From 1002a66bcbac102dbc74263b63da52672ddd55d8962db314b091db21f0e6b1b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Mon, 6 Feb 2017 09:07:18 +0000 Subject: [PATCH] Accepting request 454837 from home:AndreasStieger:branches:devel:libraries:c_c++ - build with libidn2 for IDNA2008 support FATE#321897 CVE-2016-8625 bsc#1005649 add curl-7.52.1-idn-fixes.patch to fix test, among other things - re-enable tests that are no longer failing, remove curl-disable_failing_tests.patch OBS-URL: https://build.opensuse.org/request/show/454837 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=182 --- curl-7.52.1-idn-fixes.patch | 207 +++++++++++++++++++++++++++++++ curl-disable_failing_tests.patch | 14 --- curl.changes | 9 ++ curl.spec | 8 +- 4 files changed, 220 insertions(+), 18 deletions(-) create mode 100644 curl-7.52.1-idn-fixes.patch delete mode 100644 curl-disable_failing_tests.patch diff --git a/curl-7.52.1-idn-fixes.patch b/curl-7.52.1-idn-fixes.patch new file mode 100644 index 0000000..c2c7064 --- /dev/null +++ b/curl-7.52.1-idn-fixes.patch @@ -0,0 +1,207 @@ +From 0bc24d6f9d15a2cc5898cae4f214487200e78f44 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 25 Dec 2016 01:13:12 +0100 +Subject: [PATCH] configure: accept --with-libidn2 instead + +... which the help text already implied since we switched to libidn2 +from libidn in commit 9c91ec778104ae3b back in October 2016. + +Reported-by: Christian Weisgerber +Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 91028458f..65dac55bc 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2830,7 +2830,7 @@ dnl ********************************************************************** + + AC_MSG_CHECKING([whether to build with libidn2]) + OPT_IDN="default" +-AC_ARG_WITH(libidn, ++AC_ARG_WITH(libidn2, + AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) + AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), + [OPT_IDN=$withval]) +-- +2.11.1 + +From f30cbcac11f5a627992f0c48cff91135808fa70f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Fri, 13 Jan 2017 09:36:33 +0100 +Subject: [PATCH] IDN: Use TR46 'transitional' for toASCII translations + +References: http://unicode.org/faq/idn.html + http://unicode.org/reports/tr46 + +Closes #1206 +--- + lib/url.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index c7a91a4f7..29beb3853 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -4010,7 +4010,12 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) + #ifdef USE_LIBIDN2 + if(idn2_check_version(IDN2_VERSION)) { + char *ace_hostname = NULL; +- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0); ++#ifdef IDN2_TRANSITIONAL ++ int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; ++#else ++ int flags = IDN2_NFC_INPUT; ++#endif ++ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); + if(rc == IDN2_OK) { + host->encalloc = (char *)ace_hostname; + /* change the name pointer to point to the encoded hostname */ +-- +2.11.1 + +From ba315745f7f4ddfedd0763833c22f019817535cb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= +Date: Fri, 13 Jan 2017 11:50:01 +0100 +Subject: [PATCH] IDN: Fix compile time detection of linidn2 TR46 + +Follow-up to f30cbcac1 + +Closes #1207 +--- + lib/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index 1f6e5bed9..9112baee0 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -4010,7 +4010,7 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) + #ifdef USE_LIBIDN2 + if(idn2_check_version(IDN2_VERSION)) { + char *ace_hostname = NULL; +-#ifdef IDN2_TRANSITIONAL ++#if IDN2_VERSION_NUMBER >= 0x00140000 + int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; + #else + int flags = IDN2_NFC_INPUT; +-- +2.11.1 + +From ee357664df9bbb301e3bc1070a855e6b13303a5d Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 13 Jan 2017 14:31:40 +0100 +Subject: [PATCH] IDN: revert use of the transitional option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It made the german ß get converted to ss, IDNA2003 style, and we can't +have that for the .de TLD - a primary reason for our switch to IDNA2008. + +Test 165 verifies. +--- + lib/url.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 9112baee0..b088b61e3 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -4010,12 +4010,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) + #ifdef USE_LIBIDN2 + if(idn2_check_version(IDN2_VERSION)) { + char *ace_hostname = NULL; +-#if IDN2_VERSION_NUMBER >= 0x00140000 +- int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; +-#else +- int flags = IDN2_NFC_INPUT; +-#endif +- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); ++ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, ++ IDN2_NFC_INPUT); + if(rc == IDN2_OK) { + host->encalloc = (char *)ace_hostname; + /* change the name pointer to point to the encoded hostname */ +-- +2.11.1 + +From 7d6e3f8cfa5c8de1ecb4ab63ed0c0660cce7acdc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 13 Jan 2017 14:49:11 +0100 +Subject: [PATCH] IDN: Use TR46 non-transitional +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assisted-by: Tim Rühsen +--- + lib/url.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index b088b61e3..074289ed4 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -4010,8 +4010,15 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) + #ifdef USE_LIBIDN2 + if(idn2_check_version(IDN2_VERSION)) { + char *ace_hostname = NULL; +- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, +- IDN2_NFC_INPUT); ++#if IDN2_VERSION_NUMBER >= 0x00140000 ++ /* IDN2_NFC_INPUT: Normalize input string using normalization form C. ++ IDN2_NONTRANSITIONAL: Perform Unicode TR46 non-transitional ++ processing. */ ++ int flags = IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL; ++#else ++ int flags = IDN2_NFC_INPUT; ++#endif ++ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); + if(rc == IDN2_OK) { + host->encalloc = (char *)ace_hostname; + /* change the name pointer to point to the encoded hostname */ +-- +2.11.1 + +From b135cd255b6aa7d051ea906693bf67580153ed76 Mon Sep 17 00:00:00 2001 +From: Alessandro Ghedini +Date: Sat, 14 Jan 2017 16:16:56 +0000 +Subject: [PATCH] url: assume UTF-8 when doing idn2 lookup +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Thanks to Tim Rühsen for the suggestion. +--- + lib/url.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index edae1e3f3..49ed4f669 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -4026,7 +4026,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) + #else + int flags = IDN2_NFC_INPUT; + #endif +- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); ++ int rc = idn2_lookup_u8((const uint8_t *)host->name, ++ (uint8_t **)&ace_hostname, flags); + if(rc == IDN2_OK) { + host->encalloc = (char *)ace_hostname; + /* change the name pointer to point to the encoded hostname */ +-- +2.11.1 + diff --git a/curl-disable_failing_tests.patch b/curl-disable_failing_tests.patch deleted file mode 100644 index 50abba3..0000000 --- a/curl-disable_failing_tests.patch +++ /dev/null @@ -1,14 +0,0 @@ -Index: curl-7.50.0/tests/data/DISABLED -=================================================================== ---- curl-7.50.0.orig/tests/data/DISABLED 2016-06-27 16:11:14.000000000 +0200 -+++ curl-7.50.0/tests/data/DISABLED 2016-07-21 15:15:31.134631724 +0200 -@@ -2,6 +2,9 @@ - # test cases are run by runtests.pl. Just add the plain test case numbers, one - # per line. - # Lines starting with '#' letters are treated as comments. -+# man pages problems -+1139 -+1140 - 594 - 1209 - 1211 diff --git a/curl.changes b/curl.changes index 70c7c34..83e5331 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sun Feb 5 22:33:33 UTC 2017 - astieger@suse.com + +- build with libidn2 for IDNA2008 support + FATE#321897 CVE-2016-8625 bsc#1005649 + add curl-7.52.1-idn-fixes.patch to fix test, among other things +- re-enable tests that are no longer failing, + remove curl-disable_failing_tests.patch + ------------------------------------------------------------------- Fri Dec 23 07:37:40 UTC 2016 - idonmez@suse.com diff --git a/curl.spec b/curl.spec index def3ef9..14bab69 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ # # spec file for package curl # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,14 +33,14 @@ Source4: https://daniel.haxx.se/mykey.asc#/%{name}.keyring Patch0: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch3: curl-secure-getenv.patch -Patch4: curl-disable_failing_tests.patch +Patch5: curl-7.52.1-idn-fixes.patch BuildRequires: groff BuildRequires: krb5-mini-devel +BuildRequires: libidn2-devel BuildRequires: libtool BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkgconfig -BuildRequires: pkgconfig(libidn) BuildRequires: pkgconfig(libmetalink) BuildRequires: pkgconfig(libnghttp2) BuildRequires: pkgconfig(libpsl) @@ -98,7 +98,7 @@ user interaction or any kind of interactivity. %patch0 %patch1 %patch3 -%patch4 -p1 +%patch5 -p1 %build # curl complains if macro definition is contained in CFLAGS