pool/curl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
510f542287
curl/libcurl-ocloexec.patch
Tomáš Chvátal 435fa2e023 Accepting request 532977 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ 
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
 Changes:
  * curl: enable compression for SCP/SFTP with --compressed-ssh
  * libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
  * vtls: added dynamic changing SSL backend with curl_global_sslset()
  * new MIME API, curl_mime_init() and friends
  * openssl: initial SSLKEYLOGFILE implementation 
 Security fixes:
  * CVE-2017-1000254 FTP PWD response parser out of bounds read
 Bugfixes:
  * FTP: zero terminate the entry path even on bad input
  * examples/ftpuploadresume.c: use portable code
  * runtests: match keywords case insensitively
  * strtoofft: reduce integer overflow risks globally
  * zsh.pl: produce a working completion script again
  * cmake: remove dead code for CURL_DISABLE_RTMP
  * progress: Track total times following redirects
  * configure: fix --disable-threaded-resolver
  * configure: fix clang version detection
  * darwinssi: fix error: variable length array used
  * configure: check for __builtin_available() availability
  * http_proxy: fix build error for CURL_DOES_CONVERSIONS
  * examples/ftpuploadresume: checksrc compliance
  * ftp: fix CWD when doing multicwd then nocwd on same connection
  * system.h: remove all CURL_SIZEOF_* defines
  * http: Don't wait on CONNECT when there is no proxy
  * system.h: check for __ppc__ as well
  * http2_recv: return error better on fatal h2 errors
  * tftp: fix memory leak on too long filename
  * system.h: fix build for hppa

OBS-URL: https://build.opensuse.org/request/show/532977
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=206
2017-10-10 10:18:27 +00:00

92 lines
3.0 KiB
Diff
Raw Blame History

Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
Index: lib/file.c
===================================================================
--- lib/file.c.orig
+++ lib/file.c
@@ -248,7 +248,7 @@ static CURLcode file_connect(struct conn
return CURLE_URL_MALFORMAT;
}
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
@@ -343,7 +343,7 @@ static CURLcode file_upload(struct conne
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, conn->data->set.new_file_perms);
+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
Index: lib/hostip6.c
===================================================================
--- lib/hostip6.c.orig
+++ lib/hostip6.c
@@ -39,7 +39,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
-
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -103,7 +103,7 @@ bool Curl_ipv6works(void)
static int ipv6_works = -1;
if(-1 == ipv6_works) {
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we can't get/use one */
ipv6_works = 0;
Index: lib/if2ip.c
===================================================================
--- lib/if2ip.c.orig
+++ lib/if2ip.c
@@ -225,7 +225,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
Index: lib/connect.c
===================================================================
--- lib/connect.c.orig
+++ lib/connect.c
@@ -1355,7 +1355,7 @@ CURLcode Curl_socket(struct connectdata
(struct curl_sockaddr *)addr);
else
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+ *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
if(*sockfd == CURL_SOCKET_BAD)
/* no socket, no connection */
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -182,6 +182,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
+AC_USE_SYSTEM_EXTENSIONS
dnl Checks for programs.
dnl This defines _ALL_SOURCE for AIX
Reference in New Issue View Git Blame Copy Permalink