Created
March 9, 2016 12:44
-
-
Save leon-anavi/954e0fa5e7c830517536 to your computer and use it in GitHub Desktop.
0001-curl_7.44.0.bb-Update-cURL-version.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 516d2b718921a6e8bc6ff076af49d7f306cc7b9b Mon Sep 17 00:00:00 2001 | |
| From: Leon Anavi <leon.anavi@konsulko.com> | |
| Date: Fri, 19 Feb 2016 15:14:38 +0000 | |
| Subject: [PATCH 1/2] curl_7.44.0.bb: Update cURL version | |
| Update cURL version to 7.44.0 as it is required by meta-rust | |
| while building applications written in the Rust programming | |
| language for GENIVI Demo Platform (GDP). | |
| (From Poky rev: be158c81c8d26deaed6d272325d5e8bdae5ec5c8) | |
| (From OE-Core rev: edea6df23692686c8401dea877234072ee117b36) | |
| Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> | |
| --- | |
| recipes-deps/curl/curl/CVE-2016-0754.patch | 417 +++++++++++++++++++++++++++++ | |
| recipes-deps/curl/curl/CVE-2016-0755.patch | 138 ++++++++++ | |
| recipes-deps/curl/curl/configure_ac.patch | 13 + | |
| recipes-deps/curl/curl/pkgconfig_fix.patch | 32 +++ | |
| recipes-deps/curl/curl_7.44.0.bb | 60 +++++ | |
| 5 files changed, 660 insertions(+) | |
| create mode 100644 recipes-deps/curl/curl/CVE-2016-0754.patch | |
| create mode 100644 recipes-deps/curl/curl/CVE-2016-0755.patch | |
| create mode 100644 recipes-deps/curl/curl/configure_ac.patch | |
| create mode 100644 recipes-deps/curl/curl/pkgconfig_fix.patch | |
| create mode 100644 recipes-deps/curl/curl_7.44.0.bb | |
| diff --git a/recipes-deps/curl/curl/CVE-2016-0754.patch b/recipes-deps/curl/curl/CVE-2016-0754.patch | |
| new file mode 100644 | |
| index 0000000..f0402de | |
| --- /dev/null | |
| +++ b/recipes-deps/curl/curl/CVE-2016-0754.patch | |
| @@ -0,0 +1,417 @@ | |
| +From b1bb4ca6d8777683b6a549fb61dba36759da26f4 Mon Sep 17 00:00:00 2001 | |
| +From: Ray Satiro <raysatiro@yahoo.com> | |
| +Date: Tue, 26 Jan 2016 23:23:15 +0100 | |
| +Subject: [PATCH] curl: avoid local drive traversal when saving file (Windows) | |
| + | |
| +curl does not sanitize colons in a remote file name that is used as the | |
| +local file name. This may lead to a vulnerability on systems where the | |
| +colon is a special path character. Currently Windows/DOS is the only OS | |
| +where this vulnerability applies. | |
| + | |
| +CVE-2016-0754 | |
| + | |
| +Bug: http://curl.haxx.se/docs/adv_20160127B.html | |
| + | |
| +Upstream-Status: Backport | |
| +http://curl.haxx.se/CVE-2016-0754.patch | |
| + | |
| +CVE: CVE-2016-0754 | |
| +Signed-off-by: Armin Kuster <akuster@mvista.com> | |
| + | |
| +--- | |
| + src/tool_cb_hdr.c | 40 ++++++------ | |
| + src/tool_doswin.c | 174 ++++++++++++++++++++++++++++++++++++++++++++--------- | |
| + src/tool_doswin.h | 2 +- | |
| + src/tool_operate.c | 29 ++++++--- | |
| + 4 files changed, 187 insertions(+), 58 deletions(-) | |
| + | |
| +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c | |
| +index fd208e8..0fca39f 100644 | |
| +--- a/src/tool_cb_hdr.c | |
| ++++ b/src/tool_cb_hdr.c | |
| +@@ -26,10 +26,11 @@ | |
| + #define ENABLE_CURLX_PRINTF | |
| + /* use our own printf() functions */ | |
| + #include "curlx.h" | |
| + | |
| + #include "tool_cfgable.h" | |
| ++#include "tool_doswin.h" | |
| + #include "tool_msgs.h" | |
| + #include "tool_cb_hdr.h" | |
| + | |
| + #include "memdebug.h" /* keep this as LAST include */ | |
| + | |
| +@@ -112,22 +113,28 @@ size_t tool_header_cb(void *ptr, size_t size, size_t nmemb, void *userdata) | |
| + /* this expression below typecasts 'cb' only to avoid | |
| + warning: signed and unsigned type in conditional expression | |
| + */ | |
| + len = (ssize_t)cb - (p - str); | |
| + filename = parse_filename(p, len); | |
| +- if(filename) { | |
| +- outs->filename = filename; | |
| +- outs->alloc_filename = TRUE; | |
| +- outs->is_cd_filename = TRUE; | |
| +- outs->s_isreg = TRUE; | |
| +- outs->fopened = FALSE; | |
| +- outs->stream = NULL; | |
| +- hdrcbdata->honor_cd_filename = FALSE; | |
| +- break; | |
| +- } | |
| +- else | |
| ++ if(!filename) | |
| ++ return failure; | |
| ++ | |
| ++#if defined(MSDOS) || defined(WIN32) | |
| ++ if(sanitize_file_name(&filename)) { | |
| ++ free(filename); | |
| + return failure; | |
| ++ } | |
| ++#endif /* MSDOS || WIN32 */ | |
| ++ | |
| ++ outs->filename = filename; | |
| ++ outs->alloc_filename = TRUE; | |
| ++ outs->is_cd_filename = TRUE; | |
| ++ outs->s_isreg = TRUE; | |
| ++ outs->fopened = FALSE; | |
| ++ outs->stream = NULL; | |
| ++ hdrcbdata->honor_cd_filename = FALSE; | |
| ++ break; | |
| + } | |
| + } | |
| + | |
| + return cb; | |
| + } | |
| +@@ -179,19 +186,16 @@ static char *parse_filename(const char *ptr, size_t len) | |
| + return NULL; | |
| + } | |
| + } | |
| + | |
| + /* scan for the end letter and stop there */ | |
| +- q = p; | |
| +- while(*q) { | |
| +- if(q[1] && (q[0] == '\\')) | |
| +- q++; | |
| +- else if(q[0] == stop) | |
| ++ for(q = p; *q; ++q) { | |
| ++ if(*q == stop) { | |
| ++ *q = '\0'; | |
| + break; | |
| +- q++; | |
| ++ } | |
| + } | |
| +- *q = '\0'; | |
| + | |
| + /* make sure the file name doesn't end in \r or \n */ | |
| + q = strchr(p, '\r'); | |
| + if(q) | |
| + *q = '\0'; | |
| +diff --git a/src/tool_doswin.c b/src/tool_doswin.c | |
| +index dd6e8bb..9c6a7a3 100644 | |
| +--- a/src/tool_doswin.c | |
| ++++ b/src/tool_doswin.c | |
| +@@ -83,46 +83,110 @@ __pragma(warning(pop)) | |
| + # define _use_lfn(f) ALWAYS_FALSE /* long file names never available */ | |
| + #elif defined(__DJGPP__) | |
| + # include <fcntl.h> /* _use_lfn(f) prototype */ | |
| + #endif | |
| + | |
| +-static const char *msdosify (const char *file_name); | |
| +-static char *rename_if_dos_device_name (char *file_name); | |
| ++static char *msdosify(const char *file_name); | |
| ++static char *rename_if_dos_device_name(const char *file_name); | |
| + | |
| +-/* | |
| +- * sanitize_dos_name: returns a newly allocated string holding a | |
| +- * valid file name which will be a transformation of given argument | |
| +- * in case this wasn't already a valid file name. | |
| +- * | |
| +- * This function takes ownership of given argument, free'ing it before | |
| +- * returning. Caller is responsible of free'ing returned string. Upon | |
| +- * out of memory condition function returns NULL. | |
| +- */ | |
| + | |
| +-char *sanitize_dos_name(char *file_name) | |
| ++/* | |
| ++Sanitize *file_name. | |
| ++Success: (CURLE_OK) *file_name points to a sanitized version of the original. | |
| ++ This function takes ownership of the original *file_name and frees it. | |
| ++Failure: (!= CURLE_OK) *file_name is unchanged. | |
| ++*/ | |
| ++CURLcode sanitize_file_name(char **file_name) | |
| + { | |
| +- char new_name[PATH_MAX]; | |
| ++ size_t len; | |
| ++ char *p, *sanitized; | |
| ++ | |
| ++ /* Calculate the maximum length of a filename. | |
| ++ FILENAME_MAX is often the same as PATH_MAX, in other words it does not | |
| ++ discount the path information. PATH_MAX size is calculated based on: | |
| ++ <drive-letter><colon><path-sep><max-filename-len><NULL> */ | |
| ++ const size_t max_filename_len = PATH_MAX - 3 - 1; | |
| ++ | |
| ++ if(!file_name || !*file_name) | |
| ++ return CURLE_BAD_FUNCTION_ARGUMENT; | |
| ++ | |
| ++ len = strlen(*file_name); | |
| ++ | |
| ++ if(len >= max_filename_len) | |
| ++ len = max_filename_len - 1; | |
| + | |
| +- if(!file_name) | |
| +- return NULL; | |
| ++ sanitized = malloc(len + 1); | |
| + | |
| +- if(strlen(file_name) >= PATH_MAX) | |
| +- file_name[PATH_MAX-1] = '\0'; /* truncate it */ | |
| ++ if(!sanitized) | |
| ++ return CURLE_OUT_OF_MEMORY; | |
| + | |
| +- strcpy(new_name, msdosify(file_name)); | |
| ++ strncpy(sanitized, *file_name, len); | |
| ++ sanitized[len] = '\0'; | |
| + | |
| +- Curl_safefree(file_name); | |
| ++ for(p = sanitized; *p; ++p ) { | |
| ++ const char *banned; | |
| ++ if(1 <= *p && *p <= 31) { | |
| ++ *p = '_'; | |
| ++ continue; | |
| ++ } | |
| ++ for(banned = "|<>/\\\":?*"; *banned; ++banned) { | |
| ++ if(*p == *banned) { | |
| ++ *p = '_'; | |
| ++ break; | |
| ++ } | |
| ++ } | |
| ++ } | |
| + | |
| +- return strdup(rename_if_dos_device_name(new_name)); | |
| ++#ifdef MSDOS | |
| ++ /* msdosify checks for more banned characters for MSDOS, however it allows | |
| ++ for some path information to pass through. since we are sanitizing only a | |
| ++ filename and cannot allow a path it's important this call be done in | |
| ++ addition to and not instead of the banned character check above. */ | |
| ++ p = msdosify(sanitized); | |
| ++ if(!p) { | |
| ++ free(sanitized); | |
| ++ return CURLE_BAD_FUNCTION_ARGUMENT; | |
| ++ } | |
| ++ sanitized = p; | |
| ++ len = strlen(sanitized); | |
| ++#endif | |
| ++ | |
| ++ p = rename_if_dos_device_name(sanitized); | |
| ++ if(!p) { | |
| ++ free(sanitized); | |
| ++ return CURLE_BAD_FUNCTION_ARGUMENT; | |
| ++ } | |
| ++ sanitized = p; | |
| ++ len = strlen(sanitized); | |
| ++ | |
| ++ /* dos_device_name rename will rename a device name, possibly changing the | |
| ++ length. If the length is too long now we can't truncate it because we | |
| ++ could end up with a device name. In practice this shouldn't be a problem | |
| ++ because device names are short, but you never know. */ | |
| ++ if(len >= max_filename_len) { | |
| ++ free(sanitized); | |
| ++ return CURLE_BAD_FUNCTION_ARGUMENT; | |
| ++ } | |
| ++ | |
| ++ *file_name = sanitized; | |
| ++ return CURLE_OK; | |
| + } | |
| + | |
| +-/* The following functions are taken with modification from the DJGPP | |
| +- * port of tar 1.12. They use algorithms originally from DJTAR. */ | |
| ++/* The functions msdosify, rename_if_dos_device_name and __crt0_glob_function | |
| ++ * were taken with modification from the DJGPP port of tar 1.12. They use | |
| ++ * algorithms originally from DJTAR. | |
| ++ */ | |
| + | |
| +-static const char *msdosify (const char *file_name) | |
| ++/* | |
| ++Extra sanitization MSDOS for file_name. | |
| ++Returns a copy of file_name that is sanitized by MSDOS standards. | |
| ++Warning: path information may pass through. For sanitizing a filename use | |
| ++sanitize_file_name which calls this function after sanitizing path info. | |
| ++*/ | |
| ++static char *msdosify(const char *file_name) | |
| + { | |
| +- static char dos_name[PATH_MAX]; | |
| ++ char dos_name[PATH_MAX]; | |
| + static const char illegal_chars_dos[] = ".+, ;=[]" /* illegal in DOS */ | |
| + "|<>\\\":?*"; /* illegal in DOS & W95 */ | |
| + static const char *illegal_chars_w95 = &illegal_chars_dos[8]; | |
| + int idx, dot_idx; | |
| + const char *s = file_name; | |
| +@@ -199,39 +263,89 @@ static const char *msdosify (const char *file_name) | |
| + else | |
| + idx++; | |
| + } | |
| + | |
| + *d = '\0'; | |
| +- return dos_name; | |
| ++ return strdup(dos_name); | |
| + } | |
| + | |
| +-static char *rename_if_dos_device_name (char *file_name) | |
| ++/* | |
| ++Rename file_name if it's a representation of a device name. | |
| ++Returns a copy of file_name, and the copy will have contents different from the | |
| ++original if a device name was found. | |
| ++*/ | |
| ++static char *rename_if_dos_device_name(const char *file_name) | |
| + { | |
| + /* We could have a file whose name is a device on MS-DOS. Trying to | |
| + * retrieve such a file would fail at best and wedge us at worst. We need | |
| + * to rename such files. */ | |
| +- char *base; | |
| ++ char *p, *base; | |
| + struct_stat st_buf; | |
| + char fname[PATH_MAX]; | |
| + | |
| + strncpy(fname, file_name, PATH_MAX-1); | |
| + fname[PATH_MAX-1] = '\0'; | |
| + base = basename(fname); | |
| + if(((stat(base, &st_buf)) == 0) && (S_ISCHR(st_buf.st_mode))) { | |
| + size_t blen = strlen(base); | |
| + | |
| +- if(strlen(fname) >= PATH_MAX-1) { | |
| ++ if(strlen(fname) == PATH_MAX-1) { | |
| + /* Make room for the '_' */ | |
| + blen--; | |
| + base[blen] = '\0'; | |
| + } | |
| + /* Prepend a '_'. */ | |
| + memmove(base + 1, base, blen + 1); | |
| + base[0] = '_'; | |
| +- strcpy(file_name, fname); | |
| + } | |
| +- return file_name; | |
| ++ | |
| ++ /* The above stat check does not identify devices for me in Windows 7. For | |
| ++ example a stat on COM1 returns a regular file S_IFREG. According to MSDN | |
| ++ stat doc that is the correct behavior, so I assume the above code is | |
| ++ legacy, maybe MSDOS or DJGPP specific? */ | |
| ++ | |
| ++ /* Rename devices. | |
| ++ Examples: CON => _CON, CON.EXT => CON_EXT, CON:ADS => CON_ADS */ | |
| ++ for(p = fname; p; p = (p == fname && fname != base ? base : NULL)) { | |
| ++ size_t p_len; | |
| ++ int x = (curl_strnequal(p, "CON", 3) || | |
| ++ curl_strnequal(p, "PRN", 3) || | |
| ++ curl_strnequal(p, "AUX", 3) || | |
| ++ curl_strnequal(p, "NUL", 3)) ? 3 : | |
| ++ (curl_strnequal(p, "CLOCK$", 6)) ? 6 : | |
| ++ (curl_strnequal(p, "COM", 3) || curl_strnequal(p, "LPT", 3)) ? | |
| ++ (('1' <= p[3] && p[3] <= '9') ? 4 : 3) : 0; | |
| ++ | |
| ++ if(!x) | |
| ++ continue; | |
| ++ | |
| ++ /* the devices may be accessible with an extension or ADS, for | |
| ++ example CON.AIR and CON:AIR both access console */ | |
| ++ if(p[x] == '.' || p[x] == ':') { | |
| ++ p[x] = '_'; | |
| ++ continue; | |
| ++ } | |
| ++ else if(p[x]) /* no match */ | |
| ++ continue; | |
| ++ | |
| ++ p_len = strlen(p); | |
| ++ | |
| ++ if(strlen(fname) == PATH_MAX-1) { | |
| ++ /* Make room for the '_' */ | |
| ++ p_len--; | |
| ++ p[p_len] = '\0'; | |
| ++ } | |
| ++ /* Prepend a '_'. */ | |
| ++ memmove(p + 1, p, p_len + 1); | |
| ++ p[0] = '_'; | |
| ++ | |
| ++ /* if fname was just modified then the basename pointer must be updated */ | |
| ++ if(p == fname) | |
| ++ base = basename(fname); | |
| ++ } | |
| ++ | |
| ++ return strdup(fname); | |
| + } | |
| + | |
| + #if defined(MSDOS) && (defined(__DJGPP__) || defined(__GO32__)) | |
| + | |
| + /* | |
| +diff --git a/src/tool_doswin.h b/src/tool_doswin.h | |
| +index cd216db..fc83f16 100644 | |
| +--- a/src/tool_doswin.h | |
| ++++ b/src/tool_doswin.h | |
| +@@ -23,11 +23,11 @@ | |
| + ***************************************************************************/ | |
| + #include "tool_setup.h" | |
| + | |
| + #if defined(MSDOS) || defined(WIN32) | |
| + | |
| +-char *sanitize_dos_name(char *file_name); | |
| ++CURLcode sanitize_file_name(char **filename); | |
| + | |
| + #if defined(MSDOS) && (defined(__DJGPP__) || defined(__GO32__)) | |
| + | |
| + char **__crt0_glob_function(char *arg); | |
| + | |
| +diff --git a/src/tool_operate.c b/src/tool_operate.c | |
| +index 30d60cb..272ebd4 100644 | |
| +--- a/src/tool_operate.c | |
| ++++ b/src/tool_operate.c | |
| +@@ -541,30 +541,41 @@ static CURLcode operate_do(struct GlobalConfig *global, | |
| + if(!outfile) { | |
| + /* extract the file name from the URL */ | |
| + result = get_url_file_name(&outfile, this_url); | |
| + if(result) | |
| + goto show_error; | |
| ++ | |
| ++#if defined(MSDOS) || defined(WIN32) | |
| ++ result = sanitize_file_name(&outfile); | |
| ++ if(result) { | |
| ++ Curl_safefree(outfile); | |
| ++ goto show_error; | |
| ++ } | |
| ++#endif /* MSDOS || WIN32 */ | |
| ++ | |
| + if(!*outfile && !config->content_disposition) { | |
| + helpf(global->errors, "Remote file name has no length!\n"); | |
| + result = CURLE_WRITE_ERROR; | |
| + goto quit_urls; | |
| + } | |
| +-#if defined(MSDOS) || defined(WIN32) | |
| +- /* For DOS and WIN32, we do some major replacing of | |
| +- bad characters in the file name before using it */ | |
| +- outfile = sanitize_dos_name(outfile); | |
| +- if(!outfile) { | |
| +- result = CURLE_OUT_OF_MEMORY; | |
| +- goto show_error; | |
| +- } | |
| +-#endif /* MSDOS || WIN32 */ | |
| + } | |
| + else if(urls) { | |
| + /* fill '#1' ... '#9' terms from URL pattern */ | |
| + char *storefile = outfile; | |
| + result = glob_match_url(&outfile, storefile, urls); | |
| + Curl_safefree(storefile); | |
| ++ | |
| ++#if defined(MSDOS) || defined(WIN32) | |
| ++ if(!result) { | |
| ++ result = sanitize_file_name(&outfile); | |
| ++ if(result) { | |
| ++ Curl_safefree(outfile); | |
| ++ goto show_error; | |
| ++ } | |
| ++ } | |
| ++#endif /* MSDOS || WIN32 */ | |
| ++ | |
| + if(result) { | |
| + /* bad globbing */ | |
| + warnf(config->global, "bad output glob!\n"); | |
| + goto quit_urls; | |
| + } | |
| +-- | |
| +2.7.0 | |
| + | |
| diff --git a/recipes-deps/curl/curl/CVE-2016-0755.patch b/recipes-deps/curl/curl/CVE-2016-0755.patch | |
| new file mode 100644 | |
| index 0000000..44b9d9a | |
| --- /dev/null | |
| +++ b/recipes-deps/curl/curl/CVE-2016-0755.patch | |
| @@ -0,0 +1,138 @@ | |
| +From d41dcba4e9b69d6b761e3460cc6ae7e8fd8f621f Mon Sep 17 00:00:00 2001 | |
| +From: Isaac Boukris <iboukris@gmail.com> | |
| +Date: Wed, 13 Jan 2016 11:05:51 +0200 | |
| +Subject: [PATCH] NTLM: Fix ConnectionExists to compare Proxy credentials | |
| + | |
| +Proxy NTLM authentication should compare credentials when | |
| +re-using a connection similar to host authentication, as it | |
| +authenticate the connection. | |
| + | |
| +Example: | |
| +curl -v -x http://proxy:port http://host/ -U good_user:good_pwd | |
| + --proxy-ntlm --next -x http://proxy:port http://host/ | |
| + [-U fake_user:fake_pwd --proxy-ntlm] | |
| + | |
| +CVE-2016-0755 | |
| + | |
| +Bug: http://curl.haxx.se/docs/adv_20160127A.html | |
| + | |
| +Upstream-Status: Backport | |
| +http://curl.haxx.se/CVE-2016-0755.patch | |
| + | |
| +CVE: CVE-2016-0755 | |
| +Signed-off-by: Armin Kuster <akuster@mvista.com> | |
| + | |
| +--- | |
| + lib/url.c | 62 ++++++++++++++++++++++++++++++++++++++++---------------------- | |
| + 1 file changed, 40 insertions(+), 22 deletions(-) | |
| + | |
| +Index: curl-7.44.0/lib/url.c | |
| +=================================================================== | |
| +--- curl-7.44.0.orig/lib/url.c | |
| ++++ curl-7.44.0/lib/url.c | |
| +@@ -3107,12 +3107,17 @@ ConnectionExists(struct SessionHandle *d | |
| + struct connectdata *check; | |
| + struct connectdata *chosen = 0; | |
| + bool canPipeline = IsPipeliningPossible(data, needle); | |
| ++ struct connectbundle *bundle; | |
| ++ | |
| + #ifdef USE_NTLM | |
| +- bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) || | |
| +- (data->state.authhost.want & CURLAUTH_NTLM_WB)) && | |
| +- (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE; | |
| ++ bool wantNTLMhttp = ((data->state.authhost.want & | |
| ++ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && | |
| ++ (needle->handler->protocol & PROTO_FAMILY_HTTP)); | |
| ++ bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd && | |
| ++ ((data->state.authproxy.want & | |
| ++ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && | |
| ++ (needle->handler->protocol & PROTO_FAMILY_HTTP))); | |
| + #endif | |
| +- struct connectbundle *bundle; | |
| + | |
| + *force_reuse = FALSE; | |
| + *waitpipe = FALSE; | |
| +@@ -3152,9 +3157,6 @@ ConnectionExists(struct SessionHandle *d | |
| + curr = bundle->conn_list->head; | |
| + while(curr) { | |
| + bool match = FALSE; | |
| +-#if defined(USE_NTLM) | |
| +- bool credentialsMatch = FALSE; | |
| +-#endif | |
| + size_t pipeLen; | |
| + | |
| + /* | |
| +@@ -3262,21 +3264,14 @@ ConnectionExists(struct SessionHandle *d | |
| + continue; | |
| + } | |
| + | |
| +- if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) | |
| +-#ifdef USE_NTLM | |
| +- || (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE) | |
| +-#endif | |
| +- ) { | |
| +- /* This protocol requires credentials per connection or is HTTP+NTLM, | |
| ++ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { | |
| ++ /* This protocol requires credentials per connection, | |
| + so verify that we're using the same name and password as well */ | |
| + if(!strequal(needle->user, check->user) || | |
| + !strequal(needle->passwd, check->passwd)) { | |
| + /* one of them was different */ | |
| + continue; | |
| + } | |
| +-#if defined(USE_NTLM) | |
| +- credentialsMatch = TRUE; | |
| +-#endif | |
| + } | |
| + | |
| + if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL || | |
| +@@ -3335,20 +3330,43 @@ ConnectionExists(struct SessionHandle *d | |
| + possible. (Especially we must not reuse the same connection if | |
| + partway through a handshake!) */ | |
| + if(wantNTLMhttp) { | |
| +- if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) { | |
| +- chosen = check; | |
| ++ if(!strequal(needle->user, check->user) || | |
| ++ !strequal(needle->passwd, check->passwd)) | |
| ++ continue; | |
| ++ } | |
| ++ else if(check->ntlm.state != NTLMSTATE_NONE) { | |
| ++ /* Connection is using NTLM auth but we don't want NTLM */ | |
| ++ continue; | |
| ++ } | |
| ++ | |
| ++ /* Same for Proxy NTLM authentication */ | |
| ++ if(wantProxyNTLMhttp) { | |
| ++ if(!strequal(needle->proxyuser, check->proxyuser) || | |
| ++ !strequal(needle->proxypasswd, check->proxypasswd)) | |
| ++ continue; | |
| ++ } | |
| ++ else if(check->proxyntlm.state != NTLMSTATE_NONE) { | |
| ++ /* Proxy connection is using NTLM auth but we don't want NTLM */ | |
| ++ continue; | |
| ++ } | |
| + | |
| ++ if(wantNTLMhttp || wantProxyNTLMhttp) { | |
| ++ /* Credentials are already checked, we can use this connection */ | |
| ++ chosen = check; | |
| ++ | |
| ++ if((wantNTLMhttp && | |
| ++ (check->ntlm.state != NTLMSTATE_NONE)) || | |
| ++ (wantProxyNTLMhttp && | |
| ++ (check->proxyntlm.state != NTLMSTATE_NONE))) { | |
| + /* We must use this connection, no other */ | |
| + *force_reuse = TRUE; | |
| + break; | |
| + } | |
| +- else if(credentialsMatch) | |
| +- /* this is a backup choice */ | |
| +- chosen = check; | |
| ++ | |
| ++ /* Continue look up for a better connection */ | |
| + continue; | |
| + } | |
| + #endif | |
| +- | |
| + if(canPipeline) { | |
| + /* We can pipeline if we want to. Let's continue looking for | |
| + the optimal connection to use, i.e the shortest pipe that is not | |
| diff --git a/recipes-deps/curl/curl/configure_ac.patch b/recipes-deps/curl/curl/configure_ac.patch | |
| new file mode 100644 | |
| index 0000000..b8bd304 | |
| --- /dev/null | |
| +++ b/recipes-deps/curl/curl/configure_ac.patch | |
| @@ -0,0 +1,13 @@ | |
| +Upstream-Status: Pending | |
| + | |
| +--- a/configure.ac | |
| ++++ b/configure.ac | |
| +@@ -281,7 +281,7 @@ dnl ************************************ | |
| + | |
| + CURL_CHECK_COMPILER | |
| + CURL_SET_COMPILER_BASIC_OPTS | |
| +-CURL_SET_COMPILER_DEBUG_OPTS | |
| ++dnl CURL_SET_COMPILER_DEBUG_OPTS | |
| + CURL_SET_COMPILER_OPTIMIZE_OPTS | |
| + CURL_SET_COMPILER_WARNING_OPTS | |
| + | |
| diff --git a/recipes-deps/curl/curl/pkgconfig_fix.patch b/recipes-deps/curl/curl/pkgconfig_fix.patch | |
| new file mode 100644 | |
| index 0000000..5d8769d | |
| --- /dev/null | |
| +++ b/recipes-deps/curl/curl/pkgconfig_fix.patch | |
| @@ -0,0 +1,32 @@ | |
| +Upstream-Status: Inappropriate [packaging] | |
| + | |
| +diff -Nurd curl-7.29.0/configure.ac curl-7.29.0/configure.ac | |
| +--- curl-7.29.0/configure.ac 2013-02-06 11:47:19.000000000 +0200 | |
| ++++ curl-7.29.0/configure.ac 2013-02-16 12:32:22.132327764 +0200 | |
| +@@ -1883,6 +1883,7 @@ | |
| + AC_SUBST(USE_GNUTLS, [1]) | |
| + GNUTLS_ENABLED=1 | |
| + USE_GNUTLS="yes" | |
| ++ GNUTLS_REQUIRED="gnutls" | |
| + curl_ssl_msg="enabled (GnuTLS)" | |
| + ], | |
| + [ | |
| +@@ -1953,6 +1954,8 @@ | |
| + ]) | |
| + fi | |
| + | |
| ++AC_SUBST(GNUTLS_REQUIRED) | |
| ++ | |
| + dnl ---------------------------------------------------- | |
| + dnl check for PolarSSL | |
| + dnl ---------------------------------------------------- | |
| +diff -Nurd curl-7.29.0/libcurl.pc.in curl-7.29.0/libcurl.pc.in | |
| +--- curl-7.29.0/libcurl.pc.in 2012-12-12 00:32:22.000000000 +0200 | |
| ++++ curl-7.29.0/libcurl.pc.in 2013-02-16 12:33:27.063844337 +0200 | |
| +@@ -35,5 +35,5 @@ | |
| + Description: Library to transfer files with ftp, http, etc. | |
| + Version: @CURLVERSION@ | |
| + Libs: -L${libdir} -lcurl | |
| +-Libs.private: @LIBCURL_LIBS@ | |
| ++Libs.private: -ldl -lz | |
| + Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@ | |
| diff --git a/recipes-deps/curl/curl_7.44.0.bb b/recipes-deps/curl/curl_7.44.0.bb | |
| new file mode 100644 | |
| index 0000000..419ed83 | |
| --- /dev/null | |
| +++ b/recipes-deps/curl/curl_7.44.0.bb | |
| @@ -0,0 +1,60 @@ | |
| +SUMMARY = "Command line tool and library for client-side URL transfers" | |
| +HOMEPAGE = "http://curl.haxx.se/" | |
| +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" | |
| +SECTION = "console/network" | |
| +LICENSE = "MIT" | |
| +LIC_FILES_CHKSUM = "file://COPYING;beginline=7;md5=3a34942f4ae3fbf1a303160714e664ac" | |
| + | |
| +SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |
| + file://pkgconfig_fix.patch \ | |
| + " | |
| + | |
| +# curl likes to set -g0 in CFLAGS, so we stop it | |
| +# from mucking around with debug options | |
| +# | |
| +SRC_URI += " file://configure_ac.patch \ | |
| + file://CVE-2016-0754.patch \ | |
| + file://CVE-2016-0755.patch" | |
| + | |
| +SRC_URI[md5sum] = "6b952ca00e5473b16a11f05f06aa8dae" | |
| +SRC_URI[sha256sum] = "1e2541bae6582bb697c0fbae49e1d3e6fad5d05d5aa80dbd6f072e0a44341814" | |
| + | |
| +inherit autotools pkgconfig binconfig multilib_header | |
| + | |
| +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls zlib" | |
| +PACKAGECONFIG_class-native = "ipv6 ssl zlib" | |
| +PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib" | |
| + | |
| +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | |
| +PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" | |
| +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" | |
| +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" | |
| +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" | |
| +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" | |
| +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," | |
| + | |
| +EXTRA_OECONF = "--without-libidn \ | |
| + --enable-crypto-auth \ | |
| + --disable-ldap \ | |
| + --disable-ldaps \ | |
| + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ | |
| +" | |
| +# see https://lists.yoctoproject.org/pipermail/poky/2013-December/009435.html | |
| +# We should ideally drop ac_cv_sizeof_off_t from site files but until then | |
| +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'largefile', 'ac_cv_sizeof_off_t=8', '', d)}" | |
| + | |
| +do_install_append() { | |
| + oe_multilib_header curl/curlbuild.h | |
| +} | |
| + | |
| +do_install_append_class-target() { | |
| + # cleanup buildpaths from curl-config | |
| + sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config | |
| +} | |
| + | |
| +PACKAGES =+ "lib${BPN}" | |
| + | |
| +FILES_lib${BPN} = "${libdir}/lib*.so.*" | |
| +RRECOMMENDS_lib${BPN} += "ca-certificates" | |
| + | |
| +BBCLASSEXTEND = "native nativesdk" | |
| -- | |
| 2.1.4 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment