+ struct TELNET *tn = (struct TELNET *)data->req.p.telnet;
1198
1199 switch(option) {
1200 case CURL_TELOPT_NAWS:
1201@@ -1062,7 +1062,7 @@ CURLcode telrcv(struct connectdata *conn,
1202 int in = 0;
1203 int startwrite = -1;
1204 struct Curl_easy *data = conn->data;
1205- struct TELNET *tn = (struct TELNET *)data->req.protop;
1206+ struct TELNET *tn = (struct TELNET *)data->req.p.telnet;
1207
1208 #define startskipping() \
1209 if(startwrite >= 0) { \
1210@@ -1280,7 +1280,7 @@ static CURLcode send_telnet_data(struct connectdata *conn,
1211 static CURLcode telnet_done(struct connectdata *conn,
1212 CURLcode status, bool premature)
1213 {
1214- struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
1215+ struct TELNET *tn = (struct TELNET *)conn->data->req.p.telnet;
1216 (void)status; /* unused */
1217 (void)premature; /* not used */
1218
1219@@ -1290,7 +1290,7 @@ static CURLcode telnet_done(struct connectdata *conn,
1220 curl_slist_free_all(tn->telnet_vars);
1221 tn->telnet_vars = NULL;
1222
1223- Curl_safefree(conn->data->req.protop);
1224+ Curl_safefree(conn->data->req.p.telnet);
1225
1226 return CURLE_OK;
1227 }
1228@@ -1333,7 +1333,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
1229 if(result)
1230 return result;
1231
1232- tn = (struct TELNET *)data->req.protop;
1233+ tn = data->req.p.telnet;
1234
1235 result = check_telnet_options(conn);
1236 if(result)
1237diff --git a/lib/transfer.c b/lib/transfer.c
1238index a07c7af..4630609 100644
1239--- a/lib/transfer.c
1240+++ b/lib/transfer.c
1241@@ -167,7 +167,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
1242 bool sending_http_headers = FALSE;
1243
1244 if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
1245- const struct HTTP *http = data->req.protop;
1246+ const struct HTTP *http = data->req.p.http;
1247
1248 if(http->sending == HTTPSEND_REQUEST)
1249 /* We're sending the HTTP request headers, not the data.
1250@@ -426,7 +426,7 @@ CURLcode Curl_readrewind(struct connectdata *conn)
1251 CURLOPT_HTTPPOST, call app to rewind
1252 */
1253 if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
1254- struct HTTP *http = data->req.protop;
1255+ struct HTTP *http = data->req.p.http;
1256
1257 if(http->sendit)
1258 mimepart = http->sendit;
1259@@ -1028,7 +1028,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
1260 /* HTTP pollution, this should be written nicer to become more
1261 protocol agnostic. */
1262 size_t fillcount;
1263- struct HTTP *http = k->protop;
1264+ struct HTTP *http = k->p.http;
1265
1266 if((k->exp100 == EXP100_SENDING_REQUEST) &&
1267 (http->sending == HTTPSEND_BODY)) {
1268@@ -1853,7 +1853,7 @@ Curl_setup_transfer(
1269 {
1270 struct SingleRequest *k = &data->req;
1271 struct connectdata *conn = data->conn;
1272- struct HTTP *http = data->req.protop;
1273+ struct HTTP *http = data->req.p.http;
1274 bool httpsending = ((conn->handler->protocol&PROTO_FAMILY_HTTP) &&
1275 (http->sending == HTTPSEND_REQUEST));
1276 DEBUGASSERT(conn != NULL);
1277diff --git a/lib/url.c b/lib/url.c
1278index 150667a..849d527 100644
1279--- a/lib/url.c
1280+++ b/lib/url.c
1281@@ -2060,7 +2060,7 @@ static CURLcode setup_connection_internals(struct connectdata *conn)
1282
1283 void Curl_free_request_state(struct Curl_easy *data)
1284 {
1285- Curl_safefree(data->req.protop);
1286+ Curl_safefree(data->req.p.http);
1287 Curl_safefree(data->req.newurl);
1288
1289 #ifndef CURL_DISABLE_DOH
1290diff --git a/lib/urldata.h b/lib/urldata.h
1291index 0ae9269..76baee3 100644
1292--- a/lib/urldata.h
1293+++ b/lib/urldata.h
1294@@ -645,8 +645,23 @@ struct SingleRequest {
1295 and the 'upload_present' contains the number of bytes available at this
1296 position */
1297 char *upload_fromhere;
1298- void *protop; /* Allocated protocol-specific data. Each protocol
1299- handler makes sure this points to data it needs. */
1300+
1301+ /* Allocated protocol-specific data. Each protocol handler makes sure this
1302+ points to data it needs. */
1303+ union {
1304+ struct FILEPROTO *file;
1305+ struct FTP *ftp;
1306+ struct HTTP *http;
1307+ struct IMAP *imap;
1308+ struct ldapreqinfo *ldap;
1309+ struct MQTT *mqtt;
1310+ struct POP3 *pop3;
1311+ struct RTSP *rtsp;
1312+ struct smb_request *smb;
1313+ struct SMTP *smtp;
1314+ struct SSHPROTO *ssh;
1315+ struct TELNET *telnet;
1316+ } p;
1317 #ifndef CURL_DISABLE_DOH
1318 struct dohdata doh; /* DoH specific data for this request */
1319 #endif
1320diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
1321index 20ee08d..18eeda8 100644
1322--- a/lib/vquic/ngtcp2.c
1323+++ b/lib/vquic/ngtcp2.c
1324@@ -962,7 +962,7 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
1325 void *stream_user_data)
1326 {
1327 struct Curl_easy *data = stream_user_data;
1328- struct HTTP *stream = data->req.protop;
1329+ struct HTTP *stream = data->req.p.http;
1330 (void)conn;
1331 (void)stream_id;
1332 (void)app_error_code;
1333@@ -1008,7 +1008,7 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream_id,
1334 void *user_data, void *stream_user_data)
1335 {
1336 struct Curl_easy *data = stream_user_data;
1337- struct HTTP *stream = data->req.protop;
1338+ struct HTTP *stream = data->req.p.http;
1339 CURLcode result = CURLE_OK;
1340 (void)conn;
1341
1342@@ -1067,7 +1067,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
1343 void *user_data, void *stream_user_data)
1344 {
1345 struct Curl_easy *data = stream_user_data;
1346- struct HTTP *stream = data->req.protop;
1347+ struct HTTP *stream = data->req.p.http;
1348 CURLcode result = CURLE_OK;
1349 (void)conn;
1350 (void)stream_id;
1351@@ -1091,7 +1091,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
1352 nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
1353 nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
1354 struct Curl_easy *data = stream_user_data;
1355- struct HTTP *stream = data->req.protop;
1356+ struct HTTP *stream = data->req.p.http;
1357 CURLcode result = CURLE_OK;
1358 (void)conn;
1359 (void)stream_id;
1360@@ -1255,7 +1255,7 @@ static ssize_t ngh3_stream_recv(struct connectdata *conn,
1361 CURLcode *curlcode)
1362 {
1363 curl_socket_t sockfd = conn->sock[sockindex];
1364- struct HTTP *stream = conn->data->req.protop;
1365+ struct HTTP *stream = conn->data->req.p.http;
1366 struct quicsocket *qs = conn->quic;
1367
1368 if(!stream->memlen) {
1369@@ -1313,7 +1313,7 @@ static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
1370 void *stream_user_data)
1371 {
1372 struct Curl_easy *data = stream_user_data;
1373- struct HTTP *stream = data->req.protop;
1374+ struct HTTP *stream = data->req.p.http;
1375 (void)conn;
1376 (void)stream_id;
1377 (void)user_data;
1378@@ -1335,7 +1335,7 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
1379 {
1380 struct Curl_easy *data = stream_user_data;
1381 size_t nread;
1382- struct HTTP *stream = data->req.protop;
1383+ struct HTTP *stream = data->req.p.http;
1384 (void)conn;
1385 (void)stream_id;
1386 (void)user_data;
1387@@ -1398,7 +1398,7 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
1388 static CURLcode http_request(struct connectdata *conn, const void *mem,
1389 size_t len)
1390 {
1391- struct HTTP *stream = conn->data->req.protop;
1392+ struct HTTP *stream = conn->data->req.p.http;
1393 size_t nheader;
1394 size_t i;
1395 size_t authority_idx;
1396@@ -1641,7 +1641,7 @@ static ssize_t ngh3_stream_send(struct connectdata *conn,
1397 ssize_t sent;
1398 struct quicsocket *qs = conn->quic;
1399 curl_socket_t sockfd = conn->sock[sockindex];
1400- struct HTTP *stream = conn->data->req.protop;
1401+ struct HTTP *stream = conn->data->req.p.http;
1402
1403 if(!stream->h3req) {
1404 CURLcode result = http_request(conn, mem, len);
1405@@ -1909,7 +1909,7 @@ CURLcode Curl_quic_done_sending(struct connectdata *conn)
1406 {
1407 if(conn->handler == &Curl_handler_http3) {
1408 /* only for HTTP/3 transfers */
1409- struct HTTP *stream = conn->data->req.protop;
1410+ struct HTTP *stream = conn->data->req.p.http;
1411 struct quicsocket *qs = conn->quic;
1412 stream->upload_done = TRUE;
1413 (void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id);
1414@@ -1926,7 +1926,7 @@ void Curl_quic_done(struct Curl_easy *data, bool premature)
1415 (void)premature;
1416 if(data->conn->handler == &Curl_handler_http3) {
1417 /* only for HTTP/3 transfers */
1418- struct HTTP *stream = data->req.protop;
1419+ struct HTTP *stream = data->req.p.http;
1420 Curl_dyn_free(&stream->overflow);
1421 }
1422 }
1423@@ -1941,7 +1941,7 @@ bool Curl_quic_data_pending(const struct Curl_easy *data)
1424 buffer and allocated an overflow buffer. Since it's possible that
1425 there's no more data coming on the socket, we need to keep reading
1426 until the overflow buffer is empty. */
1427- const struct HTTP *stream = data->req.protop;
1428+ const struct HTTP *stream = data->req.p.http;
1429 return Curl_dyn_len(&stream->overflow) > 0;
1430 }
1431
1432diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
1433index fd9cb8b..c0e250d 100644
1434--- a/lib/vquic/quiche.c
1435+++ b/lib/vquic/quiche.c
1436@@ -131,7 +131,7 @@ static unsigned int quiche_conncheck(struct connectdata *conn,
1437
1438 static CURLcode quiche_do(struct connectdata *conn, bool *done)
1439 {
1440- struct HTTP *stream = conn->data->req.protop;
1441+ struct HTTP *stream = conn->data->req.p.http;
1442 stream->h3req = FALSE; /* not sent */
1443 return Curl_http(conn, done);
1444 }
1445@@ -460,7 +460,7 @@ static ssize_t h3_stream_recv(struct connectdata *conn,
1446 int rc;
1447 struct h3h1header headers;
1448 struct Curl_easy *data = conn->data;
1449- struct HTTP *stream = data->req.protop;
1450+ struct HTTP *stream = data->req.p.http;
1451 headers.dest = buf;
1452 headers.destlen = buffersize;
1453 headers.nlen = 0;
1454@@ -548,7 +548,7 @@ static ssize_t h3_stream_send(struct connectdata *conn,
1455 ssize_t sent;
1456 struct quicsocket *qs = conn->quic;
1457 curl_socket_t sockfd = conn->sock[sockindex];
1458- struct HTTP *stream = conn->data->req.protop;
1459+ struct HTTP *stream = conn->data->req.p.http;
1460
1461 if(!stream->h3req) {
1462 CURLcode result = http_request(conn, mem, len);
1463@@ -596,7 +596,7 @@ static CURLcode http_request(struct connectdata *conn, const void *mem,
1464 {
1465 /*
1466 */
1467- struct HTTP *stream = conn->data->req.protop;
1468+ struct HTTP *stream = conn->data->req.p.http;
1469 size_t nheader;
1470 size_t i;
1471 size_t authority_idx;
1472@@ -824,7 +824,7 @@ CURLcode Curl_quic_done_sending(struct connectdata *conn)
1473 if(conn->handler == &Curl_handler_http3) {
1474 /* only for HTTP/3 transfers */
1475 ssize_t sent;
1476- struct HTTP *stream = conn->data->req.protop;
1477+ struct HTTP *stream = conn->data->req.p.http;
1478 struct quicsocket *qs = conn->quic;
1479 fprintf(stderr, "!!! Curl_quic_done_sending\n");
1480 stream->upload_done = TRUE;
1481diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
1482index 8988e23..a84e1bf 100644
1483--- a/lib/vssh/libssh.c
1484+++ b/lib/vssh/libssh.c
1485@@ -662,7 +662,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
1486 {
1487 CURLcode result = CURLE_OK;
1488 struct Curl_easy *data = conn->data;
1489- struct SSHPROTO *protop = data->req.protop;
1490+ struct SSHPROTO *protop = data->req.p.ssh;
1491 struct ssh_conn *sshc = &conn->proto.sshc;
1492 curl_socket_t sock = conn->sock[FIRSTSOCKET];
1493 int rc = SSH_NO_ERROR, err;
1494@@ -2129,7 +2129,7 @@ static CURLcode myssh_setup_connection(struct connectdata *conn)
1495 {
1496 struct SSHPROTO *ssh;
1497
1498- conn->data->req.protop = ssh = calloc(1, sizeof(struct SSHPROTO));
1499+ conn->data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO));
1500 if(!ssh)
1501 return CURLE_OUT_OF_MEMORY;
1502
1503@@ -2152,7 +2152,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
1504 int rc;
1505
1506 /* initialize per-handle data if not already */
1507- if(!data->req.protop)
1508+ if(!data->req.p.ssh)
1509 myssh_setup_connection(conn);
1510
1511 /* We default to persistent connections. We set this already in this connect
1512@@ -2353,7 +2353,7 @@ static CURLcode scp_disconnect(struct connectdata *conn,
1513 static CURLcode myssh_done(struct connectdata *conn, CURLcode status)
1514 {
1515 CURLcode result = CURLE_OK;
1516- struct SSHPROTO *protop = conn->data->req.protop;
1517+ struct SSHPROTO *protop = conn->data->req.p.ssh;
1518
1519 if(!status) {
1520 /* run the state-machine */
1521@@ -2606,7 +2606,7 @@ static void sftp_quote(struct connectdata *conn)
1522 {
1523 const char *cp;
1524 struct Curl_easy *data = conn->data;
1525- struct SSHPROTO *protop = data->req.protop;
1526+ struct SSHPROTO *protop = data->req.p.ssh;
1527 struct ssh_conn *sshc = &conn->proto.sshc;
1528 CURLcode result;
1529
1530diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
1531index 4f56bb4..3ed777f 100644
1532--- a/lib/vssh/libssh2.c
1533+++ b/lib/vssh/libssh2.c
1534@@ -789,7 +789,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
1535 {
1536 CURLcode result = CURLE_OK;
1537 struct Curl_easy *data = conn->data;
1538- struct SSHPROTO *sftp_scp = data->req.protop;
1539+ struct SSHPROTO *sftp_scp = data->req.p.ssh;
1540 struct ssh_conn *sshc = &conn->proto.sshc;
1541 curl_socket_t sock = conn->sock[FIRSTSOCKET];
1542 int rc = LIBSSH2_ERROR_NONE;
1543@@ -2989,7 +2989,7 @@ static CURLcode ssh_setup_connection(struct connectdata *conn)
1544 {
1545 struct SSHPROTO *ssh;
1546
1547- conn->data->req.protop = ssh = calloc(1, sizeof(struct SSHPROTO));
1548+ conn->data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO));
1549 if(!ssh)
1550 return CURLE_OUT_OF_MEMORY;
1551
1552@@ -3013,7 +3013,7 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
1553 struct Curl_easy *data = conn->data;
1554
1555 /* initialize per-handle data if not already */
1556- if(!data->req.protop)
1557+ if(!data->req.p.ssh)
1558 ssh_setup_connection(conn);
1559
1560 /* We default to persistent connections. We set this already in this connect
1561@@ -3192,7 +3192,7 @@ static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection)
1562 static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
1563 {
1564 CURLcode result = CURLE_OK;
1565- struct SSHPROTO *sftp_scp = conn->data->req.protop;
1566+ struct SSHPROTO *sftp_scp = conn->data->req.p.ssh;
1567
1568 if(!status) {
1569 /* run the state-machine */
1570diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
1571index dcbbab6..1b990e3 100644
1572--- a/lib/vssh/wolfssh.c
1573+++ b/lib/vssh/wolfssh.c
1574@@ -322,7 +322,7 @@ static CURLcode wssh_setup_connection(struct connectdata *conn)
1575 {
1576 struct SSHPROTO *ssh;
1577
1578- conn->data->req.protop = ssh = calloc(1, sizeof(struct SSHPROTO));
1579+ conn->data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO));
1580 if(!ssh)
1581 return CURLE_OUT_OF_MEMORY;
1582
1583@@ -356,7 +356,7 @@ static CURLcode wssh_connect(struct connectdata *conn, bool *done)
1584 int rc;
1585
1586 /* initialize per-handle data if not already */
1587- if(!data->req.protop)
1588+ if(!data->req.p.ssh)
1589 wssh_setup_connection(conn);
1590
1591 /* We default to persistent connections. We set this already in this connect
1592@@ -429,7 +429,7 @@ static CURLcode wssh_statemach_act(struct connectdata *conn, bool *block)
1593 CURLcode result = CURLE_OK;
1594 struct ssh_conn *sshc = &conn->proto.sshc;
1595 struct Curl_easy *data = conn->data;
1596- struct SSHPROTO *sftp_scp = data->req.protop;
1597+ struct SSHPROTO *sftp_scp = data->req.p.ssh;
1598 WS_SFTPNAME *name;
1599 int rc = 0;
1600 *block = FALSE; /* we're not blocking by default */
1601@@ -1027,7 +1027,7 @@ static CURLcode wssh_block_statemach(struct connectdata *conn,
1602 static CURLcode wssh_done(struct connectdata *conn, CURLcode status)
1603 {
1604 CURLcode result = CURLE_OK;
1605- struct SSHPROTO *sftp_scp = conn->data->req.protop;
1606+ struct SSHPROTO *sftp_scp = conn->data->req.p.ssh;
1607
1608 if(!status) {
1609 /* run the state-machine */
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8284.patch b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
new file mode 100644
index 0000000000..4ae514ffa8
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8284.patch
@@ -0,0 +1,210 @@
1From ec9cc725d598ac77de7b6df8afeec292b3c8ad46 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 24 Nov 2020 14:56:57 +0100
4Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default
5
6The command line tool also independently sets --ftp-skip-pasv-ip by
7default.
8
9Ten test cases updated to adapt the modified --libcurl output.
10
11Bug: https://curl.se/docs/CVE-2020-8284.html
12CVE-2020-8284
13
14Reported-by: Varnavas Papaioannou
15
16Upstream-Status: Backport [https://github.com/curl/curl/commit/ec9cc725d598ac]
17
18CVE: CVE-2020-8284
19
20Signed-off-by: Daniel Stenberg <daniel@haxx.se>
21Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
22---
23 docs/cmdline-opts/ftp-skip-pasv-ip.d | 2 ++
24 docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 | 8 +++++---
25 lib/url.c | 1 +
26 src/tool_cfgable.c | 1 +
27 tests/data/test1400 | 1 +
28 tests/data/test1401 | 1 +
29 tests/data/test1402 | 1 +
30 tests/data/test1403 | 1 +
31 tests/data/test1404 | 1 +
32 tests/data/test1405 | 1 +
33 tests/data/test1406 | 1 +
34 tests/data/test1407 | 1 +
35 tests/data/test1420 | 1 +
36 14 files changed, 18 insertions(+), 3 deletions(-)
37
38diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d
39index d6fd4589b1e..bcf4e7e62f2 100644
40--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d
41+++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d
42@@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl
43 will re-use the same IP address it already uses for the control
44 connection.
45
46+Since curl 7.74.0 this option is enabled by default.
47+
48 This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
49diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
50index d6217d0d8ca..fa87ddce769 100644
51--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
52+++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
53@@ -5,7 +5,7 @@
54 .\" * | (__| |_| | _ <| |___
55 .\" * \___|\___/|_| \_\_____|
56 .\" *
57-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
58+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
59 .\" *
60 .\" * This software is licensed as described in the file COPYING, which
61 .\" * you should have received as part of this distribution. The terms
62@@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port
63 number from the 227-response.
64
65 This option thus allows libcurl to work around broken server installations
66-that due to NATs, firewalls or incompetence report the wrong IP address back.
67+that due to NATs, firewalls or incompetence report the wrong IP address
68+back. Setting the option also reduces the risk for various sorts of client
69+abuse by malicious servers.
70
71 This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
72 .SH DEFAULT
73-0
74+1 since 7.74.0, was 0 before then.
75 .SH PROTOCOLS
76 FTP
77 .SH EXAMPLE
78diff --git a/lib/url.c b/lib/url.c
79index f8b2a0030de..2b0ba87ba87 100644
80--- a/lib/url.c
81+++ b/lib/url.c
82@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
83 set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */
84 set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */
85 set->ftp_filemethod = FTPFILE_MULTICWD;
86+ set->ftp_skip_ip = TRUE; /* skip PASV IP by default */
87 #endif
88 set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
89
90diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
91index c52d8e1c6bb..4c06d3557b7 100644
92--- a/src/tool_cfgable.c
93+++ b/src/tool_cfgable.c
94@@ -44,6 +44,7 @@ void config_init(struct OperationConfig *config)
95 config->tcp_nodelay = TRUE; /* enabled by default */
96 config->happy_eyeballs_timeout_ms = CURL_HET_DEFAULT;
97 config->http09_allowed = FALSE;
98+ config->ftp_skip_ip = TRUE;
99 }
100
101 static void free_config_fields(struct OperationConfig *config)
102diff --git a/tests/data/test1400 b/tests/data/test1400
103index 812ad0b88d9..b7060eca58e 100644
104--- a/tests/data/test1400
105+++ b/tests/data/test1400
106@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
107 curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
108 curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
109 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
110+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
111 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
112
113 /* Here is a list of options the curl code used that cannot get generated
114diff --git a/tests/data/test1401 b/tests/data/test1401
115index f93b3d637de..a2629683aff 100644
116--- a/tests/data/test1401
117+++ b/tests/data/test1401
118@@ -87,6 +87,7 @@ int main(int argc, char *argv[])
119 curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
120 curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip");
121 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
122+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
123 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
124 curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE |
125 (long)CURLPROTO_FTP |
126diff --git a/tests/data/test1402 b/tests/data/test1402
127index 7593c516da1..1bd55cb4e3b 100644
128--- a/tests/data/test1402
129+++ b/tests/data/test1402
130@@ -78,6 +78,7 @@ int main(int argc, char *argv[])
131 curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
132 curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
133 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
134+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
135 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
136
137 /* Here is a list of options the curl code used that cannot get generated
138diff --git a/tests/data/test1403 b/tests/data/test1403
139index ecb4dd3dcab..a7c9fcca322 100644
140--- a/tests/data/test1403
141+++ b/tests/data/test1403
142@@ -73,6 +73,7 @@ int main(int argc, char *argv[])
143 curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
144 curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
145 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
146+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
147 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
148
149 /* Here is a list of options the curl code used that cannot get generated
150diff --git a/tests/data/test1404 b/tests/data/test1404
151index 97622b63948..1d8e8cf7779 100644
152--- a/tests/data/test1404
153+++ b/tests/data/test1404
154@@ -147,6 +147,7 @@ int main(int argc, char *argv[])
155 curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
156 curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
157 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
158+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
159 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
160
161 /* Here is a list of options the curl code used that cannot get generated
162diff --git a/tests/data/test1405 b/tests/data/test1405
163index 2bac79eda74..b4087704f7b 100644
164--- a/tests/data/test1405
165+++ b/tests/data/test1405
166@@ -89,6 +89,7 @@ int main(int argc, char *argv[])
167 curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2);
168 curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3);
169 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
170+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
171 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
172
173 /* Here is a list of options the curl code used that cannot get generated
174diff --git a/tests/data/test1406 b/tests/data/test1406
175index 51a166adff2..38f68d11ee1 100644
176--- a/tests/data/test1406
177+++ b/tests/data/test1406
178@@ -79,6 +79,7 @@ int main(int argc, char *argv[])
179 curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/1406");
180 curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
181 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
182+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
183 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
184 curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com");
185 curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1);
186diff --git a/tests/data/test1407 b/tests/data/test1407
187index f6879008fb2..a7e13ba7585 100644
188--- a/tests/data/test1407
189+++ b/tests/data/test1407
190@@ -62,6 +62,7 @@ int main(int argc, char *argv[])
191 curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L);
192 curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
193 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
194+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
195 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
196
197 /* Here is a list of options the curl code used that cannot get generated
198diff --git a/tests/data/test1420 b/tests/data/test1420
199index 057ecc4773a..4b8d7bbf418 100644
200--- a/tests/data/test1420
201+++ b/tests/data/test1420
202@@ -67,6 +67,7 @@ int main(int argc, char *argv[])
203 curl_easy_setopt(hnd, CURLOPT_URL, "imap://%HOSTIP:%IMAPPORT/1420/;MAILINDEX=1");
204 curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
205 curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
206+ curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L);
207 curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
208
209 /* Here is a list of options the curl code used that cannot get generated
210
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8285.patch b/meta/recipes-support/curl/curl/CVE-2020-8285.patch
new file mode 100644
index 0000000000..8a0231ba84
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8285.patch
@@ -0,0 +1,257 @@
1From 69a358f2186e04cf44698b5100332cbf1ee7f01d Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Sat, 28 Nov 2020 00:27:21 +0100
4Subject: [PATCH] ftp: make wc_statemach loop instead of recurse
5
6CVE-2020-8285
7
8Fixes #6255
9Bug: https://curl.se/docs/CVE-2020-8285.html
10Reported-by: xnynx on github
11
12Upstream-Status: Backport [https://github.com/curl/curl/commit/69a358f2186e04]
13
14CVE: CVE-2020-8285
15
16Signed-off-by: Daniel Stenberg <daniel@haxx.se>
17Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
18---
19 lib/ftp.c | 202 +++++++++++++++++++++++++++---------------------------
20 1 file changed, 102 insertions(+), 100 deletions(-)
21
22diff --git a/lib/ftp.c b/lib/ftp.c
23index 50e7d7ddac9..bc355742172 100644
24--- a/lib/ftp.c
25+++ b/lib/ftp.c
26@@ -3800,129 +3800,131 @@ static CURLcode init_wc_data(struct connectdata *conn)
27 return result;
28 }
29
30-/* This is called recursively */
31 static CURLcode wc_statemach(struct connectdata *conn)
32 {
33 struct WildcardData * const wildcard = &(conn->data->wildcard);
34 CURLcode result = CURLE_OK;
35
36- switch(wildcard->state) {
37- case CURLWC_INIT:
38- result = init_wc_data(conn);
39- if(wildcard->state == CURLWC_CLEAN)
40- /* only listing! */
41- break;
42- wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING;
43- break;
44+ for(;;) {
45+ switch(wildcard->state) {
46+ case CURLWC_INIT:
47+ result = init_wc_data(conn);
48+ if(wildcard->state == CURLWC_CLEAN)
49+ /* only listing! */
50+ return result;
51+ wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING;
52+ return result;
53
54- case CURLWC_MATCHING: {
55- /* In this state is LIST response successfully parsed, so lets restore
56- previous WRITEFUNCTION callback and WRITEDATA pointer */
57- struct ftp_wc *ftpwc = wildcard->protdata;
58- conn->data->set.fwrite_func = ftpwc->backup.write_function;
59- conn->data->set.out = ftpwc->backup.file_descriptor;
60- ftpwc->backup.write_function = ZERO_NULL;
61- ftpwc->backup.file_descriptor = NULL;
62- wildcard->state = CURLWC_DOWNLOADING;
63-
64- if(Curl_ftp_parselist_geterror(ftpwc->parser)) {
65- /* error found in LIST parsing */
66- wildcard->state = CURLWC_CLEAN;
67- return wc_statemach(conn);
68- }
69- if(wildcard->filelist.size == 0) {
70- /* no corresponding file */
71- wildcard->state = CURLWC_CLEAN;
72- return CURLE_REMOTE_FILE_NOT_FOUND;
73+ case CURLWC_MATCHING: {
74+ /* In this state is LIST response successfully parsed, so lets restore
75+ previous WRITEFUNCTION callback and WRITEDATA pointer */
76+ struct ftp_wc *ftpwc = wildcard->protdata;
77+ conn->data->set.fwrite_func = ftpwc->backup.write_function;
78+ conn->data->set.out = ftpwc->backup.file_descriptor;
79+ ftpwc->backup.write_function = ZERO_NULL;
80+ ftpwc->backup.file_descriptor = NULL;
81+ wildcard->state = CURLWC_DOWNLOADING;
82+
83+ if(Curl_ftp_parselist_geterror(ftpwc->parser)) {
84+ /* error found in LIST parsing */
85+ wildcard->state = CURLWC_CLEAN;
86+ continue;
87+ }
88+ if(wildcard->filelist.size == 0) {
89+ /* no corresponding file */
90+ wildcard->state = CURLWC_CLEAN;
91+ return CURLE_REMOTE_FILE_NOT_FOUND;
92+ }
93+ continue;
94 }
95- return wc_statemach(conn);
96- }
97
98- case CURLWC_DOWNLOADING: {
99- /* filelist has at least one file, lets get first one */
100- struct ftp_conn *ftpc = &conn->proto.ftpc;
101- struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
102- struct FTP *ftp = conn->data->req.p.ftp;
103+ case CURLWC_DOWNLOADING: {
104+ /* filelist has at least one file, lets get first one */
105+ struct ftp_conn *ftpc = &conn->proto.ftpc;
106+ struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
107+ struct FTP *ftp = conn->data->req.p.ftp;
108
109- char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
110- if(!tmp_path)
111- return CURLE_OUT_OF_MEMORY;
112+ char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
113+ if(!tmp_path)
114+ return CURLE_OUT_OF_MEMORY;
115
116- /* switch default ftp->path and tmp_path */
117- free(ftp->pathalloc);
118- ftp->pathalloc = ftp->path = tmp_path;
119-
120- infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
121- if(conn->data->set.chunk_bgn) {
122- long userresponse;
123- Curl_set_in_callback(conn->data, true);
124- userresponse = conn->data->set.chunk_bgn(
125- finfo, wildcard->customptr, (int)wildcard->filelist.size);
126- Curl_set_in_callback(conn->data, false);
127- switch(userresponse) {
128- case CURL_CHUNK_BGN_FUNC_SKIP:
129- infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
130- finfo->filename);
131- wildcard->state = CURLWC_SKIP;
132- return wc_statemach(conn);
133- case CURL_CHUNK_BGN_FUNC_FAIL:
134- return CURLE_CHUNK_FAILED;
135+ /* switch default ftp->path and tmp_path */
136+ free(ftp->pathalloc);
137+ ftp->pathalloc = ftp->path = tmp_path;
138+
139+ infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
140+ if(conn->data->set.chunk_bgn) {
141+ long userresponse;
142+ Curl_set_in_callback(conn->data, true);
143+ userresponse = conn->data->set.chunk_bgn(
144+ finfo, wildcard->customptr, (int)wildcard->filelist.size);
145+ Curl_set_in_callback(conn->data, false);
146+ switch(userresponse) {
147+ case CURL_CHUNK_BGN_FUNC_SKIP:
148+ infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
149+ finfo->filename);
150+ wildcard->state = CURLWC_SKIP;
151+ continue;
152+ case CURL_CHUNK_BGN_FUNC_FAIL:
153+ return CURLE_CHUNK_FAILED;
154+ }
155 }
156- }
157
158- if(finfo->filetype != CURLFILETYPE_FILE) {
159- wildcard->state = CURLWC_SKIP;
160- return wc_statemach(conn);
161- }
162+ if(finfo->filetype != CURLFILETYPE_FILE) {
163+ wildcard->state = CURLWC_SKIP;
164+ continue;
165+ }
166
167- if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
168- ftpc->known_filesize = finfo->size;
169+ if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
170+ ftpc->known_filesize = finfo->size;
171
172- result = ftp_parse_url_path(conn);
173- if(result)
174- return result;
175+ result = ftp_parse_url_path(conn);
176+ if(result)
177+ return result;
178
179- /* we don't need the Curl_fileinfo of first file anymore */
180- Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
181+ /* we don't need the Curl_fileinfo of first file anymore */
182+ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
183
184- if(wildcard->filelist.size == 0) { /* remains only one file to down. */
185- wildcard->state = CURLWC_CLEAN;
186- /* after that will be ftp_do called once again and no transfer
187- will be done because of CURLWC_CLEAN state */
188- return CURLE_OK;
189+ if(wildcard->filelist.size == 0) { /* remains only one file to down. */
190+ wildcard->state = CURLWC_CLEAN;
191+ /* after that will be ftp_do called once again and no transfer
192+ will be done because of CURLWC_CLEAN state */
193+ return CURLE_OK;
194+ }
195+ return result;
196 }
197- } break;
198
199- case CURLWC_SKIP: {
200- if(conn->data->set.chunk_end) {
201- Curl_set_in_callback(conn->data, true);
202- conn->data->set.chunk_end(conn->data->wildcard.customptr);
203- Curl_set_in_callback(conn->data, false);
204+ case CURLWC_SKIP: {
205+ if(conn->data->set.chunk_end) {
206+ Curl_set_in_callback(conn->data, true);
207+ conn->data->set.chunk_end(conn->data->wildcard.customptr);
208+ Curl_set_in_callback(conn->data, false);
209+ }
210+ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
211+ wildcard->state = (wildcard->filelist.size == 0) ?
212+ CURLWC_CLEAN : CURLWC_DOWNLOADING;
213+ continue;
214 }
215- Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
216- wildcard->state = (wildcard->filelist.size == 0) ?
217- CURLWC_CLEAN : CURLWC_DOWNLOADING;
218- return wc_statemach(conn);
219- }
220
221- case CURLWC_CLEAN: {
222- struct ftp_wc *ftpwc = wildcard->protdata;
223- result = CURLE_OK;
224- if(ftpwc)
225- result = Curl_ftp_parselist_geterror(ftpwc->parser);
226+ case CURLWC_CLEAN: {
227+ struct ftp_wc *ftpwc = wildcard->protdata;
228+ result = CURLE_OK;
229+ if(ftpwc)
230+ result = Curl_ftp_parselist_geterror(ftpwc->parser);
231
232- wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
233- } break;
234+ wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
235+ return result;
236+ }
237
238- case CURLWC_DONE:
239- case CURLWC_ERROR:
240- case CURLWC_CLEAR:
241- if(wildcard->dtor)
242- wildcard->dtor(wildcard->protdata);
243- break;
244+ case CURLWC_DONE:
245+ case CURLWC_ERROR:
246+ case CURLWC_CLEAR:
247+ if(wildcard->dtor)
248+ wildcard->dtor(wildcard->protdata);
249+ return result;
250+ }
251 }
252-
253- return result;
254+ /* UNREACHABLE */
255 }
256
257 /***********************************************************************
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8286.patch b/meta/recipes-support/curl/curl/CVE-2020-8286.patch
new file mode 100644
index 0000000000..8c75cba844
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8286.patch
@@ -0,0 +1,131 @@
1From 5d3b28deac44c19e4d73fc80e4917d42ee43adfe Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Wed, 2 Dec 2020 23:01:11 +0100
4Subject: [PATCH] openssl: make the OCSP verification verify the certificate id
5
6CVE-2020-8286
7
8Reported by anonymous
9
10Bug: https://curl.se/docs/CVE-2020-8286.html
11
12Upstream-Status: Backport [https://github.com/curl/curl/commit/d9d01672785b]
13
14CVE: CVE-2020-8286
15
16Signed-off-by: Daniel Stenberg <daniel@haxx.se>
17Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
18
19---
20 lib/vtls/openssl.c | 83 +++++++++++++++++++++++++++++++++++-------------------
21 1 file changed, 54 insertions(+), 29 deletions(-)
22
23diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
24index 1685a4a..22cbfe7 100644
25--- a/lib/vtls/openssl.c
26+++ b/lib/vtls/openssl.c
27@@ -1777,6 +1777,11 @@ static CURLcode verifystatus(struct connectdata *conn,
28 X509_STORE *st = NULL;
29 STACK_OF(X509) *ch = NULL;
30 struct ssl_backend_data *backend = connssl->backend;
31+ X509 *cert;
32+ OCSP_CERTID *id = NULL;
33+ int cert_status, crl_reason;
34+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
35+ int ret;
36
37 long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
38
39@@ -1845,43 +1850,63 @@ static CURLcode verifystatus(struct connectdata *conn,
40 goto end;
41 }
42
43- for(i = 0; i < OCSP_resp_count(br); i++) {
44- int cert_status, crl_reason;
45- OCSP_SINGLERESP *single = NULL;
46-
47- ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
48+ /* Compute the certificate's ID */
49+ cert = SSL_get_peer_certificate(backend->handle);
50+ if(!cert) {
51+ failf(data, "Error getting peer certficate");
52+ result = CURLE_SSL_INVALIDCERTSTATUS;
53+ goto end;
54+ }
55
56- single = OCSP_resp_get0(br, i);
57- if(!single)
58- continue;
59+ for(i = 0; i < sk_X509_num(ch); i++) {
60+ X509 *issuer = sk_X509_value(ch, i);
61+ if(X509_check_issued(issuer, cert) == X509_V_OK) {
62+ id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
63+ break;
64+ }
65+ }
66+ X509_free(cert);
67
68- cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
69- &thisupd, &nextupd);
70+ if(!id) {
71+ failf(data, "Error computing OCSP ID");
72+ result = CURLE_SSL_INVALIDCERTSTATUS;
73+ goto end;
74+ }
75
76- if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
77- failf(data, "OCSP response has expired");
78- result = CURLE_SSL_INVALIDCERTSTATUS;
79- goto end;
80- }
81+ /* Find the single OCSP response corresponding to the certificate ID */
82+ ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev,
83+ &thisupd, &nextupd);
84+ OCSP_CERTID_free(id);
85+ if(ret != 1) {
86+ failf(data, "Could not find certificate ID in OCSP response");
87+ result = CURLE_SSL_INVALIDCERTSTATUS;
88+ goto end;
89+ }
90
91- infof(data, "SSL certificate status: %s (%d)\n",
92- OCSP_cert_status_str(cert_status), cert_status);
93+ /* Validate the corresponding single OCSP response */
94+ if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
95+ failf(data, "OCSP response has expired");
96+ result = CURLE_SSL_INVALIDCERTSTATUS;
97+ goto end;
98+ }
99
100- switch(cert_status) {
101- case V_OCSP_CERTSTATUS_GOOD:
102- break;
103+ infof(data, "SSL certificate status: %s (%d)\n",
104+ OCSP_cert_status_str(cert_status), cert_status);
105
106- case V_OCSP_CERTSTATUS_REVOKED:
107- result = CURLE_SSL_INVALIDCERTSTATUS;
108+ switch(cert_status) {
109+ case V_OCSP_CERTSTATUS_GOOD:
110+ break;
111
112- failf(data, "SSL certificate revocation reason: %s (%d)",
113- OCSP_crl_reason_str(crl_reason), crl_reason);
114- goto end;
115+ case V_OCSP_CERTSTATUS_REVOKED:
116+ result = CURLE_SSL_INVALIDCERTSTATUS;
117+ failf(data, "SSL certificate revocation reason: %s (%d)",
118+ OCSP_crl_reason_str(crl_reason), crl_reason);
119+ goto end;
120
121- case V_OCSP_CERTSTATUS_UNKNOWN:
122- result = CURLE_SSL_INVALIDCERTSTATUS;
123- goto end;
124- }
125+ case V_OCSP_CERTSTATUS_UNKNOWN:
126+ default:
127+ result = CURLE_SSL_INVALIDCERTSTATUS;
128+ goto end;
129 }
130
131 end:
diff --git a/meta/recipes-support/curl/curl_7.72.0.bb b/meta/recipes-support/curl/curl_7.72.0.bb
index 7d0268253d..a9b52a8a1d 100644
--- a/meta/recipes-support/curl/curl_7.72.0.bb
+++ b/meta/recipes-support/curl/curl_7.72.0.bb
@@ -7,6 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531"
7 7
8SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ 8SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
9 file://0001-replace-krb5-config-with-pkg-config.patch \ 9 file://0001-replace-krb5-config-with-pkg-config.patch \
10 file://0002-remove-void-protop-create-union-p.patch \
11 file://CVE-2020-8284.patch \
12 file://CVE-2020-8285.patch \
13 file://CVE-2020-8286.patch \
10" 14"
11 15
12SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef" 16SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef"
diff --git a/meta/recipes-support/gpgme/gpgme_1.14.0.bb b/meta/recipes-support/gpgme/gpgme_1.14.0.bb
index 9fa8212808..fb7215381c 100644
--- a/meta/recipes-support/gpgme/gpgme_1.14.0.bb
+++ b/meta/recipes-support/gpgme/gpgme_1.14.0.bb
@@ -48,7 +48,7 @@ DEFAULT_LANGUAGES_class-target = "cpp"
48LANGUAGES ?= "${DEFAULT_LANGUAGES} python" 48LANGUAGES ?= "${DEFAULT_LANGUAGES} python"
49 49
50PYTHON_INHERIT = "${@bb.utils.contains('PACKAGECONFIG', 'python2', 'pythonnative', '', d)}" 50PYTHON_INHERIT = "${@bb.utils.contains('PACKAGECONFIG', 'python2', 'pythonnative', '', d)}"
51PYTHON_INHERIT .= "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native', '', d)}" 51PYTHON_INHERIT .= "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native python3targetconfig', '', d)}"
52 52
53EXTRA_OECONF += '--enable-languages="${LANGUAGES}" \ 53EXTRA_OECONF += '--enable-languages="${LANGUAGES}" \
54 --disable-gpgconf-test \ 54 --disable-gpgconf-test \
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.5.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.5.0.bb
index 9d02f5c794..0b4582b202 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.5.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.5.0.bb
@@ -5,7 +5,7 @@ BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues"
5LICENSE = "LGPLv2.1" 5LICENSE = "LGPLv2.1"
6LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" 6LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
7 7
8SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;" 8SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
9SRCREV = "a36019e5014bff251f83d522ddcfebaecf52afd3" 9SRCREV = "a36019e5014bff251f83d522ddcfebaecf52afd3"
10 10
11# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which 11# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 0000000000..42f92e3607
--- /dev/null
+++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,192 @@
1From fdf78a4877afa987ba646a8779b513f258e6d04c Mon Sep 17 00:00:00 2001
2From: Michael Catanzaro <mcatanzaro@gnome.org>
3Date: Fri, 31 Jul 2020 15:21:53 -0500
4Subject: [PATCH] libcroco: Limit recursion in block and any productions
5
6 (CVE-2020-12825)
7
8If we don't have any limits, we can recurse forever and overflow the
9stack.
10
11Fixes #8
12This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
13
14https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
15
16CVE: CVE-2020-12825
17Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
18Comment: No refreshing changes done.
19Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
20
21---
22 src/cr-parser.c | 44 +++++++++++++++++++++++++++++---------------
23 1 file changed, 29 insertions(+), 15 deletions(-)
24
25diff --git a/src/cr-parser.c b/src/cr-parser.c
26index 18c9a01..f4a62e3 100644
27--- a/src/cr-parser.c
28+++ b/src/cr-parser.c
29@@ -136,6 +136,8 @@ struct _CRParserPriv {
30
31 #define CHARS_TAB_SIZE 12
32
33+#define RECURSIVE_CALLERS_LIMIT 100
34+
35 /**
36 * IS_NUM:
37 *@a_char: the char to test.
38@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
39
40 static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
41
42-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
43+static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
44+ guint n_calls);
45
46-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
47+static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
48+ guint n_calls);
49
50 static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
51
52@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
53 cr_parser_try_to_skip_spaces_and_comments (a_this);
54
55 do {
56- status = cr_parser_parse_any_core (a_this);
57+ status = cr_parser_parse_any_core (a_this, 0);
58 } while (status == CR_OK);
59
60 status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
61@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
62 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
63 token);
64 token = NULL;
65- status = cr_parser_parse_block_core (a_this);
66+ status = cr_parser_parse_block_core (a_this, 0);
67 CHECK_PARSING_STATUS (status,
68 FALSE);
69 goto done;
70@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
71
72 RECORD_INITIAL_POS (a_this, &init_pos);
73
74- status = cr_parser_parse_any_core (a_this);
75+ status = cr_parser_parse_any_core (a_this, 0);
76 CHECK_PARSING_STATUS (status, FALSE);
77
78 do {
79- status = cr_parser_parse_any_core (a_this);
80+ status = cr_parser_parse_any_core (a_this, 0);
81
82 } while (status == CR_OK);
83
84@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
85 *in chapter 4.1 of the css2 spec.
86 *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
87 *@param a_this the current instance of #CRParser.
88+ *@param n_calls used to limit recursion depth
89 *FIXME: code this function.
90 */
91 static enum CRStatus
92-cr_parser_parse_block_core (CRParser * a_this)
93+cr_parser_parse_block_core (CRParser * a_this,
94+ guint n_calls)
95 {
96 CRToken *token = NULL;
97 CRInputPos init_pos;
98@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
99
100 g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
101
102+ if (n_calls > RECURSIVE_CALLERS_LIMIT)
103+ return CR_ERROR;
104+
105 RECORD_INITIAL_POS (a_this, &init_pos);
106
107 status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
108@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
109 } else if (token->type == CBO_TK) {
110 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
111 token = NULL;
112- status = cr_parser_parse_block_core (a_this);
113+ status = cr_parser_parse_block_core (a_this, n_calls + 1);
114 CHECK_PARSING_STATUS (status, FALSE);
115 goto parse_block_content;
116 } else {
117 cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
118 token = NULL;
119- status = cr_parser_parse_any_core (a_this);
120+ status = cr_parser_parse_any_core (a_this, n_calls + 1);
121 CHECK_PARSING_STATUS (status, FALSE);
122 goto parse_block_content;
123 }
124@@ -1109,7 +1118,7 @@ cr_parser_parse_value_core (CRParser * a_this)
125 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
126 token);
127 token = NULL;
128- status = cr_parser_parse_block_core (a_this);
129+ status = cr_parser_parse_block_core (a_this, 0);
130 CHECK_PARSING_STATUS (status, FALSE);
131 ref++;
132 goto continue_parsing;
133@@ -1123,7 +1132,7 @@ cr_parser_parse_value_core (CRParser * a_this)
134 status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
135 token);
136 token = NULL;
137- status = cr_parser_parse_any_core (a_this);
138+ status = cr_parser_parse_any_core (a_this, 0);
139 if (status == CR_OK) {
140 ref++;
141 goto continue_parsing;
142@@ -1162,10 +1171,12 @@ cr_parser_parse_value_core (CRParser * a_this)
143 * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
144 *
145 *@param a_this the current instance of #CRParser.
146+ *@param n_calls used to limit recursion depth
147 *@return CR_OK upon successfull completion, an error code otherwise.
148 */
149 static enum CRStatus
150-cr_parser_parse_any_core (CRParser * a_this)
151+cr_parser_parse_any_core (CRParser * a_this,
152+ guint n_calls)
153 {
154 CRToken *token1 = NULL,
155 *token2 = NULL;
156@@ -1174,6 +1185,9 @@ cr_parser_parse_any_core (CRParser * a_this)
157
158 g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
159
160+ if (n_calls > RECURSIVE_CALLERS_LIMIT)
161+ return CR_ERROR;
162+
163 RECORD_INITIAL_POS (a_this, &init_pos);
164
165 status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
166@@ -1212,7 +1226,7 @@ cr_parser_parse_any_core (CRParser * a_this)
167 *We consider parameter as being an "any*" production.
168 */
169 do {
170- status = cr_parser_parse_any_core (a_this);
171+ status = cr_parser_parse_any_core (a_this, n_calls + 1);
172 } while (status == CR_OK);
173
174 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
175@@ -1237,7 +1251,7 @@ cr_parser_parse_any_core (CRParser * a_this)
176 }
177
178 do {
179- status = cr_parser_parse_any_core (a_this);
180+ status = cr_parser_parse_any_core (a_this, n_calls + 1);
181 } while (status == CR_OK);
182
183 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
184@@ -1265,7 +1279,7 @@ cr_parser_parse_any_core (CRParser * a_this)
185 }
186
187 do {
188- status = cr_parser_parse_any_core (a_this);
189+ status = cr_parser_parse_any_core (a_this, n_calls + 1);
190 } while (status == CR_OK);
191
192 ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/meta/recipes-support/libcroco/libcroco_0.6.13.bb
index 9171a9de5c..a443ff23fe 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.13.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.13.bb
@@ -18,3 +18,6 @@ inherit gnomebase gtk-doc binconfig-disabled
18 18
19SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce" 19SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce"
20SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4" 20SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4"
21
22SRC_URI +="file://CVE-2020-12825.patch \
23"
diff --git a/meta/recipes-support/libevdev/libevdev/determinism.patch b/meta/recipes-support/libevdev/libevdev/determinism.patch
index f6b7fc82d3..71cbd876eb 100644
--- a/meta/recipes-support/libevdev/libevdev/determinism.patch
+++ b/meta/recipes-support/libevdev/libevdev/determinism.patch
@@ -9,7 +9,8 @@ Sort to remove this inconsistency.
9RP 2020/2/7 9RP 2020/2/7
10 10
11Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 11Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
12Upstream-Status: Pending 12Submitted: https://lists.freedesktop.org/archives/input-tools/2021-February/001560.html
13Upstream-Status: Backport [https://gitlab.freedesktop.org/libevdev/libevdev/-/commit/8d70f449892c6f7659e07bb0f06b8347677bb7d8]
13 14
14--- 15---
15 libevdev/make-event-names.py | 6 +++--- 16 libevdev/make-event-names.py | 6 +++---
diff --git a/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/meta/recipes-support/libexif/files/CVE-2020-0198.patch
new file mode 100644
index 0000000000..2a48844cb2
--- /dev/null
+++ b/meta/recipes-support/libexif/files/CVE-2020-0198.patch
@@ -0,0 +1,66 @@
1From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Wed, 30 Dec 2020 10:22:47 +0800
4Subject: [PATCH] fixed another unsigned integer overflow
5
6first fixed by google in android fork,
7https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
8
9(use a more generic overflow check method, also check second overflow instance.)
10
11https://security-tracker.debian.org/tracker/CVE-2020-0198
12
13Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c]
14CVE: CVE-2020-0198
15
16Signed-off-by: Changqing Li <changqing.li@windriver.com>
17---
18 libexif/exif-data.c | 10 ++++++----
19 1 file changed, 6 insertions(+), 4 deletions(-)
20
21diff --git a/libexif/exif-data.c b/libexif/exif-data.c
22index 8b280d3..34d58fc 100644
23--- a/libexif/exif-data.c
24+++ b/libexif/exif-data.c
25@@ -47,6 +47,8 @@
26 #undef JPEG_MARKER_APP1
27 #define JPEG_MARKER_APP1 0xe1
28
29+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
30+
31 static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
32
33 struct _ExifDataPrivate
34@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
35 exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
36 return;
37 }
38- if (s > ds - o) {
39+ if (CHECKOVERFLOW(o,ds,s)) {
40 exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
41 return;
42 }
43@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
44 }
45
46 /* Read the number of entries */
47- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
48+ if (CHECKOVERFLOW(offset, ds, 2)) {
49 exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
50- "Tag data past end of buffer (%u > %u)", offset+2, ds);
51+ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
52 return;
53 }
54 n = exif_get_short (d + offset, data->priv->order);
55@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
56 offset += 2;
57
58 /* Check if we have enough data. */
59- if (offset + 12 * n > ds) {
60+ if (CHECKOVERFLOW(offset, ds, 12*n)) {
61 n = (ds - offset) / 12;
62 exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
63 "Short data; only loading %hu entries...", n);
64--
652.17.1
66
diff --git a/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/meta/recipes-support/libexif/files/CVE-2020-0452.patch
new file mode 100644
index 0000000000..a117b8b369
--- /dev/null
+++ b/meta/recipes-support/libexif/files/CVE-2020-0452.patch
@@ -0,0 +1,39 @@
1From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Wed, 30 Dec 2020 10:18:51 +0800
4Subject: [PATCH] fixed a incorrect overflow check that could be optimized
5 away.
6
7inspired by:
8https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
9
10https://source.android.com/security/bulletin/2020-11-01
11
12CVE-2020-0452
13
14Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06]
15CVE: CVE-2020-0452
16
17Signed-off-by: Changqing Li <changqing.li@windriver.com>
18---
19 libexif/exif-entry.c | 4 ++--
20 1 file changed, 2 insertions(+), 2 deletions(-)
21
22diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
23index 5de215f..3a6ce84 100644
24--- a/libexif/exif-entry.c
25+++ b/libexif/exif-entry.c
26@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
27 {
28 unsigned char *utf16;
29
30- /* Sanity check the size to prevent overflow */
31- if (e->size+sizeof(uint16_t)+1 < e->size) break;
32+ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
33+ if (e->size >= 65536 - sizeof(uint16_t)*2) break;
34
35 /* The tag may not be U+0000-terminated , so make a local
36 U+0000-terminated copy before converting it */
37--
382.17.1
39
diff --git a/meta/recipes-support/libexif/libexif_0.6.22.bb b/meta/recipes-support/libexif/libexif_0.6.22.bb
index 2478ba07d8..dc30926c59 100644
--- a/meta/recipes-support/libexif/libexif_0.6.22.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.22.bb
@@ -8,6 +8,8 @@ def version_underscore(v):
8 return "_".join(v.split(".")) 8 return "_".join(v.split("."))
9 9
10SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \ 10SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
11 file://CVE-2020-0198.patch \
12 file://CVE-2020-0452.patch \
11 " 13 "
12 14
13SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56" 15SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.6.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.6.bb
index ac09417e89..832d07d515 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.6.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.6.bb
@@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
28" 28"
29SRC_URI[sha256sum] = "0cba2700617b99fc33864a0c16b1fa7fdf9781d9ed3509f5d767178e5fd7b975" 29SRC_URI[sha256sum] = "0cba2700617b99fc33864a0c16b1fa7fdf9781d9ed3509f5d767178e5fd7b975"
30 30
31# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
32CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
33
31BINCONFIG = "${bindir}/libgcrypt-config" 34BINCONFIG = "${bindir}/libgcrypt-config"
32 35
33inherit autotools texinfo binconfig-disabled pkgconfig 36inherit autotools texinfo binconfig-disabled pkgconfig
diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb
index 6510156ed0..455d2a5141 100644
--- a/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -11,7 +11,7 @@ PE = "1"
11 11
12SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" 12SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd"
13 13
14SRC_URI = "git://github.com/lz4/lz4.git \ 14SRC_URI = "git://github.com/lz4/lz4.git;branch=dev \
15 file://run-ptest \ 15 file://run-ptest \
16 " 16 "
17UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" 17UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
diff --git a/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index b1fd2334b2..c539ecdbc6 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -2,17 +2,18 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 modules"
2LICENSE = "BSD-3-Clause" 2LICENSE = "BSD-3-Clause"
3LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50" 3LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
4 4
5inherit meson gettext pkgconfig gtk-doc bash-completion 5inherit meson gettext pkgconfig gtk-doc bash-completion manpages
6 6
7DEPENDS = "libtasn1 libtasn1-native libffi" 7DEPENDS = "libtasn1 libtasn1-native libffi"
8 8
9DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" 9DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
10 10
11SRC_URI = "git://github.com/p11-glue/p11-kit" 11SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
12SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab" 12SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
13S = "${WORKDIR}/git" 13S = "${WORKDIR}/git"
14 14
15PACKAGECONFIG ??= "" 15PACKAGECONFIG ??= ""
16PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native"
16PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates" 17PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates"
17 18
18GTKDOC_MESON_OPTION = 'gtk_doc' 19GTKDOC_MESON_OPTION = 'gtk_doc'
diff --git a/meta/recipes-support/sqlite/sqlite3_3.33.0.bb b/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
index 611a1bd923..33f041a161 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
@@ -8,3 +8,5 @@ SRC_URI[sha256sum] = "106a2c48c7f75a298a7557bcc0d5f4f454e5b43811cc738b7ca294d695
8 8
9# -19242 is only an issue in specific development branch commits 9# -19242 is only an issue in specific development branch commits
10CVE_CHECK_WHITELIST += "CVE-2019-19242" 10CVE_CHECK_WHITELIST += "CVE-2019-19242"
11# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
12CVE_CHECK_WHITELIST += "CVE-2015-3717"
diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch
new file mode 100644
index 0000000000..48dca44cad
--- /dev/null
+++ b/meta/recipes-support/vim/files/racefix.patch
@@ -0,0 +1,33 @@
1The creation of the LINGUAS file is duplicated for each desktop file
2which can lead the commands to race against each other. Rework
3the makefile to avoid this as the expense of leaving the file on disk.
4
5Upstream-Status: Pending
6RP 2021/2/15
7
8Index: git/src/po/Makefile
9===================================================================
10--- git.orig/src/po/Makefile
11+++ git/src/po/Makefile
12@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../
13 po/gvim.desktop.in po/vim.desktop.in
14 mv -f ../$(PACKAGE).po $(PACKAGE).pot
15
16-vim.desktop: vim.desktop.in $(POFILES)
17+LINGUAS:
18 echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS
19+
20+vim.desktop: vim.desktop.in $(POFILES) LINGUAS
21 $(MSGFMT) --desktop -d . --template vim.desktop.in -o tmp_vim.desktop
22- rm -f LINGUAS
23 if command -v desktop-file-validate; then desktop-file-validate tmp_vim.desktop; fi
24 mv tmp_vim.desktop vim.desktop
25
26-gvim.desktop: gvim.desktop.in $(POFILES)
27- echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS
28+gvim.desktop: gvim.desktop.in $(POFILES) LINGUAS
29 $(MSGFMT) --desktop -d . --template gvim.desktop.in -o tmp_gvim.desktop
30- rm -f LINGUAS
31 if command -v desktop-file-validate; then desktop-file-validate tmp_gvim.desktop; fi
32 mv tmp_gvim.desktop gvim.desktop
33
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 4d2886c19e..d57f784da5 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \
12 file://vim-add-knob-whether-elf.h-are-checked.patch \ 12 file://vim-add-knob-whether-elf.h-are-checked.patch \
13 file://0001-src-Makefile-improve-reproducibility.patch \ 13 file://0001-src-Makefile-improve-reproducibility.patch \
14 file://no-path-adjust.patch \ 14 file://no-path-adjust.patch \
15 file://racefix.patch \
15" 16"
16SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" 17SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
17 18
@@ -68,8 +69,10 @@ EXTRA_OECONF = " \
68 --disable-gtktest \ 69 --disable-gtktest \
69 --disable-xim \ 70 --disable-xim \
70 --disable-netbeans \ 71 --disable-netbeans \
72 --disable-desktop-database-update \
71 --with-tlib=ncurses \ 73 --with-tlib=ncurses \
72 ac_cv_small_wchar_t=no \ 74 ac_cv_small_wchar_t=no \
75 ac_cv_path_GLIB_COMPILE_RESOURCES=no \
73 vim_cv_getcwd_broken=no \ 76 vim_cv_getcwd_broken=no \
74 vim_cv_memmove_handles_overlap=yes \ 77 vim_cv_memmove_handles_overlap=yes \
75 vim_cv_stat_ignores_slash=no \ 78 vim_cv_stat_ignores_slash=no \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-08 19:22:37 +0000