Pedro Monreal Gonzalez
d0ee3ff81d
- Update to 8.11.1:
* Security fixes:
- netrc and redirect credential leak [bsc#1234068, CVE-2024-11053]
* Bugfixes:
- build: fix ECH to always enable HTTPS RR
- cookie: treat cookie name case sensitively
- curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected
- curl: use realtime in trace timestamps
- digest: produce a shorter cnonce in Digest headers
- docs: document default 'User-Agent'
- docs: suggest --ssl-reqd instead of --ftp-ssl
- duphandle: also init netrc
- hostip: don't use the resolver for FQDN localhost
- http_negotiate: allow for a one byte larger channel binding buffer
- krb5: fix socket/sockindex confusion, MSVC compiler warnings
- libssh: use libssh sftp_aio to upload file
- libssh: when using IPv6 numerical address, add brackets
- mime: fix reader stall on small read lengths
- mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
- mprintf: fix the integer overflow checks
- multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when...
- netrc: address several netrc parser flaws
- netrc: support large file, longer lines, longer tokens
- nghttp2: use custom memory functions
- OpenSSL: improvde error message on expired certificate
- openssl: remove three "Useless Assignments"
- openssl: stop using SSL_CTX_ function prefix for our functions
- pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
- rtsp: check EOS in the RTSP receive and return an error code
- schannel: remove TLS 1.3 ciphersuite-list support
OBS-URL: https://build.opensuse.org/request/show/1230013
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=385
94 lines
3.0 KiB
Diff
94 lines
3.0 KiB
Diff
Open library file descriptors with O_CLOEXEC
|
|
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
|
|
or later, different combinations (old linux, new glibc and vice-versa)
|
|
will result in a crash.
|
|
|
|
To make it portable you have to test O_CLOEXEC support at *runtime*
|
|
compile time is not enough.
|
|
|
|
|
|
Index: curl-8.9.0/lib/file.c
|
|
===================================================================
|
|
--- curl-8.9.0.orig/lib/file.c
|
|
+++ curl-8.9.0/lib/file.c
|
|
@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl
|
|
}
|
|
}
|
|
#else
|
|
- fd = open_readonly(real_path, O_RDONLY);
|
|
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
|
|
file->path = real_path;
|
|
#endif
|
|
#endif
|
|
@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_
|
|
else
|
|
mode = MODE_DEFAULT|O_TRUNC;
|
|
|
|
- fd = open(file->path, mode, data->set.new_file_perms);
|
|
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
|
|
if(fd < 0) {
|
|
failf(data, "cannot open %s for writing", file->path);
|
|
return CURLE_WRITE_ERROR;
|
|
Index: curl-8.9.0/lib/if2ip.c
|
|
===================================================================
|
|
--- curl-8.9.0.orig/lib/if2ip.c
|
|
+++ curl-8.9.0/lib/if2ip.c
|
|
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
|
|
if(len >= sizeof(req.ifr_name))
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
- dummy = socket(AF_INET, SOCK_STREAM, 0);
|
|
+ dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0);
|
|
if(CURL_SOCKET_BAD == dummy)
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
Index: curl-8.9.0/configure.ac
|
|
===================================================================
|
|
--- curl-8.9.0.orig/configure.ac
|
|
+++ curl-8.9.0/configure.ac
|
|
@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
|
|
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
|
|
AC_SUBST(AR_FLAGS, [cr])
|
|
|
|
+AC_USE_SYSTEM_EXTENSIONS
|
|
+
|
|
dnl This defines _ALL_SOURCE for AIX
|
|
CURL_CHECK_AIX_ALL_SOURCE
|
|
|
|
Index: curl-8.9.0/lib/hostip.c
|
|
===================================================================
|
|
--- curl-8.9.0.orig/lib/hostip.c
|
|
+++ curl-8.9.0/lib/hostip.c
|
|
@@ -44,6 +44,7 @@
|
|
#include <setjmp.h>
|
|
#include <signal.h>
|
|
|
|
+#include <fcntl.h>
|
|
#include "urldata.h"
|
|
#include "sendf.h"
|
|
#include "hostip.h"
|
|
@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da
|
|
else {
|
|
int ipv6_works = -1;
|
|
/* probe to see if we have a working IPv6 stack */
|
|
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
|
|
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
|
|
if(s == CURL_SOCKET_BAD)
|
|
/* an IPv6 address was requested but we cannot get/use one */
|
|
ipv6_works = 0;
|
|
Index: curl-8.9.0/lib/cf-socket.c
|
|
===================================================================
|
|
--- curl-8.9.0.orig/lib/cf-socket.c
|
|
+++ curl-8.9.0/lib/cf-socket.c
|
|
@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_
|
|
}
|
|
else {
|
|
/* opensocket callback not set, so simply create the socket now */
|
|
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
|
|
+ *sockfd = socket(addr->family,
|
|
+ addr->socktype|SOCK_CLOEXEC,
|
|
+ addr->protocol);
|
|
}
|
|
|
|
if(*sockfd == CURL_SOCKET_BAD)
|