import curl-7.61.1-22.el8

.curl.metadata

+8b56123714b4e061f0f71005c5be598b12f82483 SOURCES/curl-7.61.1.tar.xz

.gitignore

+SOURCES/curl-7.61.1.tar.xz

SOURCES/0001-curl-7.61.1-test320-gnutls.patch

+From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 4 Oct 2018 15:34:13 +0200
+Subject: [PATCH] test320: strip out more HTML when comparing
+
+To make the test case work with different gnutls-serv versions better.
+
+Reported-by: Kamil Dudka
+Fixes #3093
+Closes #3094
+
+Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/test320 | 24 ++++--------------------
+ 1 file changed, 4 insertions(+), 20 deletions(-)
+
+diff --git a/tests/data/test320 b/tests/data/test320
+index 457a11eb2..87311d4f2 100644
+--- a/tests/data/test320
++++ b/tests/data/test320
+@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response
+ HTTP/1.0 200 OK
+ Content-type: text/html
+ 
+-
+-<HTML><BODY>
+-<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GnuTLS</a></H1></CENTER>
+-
+-
+-
+-<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
+-<p>Connected as user 'jsmith'.</p>
+-<P>
+-<TABLE border=1><TR><TD></TD></TR>
+-<TR><TD>Key Exchange:</TD><TD>SRP</TD></TR>
+-<TR><TD>Compression</TD><TD>NULL</TD></TR>
+-<TR><TD>Cipher</TD><TD>AES-NNN-CBC</TD></TR>
+-<TR><TD>MAC</TD><TD>SHA1</TD></TR>
+-<TR><TD>Ciphersuite</TD><TD>SRP_SHA_AES_NNN_CBC_SHA1</TD></TR></p></TABLE>
+-<hr><P>Your HTTP header was:<PRE>Host: %HOSTIP:%HTTPTLSPORT
++FINE
+ User-Agent: curl-test-suite
+ Accept: */*
+ 
+-</PRE></P>
+-</BODY></HTML>
+-
+ </file>
+ <stripfile>
+-s/^<p>Session ID:.*//
++s/^<p>Connected as user 'jsmith'.*/FINE/
+ s/Protocol version:.*[0-9]//
+ s/GNUTLS/GnuTLS/
+ s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/
++s/^<.*\n//
++s/^\n//
+ </stripfile>
+ </verify>
+ 
+-- 
+2.17.1
+

SOURCES/0002-curl-7.61.1-tlsv1.0-man.patch

+From c574e05b0035f0d78e6bf6040d3f80430112ab4f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 7 Sep 2018 16:50:45 +0200
+Subject: [PATCH] docs/cmdline-opts: update the documentation of --tlsv1.0
+
+... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
+
+Closes #2955
+
+Upstream-commit: 9ba22ce6b52751ed1e2abdd177b0a1d241819b4e
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ docs/cmdline-opts/tlsv1.0.d | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d
+index 8789025e0..54e259682 100644
+--- a/docs/cmdline-opts/tlsv1.0.d
++++ b/docs/cmdline-opts/tlsv1.0.d
+@@ -3,4 +3,4 @@ Help: Use TLSv1.0
+ Protocols: TLS
+ Added: 7.34.0
+ ---
+-Forces curl to use TLS version 1.0 when connecting to a remote TLS server.
++Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server.
+-- 
+2.17.1
+

SOURCES/0003-curl-7.61.1-TLS-1.3-PHA.patch

+From bb8ad3da3fb4ab3f6556daa1f67b259c12a3c7de Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Fri, 21 Sep 2018 10:37:43 +0200
+Subject: [PATCH] OpenSSL: enable TLS 1.3 post-handshake auth
+
+OpenSSL 1.1.1 requires clients to opt-in for post-handshake
+authentication.
+
+Fixes: https://github.com/curl/curl/issues/3026
+Signed-off-by: Christian Heimes <christian@python.org>
+
+Closes https://github.com/curl/curl/pull/3027
+
+Upstream-commit: b939bc47b27cd57c6ebb852ad653933e4124b452
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/vtls/openssl.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index a487f55..78970d1 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -178,6 +178,7 @@ static unsigned long OpenSSL_version_num(void)
+      !defined(LIBRESSL_VERSION_NUMBER) &&       \
+      !defined(OPENSSL_IS_BORINGSSL))
+ #define HAVE_SSL_CTX_SET_CIPHERSUITES
++#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+ #endif
+ 
+ #if defined(LIBRESSL_VERSION_NUMBER)
+@@ -2467,6 +2468,11 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+   }
+ #endif
+ 
++#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
++  /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
++  SSL_CTX_set_post_handshake_auth(BACKEND->ctx, 1);
++#endif
++
+ #ifdef USE_TLS_SRP
+   if(ssl_authtype == CURL_TLSAUTH_SRP) {
+     char * const ssl_username = SSL_SET_OPTION(username);
+-- 
+2.17.1
+

SOURCES/0004-curl-7.61.1-CVE-2018-16842.patch

+From 27d6c92acdac671ddf8f77f72956b2181561f774 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 28 Oct 2018 01:33:23 +0200
+Subject: [PATCH 1/2] voutf: fix bad arethmetic when outputting warnings to
+ stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-commit: d530e92f59ae9bb2d47066c3c460b25d2ffeb211
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+         (void)fwrite(ptr, cut + 1, 1, config->errors);
+         fputs("\n", config->errors);
+         ptr += cut + 1; /* skip the space too */
+-        len -= cut;
++        len -= cut + 1;
+       }
+       else {
+         fputs(ptr, config->errors);
+-- 
+2.17.2
+
+
+From 23f8c641b02e6c302d0e8cc5a5ee225a33b01f28 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 28 Oct 2018 10:43:57 +0100
+Subject: [PATCH 2/2] test2080: verify the fix for CVE-2018-16842
+
+Upstream-commit: 350306e4726b71b5b386fc30e3fecc039a807157
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/Makefile.inc |   4 ++--
+ tests/data/test2080     | Bin 0 -> 20659 bytes
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test2080
+
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e045748..aa5fff0 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -198,7 +198,7 @@ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \
+ test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
+ test2064 test2065 test2066 test2067 test2068 test2069 \
+ \
+-test2070 test2071 test2072 test2073 \
+-test2074 test2075 \
++test2070 test2071 test2072 test2073 test2074 test2075 \
++test2080 \
+ \
+ test3000 test3001
+diff --git a/tests/data/test2080 b/tests/data/test2080
+new file mode 100644
+index 0000000000000000000000000000000000000000..47e376ecb5d7879c0a98e392bff48ccc52e9db0a
+GIT binary patch
+literal 20659
+zcmeI)Pj3@35QkyT{uI*`iBshYE(n>u@JB+F3kdG+t~asjwJY0gl}``eO+)FONU8ef
+zl6Ca+%<OZ|nCeRHZE>A4K8~q<UAgUD%0ubY=PwtZRG;GL*UIRJ-;Lfy)u}p_A1>dz
+zd{+G6l*#ToY+DU||F9%J1n*+KPxQ;7MapuoQ!&MMQSXmpqMh0_yS6g=;N;HNjilBk
+zY$c?)mULZxib{;$g~jw~nrs|8b@sJI)_QmS_4(WLrNld}2Y0LEO$e>m->_NA&o$n!
+z9^YDZ>cvMs2q1s}0tg_000PG)@a?$9VHyMwKmY**5I_I{1Q0m1z~!MEP#*yV5I_I{
+z1Q0*~0R#|0009ILKmY**4ldvh-hl=PAb<b@2q1s}0tg`Rgaqum{m<+P&C93=Ab<b@
+z2q1s}0tg_0z|jf3Ji3V(2mu5TK;StGoIK~3=iL!N0D=D{@VjlsoA=?(>-+Xw`j-8D
+zzg+g?Rt8(G*s;1Sb>n1S94H%G<kGn)tFlRTrA%AW*RoyP3pi(fe!mc3WU^sQd2)l4
+jB)+~1L0rx$OS-AbERTH}TH`mZ^*=|W_vMU!*i-li)g+9V
+
+literal 0
+HcmV?d00001
+
+-- 
+2.17.2
+

SOURCES/0005-curl-7.61.1-CVE-2018-16840.patch

+From 235f209a0e62edee654be441a50bb0c154edeaa5 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 18 Oct 2018 15:07:15 +0200
+Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
+ use-after-free
+
+Regression from b46cfbc068 (7.59.0)
+CVE-2018-16840
+Reported-by: Brian Carpenter (Geeknik Labs)
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+
+Upstream-commit: 81d135d67155c5295b1033679c606165d4e28f3f
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index f159008..dcc1ecc 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data)
+        and detach this handle from there. */
+     curl_multi_remove_handle(data->multi, data);
+ 
+-  if(data->multi_easy)
++  if(data->multi_easy) {
+     /* when curl_easy_perform() is used, it creates its own multi handle to
+        use and this is the one */
+     curl_multi_cleanup(data->multi_easy);
++    data->multi_easy = NULL;
++  }
+ 
+   /* Destroy the timeout list that is held in the easy handle. It is
+      /normally/ done by curl_multi_remove_handle() but this is "just in
+-- 
+2.17.2
+

SOURCES/0006-curl-7.61.1-CVE-2018-16839.patch

+From ad9943254ded9a983af7d581e8a1f3317e8a8781 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 28 Sep 2018 16:08:16 +0200
+Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
+
+CVE-2018-16839
+Reported-by: Harry Sintonen
+Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+
+Upstream-commit: f3a24d7916b9173c69a3e0ee790102993833d6c5
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/vauth/cleartext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
+index 5d61ce6..1367143 100644
+--- a/lib/vauth/cleartext.c
++++ b/lib/vauth/cleartext.c
+@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+   plen = strlen(passwdp);
+ 
+   /* Compute binary message length. Check for overflows. */
+-  if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
++  if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+     return CURLE_OUT_OF_MEMORY;
+   plainlen = 2 * ulen + plen + 2;
+ 
+-- 
+2.17.2
+

SOURCES/0007-curl-7.63.0-JO-preserve-local-file.patch

+From ff74657fb645e7175971128a171ef7d5ece40d77 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 17 Dec 2018 12:51:51 +0100
+Subject: [PATCH] curl -J: do not append to the destination file
+
+Reported-by: Kamil Dudka
+Fixes #3380
+Closes #3381
+
+Upstream-commit: 4849267197682e69cfa056c2bd7a44acd123a917
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_cb_hdr.c  | 6 +++---
+ src/tool_cb_wrt.c  | 9 ++++-----
+ src/tool_cb_wrt.h  | 2 +-
+ src/tool_operate.c | 2 +-
+ 4 files changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
+index 84b0d9c..3844904 100644
+--- a/src/tool_cb_hdr.c
++++ b/src/tool_cb_hdr.c
+@@ -148,12 +148,12 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+         outs->filename = filename;
+         outs->alloc_filename = TRUE;
+         hdrcbdata->honor_cd_filename = FALSE; /* done now! */
+-        if(!tool_create_output_file(outs, TRUE))
++        if(!tool_create_output_file(outs))
+           return failure;
+       }
+       break;
+     }
+-    if(!outs->stream && !tool_create_output_file(outs, FALSE))
++    if(!outs->stream && !tool_create_output_file(outs))
+       return failure;
+   }
+ 
+@@ -162,7 +162,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+     /* bold headers only happen for HTTP(S) and RTSP */
+     char *value = NULL;
+ 
+-    if(!outs->stream && !tool_create_output_file(outs, FALSE))
++    if(!outs->stream && !tool_create_output_file(outs))
+       return failure;
+ 
+     if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output)
+diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
+index 2cb5e1b..195d6e7 100644
+--- a/src/tool_cb_wrt.c
++++ b/src/tool_cb_wrt.c
+@@ -32,8 +32,7 @@
+ #include "memdebug.h" /* keep this as LAST include */
+ 
+ /* create a local file for writing, return TRUE on success */
+-bool tool_create_output_file(struct OutStruct *outs,
+-                             bool append)
++bool tool_create_output_file(struct OutStruct *outs)
+ {
+   struct GlobalConfig *global = outs->config->global;
+   FILE *file;
+@@ -43,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs,
+     return FALSE;
+   }
+ 
+-  if(outs->is_cd_filename && !append) {
++  if(outs->is_cd_filename) {
+     /* don't overwrite existing files */
+     file = fopen(outs->filename, "rb");
+     if(file) {
+@@ -55,7 +54,7 @@ bool tool_create_output_file(struct OutStruct *outs,
+   }
+ 
+   /* open file for writing */
+-  file = fopen(outs->filename, append?"ab":"wb");
++  file = fopen(outs->filename, "wb");
+   if(!file) {
+     warnf(global, "Failed to create the file %s: %s\n", outs->filename,
+           strerror(errno));
+@@ -142,7 +141,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata)
+   }
+ #endif
+ 
+-  if(!outs->stream && !tool_create_output_file(outs, FALSE))
++  if(!outs->stream && !tool_create_output_file(outs))
+     return failure;
+ 
+   if(is_tty && (outs->bytes < 2000) && !config->terminal_binary_ok) {
+diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h
+index 51e002b..188d3ea 100644
+--- a/src/tool_cb_wrt.h
++++ b/src/tool_cb_wrt.h
+@@ -30,7 +30,7 @@
+ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata);
+ 
+ /* create a local file for writing, return TRUE on success */
+-bool tool_create_output_file(struct OutStruct *outs, bool append);
++bool tool_create_output_file(struct OutStruct *outs);
+ 
+ #endif /* HEADER_CURL_TOOL_CB_WRT_H */
+ 
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index e53a9d8..429e9cf 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -1581,7 +1581,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
+             /* do not create (or even overwrite) the file in case we get no
+                data because of unmet condition */
+             curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &cond_unmet);
+-            if(!cond_unmet && !tool_create_output_file(&outs, FALSE))
++            if(!cond_unmet && !tool_create_output_file(&outs))
+               result = CURLE_WRITE_ERROR;
+           }
+ 
+-- 
+2.17.2
+

SOURCES/0009-curl-7.61.1-CVE-2018-16890.patch

+From 81c0e81531623251a0e78f7779c049f530abe733 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 2 Jan 2019 20:33:08 +0100
+Subject: [PATCH] NTLM: fix size check condition for type2 received data
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
+Reported-by: Wenxiang Qian
+CVE-2018-16890
+
+Upstream-commit: b780b30d1377adb10bbe774835f49e9b237fb9bb
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/vauth/ntlm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index cdb8d8f..b614cda 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
+     target_info_len = Curl_read16_le(&buffer[40]);
+     target_info_offset = Curl_read32_le(&buffer[44]);
+     if(target_info_len > 0) {
+-      if(((target_info_offset + target_info_len) > size) ||
++      if((target_info_offset >= size) ||
++         ((target_info_offset + target_info_len) > size) ||
+          (target_info_offset < 48)) {
+         infof(data, "NTLM handshake failure (bad type-2 message). "
+-                    "Target Info Offset Len is set incorrect by the peer\n");
++              "Target Info Offset Len is set incorrect by the peer\n");
+         return CURLE_BAD_CONTENT_ENCODING;
+       }
+ 
+-- 
+2.17.2
+

SOURCES/0010-curl-7.61.1-CVE-2019-3822.patch

+From ab22e3a00f04b458039c21111cfa448051e5777d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 3 Jan 2019 12:59:28 +0100
+Subject: [PATCH] ntlm: fix *_type3_message size check to avoid buffer overflow
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
+Reported-by: Wenxiang Qian
+CVE-2019-3822
+
+Upstream-commit: 50c9484278c63b958655a717844f0721263939cc
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/vauth/ntlm.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
+index b614cda..a3a55d9 100644
+--- a/lib/vauth/ntlm.c
++++ b/lib/vauth/ntlm.c
+@@ -777,11 +777,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+   });
+ 
+ #ifdef USE_NTRESPONSES
+-  if(size < (NTLM_BUFSIZE - ntresplen)) {
+-    DEBUGASSERT(size == (size_t)ntrespoff);
+-    memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+-    size += ntresplen;
++  /* ntresplen + size should not be risking an integer overflow here */
++  if(ntresplen + size > sizeof(ntlmbuf)) {
++    failf(data, "incoming NTLM message too big");
++    return CURLE_OUT_OF_MEMORY;
+   }
++  DEBUGASSERT(size == (size_t)ntrespoff);
++  memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
++  size += ntresplen;
+ 
+   DEBUG_OUT({
+     fprintf(stderr, "\n   ntresp=");
+-- 
+2.17.2
+

SOURCES/0011-curl-7.61.1-CVE-2019-3823.patch

+From d26f1025d0a0a6c602d758a2e0917759492473e9 Mon Sep 17 00:00:00 2001
+From: Daniel Gustafsson <daniel@yesql.se>
+Date: Sat, 19 Jan 2019 00:42:47 +0100
+Subject: [PATCH] smtp: avoid risk of buffer overflow in strtol
+
+If the incoming len 5, but the buffer does not have a termination
+after 5 bytes, the strtol() call may keep reading through the line
+buffer until is exceeds its boundary. Fix by ensuring that we are
+using a bounded read with a temporary buffer on the stack.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
+Reported-by: Brian Carpenter (Geeknik Labs)
+CVE-2019-3823
+
+Upstream-commit: 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/smtp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/smtp.c b/lib/smtp.c
+index ecf10a4..1b9f92d 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
+      Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
+      only send the response code instead as per Section 4.2. */
+   if(line[3] == ' ' || len == 5) {
++    char tmpline[6];
++
+     result = TRUE;
+-    *resp = curlx_sltosi(strtol(line, NULL, 10));
++    memset(tmpline, '\0', sizeof(tmpline));
++    memcpy(tmpline, line, (len == 5 ? 5 : 3));
++    *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
+ 
+     /* Make sure real server never sends internal value */
+     if(*resp == 1)
+-- 
+2.17.2
+

SOURCES/0014-curl-7.61.1-libssh-socket.patch

+From 095d4cf3b1c388b2871e3783f8c41b1e01200a25 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Felix=20H=C3=A4dicke?= <felixhaedicke@web.de>
+Date: Wed, 23 Jan 2019 23:47:55 +0100
+Subject: [PATCH] libssh: do not let libssh create socket
+
+By default, libssh creates a new socket, instead of using the socket
+created by curl for SSH connections.
+
+Pass the socket created by curl to libssh using ssh_options_set() with
+SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
+instead of creating a new one.
+
+This approach is very similar to what is done in the libssh2 code, where
+the socket created by curl is passed to libssh2 when
+libssh2_session_startup() is called.
+
+Fixes #3491
+Closes #3495
+
+Upstream-commit: 15c94b310bf9e0c92d71fca5a88eb67a1e2548a6
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/ssh-libssh.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
+index 7d59089..4110be2 100644
+--- a/lib/ssh-libssh.c
++++ b/lib/ssh-libssh.c
+@@ -549,6 +549,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
+   struct Curl_easy *data = conn->data;
+   struct SSHPROTO *protop = data->req.protop;
+   struct ssh_conn *sshc = &conn->proto.sshc;
++  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+   int rc = SSH_NO_ERROR, err;
+   char *new_readdir_line;
+   int seekerr = CURL_SEEKFUNC_OK;
+@@ -792,7 +793,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
+ 
+       Curl_pgrsTime(conn->data, TIMER_APPCONNECT);      /* SSH is connected */
+ 
+-      conn->sockfd = ssh_get_fd(sshc->ssh_session);
++      conn->sockfd = sock;
+       conn->writesockfd = CURL_SOCKET_BAD;
+ 
+       if(conn->handler->protocol == CURLPROTO_SFTP) {
+@@ -2048,6 +2049,7 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
+ {
+   struct ssh_conn *ssh;
+   CURLcode result;
++  curl_socket_t sock = conn->sock[FIRSTSOCKET];
+   struct Curl_easy *data = conn->data;
+   int rc;
+ 
+@@ -2076,6 +2078,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
+     return CURLE_FAILED_INIT;
+   }
+ 
++  ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock);
++
+   if(conn->user) {
+     infof(data, "User: %s\n", conn->user);
+     ssh_options_set(ssh->ssh_session, SSH_OPTIONS_USER, conn->user);
+-- 
+2.17.2
+

SOURCES/0017-curl-7.64.0-CVE-2019-5436.patch

+From 55a27027d5f024a0ecc2c23c81ed99de6192c9f3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 3 May 2019 22:20:37 +0200
+Subject: [PATCH] tftp: use the current blksize for recvfrom()
+
+bug: https://curl.haxx.se/docs/CVE-2019-5436.html
+Reported-by: l00p3r on hackerone
+CVE-2019-5436
+
+Upstream-commit: 2576003415625d7b5f0e390902f8097830b82275
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/tftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 269b3cd..4f2a131 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+   state->sockfd = state->conn->sock[FIRSTSOCKET];
+   state->state = TFTP_STATE_START;
+   state->error = TFTP_ERR_NONE;
+-  state->blksize = TFTP_BLKSIZE_DEFAULT;
++  state->blksize = blksize;
+   state->requested_blksize = blksize;
+ 
+   ((struct sockaddr *)&state->local_addr)->sa_family =
+-- 
+2.20.1
+

SOURCES/0018-curl-7.65.3-CVE-2019-5482.patch

+From 63f9837b4ccf600da79314e8667f91bda69988fc Mon Sep 17 00:00:00 2001
+From: Thomas Vegas <>
+Date: Sat, 31 Aug 2019 16:59:56 +0200
+Subject: [PATCH 1/2] tftp: return error when packet is too small for options
+
+Upstream-commit: 82f3ba3806a34fe94dcf9e5c9b88deda6679ca1b
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/tftp.c | 53 +++++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 33 insertions(+), 20 deletions(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 289cda2..4532170 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -404,13 +404,14 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
+   return CURLE_OK;
+ }
+ 
+-static size_t tftp_option_add(tftp_state_data_t *state, size_t csize,
+-                              char *buf, const char *option)
++static CURLcode tftp_option_add(tftp_state_data_t *state, size_t *csize,
++                                char *buf, const char *option)
+ {
+-  if(( strlen(option) + csize + 1) > (size_t)state->blksize)
+-    return 0;
++  if(( strlen(option) + *csize + 1) > (size_t)state->blksize)
++    return CURLE_TFTP_ILLEGAL;
+   strcpy(buf, option);
+-  return strlen(option) + 1;
++  *csize += strlen(option) + 1;
++  return CURLE_OK;
+ }
+ 
+ static CURLcode tftp_connect_for_tx(tftp_state_data_t *state,
+@@ -511,26 +512,38 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
+       else
+         strcpy(buf, "0"); /* the destination is large enough */
+ 
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes,
+-                                TFTP_OPTION_TSIZE);
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes, buf);
++      result = tftp_option_add(state, &sbytes,
++                               (char *)state->spacket.data + sbytes,
++                               TFTP_OPTION_TSIZE);
++      if(result == CURLE_OK)
++        result = tftp_option_add(state, &sbytes,
++                                 (char *)state->spacket.data + sbytes, buf);
++
+       /* add blksize option */
+       snprintf(buf, sizeof(buf), "%d", state->requested_blksize);
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes,
+-                                TFTP_OPTION_BLKSIZE);
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes, buf);
++      if(result == CURLE_OK)
++        result = tftp_option_add(state, &sbytes,
++                                 (char *)state->spacket.data + sbytes,
++                                 TFTP_OPTION_BLKSIZE);
++      if(result == CURLE_OK)
++        result = tftp_option_add(state, &sbytes,
++                                 (char *)state->spacket.data + sbytes, buf);
+ 
+       /* add timeout option */
+       snprintf(buf, sizeof(buf), "%d", state->retry_time);
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes,
+-                                TFTP_OPTION_INTERVAL);
+-      sbytes += tftp_option_add(state, sbytes,
+-                                (char *)state->spacket.data + sbytes, buf);
++      if(result == CURLE_OK)
++        result = tftp_option_add(state, &sbytes,
++                                 (char *)state->spacket.data + sbytes,
++                                 TFTP_OPTION_INTERVAL);
++      if(result == CURLE_OK)
++        result = tftp_option_add(state, &sbytes,
++                                 (char *)state->spacket.data + sbytes, buf);
++
++      if(result != CURLE_OK) {
++        failf(data, "TFTP buffer too small for options");
++        free(filename);
++        return CURLE_TFTP_ILLEGAL;
++      }
+     }
+ 
+     /* the typecase for the 3rd argument is mostly for systems that do
+-- 
+2.20.1
+
+
+From b6b12a4cfe00c4850a1d6cee4cf267f00dee5987 Mon Sep 17 00:00:00 2001
+From: Thomas Vegas <>
+Date: Sat, 31 Aug 2019 17:30:51 +0200
+Subject: [PATCH 2/2] tftp: Alloc maximum blksize, and use default unless OACK
+ is received
+
+Fixes potential buffer overflow from 'recvfrom()', should the server
+return an OACK without blksize.
+
+Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
+CVE-2019-5482
+
+Upstream-commit: facb0e4662415b5f28163e853dc6742ac5fafb3d
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/tftp.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 4532170..5651b62 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -982,6 +982,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+ {
+   tftp_state_data_t *state;
+   int blksize;
++  int need_blksize;
+ 
+   blksize = TFTP_BLKSIZE_DEFAULT;
+ 
+@@ -996,15 +997,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+       return CURLE_TFTP_ILLEGAL;
+   }
+ 
++  need_blksize = blksize;
++  /* default size is the fallback when no OACK is received */
++  if(need_blksize < TFTP_BLKSIZE_DEFAULT)
++    need_blksize = TFTP_BLKSIZE_DEFAULT;
++
+   if(!state->rpacket.data) {
+-    state->rpacket.data = calloc(1, blksize + 2 + 2);
++    state->rpacket.data = calloc(1, need_blksize + 2 + 2);
+ 
+     if(!state->rpacket.data)
+       return CURLE_OUT_OF_MEMORY;
+   }
+ 
+   if(!state->spacket.data) {
+-    state->spacket.data = calloc(1, blksize + 2 + 2);
++    state->spacket.data = calloc(1, need_blksize + 2 + 2);
+ 
+     if(!state->spacket.data)
+       return CURLE_OUT_OF_MEMORY;
+@@ -1018,7 +1024,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+   state->sockfd = state->conn->sock[FIRSTSOCKET];
+   state->state = TFTP_STATE_START;
+   state->error = TFTP_ERR_NONE;
+-  state->blksize = blksize;
++  state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
+   state->requested_blksize = blksize;
+ 
+   ((struct sockaddr *)&state->local_addr)->sa_family =
+-- 
+2.20.1
+

SOURCES/0019-curl-7.65.3-CVE-2019-5481.patch

+From 13de299b112a59c373b330f0539166ecc9a7627b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 3 Sep 2019 22:59:32 +0200
+Subject: [PATCH] security:read_data fix bad realloc()
+
+... that could end up a double-free
+
+CVE-2019-5481
+Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
+
+Upstream-commit: 9069838b30fb3b48af0123e39f664cea683254a5
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/security.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index 550ea2d..c5e4e13 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
+                           struct krb5buffer *buf)
+ {
+   int len;
+-  void *tmp = NULL;
+   CURLcode result;
+ 
+   result = socket_read(fd, &len, sizeof(len));
+@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
+   if(len) {
+     /* only realloc if there was a length */
+     len = ntohl(len);
+-    tmp = Curl_saferealloc(buf->data, len);
++    buf->data = Curl_saferealloc(buf->data, len);
+   }
+-  if(tmp == NULL)
++  if(!len || !buf->data)
+     return CURLE_OUT_OF_MEMORY;
+ 
+-  buf->data = tmp;
+   result = socket_read(fd, buf->data, len);
+   if(result)
+     return result;
+-- 
+2.20.1
+

SOURCES/0020-curl-7.61.1-openssl-engines.patch

+From 032843be4cefcb163d15573d15a228680e771106 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Sep 2018 08:26:58 +0200
+Subject: [PATCH] openssl: load built-in engines too
+
+Regression since 38203f1
+
+Reported-by: Jean Fabrice
+Fixes #3023
+Closes #3040
+
+Upstream-commit: e2dd435d473cdc97785df95d032276fafb4b7746
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/vtls/openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 78970d1..d8bcc4f 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -979,7 +979,7 @@ static int Curl_ossl_init(void)
+ 
+   OPENSSL_load_builtin_modules();
+ 
+-#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
++#ifdef USE_OPENSSL_ENGINE
+   ENGINE_load_builtin_engines();
+ #endif
+ 
+-- 
+2.25.4
+

SOURCES/0021-curl-7.61.1-CVE-2020-8177.patch

+From a6fcd8a32f3b1c5d80e524f8b2c1de32e6ecdb2b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 31 May 2020 23:09:59 +0200
+Subject: [PATCH] tool_getparam: -i is not OK if -J is used
+
+Reported-by: sn on hackerone
+Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
+
+Upstream-commit: 8236aba58542c5f89f1d41ca09d84579efb05e22
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/tool_cb_hdr.c   | 13 ++++---------
+ src/tool_getparam.c |  5 +++++
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
+index 3b10238..b80707f 100644
+--- a/src/tool_cb_hdr.c
++++ b/src/tool_cb_hdr.c
+@@ -132,16 +132,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
+       filename = parse_filename(p, len);
+       if(filename) {
+         if(outs->stream) {
+-          /* already opened and possibly written to */
+-          if(outs->fopened)
+-            fclose(outs->stream);
+-          outs->stream = NULL;
+-
+-          /* rename the initial file name to the new file name */
+-          rename(outs->filename, filename);
+-          if(outs->alloc_filename)
+-            free(outs->filename);
++          /* indication of problem, get out! */
++          free(filename);
++          return failure;
+         }
++
+         outs->is_cd_filename = TRUE;
+         outs->s_isreg = TRUE;
+         outs->fopened = FALSE;
+diff --git a/src/tool_getparam.c b/src/tool_getparam.c
+index 764caa2..c5c7429 100644
+--- a/src/tool_getparam.c
++++ b/src/tool_getparam.c
+@@ -1745,6 +1745,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
+       }
+       break;
+     case 'i':
++      if(config->content_disposition) {
++        warnf(global,
++              "--include and --remote-header-name cannot be combined.\n");
++        return PARAM_BAD_USE;
++      }
+       config->show_headers = toggle; /* show the headers as well in the
+                                         general output stream */
+       break;
+-- 
+2.21.3
+

SOURCES/0022-curl-7.61.1-CVE-2020-8231.patch

+From 7a26092a9e21f1e0dc3cad69a580a7e2c7822ad0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 16 Aug 2020 11:34:35 +0200
+Subject: [PATCH] Curl_easy: remember last connection by id, not by pointer
+
+CVE-2020-8231
+
+Bug: https://curl.haxx.se/docs/CVE-2020-8231.html
+
+Reported-by: Marc Aldorasi
+Closes #5824
+
+Upstream-commit: 3c9e021f86872baae412a427e807fbfa2f3e8a22
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/connect.c | 19 ++++++++++---------
+ lib/easy.c    |  3 +--
+ lib/multi.c   |  5 +++--
+ lib/url.c     |  2 +-
+ lib/urldata.h |  2 +-
+ 5 files changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 41f2202..f724646 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1214,15 +1214,15 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
+ }
+ 
+ struct connfind {
+-  struct connectdata *tofind;
+-  bool found;
++  long id_tofind;
++  struct connectdata *found;
+ };
+ 
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+   struct connfind *f = (struct connfind *)param;
+-  if(conn == f->tofind) {
+-    f->found = TRUE;
++  if(conn->connection_id == f->id_tofind) {
++    f->found = conn;
+     return 1;
+   }
+   return 0;
+@@ -1244,21 +1244,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+    * - that is associated with a multi handle, and whose connection
+    *   was detached with CURLOPT_CONNECT_ONLY
+    */
+-  if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+-    struct connectdata *c = data->state.lastconnect;
++  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
++    struct connectdata *c;
+     struct connfind find;
+-    find.tofind = data->state.lastconnect;
+-    find.found = FALSE;
++    find.id_tofind = data->state.lastconnect_id;
++    find.found = NULL;
+ 
+     Curl_conncache_foreach(data, data->multi_easy?
+                            &data->multi_easy->conn_cache:
+                            &data->multi->conn_cache, &find, conn_is_conn);
+ 
+     if(!find.found) {
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+       return CURL_SOCKET_BAD;
+     }
+ 
++    c = find.found;
+     if(connp) {
+       /* only store this if the caller cares for it */
+       *connp = c;
+diff --git a/lib/easy.c b/lib/easy.c
+index 027d0be..fe61cdd 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -919,8 +919,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+ 
+   /* the connection cache is setup on demand */
+   outcurl->state.conn_cache = NULL;
+-
+-  outcurl->state.lastconnect = NULL;
++  outcurl->state.lastconnect_id = -1;
+ 
+   outcurl->progress.flags    = data->progress.flags;
+   outcurl->progress.callback = data->progress.callback;
+diff --git a/lib/multi.c b/lib/multi.c
+index 0caf943..0f57fd5 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -427,6 +427,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+     data->state.conn_cache = &data->share->conn_cache;
+   else
+     data->state.conn_cache = &multi->conn_cache;
++  data->state.lastconnect_id = -1;
+ 
+ #ifdef USE_LIBPSL
+   /* Do the same for PSL. */
+@@ -644,11 +645,11 @@ static CURLcode multi_done(struct connectdata **connp,
+     /* the connection is no longer in use by this transfer */
+     if(Curl_conncache_return_conn(conn)) {
+       /* remember the most recently used connection */
+-      data->state.lastconnect = conn;
++      data->state.lastconnect_id = conn->connection_id;
+       infof(data, "%s\n", buffer);
+     }
+     else
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+   }
+ 
+   *connp = NULL; /* to make the caller of this function better detect that
+diff --git a/lib/url.c b/lib/url.c
+index dcc6cc8..d65d17d 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -592,7 +592,7 @@ CURLcode Curl_open(struct Curl_easy **curl)
+       Curl_initinfo(data);
+ 
+       /* most recent connection is not yet defined */
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+ 
+       data->progress.flags |= PGRS_HIDE;
+       data->state.current_speed = -1; /* init to negative == impossible */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 67db3b2..4b70cc5 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1219,7 +1219,7 @@ struct UrlState {
+   /* buffers to store authentication data in, as parsed from input options */
+   struct curltime keeps_speed; /* for the progress meter really */
+ 
+-  struct connectdata *lastconnect; /* The last connection, NULL if undefined */
++  long lastconnect_id; /* The last connection, -1 if undefined */
+ 
+   char *headerbuff; /* allocated buffer to store headers in */
+   size_t headersize;   /* size of the allocation */
+-- 
+2.25.4
+