diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2020-8169.patch | 140 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2020-8177.patch | 67 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.69.1.bb | 2 |
3 files changed, 209 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch b/meta/recipes-support/curl/curl/CVE-2020-8169.patch new file mode 100644 index 0000000000..7d1be24a0a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch | |||
@@ -0,0 +1,140 @@ | |||
1 | From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 14 May 2020 14:37:12 +0200 | ||
4 | Subject: [PATCH] url: make the updated credentials URL-encoded in the URL | ||
5 | |||
6 | Found-by: Gregory Jefferis | ||
7 | Reported-by: Jeroen Ooms | ||
8 | Added test 1168 to verify. Bug spotted when doing a redirect. | ||
9 | Bug: https://github.com/jeroen/curl/issues/224 | ||
10 | Closes #5400 | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | https://github.com/curl/curl/commit/600a8cded447cd | ||
14 | |||
15 | CVE: CVE-2020-8169 | ||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | --- | ||
19 | lib/url.c | 6 ++-- | ||
20 | tests/data/Makefile.inc | 1 + | ||
21 | tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++ | ||
22 | 3 files changed, 83 insertions(+), 2 deletions(-) | ||
23 | create mode 100644 tests/data/test1168 | ||
24 | |||
25 | Index: curl-7.69.1/lib/url.c | ||
26 | =================================================================== | ||
27 | --- curl-7.69.1.orig/lib/url.c | ||
28 | +++ curl-7.69.1/lib/url.c | ||
29 | @@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu | ||
30 | |||
31 | /* for updated strings, we update them in the URL */ | ||
32 | if(user_changed) { | ||
33 | - uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); | ||
34 | + uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, | ||
35 | + CURLU_URLENCODE); | ||
36 | if(uc) | ||
37 | return Curl_uc_to_curlcode(uc); | ||
38 | } | ||
39 | if(passwd_changed) { | ||
40 | - uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); | ||
41 | + uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, | ||
42 | + CURLU_URLENCODE); | ||
43 | if(uc) | ||
44 | return Curl_uc_to_curlcode(uc); | ||
45 | } | ||
46 | Index: curl-7.69.1/tests/data/Makefile.inc | ||
47 | =================================================================== | ||
48 | --- curl-7.69.1.orig/tests/data/Makefile.inc | ||
49 | +++ curl-7.69.1/tests/data/Makefile.inc | ||
50 | @@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test | ||
51 | test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ | ||
52 | test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ | ||
53 | test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \ | ||
54 | +test1168 \ | ||
55 | \ | ||
56 | test1170 test1171 test1172 test1173 test1174 test1175 test1176 \ | ||
57 | \ | ||
58 | Index: curl-7.69.1/tests/data/test1168 | ||
59 | =================================================================== | ||
60 | --- /dev/null | ||
61 | +++ curl-7.69.1/tests/data/test1168 | ||
62 | @@ -0,0 +1,78 @@ | ||
63 | +<testcase> | ||
64 | +<info> | ||
65 | +<keywords> | ||
66 | +HTTP | ||
67 | +HTTP GET | ||
68 | +followlocation | ||
69 | +</keywords> | ||
70 | +</info> | ||
71 | +# Server-side | ||
72 | +<reply> | ||
73 | +<data> | ||
74 | +HTTP/1.1 301 This is a weirdo text message swsclose | ||
75 | +Date: Thu, 09 Nov 2010 14:49:00 GMT | ||
76 | +Server: test-server/fake | ||
77 | +Location: /data/11680002.txt | ||
78 | +Connection: close | ||
79 | + | ||
80 | +This server reply is for testing a simple Location: following | ||
81 | + | ||
82 | +</data> | ||
83 | +<data2> | ||
84 | +HTTP/1.1 200 Followed here fine swsclose | ||
85 | +Date: Thu, 09 Nov 2010 14:49:00 GMT | ||
86 | +Server: test-server/fake | ||
87 | +Content-Length: 52 | ||
88 | + | ||
89 | +If this is received, the location following worked | ||
90 | + | ||
91 | +</data2> | ||
92 | +<datacheck> | ||
93 | +HTTP/1.1 301 This is a weirdo text message swsclose | ||
94 | +Date: Thu, 09 Nov 2010 14:49:00 GMT | ||
95 | +Server: test-server/fake | ||
96 | +Location: /data/11680002.txt | ||
97 | +Connection: close | ||
98 | + | ||
99 | +HTTP/1.1 200 Followed here fine swsclose | ||
100 | +Date: Thu, 09 Nov 2010 14:49:00 GMT | ||
101 | +Server: test-server/fake | ||
102 | +Content-Length: 52 | ||
103 | + | ||
104 | +If this is received, the location following worked | ||
105 | + | ||
106 | +</datacheck> | ||
107 | +</reply> | ||
108 | + | ||
109 | +# Client-side | ||
110 | +<client> | ||
111 | +<server> | ||
112 | +http | ||
113 | +</server> | ||
114 | + <name> | ||
115 | +HTTP redirect with credentials using # in user and password | ||
116 | + </name> | ||
117 | + <command> | ||
118 | +http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY" | ||
119 | +</command> | ||
120 | +</client> | ||
121 | + | ||
122 | +# Verify data after the test has been "shot" | ||
123 | +<verify> | ||
124 | +<strip> | ||
125 | +^User-Agent:.* | ||
126 | +</strip> | ||
127 | +<protocol> | ||
128 | +GET /want/1168 HTTP/1.1 | ||
129 | +Host: %HOSTIP:%HTTPPORT | ||
130 | +Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== | ||
131 | +Accept: */* | ||
132 | + | ||
133 | +GET /data/11680002.txt HTTP/1.1 | ||
134 | +Host: %HOSTIP:%HTTPPORT | ||
135 | +Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== | ||
136 | +Accept: */* | ||
137 | + | ||
138 | +</protocol> | ||
139 | +</verify> | ||
140 | +</testcase> | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8177.patch b/meta/recipes-support/curl/curl/CVE-2020-8177.patch new file mode 100644 index 0000000000..4f14fa2306 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8177.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From 8236aba58542c5f89f1d41ca09d84579efb05e22 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Sun, 31 May 2020 23:09:59 +0200 | ||
4 | Subject: [PATCH] tool_getparam: -i is not OK if -J is used | ||
5 | |||
6 | Reported-by: sn on hackerone | ||
7 | Bug: https://curl.haxx.se/docs/CVE-2020-8177.html | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | CVE:CVE-2020-8177 | ||
11 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
12 | |||
13 | --- | ||
14 | src/tool_cb_hdr.c | 22 ++++------------------ | ||
15 | src/tool_getparam.c | 5 +++++ | ||
16 | 2 files changed, 9 insertions(+), 18 deletions(-) | ||
17 | |||
18 | Index: curl-7.69.1/src/tool_cb_hdr.c | ||
19 | =================================================================== | ||
20 | --- curl-7.69.1.orig/src/tool_cb_hdr.c | ||
21 | +++ curl-7.69.1/src/tool_cb_hdr.c | ||
22 | @@ -186,25 +186,11 @@ size_t tool_header_cb(char *ptr, size_t | ||
23 | filename = parse_filename(p, len); | ||
24 | if(filename) { | ||
25 | if(outs->stream) { | ||
26 | - int rc; | ||
27 | - /* already opened and possibly written to */ | ||
28 | - if(outs->fopened) | ||
29 | - fclose(outs->stream); | ||
30 | - outs->stream = NULL; | ||
31 | - | ||
32 | - /* rename the initial file name to the new file name */ | ||
33 | - rc = rename(outs->filename, filename); | ||
34 | - if(rc != 0) { | ||
35 | - warnf(per->config->global, "Failed to rename %s -> %s: %s\n", | ||
36 | - outs->filename, filename, strerror(errno)); | ||
37 | - } | ||
38 | - if(outs->alloc_filename) | ||
39 | - Curl_safefree(outs->filename); | ||
40 | - if(rc != 0) { | ||
41 | - free(filename); | ||
42 | - return failure; | ||
43 | - } | ||
44 | + /* indication of problem, get out! */ | ||
45 | + free(filename); | ||
46 | + return failure; | ||
47 | } | ||
48 | + | ||
49 | outs->is_cd_filename = TRUE; | ||
50 | outs->s_isreg = TRUE; | ||
51 | outs->fopened = FALSE; | ||
52 | Index: curl-7.69.1/src/tool_getparam.c | ||
53 | =================================================================== | ||
54 | --- curl-7.69.1.orig/src/tool_getparam.c | ||
55 | +++ curl-7.69.1/src/tool_getparam.c | ||
56 | @@ -1807,6 +1807,11 @@ ParameterError getparameter(const char * | ||
57 | } | ||
58 | break; | ||
59 | case 'i': | ||
60 | + if(config->content_disposition) { | ||
61 | + warnf(global, | ||
62 | + "--include and --remote-header-name cannot be combined.\n"); | ||
63 | + return PARAM_BAD_USE; | ||
64 | + } | ||
65 | config->show_headers = toggle; /* show the headers as well in the | ||
66 | general output stream */ | ||
67 | break; | ||
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index e854e8d4bd..8b5170f021 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb | |||
@@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531" | |||
7 | 7 | ||
8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | 8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ |
9 | file://0001-replace-krb5-config-with-pkg-config.patch \ | 9 | file://0001-replace-krb5-config-with-pkg-config.patch \ |
10 | file://CVE-2020-8169.patch \ | ||
11 | file://CVE-2020-8177.patch \ | ||
10 | " | 12 | " |
11 | 13 | ||
12 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" | 14 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" |