pool/curl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
curl/curl-disabled-redirect-protocol-message.patch
Dirk Mueller 73128f1a05 Accepting request 973058 from home:david.anes:branches:devel:libraries:c_c++ 
- Patches rework:
  * Refreshed all patches as -p1.
  * Use autopatch macro.
  * Renamed: 
    - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
  * Removed (already upstream):
    - curl-fix-verifyhost.patch
- Update to 7.83.0:
  * Security fixes:
    - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
    - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
    - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
    - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
  * Changes:
    - curl: add %header{name} experimental support in -w handling
    - curl: add %{header_json} experimental support in -w handling
    - curl: add --no-clobber
    - curl: add --remove-on-error
    - header api: add curl_easy_header and curl_easy_nextheader
    - msh3: add support for QUIC and HTTP/3 using msh3 
  * Bugfixes:
    - appveyor: add Cygwin build
    - appveyor: only add MSYS2 to PATH where required
    - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
    - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
    - BINDINGS.md: add Hollywood binding
    - CI: Do not use buildconf. Instead, just use: autoreconf -fi
    - CI: install Python package impacket to run SMB test 1451
    - configure.ac: move -pthread CFLAGS setting back where it used to be
    - configure: bump the copyright year range int the generated output

OBS-URL: https://build.opensuse.org/request/show/973058
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=310
2022-04-27 09:43:43 +00:00

21 lines
783 B
Diff
Raw Permalink Blame History

Index: curl-7.82.0/lib/url.c
===================================================================
--- curl-7.82.0.orig/lib/url.c
+++ curl-7.82.0/lib/url.c
@@ -1832,9 +1832,13 @@ static CURLcode findprotocol(struct Curl
/* it is allowed for "normal" request, now do an extra check if this is
the result of a redirect */
if(data->state.this_is_a_follow &&
- !(data->set.redir_protocols & p->protocol))
+ !(data->set.redir_protocols & p->protocol)) {
/* nope, get out */
- ;
+ failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
+ LIBCURL_NAME, protostr);
+
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
else {
/* Perform setup complement if some. */
conn->handler = conn->given = p;
Reference in New Issue View Git Blame Copy Permalink