import curl-7.76.1-19.el9

880ccda5 · Rocky Automation · 1498da50 · 880ccda5 · 880ccda5 · 880ccda5
Commit 880ccda5 authored 2 years ago by Rocky Automation
--- a/SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch
+++ b/SOURCES/0011-curl-7.76.1-CVE-2022-27775.patch
+From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 11:48:00 +0200
+Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey
+
+Make connections to two separate IPv6 zone ids create separate
+connections.
+
+Reported-by: Harry Sintonen
+Bug: https://curl.se/docs/CVE-2022-27775.html
+Closes #8747
+
+Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/conncache.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/conncache.c b/lib/conncache.c
+index cd5756a..9b9f683 100644
+--- a/lib/conncache.c
+++ b/lib/conncache.c
+@@ -159,8 +159,12 @@ static void hashkey(struct connectdata *conn, char *buf,
+     /* report back which name we used */
+     *hostp = hostname;
+ 
+-  /* put the number first so that the hostname gets cut off if too long */
+-  msnprintf(buf, len, "%ld%s", port, hostname);
+  /* put the numbers first so that the hostname gets cut off if too long */
+#ifdef ENABLE_IPV6
+  msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
+#else
+  msnprintf(buf, len, "%ld/%s", port, hostname);
+#endif
+ }
+ 
+ /* Returns number of connections currently held in the connection cache.
+-- 
+2.34.1
+
--- a/SOURCES/0020-curl-7.76.1-openldap-rebase.patch
+++ b/SOURCES/0020-curl-7.76.1-openldap-rebase.patch
+From c2acc48854be9f8590e57a7b44b649fb8537bed4 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 May 2021 16:14:13 +0200
+Subject: [PATCH] openldap: replace ldap_ prefix on private functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
+least) there's a symbol collision because of that.
+
+The private functions now use the 'oldap_' prefix where it previously
+used 'ldap_'.
+
+Reported-by: 3eka on github
+Fixes #7004
+Closes #7005
+
+Upstream-commit: 8bdde6b14ce3b5fd71c772a578fcbd4b6fa6df19
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/openldap.c | 67 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 34 insertions(+), 33 deletions(-)
+
+diff --git a/lib/openldap.c b/lib/openldap.c
+index b515554..5a32c74 100644
+--- a/lib/openldap.c
+++ b/lib/openldap.c
+@@ -76,16 +76,16 @@ extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url,
+                         LDAP **ld);
+ #endif
+ 
+-static CURLcode ldap_setup_connection(struct Curl_easy *data,
+-                                      struct connectdata *conn);
+-static CURLcode ldap_do(struct Curl_easy *data, bool *done);
+-static CURLcode ldap_done(struct Curl_easy *data, CURLcode, bool);
+-static CURLcode ldap_connect(struct Curl_easy *data, bool *done);
+-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done);
+-static CURLcode ldap_disconnect(struct Curl_easy *data,
+-                                struct connectdata *conn, bool dead);
+static CURLcode oldap_setup_connection(struct Curl_easy *data,
+                                       struct connectdata *conn);
+static CURLcode oldap_do(struct Curl_easy *data, bool *done);
+static CURLcode oldap_done(struct Curl_easy *data, CURLcode, bool);
+static CURLcode oldap_connect(struct Curl_easy *data, bool *done);
+static CURLcode oldap_connecting(struct Curl_easy *data, bool *done);
+static CURLcode oldap_disconnect(struct Curl_easy *data,
+                                 struct connectdata *conn, bool dead);
+ 
+-static Curl_recv ldap_recv;
+static Curl_recv oldap_recv;
+ 
+ /*
+  * LDAP protocol handler.
+@@ -93,18 +93,18 @@ static Curl_recv ldap_recv;
+ 
+ const struct Curl_handler Curl_handler_ldap = {
+   "LDAP",                               /* scheme */
+-  ldap_setup_connection,                /* setup_connection */
+-  ldap_do,                              /* do_it */
+-  ldap_done,                            /* done */
+  oldap_setup_connection,               /* setup_connection */
+  oldap_do,                             /* do_it */
+  oldap_done,                           /* done */
+   ZERO_NULL,                            /* do_more */
+-  ldap_connect,                         /* connect_it */
+-  ldap_connecting,                      /* connecting */
+  oldap_connect,                        /* connect_it */
+  oldap_connecting,                     /* connecting */
+   ZERO_NULL,                            /* doing */
+   ZERO_NULL,                            /* proto_getsock */
+   ZERO_NULL,                            /* doing_getsock */
+   ZERO_NULL,                            /* domore_getsock */
+   ZERO_NULL,                            /* perform_getsock */
+-  ldap_disconnect,                      /* disconnect */
+  oldap_disconnect,                     /* disconnect */
+   ZERO_NULL,                            /* readwrite */
+   ZERO_NULL,                            /* connection_check */
+   ZERO_NULL,                            /* attach connection */
+@@ -121,18 +121,18 @@ const struct Curl_handler Curl_handler_ldap = {
+ 
+ const struct Curl_handler Curl_handler_ldaps = {
+   "LDAPS",                              /* scheme */
+-  ldap_setup_connection,                /* setup_connection */
+-  ldap_do,                              /* do_it */
+-  ldap_done,                            /* done */
+  oldap_setup_connection,               /* setup_connection */
+  oldap_do,                             /* do_it */
+  oldap_done,                           /* done */
+   ZERO_NULL,                            /* do_more */
+-  ldap_connect,                         /* connect_it */
+-  ldap_connecting,                      /* connecting */
+  oldap_connect,                        /* connect_it */
+  oldap_connecting,                     /* connecting */
+   ZERO_NULL,                            /* doing */
+   ZERO_NULL,                            /* proto_getsock */
+   ZERO_NULL,                            /* doing_getsock */
+   ZERO_NULL,                            /* domore_getsock */
+   ZERO_NULL,                            /* perform_getsock */
+-  ldap_disconnect,                      /* disconnect */
+  oldap_disconnect,                     /* disconnect */
+   ZERO_NULL,                            /* readwrite */
+   ZERO_NULL,                            /* connection_check */
+   ZERO_NULL,                            /* attach connection */
+@@ -173,8 +173,8 @@ struct ldapreqinfo {
+   int nument;
+ };
+ 
+-static CURLcode ldap_setup_connection(struct Curl_easy *data,
+-                                      struct connectdata *conn)
+static CURLcode oldap_setup_connection(struct Curl_easy *data,
+                                       struct connectdata *conn)
+ {
+   struct ldapconninfo *li;
+   LDAPURLDesc *lud;
+@@ -209,7 +209,7 @@ static CURLcode ldap_setup_connection(struct Curl_easy *data,
+ static Sockbuf_IO ldapsb_tls;
+ #endif
+ 
+-static CURLcode ldap_connect(struct Curl_easy *data, bool *done)
+static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
+ {
+   struct connectdata *conn = data->conn;
+   struct ldapconninfo *li = conn->proto.ldapc;
+@@ -257,7 +257,7 @@ static CURLcode ldap_connect(struct Curl_easy *data, bool *done)
+   return CURLE_OK;
+ }
+ 
+-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done)
+static CURLcode oldap_connecting(struct Curl_easy *data, bool *done)
+ {
+   struct connectdata *conn = data->conn;
+   struct ldapconninfo *li = conn->proto.ldapc;
+@@ -356,14 +356,15 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done)
+ 
+   if(info)
+     ldap_memfree(info);
+-  conn->recv[FIRSTSOCKET] = ldap_recv;
+  conn->recv[FIRSTSOCKET] = oldap_recv;
+   *done = TRUE;
+ 
+   return CURLE_OK;
+ }
+ 
+-static CURLcode ldap_disconnect(struct Curl_easy *data,
+-                                struct connectdata *conn, bool dead_connection)
+static CURLcode oldap_disconnect(struct Curl_easy *data,
+                                 struct connectdata *conn,
+                                 bool dead_connection)
+ {
+   struct ldapconninfo *li = conn->proto.ldapc;
+   (void) dead_connection;
+@@ -384,7 +385,7 @@ static CURLcode ldap_disconnect(struct Curl_easy *data,
+   return CURLE_OK;
+ }
+ 
+-static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+static CURLcode oldap_do(struct Curl_easy *data, bool *done)
+ {
+   struct connectdata *conn = data->conn;
+   struct ldapconninfo *li = conn->proto.ldapc;
+@@ -429,8 +430,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+   return CURLE_OK;
+ }
+ 
+-static CURLcode ldap_done(struct Curl_easy *data, CURLcode res,
+-                          bool premature)
+static CURLcode oldap_done(struct Curl_easy *data, CURLcode res,
+                           bool premature)
+ {
+   struct connectdata *conn = data->conn;
+   struct ldapreqinfo *lr = data->req.p.ldap;
+@@ -452,8 +453,8 @@ static CURLcode ldap_done(struct Curl_easy *data, CURLcode res,
+   return CURLE_OK;
+ }
+ 
+-static ssize_t ldap_recv(struct Curl_easy *data, int sockindex, char *buf,
+-                         size_t len, CURLcode *err)
+static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf,
+                          size_t len, CURLcode *err)
+ {
+   struct connectdata *conn = data->conn;
+   struct ldapconninfo *li = conn->proto.ldapc;
+-- 
+2.35.3
+
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 14%{?dist}.5
+Release: 19%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz

@@ -35,6 +35,9 @@ Patch9:   0009-curl-7.76.1-CVE-2021-22947.patch
 # fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
 Patch10:  0010-curl-7.76.1-CVE-2022-22576.patch

+# fix bad local IPv6 connection reuse (CVE-2022-27775)
+Patch11:  0011-curl-7.76.1-CVE-2022-27775.patch
+
 # fix auth/cookie leak on redirect (CVE-2022-27776)
 Patch12:  0012-curl-7.76.1-CVE-2022-27776.patch

@@ -56,6 +59,9 @@ Patch17:  0017-curl-7.76.1-CVE-2022-32206.patch
 # fix unpreserved file permissions (CVE-2022-32207)
 Patch19:  0019-curl-7.76.1-CVE-2022-32207.patch

+# fix build failure caused by openldap rebase (#2094159)
+Patch20:  0020-curl-7.76.1-openldap-rebase.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@@ -241,6 +247,7 @@ be installed.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
@@ -248,6 +255,7 @@ be installed.
 %patch16 -p1
 %patch17 -p1
 %patch19 -p1
+%patch20 -p1

 # Fedora patches
 %patch101 -p1
@@ -468,23 +476,24 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
-* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14.el9_0.5
+* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19
 - fix unpreserved file permissions (CVE-2022-32207)
 - fix HTTP compression denial of service (CVE-2022-32206)
 - fix FTP-KRB bad message verification (CVE-2022-32208)

-* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14.el9_0.4
+* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18
 - fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

-* Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14.el9_0.3
+* Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-17
 - fix leak of SRP credentials in redirects (CVE-2022-27774)

-* Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14.el9_0.2
+* Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-16
 - add missing tests to Makefile

-* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14.el9_0.1
+* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15
 - fix credential leak on redirect (CVE-2022-27774)
 - fix auth/cookie leak on redirect (CVE-2022-27776)
+- fix bad local IPv6 connection reuse (CVE-2022-27775)
 - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

 * Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14