rpm/curl
SHA256
1
0
Fork 0
forked from pool/curl
Code Pull Requests Activity
curl/libcurl-ocloexec.patch
Tomáš Chvátal 3b846fa6c7 Accepting request 586981 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ 
- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch

- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  Changes:
   * curl: add --proxy-pinnedpubkey
   * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
   * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
   * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
   * Add new tool option --happy-eyeballs-timeout-ms
   * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA 
  Bugfixes: 
   * openldap: check ldap_get_attribute_ber() results for NULL before using
   * FTP: reject path components with control codes
   * readwrite: make sure excess reads don't go beyond buffer end
   * lib555: drop text conversion and encode data as ascii codes
   * lib517: make variable static to avoid compiler warning
   * lib544: sync ascii code data with textual data
   * GSKit: restore pinnedpubkey functionality
   * darwinssl: Don't import client certificates into Keychain on macOS
   * parsedate: fix date parsing for systems with 32 bit long
   * openssl: fix pinned public key build error in FIPS mode
   * SChannel/WinSSL: Implement public key pinning
   * cookies: remove verbose "cookie size:" output
   * progress-bar: don't use stderr explicitly, use bar->out
   * build: open VC15 projects with VS 2017
   * curl_ctype: private is*() type macros and functions

OBS-URL: https://build.opensuse.org/request/show/586981
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=222
2018-03-14 16:35:07 +00:00

92 lines
3.0 KiB
Diff
Raw Blame History

Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
Index: lib/file.c
===================================================================
--- lib/file.c.orig
+++ lib/file.c
@@ -190,7 +190,7 @@ static CURLcode file_connect(struct conn
return CURLE_URL_MALFORMAT;
}
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
file->freepath = real_path; /* free this when done */
@@ -285,7 +285,7 @@ static CURLcode file_upload(struct conne
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, conn->data->set.new_file_perms);
+ fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms);
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
Index: lib/hostip6.c
===================================================================
--- lib/hostip6.c.orig
+++ lib/hostip6.c
@@ -44,7 +44,7 @@
#ifdef HAVE_PROCESS_H
#include <process.h>
#endif
-
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -103,7 +103,7 @@ bool Curl_ipv6works(void)
static int ipv6_works = -1;
if(-1 == ipv6_works) {
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we can't get/use one */
ipv6_works = 0;
Index: lib/if2ip.c
===================================================================
--- lib/if2ip.c.orig
+++ lib/if2ip.c
@@ -225,7 +225,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
Index: lib/connect.c
===================================================================
--- lib/connect.c.orig
+++ lib/connect.c
@@ -1389,7 +1389,7 @@ CURLcode Curl_socket(struct connectdata
}
else
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+ *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
if(*sockfd == CURL_SOCKET_BAD)
/* no socket, no connection */
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -188,6 +188,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])
+AC_USE_SYSTEM_EXTENSIONS
dnl Checks for programs.
dnl This defines _ALL_SOURCE for AIX
View Git Blame Copy Permalink