c7dbf5559a
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: don’t call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=176
122 lines
4.1 KiB
Diff
122 lines
4.1 KiB
Diff
Open library file descriptors with O_CLOEXEC
|
|
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
|
|
or later, different combinations (old linux, new glibc and vice-versa)
|
|
will result in a crash.
|
|
|
|
To make it portable you have to test O_CLOEXEC support at *runtime*
|
|
compile time is not enough.
|
|
|
|
|
|
Index: lib/file.c
|
|
===================================================================
|
|
--- lib/file.c.orig
|
|
+++ lib/file.c
|
|
@@ -242,7 +242,7 @@ static CURLcode file_connect(struct conn
|
|
return CURLE_URL_MALFORMAT;
|
|
}
|
|
|
|
- fd = open_readonly(real_path, O_RDONLY);
|
|
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
|
|
file->path = real_path;
|
|
#endif
|
|
file->freepath = real_path; /* free this when done */
|
|
@@ -338,7 +338,7 @@ static CURLcode file_upload(struct conne
|
|
else
|
|
mode = MODE_DEFAULT|O_TRUNC;
|
|
|
|
- fd = open(file->path, mode, conn->data->set.new_file_perms);
|
|
+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
|
|
if(fd < 0) {
|
|
failf(data, "Can't open %s for writing", file->path);
|
|
return CURLE_WRITE_ERROR;
|
|
Index: lib/formdata.c
|
|
===================================================================
|
|
--- lib/formdata.c.orig
|
|
+++ lib/formdata.c
|
|
@@ -1306,7 +1306,7 @@ CURLcode Curl_getformdata(struct Curl_ea
|
|
FILE *fileread;
|
|
|
|
fileread = !strcmp("-", file->contents)?
|
|
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */
|
|
+ stdin:fopen(file->contents, "rbe"); /* binary read for win32 */
|
|
|
|
/*
|
|
* VMS: This only allows for stream files on VMS. Stream files are
|
|
@@ -1466,7 +1466,7 @@ static size_t readfromfile(struct Form *
|
|
else {
|
|
if(!form->fp) {
|
|
/* this file hasn't yet been opened */
|
|
- form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */
|
|
+ form->fp = fopen_read(form->data->line, "rbe"); /* b is for binary */
|
|
if(!form->fp)
|
|
return (size_t)-1; /* failure */
|
|
}
|
|
Index: lib/hostip6.c
|
|
===================================================================
|
|
--- lib/hostip6.c.orig
|
|
+++ lib/hostip6.c
|
|
@@ -39,7 +39,7 @@
|
|
#ifdef HAVE_PROCESS_H
|
|
#include <process.h>
|
|
#endif
|
|
-
|
|
+#include <fcntl.h>
|
|
#include "urldata.h"
|
|
#include "sendf.h"
|
|
#include "hostip.h"
|
|
@@ -103,7 +103,7 @@ bool Curl_ipv6works(void)
|
|
static int ipv6_works = -1;
|
|
if(-1 == ipv6_works) {
|
|
/* probe to see if we have a working IPv6 stack */
|
|
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
|
|
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
|
if(s == CURL_SOCKET_BAD)
|
|
/* an IPv6 address was requested but we can't get/use one */
|
|
ipv6_works = 0;
|
|
Index: lib/if2ip.c
|
|
===================================================================
|
|
--- lib/if2ip.c.orig
|
|
+++ lib/if2ip.c
|
|
@@ -223,7 +223,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
|
|
if(len >= sizeof(req.ifr_name))
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
- dummy = socket(AF_INET, SOCK_STREAM, 0);
|
|
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
|
if(CURL_SOCKET_BAD == dummy)
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
Index: lib/connect.c
|
|
===================================================================
|
|
--- lib/connect.c.orig
|
|
+++ lib/connect.c
|
|
@@ -1351,7 +1351,7 @@ CURLcode Curl_socket(struct connectdata
|
|
(struct curl_sockaddr *)addr);
|
|
else
|
|
/* opensocket callback not set, so simply create the socket now */
|
|
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
|
|
+ *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
|
|
|
|
if(*sockfd == CURL_SOCKET_BAD)
|
|
/* no socket, no connection */
|
|
Index: configure.ac
|
|
===================================================================
|
|
--- configure.ac.orig
|
|
+++ configure.ac
|
|
@@ -185,6 +185,7 @@ AC_CANONICAL_HOST
|
|
dnl Get system canonical name
|
|
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
|
|
|
|
+AC_USE_SYSTEM_EXTENSIONS
|
|
dnl Checks for programs.
|
|
|
|
dnl Our curl_off_t internal and external configure settings
|
|
@@ -197,6 +198,7 @@ dnl Our configure and build reentrant se
|
|
CURL_CONFIGURE_THREAD_SAFE
|
|
CURL_CONFIGURE_REENTRANT
|
|
|
|
+
|
|
dnl check for how to do large files
|
|
AC_SYS_LARGEFILE
|
|
|