cbfaaab1ef
- Update to version 7.62.0 [bsc#1099793, CVE-2018-0500] Changes: * getinfo: add microsecond precise timers for seven intervals * curl: show headers in bold, switch off with --no-styled-output * httpauth: add support for Bearer tokens * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS * curl: --tls13-ciphers and --proxy-tls13-ciphers * Add CURLOPT_DISALLOW_USERNAME_IN_URL * curl: --disallow-username-in-url Bugfixes: * CVE-2018-0500: smtp: fix SMTP send buffer overflow * schannel: disable client cert option if APIs not available * schannel: disable manual verify if APIs not available * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags * openssl: acknowledge --tls-max for default version too * stub_gssapi: fix 'unused parameter' warnings * examples/progressfunc: make it build on both new and old libcurls * docs: mention it is HA Proxy protocol "version 1" * curl_fnmatch: only allow two asterisks for matching * docs: clarify CURLOPT_HTTPGET * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE * configure: do compile-time SIZEOF checks instead of run-time * checksrc: make sure sizeof() is used *with* parentheses * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit * schannel: make CAinfo parsing resilient to CR/LF * tftp: make sure error is zero terminated before printfing it * http resume: skip body if http code 416 (range error) is ignored * configure: add basic test of --with-ssl prefix * cmake: set -d postfix for debug builds OBS-URL: https://build.opensuse.org/request/show/623481 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=227
93 lines
3.5 KiB
Diff
93 lines
3.5 KiB
Diff
Open library file descriptors with O_CLOEXEC
|
|
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
|
|
or later, different combinations (old linux, new glibc and vice-versa)
|
|
will result in a crash.
|
|
|
|
To make it portable you have to test O_CLOEXEC support at *runtime*
|
|
compile time is not enough.
|
|
|
|
|
|
Index: curl-7.61.0/lib/file.c
|
|
===================================================================
|
|
--- curl-7.61.0.orig/lib/file.c 2018-07-09 08:42:12.000000000 +0200
|
|
+++ curl-7.61.0/lib/file.c 2018-07-17 15:47:25.259601877 +0200
|
|
@@ -190,7 +190,7 @@ static CURLcode file_connect(struct conn
|
|
return CURLE_URL_MALFORMAT;
|
|
}
|
|
|
|
- fd = open_readonly(real_path, O_RDONLY);
|
|
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
|
|
file->path = real_path;
|
|
#endif
|
|
file->freepath = real_path; /* free this when done */
|
|
@@ -283,7 +283,7 @@ static CURLcode file_upload(struct conne
|
|
else
|
|
mode = MODE_DEFAULT|O_TRUNC;
|
|
|
|
- fd = open(file->path, mode, conn->data->set.new_file_perms);
|
|
+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
|
|
if(fd < 0) {
|
|
failf(data, "Can't open %s for writing", file->path);
|
|
return CURLE_WRITE_ERROR;
|
|
Index: curl-7.61.0/lib/hostip6.c
|
|
===================================================================
|
|
--- curl-7.61.0.orig/lib/hostip6.c 2018-07-09 08:42:12.000000000 +0200
|
|
+++ curl-7.61.0/lib/hostip6.c 2018-07-17 15:47:25.259601877 +0200
|
|
@@ -44,7 +44,7 @@
|
|
#ifdef HAVE_PROCESS_H
|
|
#include <process.h>
|
|
#endif
|
|
-
|
|
+#include <fcntl.h>
|
|
#include "urldata.h"
|
|
#include "sendf.h"
|
|
#include "hostip.h"
|
|
@@ -70,7 +70,7 @@ bool Curl_ipv6works(void)
|
|
static int ipv6_works = -1;
|
|
if(-1 == ipv6_works) {
|
|
/* probe to see if we have a working IPv6 stack */
|
|
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
|
|
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
|
if(s == CURL_SOCKET_BAD)
|
|
/* an IPv6 address was requested but we can't get/use one */
|
|
ipv6_works = 0;
|
|
Index: curl-7.61.0/lib/if2ip.c
|
|
===================================================================
|
|
--- curl-7.61.0.orig/lib/if2ip.c 2018-05-07 10:20:04.000000000 +0200
|
|
+++ curl-7.61.0/lib/if2ip.c 2018-07-17 15:47:25.259601877 +0200
|
|
@@ -225,7 +225,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
|
|
if(len >= sizeof(req.ifr_name))
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
- dummy = socket(AF_INET, SOCK_STREAM, 0);
|
|
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
|
if(CURL_SOCKET_BAD == dummy)
|
|
return IF2IP_NOT_FOUND;
|
|
|
|
Index: curl-7.61.0/lib/connect.c
|
|
===================================================================
|
|
--- curl-7.61.0.orig/lib/connect.c 2018-07-09 08:42:12.000000000 +0200
|
|
+++ curl-7.61.0/lib/connect.c 2018-07-17 15:47:25.259601877 +0200
|
|
@@ -1387,7 +1387,7 @@ CURLcode Curl_socket(struct connectdata
|
|
}
|
|
else
|
|
/* opensocket callback not set, so simply create the socket now */
|
|
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
|
|
+ *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
|
|
|
|
if(*sockfd == CURL_SOCKET_BAD)
|
|
/* no socket, no connection */
|
|
Index: curl-7.61.0/configure.ac
|
|
===================================================================
|
|
--- curl-7.61.0.orig/configure.ac 2018-07-17 15:47:25.263601899 +0200
|
|
+++ curl-7.61.0/configure.ac 2018-07-17 15:49:06.252122189 +0200
|
|
@@ -191,6 +191,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
|
|
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
|
|
AC_SUBST(AR_FLAGS, [cr])
|
|
|
|
+AC_USE_SYSTEM_EXTENSIONS
|
|
+
|
|
dnl This defines _ALL_SOURCE for AIX
|
|
CURL_CHECK_AIX_ALL_SOURCE
|
|
|