pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
curl/libcurl-ocloexec.patch
Ismail Dönmez 56d1c05470 Accepting request 163742 from home:vitezslav_cizek:branches:devel:libraries:c_c++ 
- update to 7.30.0
  includes security fixes for CVE-2013-0249 and CVE-2013-1944
  (bugs bnc#814655 and bnc#802411 respectively)
  (dropped curl-CVE-2013-0249.patch)
- Changes:
  imap: Changed response tag generation to be completely unique
  imap: Added support for SASL-IR extension
  imap: Added support for the list command
  imap: Added support for the append command
  imap: Added custom request parsing
  imap: Added support to the fetch command for UID and SECTION properties
  imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
  imap/pop3/smtp: Added support for the STARTTLS capability
  checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
  curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
  Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS
    for new multi interface connection handling
  Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
    CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL
    and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
  test: offer "automake" output and check for perl better
  always-multi: always use non-blocking internals
  imap: Added support for sasl digest-md5 authentication
  imap: Added support for sasl cram-md5 authentication
  imap: Added support for sasl ntlm authentication
  imap: Added support for sasl login authentication
  imap: Added support for sasl plain text authentication
  imap: Added support for login disabled server capability
  mk-ca-bundle: add -f, support passing to stdout and more
  writeout: -w now supports remote_ip/port and local_ip/port

OBS-URL: https://build.opensuse.org/request/show/163742
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=92
2013-04-13 15:46:54 +00:00

179 lines
6.4 KiB
Diff
Raw Blame History

Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
Index: lib/cookie.c
===================================================================
--- lib/cookie.c.orig 2013-04-12 13:25:07.866367012 +0200
+++ lib/cookie.c 2013-04-12 13:25:29.391017340 +0200
@@ -750,7 +750,7 @@ struct CookieInfo *Curl_cookie_init(stru
fp = NULL;
}
else
- fp = file?fopen(file, "r"):NULL;
+ fp = file?fopen(file, "re"):NULL;
c->newsession = newsession; /* new session? */
@@ -1091,7 +1091,7 @@ static int cookie_output(struct CookieIn
use_stdout=TRUE;
}
else {
- out = fopen(dumphere, "w");
+ out = fopen(dumphere, "we");
if(!out)
return 1; /* failure */
}
Index: lib/file.c
===================================================================
--- lib/file.c.orig 2013-04-12 13:25:07.867367042 +0200
+++ lib/file.c 2013-04-12 13:25:29.391017340 +0200
@@ -243,7 +243,7 @@ static CURLcode file_connect(struct conn
fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
file->path = actual_path;
#else
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
@@ -341,7 +341,7 @@ static CURLcode file_upload(struct conne
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, conn->data->set.new_file_perms);
+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
Index: lib/formdata.c
===================================================================
--- lib/formdata.c.orig 2013-04-12 13:25:07.868367072 +0200
+++ lib/formdata.c 2013-04-12 13:25:29.392017370 +0200
@@ -1234,7 +1234,7 @@ CURLcode Curl_getformdata(struct Session
FILE *fileread;
fileread = strequal("-", file->contents)?
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */
+ stdin:fopen(file->contents, "rbe"); /* binary read for win32 */
/*
* VMS: This only allows for stream files on VMS. Stream files are
@@ -1365,7 +1365,7 @@ static size_t readfromfile(struct Form *
else {
if(!form->fp) {
/* this file hasn't yet been opened */
- form->fp = fopen(form->data->line, "rb"); /* b is for binary */
+ form->fp = fopen(form->data->line, "rbe"); /* b is for binary */
if(!form->fp)
return (size_t)-1; /* failure */
}
Index: lib/hostip6.c
===================================================================
--- lib/hostip6.c.orig 2013-04-12 13:25:07.868367072 +0200
+++ lib/hostip6.c 2013-04-12 13:25:29.392017370 +0200
@@ -39,7 +39,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
-
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -107,7 +107,7 @@ bool Curl_ipv6works(void)
static int ipv6_works = -1;
if(-1 == ipv6_works) {
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an ipv6 address was requested but we can't get/use one */
ipv6_works = 0;
Index: lib/if2ip.c
===================================================================
--- lib/if2ip.c.orig 2013-04-12 13:25:07.869367102 +0200
+++ lib/if2ip.c 2013-04-12 13:25:29.393017400 +0200
@@ -171,7 +171,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
Index: lib/netrc.c
===================================================================
--- lib/netrc.c.orig 2013-04-12 13:25:07.869367102 +0200
+++ lib/netrc.c 2013-04-12 13:25:29.393017400 +0200
@@ -97,7 +97,7 @@ int Curl_parsenetrc(const char *host,
netrc_alloc = TRUE;
}
- file = fopen(netrcfile, "r");
+ file = fopen(netrcfile, "re");
if(file) {
char *tok;
char *tok_buf;
Index: lib/ssluse.c
===================================================================
--- lib/ssluse.c.orig 2013-04-12 13:25:07.870367132 +0200
+++ lib/ssluse.c 2013-04-12 13:25:29.394017430 +0200
@@ -419,7 +419,7 @@ int cert_stuff(struct connectdata *conn,
STACK_OF(X509) *ca = NULL;
int i;
- f = fopen(cert_file,"rb");
+ f = fopen(cert_file,"rbe");
if(!f) {
failf(data, "could not open PKCS12 file '%s'", cert_file);
return 0;
@@ -2246,7 +2246,7 @@ static CURLcode servercert(struct connec
/* e.g. match issuer name with provided issuer certificate */
if(data->set.str[STRING_SSL_ISSUERCERT]) {
- fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
+ fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"re");
if(!fp) {
if(strict)
failf(data, "SSL: Unable to open issuer cert (%s)",
Index: lib/connect.c
===================================================================
--- lib/connect.c.orig 2013-04-12 13:25:07.871367163 +0200
+++ lib/connect.c 2013-04-12 13:25:29.394017430 +0200
@@ -1308,7 +1308,7 @@ CURLcode Curl_socket(struct connectdata
(struct curl_sockaddr *)addr);
else
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+ *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
if(*sockfd == CURL_SOCKET_BAD)
/* no socket, no connection */
Index: configure.ac
===================================================================
--- configure.ac.orig 2013-04-12 13:25:07.873367223 +0200
+++ configure.ac 2013-04-12 13:25:29.396017491 +0200
@@ -183,6 +183,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
+AC_USE_SYSTEM_EXTENSIONS
dnl Checks for programs.
dnl Our curl_off_t internal and external configure settings
@@ -195,6 +196,7 @@ dnl Our configure and build reentrant se
CURL_CONFIGURE_THREAD_SAFE
CURL_CONFIGURE_REENTRANT
+
dnl check for how to do large files
AC_SYS_LARGEFILE
Reference in New Issue View Git Blame Copy Permalink