From aecf7be514a475363449f6a8321ef02a69a14c1c Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 11 Aug 2022 11:33:48 -0700 Subject: [PATCH 1/8] curl: update to version 7.84.0 to fix CVE-2022-32207. (#3514) --- SPECS/curl/CVE-2021-22897.patch | 63 -- SPECS/curl/CVE-2021-22898.patch | 32 - SPECS/curl/CVE-2021-22901.patch | 308 ---------- SPECS/curl/CVE-2021-22922.nopatch | 0 SPECS/curl/CVE-2021-22923.nopatch | 0 SPECS/curl/CVE-2021-22924.patch | 278 --------- SPECS/curl/CVE-2021-22925.patch | 41 -- SPECS/curl/CVE-2021-22926.nopatch | 0 SPECS/curl/CVE-2021-22945.patch | 34 -- SPECS/curl/CVE-2021-22946.patch | 340 ----------- SPECS/curl/CVE-2021-22947.patch | 367 ------------ SPECS/curl/CVE-2022-22576.patch | 161 ------ SPECS/curl/CVE-2022-27774.patch | 546 ------------------ SPECS/curl/CVE-2022-27775.patch | 36 -- SPECS/curl/CVE-2022-27776-supplemental.patch | 81 --- SPECS/curl/CVE-2022-27776.patch | 131 ----- SPECS/curl/curl.signatures.json | 2 +- SPECS/curl/curl.spec | 38 +- cgmanifest.json | 4 +- .../manifests/package/pkggen_core_aarch64.txt | 6 +- .../manifests/package/pkggen_core_x86_64.txt | 6 +- .../manifests/package/toolchain_aarch64.txt | 8 +- .../manifests/package/toolchain_x86_64.txt | 8 +- 23 files changed, 30 insertions(+), 2460 deletions(-) delete mode 100644 SPECS/curl/CVE-2021-22897.patch delete mode 100644 SPECS/curl/CVE-2021-22898.patch delete mode 100644 SPECS/curl/CVE-2021-22901.patch delete mode 100644 SPECS/curl/CVE-2021-22922.nopatch delete mode 100644 SPECS/curl/CVE-2021-22923.nopatch delete mode 100644 SPECS/curl/CVE-2021-22924.patch delete mode 100644 SPECS/curl/CVE-2021-22925.patch delete mode 100644 SPECS/curl/CVE-2021-22926.nopatch delete mode 100644 SPECS/curl/CVE-2021-22945.patch delete mode 100644 SPECS/curl/CVE-2021-22946.patch delete mode 100644 SPECS/curl/CVE-2021-22947.patch delete mode 100644 SPECS/curl/CVE-2022-22576.patch delete mode 100644 SPECS/curl/CVE-2022-27774.patch delete mode 100644 SPECS/curl/CVE-2022-27775.patch delete mode 100644 SPECS/curl/CVE-2022-27776-supplemental.patch delete mode 100644 SPECS/curl/CVE-2022-27776.patch diff --git a/SPECS/curl/CVE-2021-22897.patch b/SPECS/curl/CVE-2021-22897.patch deleted file mode 100644 index 0af0088d321..00000000000 --- a/SPECS/curl/CVE-2021-22897.patch +++ /dev/null @@ -1,63 +0,0 @@ -From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 23 Apr 2021 10:54:10 +0200 -Subject: [PATCH] schannel: don't use static to store selected ciphers - -CVE-2021-22897 - -Bug: https://curl.se/docs/CVE-2021-22897.html ---- - lib/vtls/schannel.c | 9 +++++---- - lib/vtls/schannel.h | 3 +++ - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c -index 8c25ac5dd5a5..dba7072273a9 100644 ---- a/lib/vtls/schannel.c -+++ b/lib/vtls/schannel.c -@@ -328,12 +328,12 @@ get_alg_id_by_name(char *name) - } - - static CURLcode --set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) -+set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, -+ int *algIds) - { - char *startCur = ciphers; - int algCount = 0; -- static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ -- while(startCur && (0 != *startCur) && (algCount < 45)) { -+ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) { - long alg = strtol(startCur, 0, 0); - if(!alg) - alg = get_alg_id_by_name(startCur); -@@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, - } - - if(SSL_CONN_CONFIG(cipher_list)) { -- result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); -+ result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list), -+ BACKEND->algIds); - if(CURLE_OK != result) { - failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); - return result; -diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h -index 2952caa1a5a1..77853aa30f96 100644 ---- a/lib/vtls/schannel.h -+++ b/lib/vtls/schannel.h -@@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, - #endif - #endif - -+#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ -+ - struct Curl_schannel_cred { - CredHandle cred_handle; - TimeStamp time_stamp; -@@ -102,6 +104,7 @@ struct ssl_backend_data { - #ifdef HAS_MANUAL_VERIFY_API - bool use_manual_cred_validation; /* true if manual cred validation is used */ - #endif -+ ALG_ID algIds[NUMOF_CIPHERS]; - }; - #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ diff --git a/SPECS/curl/CVE-2021-22898.patch b/SPECS/curl/CVE-2021-22898.patch deleted file mode 100644 index 71e74964158..00000000000 --- a/SPECS/curl/CVE-2021-22898.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 280f4238182c4f2bc5843ce1fefce3dbc2220033 Mon Sep 17 00:00:00 2001 -From: Harry Sintonen -Date: Fri, 7 May 2021 13:09:57 +0200 -Subject: [PATCH] telnet: check sscanf() for correct number of matches - -CVE-2021-22898 - -Bug: https://curl.se/docs/CVE-2021-22898.html ---- - lib/telnet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/telnet.c b/lib/telnet.c -index f96a4cb4c..4551435a0 100644 ---- a/lib/telnet.c -+++ b/lib/telnet.c -@@ -919,11 +919,11 @@ static void suboption(struct Curl_easy *data) - - for(v = tn->telnet_vars; v; v = v->next) { - size_t tmplen = (strlen(v->data) + 1); - /* Add the variable only if it fits */ - if(len + tmplen < (int)sizeof(temp)-6) { -- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { -+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { - msnprintf((char *)&temp[len], sizeof(temp) - len, - "%c%s%c%s", CURL_NEW_ENV_VAR, varname, - CURL_NEW_ENV_VALUE, varval); - len += tmplen; - } --- -2.31.1 - diff --git a/SPECS/curl/CVE-2021-22901.patch b/SPECS/curl/CVE-2021-22901.patch deleted file mode 100644 index 8572b3869b1..00000000000 --- a/SPECS/curl/CVE-2021-22901.patch +++ /dev/null @@ -1,308 +0,0 @@ -From 15156c613dc0e562ac20b5b24a39605ee7ec62d2 Mon Sep 17 00:00:00 2001 -From: Harry Sintonen -Date: Wed, 5 May 2021 13:42:26 +0200 -Subject: [PATCH] openssl: associate/detach the transfer from connection - -Bug: https://curl.se/docs/CVE-2021-22901.html ---- - lib/multi.c | 5 +- - lib/vtls/openssl.c | 146 +++++++++++++++++++++++++++++++++------------ - lib/vtls/vtls.c | 23 ++++++- - lib/vtls/vtls.h | 12 ++++ - 4 files changed, 145 insertions(+), 41 deletions(-) - -diff --git a/lib/multi.c b/lib/multi.c -index be3e41f..68c8404 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -872,8 +872,10 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) - void Curl_detach_connnection(struct Curl_easy *data) - { - struct connectdata *conn = data->conn; -- if(conn) -+ if(conn) { - Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); -+ Curl_ssl_detach_conn(data, conn); -+ } - data->conn = NULL; - } - -@@ -890,6 +892,7 @@ void Curl_attach_connnection(struct Curl_easy *data, - data->conn = conn; - Curl_llist_insert_next(&conn->easyq, conn->easyq.tail, data, - &data->conn_queue); -+ Curl_ssl_associate_conn(data, conn); - } - - static int waitconnect_getsock(struct connectdata *conn, -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 68b9898..45a9eca 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -246,6 +246,10 @@ struct ssl_backend_data { - #endif - }; - -+static void ossl_associate_connection(struct Curl_easy *data, -+ struct connectdata *conn, -+ int sockindex); -+ - /* - * Number of bytes to read from the random number seed file. This must be - * a finite value (because some entropy "files" like /dev/urandom have -@@ -2504,6 +2508,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, - curl_socket_t sockfd = conn->sock[sockindex]; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - ctx_option_t ctx_options = 0; -+ void *ssl_sessionid = NULL; - - #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - bool sni; -@@ -3205,46 +3210,23 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, - } - #endif - -- /* Check if there's a cached ID we can/should use here! */ -- if(SSL_SET_OPTION(primary.sessionid)) { -- void *ssl_sessionid = NULL; -- int data_idx = ossl_get_ssl_data_index(); -- int connectdata_idx = ossl_get_ssl_conn_index(); -- int sockindex_idx = ossl_get_ssl_sockindex_index(); -- int proxy_idx = ossl_get_proxy_index(); -- -- if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && -- proxy_idx >= 0) { -- /* Store the data needed for the "new session" callback. -- * The sockindex is stored as a pointer to an array element. */ -- SSL_set_ex_data(backend->handle, data_idx, data); -- SSL_set_ex_data(backend->handle, connectdata_idx, conn); -- SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex); --#ifndef CURL_DISABLE_PROXY -- SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: -- NULL); --#else -- SSL_set_ex_data(backend->handle, proxy_idx, NULL); --#endif -- -- } -+ ossl_associate_connection(data, conn, sockindex); - -- Curl_ssl_sessionid_lock(data); -- if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, -- &ssl_sessionid, NULL, sockindex)) { -- /* we got a session id, use it! */ -- if(!SSL_set_session(backend->handle, ssl_sessionid)) { -- Curl_ssl_sessionid_unlock(data); -- failf(data, "SSL: SSL_set_session failed: %s", -- ossl_strerror(ERR_get_error(), error_buffer, -- sizeof(error_buffer))); -- return CURLE_SSL_CONNECT_ERROR; -- } -- /* Informational message */ -- infof(data, "SSL re-using session ID\n"); -+ Curl_ssl_sessionid_lock(data); -+ if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, -+ &ssl_sessionid, NULL, sockindex)) { -+ /* we got a session id, use it! */ -+ if(!SSL_set_session(backend->handle, ssl_sessionid)) { -+ Curl_ssl_sessionid_unlock(data); -+ failf(data, "SSL: SSL_set_session failed: %s", -+ ossl_strerror(ERR_get_error(), error_buffer, -+ sizeof(error_buffer))); -+ return CURLE_SSL_CONNECT_ERROR; - } -- Curl_ssl_sessionid_unlock(data); -+ /* Informational message */ -+ infof(data, "SSL re-using session ID\n"); - } -+ Curl_ssl_sessionid_unlock(data); - - #ifndef CURL_DISABLE_PROXY - if(conn->proxy_ssl[sockindex].use) { -@@ -4470,6 +4452,90 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl, - (void *)backend->ctx : (void *)backend->handle; - } - -+static void ossl_associate_connection(struct Curl_easy *data, -+ struct connectdata *conn, -+ int sockindex) -+{ -+ struct ssl_connect_data *connssl = &conn->ssl[sockindex]; -+ struct ssl_backend_data *backend = connssl->backend; -+ -+ /* If we don't have SSL context, do nothing. */ -+ if(!backend->handle) -+ return; -+ -+ if(SSL_SET_OPTION(primary.sessionid)) { -+ int data_idx = ossl_get_ssl_data_index(); -+ int connectdata_idx = ossl_get_ssl_conn_index(); -+ int sockindex_idx = ossl_get_ssl_sockindex_index(); -+ int proxy_idx = ossl_get_proxy_index(); -+ -+ if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && -+ proxy_idx >= 0) { -+ /* Store the data needed for the "new session" callback. -+ * The sockindex is stored as a pointer to an array element. */ -+ SSL_set_ex_data(backend->handle, data_idx, data); -+ SSL_set_ex_data(backend->handle, connectdata_idx, conn); -+ SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex); -+#ifndef CURL_DISABLE_PROXY -+ SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: -+ NULL); -+#else -+ SSL_set_ex_data(backend->handle, proxy_idx, NULL); -+#endif -+ } -+ } -+} -+ -+/* -+ * Starting with TLS 1.3, the ossl_new_session_cb callback gets called after -+ * the handshake. If the transfer that sets up the callback gets killed before -+ * this callback arrives, we must make sure to properly clear the data to -+ * avoid UAF problems. A future optimization could be to instead store another -+ * transfer that might still be using the same connection. -+ */ -+ -+static void ossl_disassociate_connection(struct Curl_easy *data, -+ int sockindex) -+{ -+ struct connectdata *conn = data->conn; -+ struct ssl_connect_data *connssl = &conn->ssl[sockindex]; -+ struct ssl_backend_data *backend = connssl->backend; -+ -+ /* If we don't have SSL context, do nothing. */ -+ if(!backend->handle) -+ return; -+ -+ if(SSL_SET_OPTION(primary.sessionid)) { -+ bool isproxy = FALSE; -+ bool incache; -+ void *old_ssl_sessionid = NULL; -+ int data_idx = ossl_get_ssl_data_index(); -+ int connectdata_idx = ossl_get_ssl_conn_index(); -+ int sockindex_idx = ossl_get_ssl_sockindex_index(); -+ int proxy_idx = ossl_get_proxy_index(); -+ -+ if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && -+ proxy_idx >= 0) { -+ /* Invalidate the session cache entry, if any */ -+ isproxy = SSL_get_ex_data(backend->handle, proxy_idx) ? TRUE : FALSE; -+ -+ /* Disable references to data in "new session" callback to avoid -+ * accessing a stale pointer. */ -+ SSL_set_ex_data(backend->handle, data_idx, NULL); -+ SSL_set_ex_data(backend->handle, connectdata_idx, NULL); -+ SSL_set_ex_data(backend->handle, sockindex_idx, NULL); -+ SSL_set_ex_data(backend->handle, proxy_idx, NULL); -+ } -+ -+ Curl_ssl_sessionid_lock(data); -+ incache = !(Curl_ssl_getsessionid(data, conn, isproxy, -+ &old_ssl_sessionid, NULL, sockindex)); -+ if(incache) -+ Curl_ssl_delsessionid(data, old_ssl_sessionid); -+ Curl_ssl_sessionid_unlock(data); -+ } -+} -+ - const struct Curl_ssl Curl_ssl_openssl = { - { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */ - -@@ -4504,10 +4570,12 @@ const struct Curl_ssl Curl_ssl_openssl = { - ossl_engines_list, /* engines_list */ - Curl_none_false_start, /* false_start */ - #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) -- ossl_sha256sum /* sha256sum */ -+ ossl_sha256sum, /* sha256sum */ - #else -- NULL /* sha256sum */ -+ NULL, /* sha256sum */ - #endif -+ ossl_associate_connection, /* associate_connection */ -+ ossl_disassociate_connection /* disassociate_connection */ - }; - - #endif /* USE_OPENSSL */ -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index 2e07df0..22cfb88 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -579,6 +579,25 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, - return CURLE_OK; - } - -+void Curl_ssl_associate_conn(struct Curl_easy *data, -+ struct connectdata *conn) -+{ -+ if(Curl_ssl->associate_connection) { -+ Curl_ssl->associate_connection(data, conn, FIRSTSOCKET); -+ if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) -+ Curl_ssl->associate_connection(data, conn, SECONDARYSOCKET); -+ } -+} -+ -+void Curl_ssl_detach_conn(struct Curl_easy *data, -+ struct connectdata *conn) -+{ -+ if(Curl_ssl->disassociate_connection) { -+ Curl_ssl->disassociate_connection(data, FIRSTSOCKET); -+ if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) -+ Curl_ssl->disassociate_connection(data, SECONDARYSOCKET); -+ } -+} - - void Curl_ssl_close_all(struct Curl_easy *data) - { -@@ -1207,7 +1226,9 @@ static const struct Curl_ssl Curl_ssl_multi = { - Curl_none_set_engine_default, /* set_engine_default */ - Curl_none_engines_list, /* engines_list */ - Curl_none_false_start, /* false_start */ -- NULL /* sha256sum */ -+ NULL, /* sha256sum */ -+ NULL, /* associate_connection */ -+ NULL /* disassociate_connection */ - }; - - const struct Curl_ssl *Curl_ssl = -diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h -index 2b43e77..78d1003 100644 ---- a/lib/vtls/vtls.h -+++ b/lib/vtls/vtls.h -@@ -83,6 +83,11 @@ struct Curl_ssl { - bool (*false_start)(void); - CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen, - unsigned char *sha256sum, size_t sha256sumlen); -+ -+ void (*associate_connection)(struct Curl_easy *data, -+ struct connectdata *conn, -+ int sockindex); -+ void (*disassociate_connection)(struct Curl_easy *data, int sockindex); - }; - - #ifdef USE_SSL -@@ -277,6 +282,11 @@ bool Curl_ssl_cert_status_request(void); - - bool Curl_ssl_false_start(void); - -+void Curl_ssl_associate_conn(struct Curl_easy *data, -+ struct connectdata *conn); -+void Curl_ssl_detach_conn(struct Curl_easy *data, -+ struct connectdata *conn); -+ - #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ - - #else /* if not USE_SSL */ -@@ -303,6 +313,8 @@ bool Curl_ssl_false_start(void); - #define Curl_ssl_cert_status_request() FALSE - #define Curl_ssl_false_start() FALSE - #define Curl_ssl_tls13_ciphersuites() FALSE -+#define Curl_ssl_associate_conn(a,b) Curl_nop_stmt -+#define Curl_ssl_detach_conn(a,b) Curl_nop_stmt - #endif - - #endif /* HEADER_CURL_VTLS_H */ --- -2.17.1 - diff --git a/SPECS/curl/CVE-2021-22922.nopatch b/SPECS/curl/CVE-2021-22922.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/curl/CVE-2021-22923.nopatch b/SPECS/curl/CVE-2021-22923.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/curl/CVE-2021-22924.patch b/SPECS/curl/CVE-2021-22924.patch deleted file mode 100644 index 7c8ee4b382f..00000000000 --- a/SPECS/curl/CVE-2021-22924.patch +++ /dev/null @@ -1,278 +0,0 @@ -From 31619bb3d705d73b7cd9ad3e040b73fe2892f5f4 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 19 Jun 2021 00:42:28 +0200 -Subject: [PATCH] vtls: fix connection reuse checks for issuer cert and case - sensitivity - -CVE-2021-22924 - -Reported-by: Harry Sintonen -Bug: https://curl.se/docs/CVE-2021-22924.html - -Patch updated to cleanly backport 7.76.0. ---- - lib/url.c | 10 ++++++---- - lib/urldata.h | 4 ++-- - lib/vtls/gtls.c | 10 +++++----- - lib/vtls/nss.c | 4 ++-- - lib/vtls/openssl.c | 18 +++++++++--------- - lib/vtls/vtls.c | 26 +++++++++++++++++++++----- - 6 files changed, 45 insertions(+), 27 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 19fcfb8..662289e 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -3722,6 +3722,8 @@ static CURLcode create_conn(struct Curl_easy *data, - */ - data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH]; - data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; -+ data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; -+ data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; - data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; - data->set.ssl.primary.cipher_list = -@@ -3746,8 +3748,11 @@ static CURLcode create_conn(struct Curl_easy *data, - data->set.proxy_ssl.primary.pinned_key = - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]; - data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY]; -+ data->set.proxy_ssl.primary.issuercert = -+ data->set.str[STRING_SSL_ISSUERCERT_PROXY]; -+ data->set.proxy_ssl.primary.issuercert_blob = -+ data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; - data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; -- data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY]; - data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; - data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; - data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; -@@ -3756,7 +3761,6 @@ static CURLcode create_conn(struct Curl_easy *data, - data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; - #endif - data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; -- data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; - data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; - data->set.ssl.key = data->set.str[STRING_KEY]; - data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; -@@ -3770,9 +3774,7 @@ static CURLcode create_conn(struct Curl_easy *data, - data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; - #endif - #endif -- - data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; -- data->set.ssl.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; - - if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary, - &conn->ssl_config)) { -diff --git a/lib/urldata.h b/lib/urldata.h -index fec8756..c0f2f3a 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -246,6 +246,7 @@ struct ssl_primary_config { - long version_max; /* max supported version the client wants to use*/ - char *CApath; /* certificate dir (doesn't work on windows) */ - char *CAfile; /* certificate to verify peer against */ -+ char *issuercert; /* optional issuer certificate filename */ - char *clientcert; - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ -@@ -253,6 +254,7 @@ struct ssl_primary_config { - char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ - char *pinned_key; - struct curl_blob *cert_blob; -+ struct curl_blob *issuercert_blob; - char *curves; /* list of curves to use */ - BIT(verifypeer); /* set TRUE if this is desired */ - BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ -@@ -264,8 +266,6 @@ struct ssl_config_data { - struct ssl_primary_config primary; - long certverifyresult; /* result from the certificate verification */ - char *CRLfile; /* CRL to check certificate revocation */ -- char *issuercert;/* optional issuer certificate filename */ -- struct curl_blob *issuercert_blob; - curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ - void *fsslctxp; /* parameter for call back */ - char *cert_type; /* format for certificate (default: PEM)*/ -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 3b0d940..bdaee62 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -849,7 +849,7 @@ gtls_connect_step3(struct Curl_easy *data, - if(!chainp) { - if(SSL_CONN_CONFIG(verifypeer) || - SSL_CONN_CONFIG(verifyhost) || -- SSL_SET_OPTION(issuercert)) { -+ SSL_CONN_CONFIG(issuercert)) { - #ifdef HAVE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP - && SSL_SET_OPTION(username) != NULL -@@ -1033,21 +1033,21 @@ gtls_connect_step3(struct Curl_easy *data, - gnutls_x509_crt_t format */ - gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER); - -- if(SSL_SET_OPTION(issuercert)) { -+ if(SSL_CONN_CONFIG(issuercert)) { - gnutls_x509_crt_init(&x509_issuer); -- issuerp = load_file(SSL_SET_OPTION(issuercert)); -+ issuerp = load_file(SSL_CONN_CONFIG(issuercert)); - gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM); - rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer); - gnutls_x509_crt_deinit(x509_issuer); - unload_file(issuerp); - if(rc <= 0) { - failf(data, "server certificate issuer check failed (IssuerCert: %s)", -- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none"); -+ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none"); - gnutls_x509_crt_deinit(x509_cert); - return CURLE_SSL_ISSUER_ERROR; - } - infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n", -- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none"); -+ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none"); - } - - size = sizeof(certname); -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index bc6c3ca..4e64804 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -2156,9 +2156,9 @@ static CURLcode nss_do_connect(struct Curl_easy *data, - if(result) - goto error; - -- if(SSL_SET_OPTION(issuercert)) { -+ if(SSL_CONN_CONFIG(issuercert)) { - SECStatus ret = SECFailure; -- char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert)); -+ char *nickname = dup_nickname(data, SSL_CONN_CONFIG(issuercert)); - if(nickname) { - /* we support only nicknames in case of issuercert for now */ - ret = check_issuer_cert(backend->handle, nickname); -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 45a9eca..9854054 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -3868,10 +3868,10 @@ static CURLcode servercert(struct Curl_easy *data, - deallocating the certificate. */ - - /* e.g. match issuer name with provided issuer certificate */ -- if(SSL_SET_OPTION(issuercert) || SSL_SET_OPTION(issuercert_blob)) { -- if(SSL_SET_OPTION(issuercert_blob)) -- fp = BIO_new_mem_buf(SSL_SET_OPTION(issuercert_blob)->data, -- (int)SSL_SET_OPTION(issuercert_blob)->len); -+ if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) { -+ if(SSL_CONN_CONFIG(issuercert_blob)) -+ fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data, -+ (int)SSL_CONN_CONFIG(issuercert_blob)->len); - else { - fp = BIO_new(BIO_s_file()); - if(fp == NULL) { -@@ -3885,10 +3885,10 @@ static CURLcode servercert(struct Curl_easy *data, - return CURLE_OUT_OF_MEMORY; - } - -- if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) { -+ if(BIO_read_filename(fp, SSL_CONN_CONFIG(issuercert)) <= 0) { - if(strict) - failf(data, "SSL: Unable to open issuer cert (%s)", -- SSL_SET_OPTION(issuercert)); -+ SSL_CONN_CONFIG(issuercert)); - BIO_free(fp); - X509_free(backend->server_cert); - backend->server_cert = NULL; -@@ -3900,7 +3900,7 @@ static CURLcode servercert(struct Curl_easy *data, - if(!issuer) { - if(strict) - failf(data, "SSL: Unable to read issuer cert (%s)", -- SSL_SET_OPTION(issuercert)); -+ SSL_CONN_CONFIG(issuercert)); - BIO_free(fp); - X509_free(issuer); - X509_free(backend->server_cert); -@@ -3911,7 +3911,7 @@ static CURLcode servercert(struct Curl_easy *data, - if(X509_check_issued(issuer, backend->server_cert) != X509_V_OK) { - if(strict) - failf(data, "SSL: Certificate issuer check failed (%s)", -- SSL_SET_OPTION(issuercert)); -+ SSL_CONN_CONFIG(issuercert)); - BIO_free(fp); - X509_free(issuer); - X509_free(backend->server_cert); -@@ -3920,7 +3920,7 @@ static CURLcode servercert(struct Curl_easy *data, - } - - infof(data, " SSL certificate issuer check ok (%s)\n", -- SSL_SET_OPTION(issuercert)); -+ SSL_CONN_CONFIG(issuercert)); - BIO_free(fp); - X509_free(issuer); - } -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index 22cfb88..f0fb6b2 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -125,6 +125,16 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) - return !memcmp(first->data, second->data, first->len); /* same data */ - } - -+static bool safecmp(char *a, char *b) -+{ -+ if(a && b) -+ return !strcmp(a, b); -+ else if(!a && !b) -+ return TRUE; /* match */ -+ return FALSE; /* no match */ -+} -+ -+ - bool - Curl_ssl_config_matches(struct ssl_primary_config *data, - struct ssl_primary_config *needle) -@@ -135,11 +145,13 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, - (data->verifyhost == needle->verifyhost) && - (data->verifystatus == needle->verifystatus) && - blobcmp(data->cert_blob, needle->cert_blob) && -- Curl_safe_strcasecompare(data->CApath, needle->CApath) && -- Curl_safe_strcasecompare(data->CAfile, needle->CAfile) && -- Curl_safe_strcasecompare(data->clientcert, needle->clientcert) && -- Curl_safe_strcasecompare(data->random_file, needle->random_file) && -- Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && -+ blobcmp(data->issuercert_blob, needle->issuercert_blob) && -+ safecmp(data->CApath, needle->CApath) && -+ safecmp(data->CAfile, needle->CAfile) && -+ safecmp(data->issuercert, needle->issuercert) && -+ safecmp(data->clientcert, needle->clientcert) && -+ safecmp(data->random_file, needle->random_file) && -+ safecmp(data->egdsocket, needle->egdsocket) && - Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && - Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && - Curl_safe_strcasecompare(data->curves, needle->curves) && -@@ -161,8 +173,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, - dest->sessionid = source->sessionid; - - CLONE_BLOB(cert_blob); -+ CLONE_BLOB(issuercert_blob); - CLONE_STRING(CApath); - CLONE_STRING(CAfile); -+ CLONE_STRING(issuercert); - CLONE_STRING(clientcert); - CLONE_STRING(random_file); - CLONE_STRING(egdsocket); -@@ -178,6 +192,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) - { - Curl_safefree(sslc->CApath); - Curl_safefree(sslc->CAfile); -+ Curl_safefree(sslc->issuercert); - Curl_safefree(sslc->clientcert); - Curl_safefree(sslc->random_file); - Curl_safefree(sslc->egdsocket); -@@ -185,6 +200,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) - Curl_safefree(sslc->cipher_list13); - Curl_safefree(sslc->pinned_key); - Curl_safefree(sslc->cert_blob); -+ Curl_safefree(sslc->issuercert_blob); - Curl_safefree(sslc->curves); - } - --- -2.17.1 - diff --git a/SPECS/curl/CVE-2021-22925.patch b/SPECS/curl/CVE-2021-22925.patch deleted file mode 100644 index f05caaa5a8c..00000000000 --- a/SPECS/curl/CVE-2021-22925.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 894f6ec730597eb243618d33cc84d71add8d6a8a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 12 Jun 2021 18:25:15 +0200 -Subject: [PATCH] telnet: fix option parser to not send uninitialized contents - -CVS-2021-22925 - -Reported-by: Red Hat Product Security -Bug: https://curl.se/docs/CVE-2021-22925.html ---- - lib/telnet.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/lib/telnet.c b/lib/telnet.c -index 1d3024ec4d3e..a81bb81c3675 100644 ---- a/lib/telnet.c -+++ b/lib/telnet.c -@@ -920,12 +920,17 @@ static void suboption(struct Curl_easy *data) - size_t tmplen = (strlen(v->data) + 1); - /* Add the variable only if it fits */ - if(len + tmplen < (int)sizeof(temp)-6) { -- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { -- msnprintf((char *)&temp[len], sizeof(temp) - len, -- "%c%s%c%s", CURL_NEW_ENV_VAR, varname, -- CURL_NEW_ENV_VALUE, varval); -- len += tmplen; -- } -+ int rv; -+ char sep[2] = ""; -+ varval[0] = 0; -+ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval); -+ if(rv == 1) -+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, -+ "%c%s", CURL_NEW_ENV_VAR, varname); -+ else if(rv >= 2) -+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, -+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname, -+ CURL_NEW_ENV_VALUE, varval); - } - } - msnprintf((char *)&temp[len], sizeof(temp) - len, diff --git a/SPECS/curl/CVE-2021-22926.nopatch b/SPECS/curl/CVE-2021-22926.nopatch deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/SPECS/curl/CVE-2021-22945.patch b/SPECS/curl/CVE-2021-22945.patch deleted file mode 100644 index 5a12c8b5616..00000000000 --- a/SPECS/curl/CVE-2021-22945.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 19483938de0dd2356c6f9a0092b8917aa238df77 Mon Sep 17 00:00:00 2001 -From: z2_ on hackerone <> -Date: Tue, 24 Aug 2021 09:50:33 +0200 -Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds - -CVE-2021-22945 - -Bug: https://curl.se/docs/CVE-2021-22945.html ---- - lib/mqtt.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/mqtt.c b/lib/mqtt.c -index f077e6c3d..fcd40b41e 100644 ---- a/lib/mqtt.c -+++ b/lib/mqtt.c -@@ -126,10 +126,14 @@ static CURLcode mqtt_send(struct Curl_easy *data, - if(!sendleftovers) - return CURLE_OUT_OF_MEMORY; - mq->sendleftovers = sendleftovers; - mq->nsend = nsend; - } -+ else { -+ mq->sendleftovers = NULL; -+ mq->nsend = 0; -+ } - return result; - } - - /* Generic function called by the multi interface to figure out what socket(s) - to wait for and for what actions during the DOING and PROTOCONNECT --- -2.33.0 - diff --git a/SPECS/curl/CVE-2021-22946.patch b/SPECS/curl/CVE-2021-22946.patch deleted file mode 100644 index 773edfe8e7a..00000000000 --- a/SPECS/curl/CVE-2021-22946.patch +++ /dev/null @@ -1,340 +0,0 @@ -From 96d71feb27e533a8b337512841a537952916262c Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Wed, 8 Sep 2021 11:56:22 +0200 -Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd - -In imap and pop3, check if TLS is required even when capabilities -request has failed. - -In ftp, ignore preauthentication (230 status of server greeting) if TLS -is required. - -Bug: https://curl.se/docs/CVE-2021-22946.html - -CVE-2021-22946 ---- - lib/ftp.c | 9 ++++--- - lib/imap.c | 24 ++++++++---------- - lib/pop3.c | 33 +++++++++++------------- - tests/data/Makefile.inc | 2 ++ - tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ - tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ - 7 files changed, 195 insertions(+), 36 deletions(-) - create mode 100644 tests/data/test984 - create mode 100644 tests/data/test985 - create mode 100644 tests/data/test986 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 1a699de59..08d18ca74 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2679,13 +2679,16 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - - if(ftpcode) { - /* we have now received a full FTP server response */ - switch(ftpc->state) { - case FTP_WAIT220: -- if(ftpcode == 230) -- /* 230 User logged in - already! */ -- return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ if(ftpcode == 230) { -+ /* 230 User logged in - already! Take as 220 if TLS required. */ -+ if(data->set.use_ssl <= CURLUSESSL_TRY || -+ conn->bits.ftp_use_control_ssl) -+ return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ } - else if(ftpcode != 220) { - failf(data, "Got a %03d ftp-server response when 220 was expected", - ftpcode); - return CURLE_WEIRD_SERVER_REPLY; - } -diff --git a/lib/imap.c b/lib/imap.c -index 359fc692e..923b1d59b 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -932,26 +932,22 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, - } - - line += wordlen; - } - } -- else if(imapcode == IMAP_RESP_OK) { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(imapc->tls_supported) -- /* Switch to TLS connection now */ -- result = imap_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = imap_perform_authentication(data, conn); -- else { -- failf(data, "STARTTLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -+ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -+ /* PREAUTH is not compatible with STARTTLS. */ -+ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { -+ /* Switch to TLS connection now */ -+ result = imap_perform_starttls(data, conn); - } -- else -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) - result = imap_perform_authentication(data, conn); -+ else { -+ failf(data, "STARTTLS not available."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - else - result = imap_perform_authentication(data, conn); - - return result; -diff --git a/lib/pop3.c b/lib/pop3.c -index d7b5283e1..a331d71f7 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -738,32 +738,27 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, - line += wordlen; - len -= wordlen; - } - } - } -- else if(pop3code == '+') { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(pop3c->tls_supported) -- /* Switch to TLS connection now */ -- result = pop3_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = pop3_perform_authentication(data, conn); -- else { -- failf(data, "STLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -- } -- else -- result = pop3_perform_authentication(data, conn); -- } - else { - /* Clear text is supported when CAPA isn't recognised */ -- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; -+ if(pop3code != '+') -+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; - -- result = pop3_perform_authentication(data, conn); -+ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) -+ result = pop3_perform_authentication(data, conn); -+ else if(pop3code == '+' && pop3c->tls_supported) -+ /* Switch to TLS connection now */ -+ result = pop3_perform_starttls(data, conn); -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) -+ /* Fallback and carry on with authentication */ -+ result = pop3_perform_authentication(data, conn); -+ else { -+ failf(data, "STLS not supported."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - - return result; - } - -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index ea52683..c8fba5b 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -116,6 +116,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ - test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - \ -+test984 test985 test986 \ -+\ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ - test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ -diff --git a/tests/data/test984 b/tests/data/test984 -new file mode 100644 -index 000000000..e573f23c1 ---- /dev/null -+++ b/tests/data/test984 -@@ -0,0 +1,56 @@ -+ -+ -+ -+IMAP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY CAPABILITY A001 BAD Not implemented -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+imap -+ -+ -+IMAP require STARTTLS with failing capabilities -+ -+ -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd -+ -+ -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+A001 CAPABILITY -+ -+ -+ -diff --git a/tests/data/test985 b/tests/data/test985 -new file mode 100644 -index 000000000..d0db4aadf ---- /dev/null -+++ b/tests/data/test985 -@@ -0,0 +1,54 @@ -+ -+ -+ -+POP3 -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY CAPA -ERR Not implemented -+ -+ -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+pop3 -+ -+ -+POP3 require STARTTLS with failing capabilities -+ -+ -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+CAPA -+ -+ -+ -diff --git a/tests/data/test986 b/tests/data/test986 -new file mode 100644 -index 000000000..a709437a4 ---- /dev/null -+++ b/tests/data/test986 -@@ -0,0 +1,53 @@ -+ -+ -+ -+FTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY welcome 230 Welcome -+REPLY AUTH 500 unknown command -+ -+ -+ -+# Client-side -+ -+ -+SSL -+ -+ -+ftp -+ -+ -+FTP require STARTTLS while preauthenticated -+ -+ -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+ -+ -+--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+# 64 is CURLE_USE_SSL_FAILED -+ -+64 -+ -+ -+AUTH SSL -+AUTH TLS -+ -+ -+ --- -2.33.0 - diff --git a/SPECS/curl/CVE-2021-22947.patch b/SPECS/curl/CVE-2021-22947.patch deleted file mode 100644 index ecfef403e47..00000000000 --- a/SPECS/curl/CVE-2021-22947.patch +++ /dev/null @@ -1,367 +0,0 @@ -From 259b4f2e1fd01fbc55e569ee0a507afeae34f77c Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Tue, 7 Sep 2021 13:26:42 +0200 -Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response - pipelining - -If a server pipelines future responses within the STARTTLS response, the -former are preserved in the pingpong cache across TLS negotiation and -used as responses to the encrypted commands. - -This fix detects pipelined STARTTLS responses and rejects them with an -error. - -CVE-2021-22947 - -Bug: https://curl.se/docs/CVE-2021-22947.html ---- - lib/ftp.c | 3 +++ - lib/imap.c | 4 +++ - lib/pop3.c | 4 +++ - lib/smtp.c | 4 +++ - tests/data/Makefile.inc | 2 ++ - tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ - tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ - tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ - 9 files changed, 237 insertions(+) - create mode 100644 tests/data/test980 - create mode 100644 tests/data/test981 - create mode 100644 tests/data/test982 - create mode 100644 tests/data/test983 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 1a699de59..727b7bd11 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2738,10 +2738,13 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - break; - - case FTP_AUTH: - /* we have gotten the response to a previous AUTH command */ - -+ if(pp->cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ -+ - /* RFC2228 (page 5) says: - * - * If the server is willing to accept the named security mechanism, - * and does not require any security data, it must respond with - * reply code 234/334. -diff --git a/lib/imap.c b/lib/imap.c -index 359fc692e..ce45f9e7b 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -965,10 +965,14 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, - CURLcode result = CURLE_OK; - struct connectdata *conn = data->conn; - - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.imapc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(imapcode != IMAP_RESP_OK) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); - result = CURLE_USE_SSL_FAILED; - } -diff --git a/lib/pop3.c b/lib/pop3.c -index d7b5283e1..f8c589e84 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -774,10 +774,14 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, - pop3state instate) - { - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.pop3c.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(pop3code != '+') { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); - result = CURLE_USE_SSL_FAILED; - } -diff --git a/lib/smtp.c b/lib/smtp.c -index 20dc85a5f..02ddaca0a 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -832,10 +832,14 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, - smtpstate instate) - { - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.smtpc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(smtpcode != 220) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied, code %d", smtpcode); - result = CURLE_USE_SSL_FAILED; - } -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index c8fba5b..aeda197 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -116,7 +116,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ - test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - \ --test984 test985 test986 \ -+test980 test981 test982 test983 test984 test985 test986 \ - \ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ -diff --git a/tests/data/test980 b/tests/data/test980 -new file mode 100644 -index 000000000..97567f856 ---- /dev/null -+++ b/tests/data/test980 -@@ -0,0 +1,52 @@ -+ -+ -+ -+SMTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STARTTLS -+AUTH PLAIN -+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted -+REPLY AUTH 535 5.7.8 Authentication credentials invalid -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+smtp -+ -+ -+SMTP STARTTLS pipelined server response -+ -+ -+mail body -+ -+ -+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+EHLO %TESTNUMBER -+STARTTLS -+ -+ -+ -diff --git a/tests/data/test981 b/tests/data/test981 -new file mode 100644 -index 000000000..2b98ce42a ---- /dev/null -+++ b/tests/data/test981 -@@ -0,0 +1,59 @@ -+ -+ -+ -+IMAP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STARTTLS -+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted -+REPLY LOGIN A003 BAD Authentication credentials invalid -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+imap -+ -+ -+IMAP STARTTLS pipelined server response -+ -+ -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl -+ -+ -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+A001 CAPABILITY -+A002 STARTTLS -+ -+ -+ -diff --git a/tests/data/test982 b/tests/data/test982 -new file mode 100644 -index 000000000..9e07cc0b3 ---- /dev/null -+++ b/tests/data/test982 -@@ -0,0 +1,57 @@ -+ -+ -+ -+POP3 -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+CAPA STLS USER -+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated -+REPLY PASS -ERR Authentication credentials invalid -+ -+ -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+ -+ -+ -+# -+# Client-side -+ -+ -+SSL -+ -+ -+pop3 -+ -+ -+POP3 STARTTLS pipelined server response -+ -+ -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+CAPA -+STLS -+ -+ -+ -diff --git a/tests/data/test983 b/tests/data/test983 -new file mode 100644 -index 000000000..300ec459c ---- /dev/null -+++ b/tests/data/test983 -@@ -0,0 +1,52 @@ -+ -+ -+ -+FTP -+STARTTLS -+ -+ -+ -+# -+# Server-side -+ -+ -+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete -+REPLY PASS 530 Login incorrect -+ -+ -+ -+# Client-side -+ -+ -+SSL -+ -+ -+ftp -+ -+ -+FTP STARTTLS pipelined server response -+ -+ -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+ -+ -+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP -+ -+ -+ -+# Verify data after the test has been "shot" -+ -+# 8 is CURLE_WEIRD_SERVER_REPLY -+ -+8 -+ -+ -+AUTH SSL -+ -+ -+ --- -2.33.0 - diff --git a/SPECS/curl/CVE-2022-22576.patch b/SPECS/curl/CVE-2022-22576.patch deleted file mode 100644 index de1d4827c15..00000000000 --- a/SPECS/curl/CVE-2022-22576.patch +++ /dev/null @@ -1,161 +0,0 @@ -From e193f712be95dc9e5e2b92eae6381d4572231152 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat -Date: Sun, 17 Apr 2022 23:29:46 +0200 -Subject: [PATCH] url: check sasl additional parameters for connection reuse. - -Also move static function safecmp() as non-static Curl_safecmp() since -its purpose is needed at several places. - -Bug: https://curl.se/docs/CVE-2022-22576.html - -CVE-2022-22576 - -Backported to curl version 7.76.0 -Signed-off-by: Henry Beberman - -diff -Nar -U 5 a/lib/strcase.c b/lib/strcase.c ---- a/lib/strcase.c 2022-04-20 10:05:03.391050932 -0700 -+++ b/lib/strcase.c 2022-04-20 09:59:13.827451218 -0700 -@@ -249,10 +249,20 @@ - do { - *dest++ = raw_tolower(*src); - } while(*src++ && --n); - } - -+/* Compare case-sensitive NUL-terminated strings, taking care of possible -+ * null pointers. Return true if arguments match. -+ */ -+bool Curl_safecmp(char *a, char *b) -+{ -+ if(a && b) -+ return !strcmp(a, b); -+ return !a && !b; -+} -+ - /* --- public functions --- */ - - int curl_strequal(const char *first, const char *second) - { - return Curl_strcasecompare(first, second); -diff -Nar -U 5 a/lib/strcase.h b/lib/strcase.h ---- a/lib/strcase.h 2022-04-20 10:05:03.391050932 -0700 -+++ b/lib/strcase.h 2022-04-20 09:59:31.079432247 -0700 -@@ -46,6 +46,8 @@ - #define checkprefix(a,b) curl_strnequal(a,b,strlen(a)) - - void Curl_strntoupper(char *dest, const char *src, size_t n); - void Curl_strntolower(char *dest, const char *src, size_t n); - -+bool Curl_safecmp(char *a, char *b); -+ - #endif /* HEADER_CURL_STRCASE_H */ -diff -Nar -U 5 a/lib/url.c b/lib/url.c ---- a/lib/url.c 2022-04-20 10:05:03.387050937 -0700 -+++ b/lib/url.c 2022-04-20 10:09:45.270711408 -0700 -@@ -765,10 +765,11 @@ - #endif - Curl_safefree(conn->user); - Curl_safefree(conn->passwd); - Curl_safefree(conn->sasl_authzid); - Curl_safefree(conn->options); -+ Curl_safefree(conn->oauth_bearer); - Curl_dyn_free(&conn->trailer); - Curl_safefree(conn->host.rawalloc); /* host name buffer */ - Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ - Curl_safefree(conn->hostname_resolve); - Curl_safefree(conn->secondaryhostname); -@@ -1307,11 +1308,13 @@ - - if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { - /* This protocol requires credentials per connection, - so verify that we're using the same name and password as well */ - if(strcmp(needle->user, check->user) || -- strcmp(needle->passwd, check->passwd)) { -+ strcmp(needle->passwd, check->passwd) || -+ !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) || -+ !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) { - /* one of them was different */ - continue; - } - } - -@@ -3551,10 +3554,18 @@ - result = CURLE_OUT_OF_MEMORY; - goto out; - } - } - -+ if(data->set.str[STRING_BEARER]) { -+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); -+ if(!conn->oauth_bearer) { -+ result = CURLE_OUT_OF_MEMORY; -+ goto out; -+ } -+ } -+ - #ifdef USE_UNIX_SOCKETS - if(data->set.str[STRING_UNIX_SOCKET_PATH]) { - conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); - if(conn->unix_domain_socket == NULL) { - result = CURLE_OUT_OF_MEMORY; -diff -Nar -U 5 a/lib/urldata.h b/lib/urldata.h ---- a/lib/urldata.h 2022-04-20 10:05:03.387050937 -0700 -+++ b/lib/urldata.h 2022-04-20 10:02:08.095255455 -0700 -@@ -985,10 +985,11 @@ - - char *user; /* user name string, allocated */ - char *passwd; /* password string, allocated */ - char *options; /* options string, allocated */ - char *sasl_authzid; /* authorisation identity string, allocated */ -+ char *oauth_bearer; /* OAUTH2 bearer, allocated */ - unsigned char httpversion; /* the HTTP version*10 reported by the server */ - struct curltime now; /* "current" time */ - struct curltime created; /* creation time */ - struct curltime lastused; /* when returned to the connection cache */ - curl_socket_t sock[2]; /* two sockets, the second is used for the data -diff -Nar -U 5 a/lib/vtls/vtls.c b/lib/vtls/vtls.c ---- a/lib/vtls/vtls.c 2022-04-20 10:05:03.395050927 -0700 -+++ b/lib/vtls/vtls.c 2022-04-20 10:03:03.899191048 -0700 -@@ -123,19 +123,10 @@ - if(first->len != second->len) /* different sizes */ - return FALSE; - return !memcmp(first->data, second->data, first->len); /* same data */ - } - --static bool safecmp(char *a, char *b) --{ -- if(a && b) -- return !strcmp(a, b); -- else if(!a && !b) -- return TRUE; /* match */ -- return FALSE; /* no match */ --} -- - - bool - Curl_ssl_config_matches(struct ssl_primary_config *data, - struct ssl_primary_config *needle) - { -@@ -144,16 +135,16 @@ - (data->verifypeer == needle->verifypeer) && - (data->verifyhost == needle->verifyhost) && - (data->verifystatus == needle->verifystatus) && - blobcmp(data->cert_blob, needle->cert_blob) && - blobcmp(data->issuercert_blob, needle->issuercert_blob) && -- safecmp(data->CApath, needle->CApath) && -- safecmp(data->CAfile, needle->CAfile) && -- safecmp(data->issuercert, needle->issuercert) && -- safecmp(data->clientcert, needle->clientcert) && -- safecmp(data->random_file, needle->random_file) && -- safecmp(data->egdsocket, needle->egdsocket) && -+ Curl_safecmp(data->CApath, needle->CApath) && -+ Curl_safecmp(data->CAfile, needle->CAfile) && -+ Curl_safecmp(data->issuercert, needle->issuercert) && -+ Curl_safecmp(data->clientcert, needle->clientcert) && -+ Curl_safecmp(data->random_file, needle->random_file) && -+ Curl_safecmp(data->egdsocket, needle->egdsocket) && - Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && - Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && - Curl_safe_strcasecompare(data->curves, needle->curves) && - Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) - return TRUE; diff --git a/SPECS/curl/CVE-2022-27774.patch b/SPECS/curl/CVE-2022-27774.patch deleted file mode 100644 index 69cfbd61549..00000000000 --- a/SPECS/curl/CVE-2022-27774.patch +++ /dev/null @@ -1,546 +0,0 @@ -From b92ebe53f3fc7b4a4355724a22690fdef4f1bf2f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 19 Apr 2022 12:49:28 +0200 -Subject: [PATCH 1/3] connect: store "conn_remote_port" in the info struct - -To make it available after the connection ended. - -From 2b4afd8dd2132a0edd16acbe7c8d4d5c4fd06e61 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 19 Apr 2022 12:49:28 +0200 -Subject: [PATCH 2/3] transfer: redirects to other protocols or ports clear - auth - -... unless explicitly permitted. - -Bug: https://curl.se/docs/CVE-2022-27774.html -Reported-by: Harry Sintonen - -From 2bb9658d75c846d398d490a96a58b5712e43c135 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 19 Apr 2022 12:49:28 +0200 -Subject: [PATCH 3/3] tests: verify the fix for CVE-2022-27774 - - - Test 973 redirects from HTTP to FTP, clear auth - - Test 974 redirects from HTTP to HTTP different port, clear auth - - Test 975 redirects from HTTP to FTP, permitted to keep auth - - Test 976 redirects from HTTP to HTTP different port, permitted to keep - auth - - -Backported to curl version 7.76.0 -Signed-off-by: Henry Beberman - -diff -Nar -U 5 a/lib/connect.c b/lib/connect.c ---- a/lib/connect.c 2022-04-20 10:50:40.686747823 -0700 -+++ b/lib/connect.c 2022-04-20 10:34:16.680496600 -0700 -@@ -617,10 +617,11 @@ - else - data->info.conn_local_ip[0] = 0; - data->info.conn_scheme = conn->handler->scheme; - data->info.conn_protocol = conn->handler->protocol; - data->info.conn_primary_port = conn->port; -+ data->info.conn_remote_port = conn->remote_port; - data->info.conn_local_port = local_port; - } - - /* retrieves ip address and port from a sockaddr structure. - note it calls Curl_inet_ntop which sets errno on fail, not SOCKERRNO. */ -diff -Nar -U 5 a/lib/transfer.c b/lib/transfer.c ---- a/lib/transfer.c 2022-04-20 10:50:40.686747823 -0700 -+++ b/lib/transfer.c 2022-04-20 10:36:14.324493856 -0700 -@@ -1639,14 +1639,57 @@ - newurl = strdup(newurl); - if(!newurl) - return CURLE_OUT_OF_MEMORY; - } - else { -- - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); - if(uc) - return Curl_uc_to_curlcode(uc); -+ -+ /* Clear auth if this redirects to a different port number or protocol, -+ unless permitted */ -+ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { -+ char *portnum; -+ int port; -+ bool clear = FALSE; -+ -+ uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, -+ CURLU_DEFAULT_PORT); -+ if(uc) { -+ free(newurl); -+ return Curl_uc_to_curlcode(uc); -+ } -+ port = atoi(portnum); -+ free(portnum); -+ -+ if(port != data->info.conn_remote_port) { -+ infof(data, "Clear auth, redirects to port from %u to %u", -+ data->info.conn_remote_port, port); -+ clear = TRUE; -+ } -+ else { -+ char *scheme; -+ const struct Curl_handler *p; -+ uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); -+ if(uc) { -+ free(newurl); -+ return Curl_uc_to_curlcode(uc); -+ } -+ -+ p = Curl_builtin_scheme(scheme); -+ if(p && (p->protocol != data->info.conn_protocol)) { -+ infof(data, "Clear auth, redirects scheme from %s to %s", -+ data->info.conn_scheme, scheme); -+ clear = TRUE; -+ } -+ free(scheme); -+ } -+ if(clear) { -+ Curl_safefree(data->state.aptr.user); -+ Curl_safefree(data->state.aptr.passwd); -+ } -+ } - } - - if(type == FOLLOW_FAKE) { - /* we're only figuring out the new url if we would've followed locations - but now we're done so we can get out! */ -diff -Nar -U 5 a/lib/urldata.h b/lib/urldata.h ---- a/lib/urldata.h 2022-04-20 10:50:40.686747823 -0700 -+++ b/lib/urldata.h 2022-04-20 10:34:37.144496748 -0700 -@@ -1161,11 +1161,15 @@ - allow curl_easy_reset() to clear this information from the session handle - without disturbing information which is still alive, and that might be - reused, in the connection cache. */ - - char conn_primary_ip[MAX_IPADR_LEN]; -- int conn_primary_port; -+ int conn_primary_port; /* this is the destination port to the connection, -+ which might have been a proxy */ -+ int conn_remote_port; /* this is the "remote port", which is the port -+ number of the used URL, independent of proxy or -+ not */ - char conn_local_ip[MAX_IPADR_LEN]; - int conn_local_port; - const char *conn_scheme; - unsigned int conn_protocol; - struct curl_certinfo certs; /* info about the certs, only populated in -diff -Nar -U 5 a/tests/data/Makefile.inc b/tests/data/Makefile.inc ---- a/tests/data/Makefile.inc 2022-04-20 10:50:40.698747770 -0700 -+++ b/tests/data/Makefile.inc 2022-04-20 10:42:01.312447276 -0700 -@@ -113,10 +113,11 @@ - test927 test928 test929 test930 test931 test932 test933 test934 test935 \ - test936 test937 test938 test939 test940 test941 test942 test943 test944 \ - test945 test946 test947 test948 test949 test950 test951 test952 test953 \ - test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ -+test972 test973 test974 test975 test976 \ - \ - test980 test981 test982 test983 test984 test985 test986 \ - \ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ -diff -Nar -U 5 a/tests/data/test972 b/tests/data/test972 ---- a/tests/data/test972 1969-12-31 16:00:00.000000000 -0800 -+++ b/tests/data/test972 2022-04-20 12:02:05.731713216 -0700 -@@ -0,0 +1,30 @@ -+ -+ -+ -+source analysis -+options-in-versions -+ -+ -+ -+# -+# Client-side -+ -+ -+none -+ -+ -+ -+Verify that options-in-versions and docs/cmdline-opts are in sync -+ -+ -+ -+%SRCDIR/options-scan.pl %SRCDIR/../docs/options-in-versions %SRCDIR/../docs/cmdline-opts -+ -+ -+ -+ -+ -+ok -+ -+ -+ -diff -Nar -U 5 a/tests/data/test973 b/tests/data/test973 ---- a/tests/data/test973 1969-12-31 16:00:00.000000000 -0800 -+++ b/tests/data/test973 2022-04-20 12:38:15.238586513 -0700 -@@ -0,0 +1,88 @@ -+ -+ -+ -+HTTP -+FTP -+--location -+ -+ -+ -+# -+# Server-side -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 -+ -+ -+ -+data -+ to -+ see -+that FTP -+works -+ so does it? -+ -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 -+ -+data -+ to -+ see -+that FTP -+works -+ so does it? -+ -+ -+ -+ -+# -+# Client-side -+ -+ -+http -+ftp -+ -+ -+HTTP with auth redirected to FTP w/o auth -+ -+ -+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+GET /%TESTNUMBER HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+Authorization: Basic am9lOnNlY3JldA== -+User-Agent: curl/%VERSION -+Accept: */* -+ -+USER anonymous -+PASS ftp@example.com -+PWD -+CWD a -+CWD path -+EPSV -+TYPE I -+SIZE %TESTNUMBER0002 -+RETR %TESTNUMBER0002 -+QUIT -+ -+ -+ -diff -Nar -U 5 a/tests/data/test974 b/tests/data/test974 ---- a/tests/data/test974 1969-12-31 16:00:00.000000000 -0800 -+++ b/tests/data/test974 2022-04-20 12:38:17.854585575 -0700 -@@ -0,0 +1,87 @@ -+ -+ -+ -+HTTP -+--location -+ -+ -+ -+# -+# Server-side -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 -+ -+ -+ -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 4 -+Connection: close -+Content-Type: text/html -+ -+hey -+ -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 -+ -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 4 -+Connection: close -+Content-Type: text/html -+ -+hey -+ -+ -+ -+ -+# -+# Client-side -+ -+ -+http -+ -+ -+HTTP with auth redirected to HTTP on a diff port w/o auth -+ -+ -+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+GET http://firsthost.com/ HTTP/1.1 -+Host: firsthost.com -+Authorization: Basic am9lOnNlY3JldA== -+User-Agent: curl/%VERSION -+Accept: */* -+Proxy-Connection: Keep-Alive -+ -+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 -+Host: firsthost.com:9999 -+User-Agent: curl/%VERSION -+Accept: */* -+Proxy-Connection: Keep-Alive -+ -+ -+ -+ -diff -Nar -U 5 a/tests/data/test975 b/tests/data/test975 ---- a/tests/data/test975 1969-12-31 16:00:00.000000000 -0800 -+++ b/tests/data/test975 2022-04-20 12:38:22.254583996 -0700 -@@ -0,0 +1,88 @@ -+ -+ -+ -+HTTP -+FTP -+--location-trusted -+ -+ -+ -+# -+# Server-side -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 -+ -+ -+ -+data -+ to -+ see -+that FTP -+works -+ so does it? -+ -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 -+ -+data -+ to -+ see -+that FTP -+works -+ so does it? -+ -+ -+ -+ -+# -+# Client-side -+ -+ -+http -+ftp -+ -+ -+HTTP with auth redirected to FTP allowing auth to continue -+ -+ -+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+GET /%TESTNUMBER HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+Authorization: Basic am9lOnNlY3JldA== -+User-Agent: curl/%VERSION -+Accept: */* -+ -+USER joe -+PASS secret -+PWD -+CWD a -+CWD path -+EPSV -+TYPE I -+SIZE %TESTNUMBER0002 -+RETR %TESTNUMBER0002 -+QUIT -+ -+ -+ -diff -Nar -U 5 a/tests/data/test976 b/tests/data/test976 ---- a/tests/data/test976 1969-12-31 16:00:00.000000000 -0800 -+++ b/tests/data/test976 2022-04-20 12:38:24.498583180 -0700 -@@ -0,0 +1,88 @@ -+ -+ -+ -+HTTP -+--location-trusted -+ -+ -+ -+# -+# Server-side -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 -+ -+ -+ -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 4 -+Connection: close -+Content-Type: text/html -+ -+hey -+ -+ -+ -+HTTP/1.1 301 redirect -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 0 -+Connection: close -+Content-Type: text/html -+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 -+ -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 4 -+Connection: close -+Content-Type: text/html -+ -+hey -+ -+ -+ -+ -+# -+# Client-side -+ -+ -+http -+ -+ -+HTTP with auth redirected to HTTP on a diff port --location-trusted -+ -+ -+-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+GET http://firsthost.com/ HTTP/1.1 -+Host: firsthost.com -+Authorization: Basic am9lOnNlY3JldA== -+User-Agent: curl/%VERSION -+Accept: */* -+Proxy-Connection: Keep-Alive -+ -+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 -+Host: firsthost.com:9999 -+Authorization: Basic am9lOnNlY3JldA== -+User-Agent: curl/%VERSION -+Accept: */* -+Proxy-Connection: Keep-Alive -+ -+ -+ -+ diff --git a/SPECS/curl/CVE-2022-27775.patch b/SPECS/curl/CVE-2022-27775.patch deleted file mode 100644 index 50aeb7471cf..00000000000 --- a/SPECS/curl/CVE-2022-27775.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 46091487fbdb37ffbe9c495de86c62d14634b71a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 21 Apr 2022 12:30:34 +0200 -Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey - -Make connections to two separate IPv6 zone ids create separate -connections. - -Backported to curl version 7.76.0 - -Reported-by: Harry Sintonen -Bug: https://curl.se/docs/CVE-2022-27775.html -Signed-off-by: Henry Beberman - -diff -Nar -U 5 a/lib/conncache.c b/lib/conncache.c ---- a/lib/conncache.c 2022-04-22 18:17:24.673469012 -0700 -+++ b/lib/conncache.c 2022-04-22 18:17:01.429473700 -0700 -@@ -157,12 +157,16 @@ - - if(hostp) - /* report back which name we used */ - *hostp = hostname; - -- /* put the number first so that the hostname gets cut off if too long */ -- msnprintf(buf, len, "%ld%s", port, hostname); -+ /* put the numbers first so that the hostname gets cut off if too long */ -+#ifdef ENABLE_IPV6 -+ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); -+#else -+ msnprintf(buf, len, "%ld/%s", port, hostname); -+#endif - } - - /* Returns number of connections currently held in the connection cache. - Locks/unlocks the cache itself! - */ diff --git a/SPECS/curl/CVE-2022-27776-supplemental.patch b/SPECS/curl/CVE-2022-27776-supplemental.patch deleted file mode 100644 index 95ad0b761b8..00000000000 --- a/SPECS/curl/CVE-2022-27776-supplemental.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 25 Apr 2022 17:59:15 +0200 -Subject: [PATCH] openssl: don't leak the SRP credentials in redirects either - -Follow-up to 620ea21410030 - -Backported to curl version 7.76.0 -Supplements CVE-2022-27774 and CVE-2022-27776 patches. - -Reported-by: Harry Sintonen -Signed-off-by: Henry Beberman -Closes #8751 ---- - lib/http.c | 10 +++++----- - lib/http.h | 6 ++++++ - lib/vtls/openssl.c | 3 ++- - 3 files changed, 13 insertions(+), 6 deletions(-) - -diff -Naur a/lib/http.c b/lib/http.c ---- a/lib/http.c 2022-04-27 12:12:59.698802848 -0700 -+++ b/lib/http.c 2022-04-27 12:08:36.526283013 -0700 -@@ -774,10 +774,10 @@ - } - - /* -- * allow_auth_to_host() tells if autentication, cookies or other "sensitive -- * data" can (still) be sent to this host. -+ * Curl_allow_auth_to_host() tells if authentication, cookies or other -+ * "sensitive data" can (still) be sent to this host. - */ --static bool allow_auth_to_host(struct Curl_easy *data) -+bool Curl_allow_auth_to_host(struct Curl_easy *data) - { - struct connectdata *conn = data->conn; - return (!data->state.this_is_a_follow || -@@ -862,7 +862,7 @@ - - /* To prevent the user+password to get sent to other than the original host - due to a location-follow */ -- if(allow_auth_to_host(data) -+ if(Curl_allow_auth_to_host(data) - || conn->bits.netrc - ) - result = output_auth_headers(data, conn, authhost, request, path, FALSE); -@@ -1916,7 +1916,7 @@ - checkprefix("Cookie:", compare)) && - /* be careful of sending this potentially sensitive header to - other hosts */ -- !allow_auth_to_host(data)) -+ !Curl_allow_auth_to_host(data)) - ; - else { - #ifdef USE_HYPER -diff -Naur a/lib/http.h b/lib/http.h ---- a/lib/http.h 2022-04-27 12:12:59.698802848 -0700 -+++ b/lib/http.h 2022-04-27 12:11:16.954602745 -0700 -@@ -317,4 +317,10 @@ - bool proxytunnel); /* TRUE if this is the request setting - up the proxy tunnel */ - -+/* -+ * Curl_allow_auth_to_host() tells if authentication, cookies or other -+ * "sensitive data" can (still) be sent to this host. -+ */ -+bool Curl_allow_auth_to_host(struct Curl_easy *data); -+ - #endif /* HEADER_CURL_HTTP_H */ -diff -Naur a/lib/vtls/openssl.c b/lib/vtls/openssl.c ---- a/lib/vtls/openssl.c 2022-04-27 12:12:59.698802848 -0700 -+++ b/lib/vtls/openssl.c 2022-04-27 12:12:38.694762195 -0700 -@@ -2853,7 +2853,8 @@ - #endif - - #ifdef USE_OPENSSL_SRP -- if(ssl_authtype == CURL_TLSAUTH_SRP) { -+ if((ssl_authtype == CURL_TLSAUTH_SRP) && -+ Curl_allow_auth_to_host(data)) { - char * const ssl_username = SSL_SET_OPTION(username); - - infof(data, "Using TLS-SRP username: %s\n", ssl_username); diff --git a/SPECS/curl/CVE-2022-27776.patch b/SPECS/curl/CVE-2022-27776.patch deleted file mode 100644 index a4d838b7649..00000000000 --- a/SPECS/curl/CVE-2022-27776.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 125302094326ad5eb0ea87f2d2ece6ceab1b1e59 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 22 Apr 2022 08:19:18 +0200 -Subject: [PATCH] http: avoid auth/cookie on redirects same host diff port - -CVE-2022-27776 - -Backported to curl version 7.76.0 - -Reported-by: Harry Sintonen -Bug: https://curl.se/docs/CVE-2022-27776.html -Signed-off-by: Henry Beberman - ---- - lib/http.c | 34 ++++++++++++++++++++++------------ - lib/urldata.h | 16 +++++++++------- - 2 files changed, 31 insertions(+), 19 deletions(-) - -diff -Nar -U 5 a/lib/http.c b/lib/http.c ---- a/lib/http.c 2022-04-22 18:29:57.088985160 -0700 -+++ b/lib/http.c 2022-04-22 18:32:55.368818513 -0700 -@@ -771,10 +771,25 @@ - authstatus->multipass = FALSE; - - return CURLE_OK; - } - -+/* -+ * allow_auth_to_host() tells if autentication, cookies or other "sensitive -+ * data" can (still) be sent to this host. -+ */ -+static bool allow_auth_to_host(struct Curl_easy *data) -+{ -+ struct connectdata *conn = data->conn; -+ return (!data->state.this_is_a_follow || -+ data->set.allow_auth_to_other_hosts || -+ (data->state.first_host && -+ strcasecompare(data->state.first_host, conn->host.name) && -+ (data->state.first_remote_port == conn->remote_port) && -+ (data->state.first_remote_protocol == conn->handler->protocol))); -+} -+ - /** - * Curl_http_output_auth() setups the authentication headers for the - * host/proxy and the correct authentication - * method. data->state.authdone is set to TRUE when authentication is - * done. -@@ -843,19 +858,16 @@ - #endif /* CURL_DISABLE_PROXY */ - /* we have no proxy so let's pretend we're done authenticating - with it */ - authproxy->done = TRUE; - -- /* To prevent the user+password to get sent to other than the original -- host due to a location-follow, we do some weirdo checks here */ -- if(!data->state.this_is_a_follow || -- conn->bits.netrc || -- !data->state.first_host || -- data->set.allow_auth_to_other_hosts || -- strcasecompare(data->state.first_host, conn->host.name)) { -+ /* To prevent the user+password to get sent to other than the original host -+ due to a location-follow */ -+ if(allow_auth_to_host(data) -+ || conn->bits.netrc -+ ) - result = output_auth_headers(data, conn, authhost, request, path, FALSE); -- } - else - authhost->done = TRUE; - - if(((authhost->multipass && !authhost->done) || - (authproxy->multipass && !authproxy->done)) && -@@ -1902,14 +1914,11 @@ - ; - else if((checkprefix("Authorization:", compare) || - checkprefix("Cookie:", compare)) && - /* be careful of sending this potentially sensitive header to - other hosts */ -- (data->state.this_is_a_follow && -- data->state.first_host && -- !data->set.allow_auth_to_other_hosts && -- !strcasecompare(data->state.first_host, conn->host.name))) -+ !allow_auth_to_host(data)) - ; - else { - #ifdef USE_HYPER - result = Curl_hyper_header(data, req, compare); - #else -@@ -2077,10 +2086,11 @@ - data->state.first_host = strdup(conn->host.name); - if(!data->state.first_host) - return CURLE_OUT_OF_MEMORY; - - data->state.first_remote_port = conn->remote_port; -+ data->state.first_remote_protocol = conn->handler->protocol; - } - Curl_safefree(data->state.aptr.host); - - ptr = Curl_checkheaders(data, "Host"); - if(ptr && (!data->state.this_is_a_follow || -diff -Nar -U 5 a/lib/urldata.h b/lib/urldata.h ---- a/lib/urldata.h 2022-04-22 18:29:57.088985160 -0700 -+++ b/lib/urldata.h 2022-04-22 18:28:34.241058524 -0700 -@@ -1330,18 +1330,20 @@ - - char *buffer; /* download buffer */ - char *ulbuf; /* allocated upload buffer or NULL */ - curl_off_t current_speed; /* the ProgressShow() function sets this, - bytes / second */ -- char *first_host; /* host name of the first (not followed) request. -- if set, this should be the host name that we will -- sent authorization to, no else. Used to make Location: -- following not keep sending user+password... This is -- strdup() data. -- */ -+ -+ /* host name, port number and protocol of the first (not followed) request. -+ if set, this should be the host name that we will sent authorization to, -+ no else. Used to make Location: following not keep sending user+password. -+ This is strdup()ed data. */ -+ char *first_host; -+ int first_remote_port; -+ unsigned int first_remote_protocol; -+ - int retrycount; /* number of retries on a new connection */ -- int first_remote_port; /* remote port of the first (not followed) request */ - struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ - long sessionage; /* number of the most recent session */ - struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ - unsigned int tempcount; /* number of entries in use in tempwrite, 0 - 3 */ - int os_errno; /* filled in with errno whenever an error occurs */ diff --git a/SPECS/curl/curl.signatures.json b/SPECS/curl/curl.signatures.json index 4aee9bcecdb..3af98b2a56b 100644 --- a/SPECS/curl/curl.signatures.json +++ b/SPECS/curl/curl.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "curl-7.76.0.tar.gz": "3b4378156ba09e224008e81dcce854b7ce4d182b1f9cfb97fe5ed9e9c18c6bd3" + "curl-7.84.0.tar.gz": "3c6893d38d054d4e378267166858698899e9d87258e8ff1419d020c395384535" } } \ No newline at end of file diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index 58972eb1247..2c522054dce 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -1,34 +1,17 @@ Summary: An URL retrieval utility and library Name: curl -Version: 7.76.0 -Release: 9%{?dist} +Version: 7.84.0 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/NetworkingLibraries -URL: https://curl.se -Source0: https://curl.se/download/%{name}-%{version}.tar.gz -Patch0: CVE-2021-22898.patch -Patch1: CVE-2021-22901.patch -Patch2: CVE-2021-22897.patch -Patch3: CVE-2021-22922.nopatch -Patch4: CVE-2021-22923.nopatch -Patch5: CVE-2021-22924.patch -Patch6: CVE-2021-22925.patch -# CVE-2021-22926 is only applicable for macOS builds -Patch7: CVE-2021-22926.nopatch -Patch8: CVE-2021-22945.patch -Patch9: CVE-2021-22946.patch -Patch10: CVE-2021-22947.patch -Patch11: CVE-2022-22576.patch -Patch12: CVE-2022-27774.patch -Patch13: CVE-2022-27775.patch -Patch14: CVE-2022-27776.patch -Patch15: CVE-2022-27776-supplemental.patch +URL: https://curl.haxx.se +Source0: https://curl.haxx.se/download/%{name}-%{version}.tar.gz BuildRequires: krb5-devel BuildRequires: libssh2-devel BuildRequires: openssl-devel -Requires: %{name}-libs = %{version}-%{release} +Requires: curl-libs = %{version}-%{release} Requires: krb5 Requires: libssh2 Requires: openssl @@ -41,18 +24,20 @@ DICT, LDAP, LDAPS and FILE. Its ability to both download and upload files can be incorporated into other programs to support functions like streaming media. -%package devel +%package devel Summary: Libraries and header files for curl Requires: %{name} = %{version}-%{release} +Provides: libcurl-devel = %{version}-%{release} %description devel Static libraries and header files for the support library for curl -%package libs +%package libs Summary: Libraries for curl Group: System Environment/Libraries +Provides: libcurl = %{version}-%{release} -%description libs +%description libs This package contains minimal set of shared curl libraries. %prep @@ -103,6 +88,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libcurl.so.4* %changelog +* Tue Aug 09 2022 Pawel Winogrodzki - 7.84.0-1 +- Updating to version 7.84.0 to fix CVE-2022-32207. + * Tue Apr 26 2022 Henry Beberman - 7.76.0-9 - Backport upstream patches for CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776 diff --git a/cgmanifest.json b/cgmanifest.json index 48cc7f85773..dac8c632c7d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -985,8 +985,8 @@ "type": "other", "other": { "name": "curl", - "version": "7.76.0", - "downloadUrl": "https://curl.se/download/curl-7.76.0.tar.gz" + "version": "7.84.0", + "downloadUrl": "https://curl.haxx.se/download/curl-7.84.0.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index e26f16f9ddf..fbffe00c2d2 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -130,9 +130,9 @@ libsolv-0.7.20-1.cm1.aarch64.rpm libsolv-devel-0.7.20-1.cm1.aarch64.rpm libssh2-1.9.0-1.cm1.aarch64.rpm libssh2-devel-1.9.0-1.cm1.aarch64.rpm -curl-7.76.0-9.cm1.aarch64.rpm -curl-devel-7.76.0-9.cm1.aarch64.rpm -curl-libs-7.76.0-9.cm1.aarch64.rpm +curl-7.84.0-1.cm1.aarch64.rpm +curl-devel-7.84.0-1.cm1.aarch64.rpm +curl-libs-7.84.0-1.cm1.aarch64.rpm tdnf-2.1.0-6.cm1.aarch64.rpm tdnf-cli-libs-2.1.0-6.cm1.aarch64.rpm tdnf-devel-2.1.0-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 6b65a2fe8cf..ed4a8b717cd 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -130,9 +130,9 @@ libsolv-0.7.20-1.cm1.x86_64.rpm libsolv-devel-0.7.20-1.cm1.x86_64.rpm libssh2-1.9.0-1.cm1.x86_64.rpm libssh2-devel-1.9.0-1.cm1.x86_64.rpm -curl-7.76.0-9.cm1.x86_64.rpm -curl-devel-7.76.0-9.cm1.x86_64.rpm -curl-libs-7.76.0-9.cm1.x86_64.rpm +curl-7.84.0-1.cm1.x86_64.rpm +curl-devel-7.84.0-1.cm1.x86_64.rpm +curl-libs-7.84.0-1.cm1.x86_64.rpm tdnf-2.1.0-6.cm1.x86_64.rpm tdnf-cli-libs-2.1.0-6.cm1.x86_64.rpm tdnf-devel-2.1.0-6.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 9a3b768cc98..9aff64eade3 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -51,10 +51,10 @@ cryptsetup-debuginfo-2.3.3-2.cm1.aarch64.rpm cryptsetup-devel-2.3.3-2.cm1.aarch64.rpm cryptsetup-libs-2.3.3-2.cm1.aarch64.rpm cryptsetup-reencrypt-2.3.3-2.cm1.aarch64.rpm -curl-7.76.0-9.cm1.aarch64.rpm -curl-debuginfo-7.76.0-9.cm1.aarch64.rpm -curl-devel-7.76.0-9.cm1.aarch64.rpm -curl-libs-7.76.0-9.cm1.aarch64.rpm +curl-7.84.0-1.cm1.aarch64.rpm +curl-debuginfo-7.84.0-1.cm1.aarch64.rpm +curl-devel-7.84.0-1.cm1.aarch64.rpm +curl-libs-7.84.0-1.cm1.aarch64.rpm cyrus-sasl-2.1.28-1.cm1.aarch64.rpm cyrus-sasl-debuginfo-2.1.28-1.cm1.aarch64.rpm device-mapper-2.03.05-6.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 79679a188f2..bf67f96d266 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -51,10 +51,10 @@ cryptsetup-debuginfo-2.3.3-2.cm1.x86_64.rpm cryptsetup-devel-2.3.3-2.cm1.x86_64.rpm cryptsetup-libs-2.3.3-2.cm1.x86_64.rpm cryptsetup-reencrypt-2.3.3-2.cm1.x86_64.rpm -curl-7.76.0-9.cm1.x86_64.rpm -curl-debuginfo-7.76.0-9.cm1.x86_64.rpm -curl-devel-7.76.0-9.cm1.x86_64.rpm -curl-libs-7.76.0-9.cm1.x86_64.rpm +curl-7.84.0-1.cm1.x86_64.rpm +curl-debuginfo-7.84.0-1.cm1.x86_64.rpm +curl-devel-7.84.0-1.cm1.x86_64.rpm +curl-libs-7.84.0-1.cm1.x86_64.rpm cyrus-sasl-2.1.28-1.cm1.x86_64.rpm cyrus-sasl-debuginfo-2.1.28-1.cm1.x86_64.rpm device-mapper-2.03.05-6.cm1.x86_64.rpm From 4c62ef57e2d540231012b2d6561e2a858fac5cdd Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 11 Aug 2022 11:49:10 -0700 Subject: [PATCH 2/8] vim: update version to 9.0.0181 to fix CVEs 2022-2522, 2022-2571, 2022-2580, 2022-2581. (#3515) --- SPECS/vim/vim.signatures.json | 2 +- SPECS/vim/vim.spec | 5 +- cgmanifest.json | 144 +++++++++++++++++----------------- 3 files changed, 77 insertions(+), 74 deletions(-) diff --git a/SPECS/vim/vim.signatures.json b/SPECS/vim/vim.signatures.json index 913954639c6..7e5f6684768 100644 --- a/SPECS/vim/vim.signatures.json +++ b/SPECS/vim/vim.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "vim-9.0.0050.tar.gz": "c93759a46699151e153826a9c87a09265567c6f4a1f71cc5753b24f57dc7a6c9" + "vim-9.0.0181.tar.gz": "92c7d9b37d35fffa29aa8940adfd851f8122f15f2925611ae29b466347f7bab7" } } diff --git a/SPECS/vim/vim.spec b/SPECS/vim/vim.spec index ffb8d747cf6..5764e19b4ff 100755 --- a/SPECS/vim/vim.spec +++ b/SPECS/vim/vim.spec @@ -1,7 +1,7 @@ %define debug_package %{nil} Summary: Text editor Name: vim -Version: 9.0.0050 +Version: 9.0.0181 Release: 1%{?dist} License: Vim Vendor: Microsoft Corporation @@ -191,6 +191,9 @@ fi %{_bindir}/vimdiff %changelog +* Tue Aug 09 2022 Pawel Winogrodzki - 9.0.0181-1 +- Upgrade to 9.0.0181 to fix CVEs: 2022-2522, 2022-2571, 2022-2580, 2022-2581. + * Wed Jul 13 2022 Mandeep Plaha - 9.0.0050-1 - Upgrade to 9.0.0050 to fix CVEs: 2022-2257, 2022-2264, 2022-2284, 2022-2285, 2022-2286, 2022-2287 diff --git a/cgmanifest.json b/cgmanifest.json index dac8c632c7d..dbcc795d007 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2144,9 +2144,9 @@ "component": { "type": "other", "other": { - "name": "hyperv-daemons", - "version": "5.10.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" + "name": "hyperscan", + "version": "5.4.0", + "downloadUrl": "https://github.com/intel/hyperscan/archive/v5.4.0.tar.gz" } } }, @@ -2154,9 +2154,9 @@ "component": { "type": "other", "other": { - "name": "hyperscan", - "version": "5.4.0", - "downloadUrl": "https://github.com/intel/hyperscan/archive/v5.4.0.tar.gz" + "name": "hyperv-daemons", + "version": "5.10.131.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner/5.10.131.1.tar.gz" } } }, @@ -3720,6 +3720,26 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "libxml++", + "version": "3.2.0", + "downloadUrl": "http://ftp.gnome.org/pub/GNOME/sources/libxml++/3.2/libxml++-3.2.0.tar.xz" + } + } + }, + { + "component": { + "type": "other", + "other": { + "name": "libxml2", + "version": "2.9.14", + "downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.9.14/libxml2-v2.9.14.tar.gz" + } + } + }, { "component": { "type": "other", @@ -3790,6 +3810,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "libxslt", + "version": "1.1.34", + "downloadUrl": "http://xmlsoft.org/sources/libxslt-1.1.34.tar.gz" + } + } + }, { "component": { "type": "other", @@ -3850,36 +3880,6 @@ } } }, - { - "component": { - "type": "other", - "other": { - "name": "libxml++", - "version": "3.2.0", - "downloadUrl": "http://ftp.gnome.org/pub/GNOME/sources/libxml++/3.2/libxml++-3.2.0.tar.xz" - } - } - }, - { - "component": { - "type": "other", - "other": { - "name": "libxml2", - "version": "2.9.14", - "downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.9.14/libxml2-v2.9.14.tar.gz" - } - } - }, - { - "component": { - "type": "other", - "other": { - "name": "libxslt", - "version": "1.1.34", - "downloadUrl": "http://xmlsoft.org/sources/libxslt-1.1.34.tar.gz" - } - } - }, { "component": { "type": "other", @@ -4775,8 +4775,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4785,8 +4785,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/corba/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/corba/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4795,8 +4795,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/hotspot/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4805,8 +4805,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jaxp/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4815,8 +4815,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jaxws/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jaxws/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4825,8 +4825,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/langtools/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/langtools/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4835,8 +4835,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jdk/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4845,8 +4845,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.212", - "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/nashorn/archive/jdk8u212-b04.tar.bz2" + "version": "1.8.0.181", + "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/nashorn/archive/aarch64-jdk8u181-b13.tar.bz2" } } }, @@ -4855,8 +4855,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.332", - "downloadUrl": "https://github.com/adoptium/jdk8u/archive/jdk8u332-b02.tar.gz" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4865,8 +4865,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/corba/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4875,8 +4875,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/corba/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4885,8 +4885,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/hotspot/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4895,8 +4895,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jaxp/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jaxws/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4905,8 +4905,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jaxws/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/langtools/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4915,8 +4915,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/langtools/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4925,8 +4925,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/jdk/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.212", + "downloadUrl": "http://hg.openjdk.java.net/jdk8u/jdk8u/nashorn/archive/jdk8u212-b04.tar.bz2" } } }, @@ -4935,8 +4935,8 @@ "type": "other", "other": { "name": "openjdk8", - "version": "1.8.0.181", - "downloadUrl": "http://hg.openjdk.java.net/aarch64-port/jdk8u/nashorn/archive/aarch64-jdk8u181-b13.tar.bz2" + "version": "1.8.0.332", + "downloadUrl": "https://github.com/adoptium/jdk8u/archive/jdk8u332-b02.tar.gz" } } }, @@ -8625,8 +8625,8 @@ "type": "other", "other": { "name": "vim", - "version": "9.0.0050", - "downloadUrl": "https://github.com/vim/vim/archive/v9.0.0050.tar.gz" + "version": "9.0.0181", + "downloadUrl": "https://github.com/vim/vim/archive/v9.0.0181.tar.gz" } } }, From 70974daa257021626d87fa7a42d94ce8477bdbae Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 11 Aug 2022 13:49:21 -0700 Subject: [PATCH 3/8] tzdata: update to latest version 2022b. --- SPECS/tzdata/tzdata.signatures.json | 2 +- SPECS/tzdata/tzdata.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/tzdata/tzdata.signatures.json b/SPECS/tzdata/tzdata.signatures.json index 2f43212a2d3..57ba2825ae9 100644 --- a/SPECS/tzdata/tzdata.signatures.json +++ b/SPECS/tzdata/tzdata.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "tzdata2022a.tar.gz": "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" + "tzdata2022b.tar.gz": "f590eaf04a395245426c2be4fae71c143aea5cebc11088b7a0a5704461df397d" } } \ No newline at end of file diff --git a/SPECS/tzdata/tzdata.spec b/SPECS/tzdata/tzdata.spec index ea232696d3c..bf8553030ac 100644 --- a/SPECS/tzdata/tzdata.spec +++ b/SPECS/tzdata/tzdata.spec @@ -1,6 +1,6 @@ Summary: Time zone data Name: tzdata -Version: 2022a +Version: 2022b Release: 1%{?dist} URL: https://www.iana.org/time-zones License: Public Domain @@ -43,6 +43,9 @@ ln -svf %{_datarootdir}/zoneinfo/UTC %{buildroot}%{_sysconfdir}/localtime %{_datadir}/* %changelog +* Thu Aug 11 2022 CBL-Mariner Service Account - 2022b-1 +- Update to version "2022b". + * Thu Mar 17 2022 CBL-Mariner Service Account - 2022a-1 - Update to version "2022a". diff --git a/cgmanifest.json b/cgmanifest.json index dbcc795d007..f47d21247b1 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -8475,8 +8475,8 @@ "type": "other", "other": { "name": "tzdata", - "version": "2022a", - "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2022a.tar.gz" + "version": "2022b", + "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2022b.tar.gz" } } }, From 81f0e6e723c819693ac422f674ce262b22ac20b8 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 11 Aug 2022 16:58:03 -0700 Subject: [PATCH 4/8] freetype: update to version 2.12.1 to fix CVEs 2022-27405 and 2022-27406 (#3524) --- SPECS/freetype/CVE-2022-27404.patch | 42 ------------------- SPECS/freetype/freetype.signatures.json | 2 +- SPECS/freetype/freetype.spec | 8 ++-- cgmanifest.json | 4 +- .../manifests/package/toolchain_aarch64.txt | 6 +-- .../manifests/package/toolchain_x86_64.txt | 6 +-- 6 files changed, 14 insertions(+), 54 deletions(-) delete mode 100644 SPECS/freetype/CVE-2022-27404.patch diff --git a/SPECS/freetype/CVE-2022-27404.patch b/SPECS/freetype/CVE-2022-27404.patch deleted file mode 100644 index 04cd0ccbc2c..00000000000 --- a/SPECS/freetype/CVE-2022-27404.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 53dfdcd8198d2b3201a23c4bad9190519ba918db Mon Sep 17 00:00:00 2001 -From: Werner Lemberg -Date: Thu, 17 Mar 2022 19:24:16 +0100 -Subject: [PATCH] [sfnt] Avoid invalid face index. - -Fixes #1138. - -* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font): -Check `face_index` before decrementing. ---- - src/sfnt/sfobjs.c | 2 +- - src/sfnt/sfwoff2.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c -index f9d4d3858..9771c35df 100644 ---- a/src/sfnt/sfobjs.c -+++ b/src/sfnt/sfobjs.c -@@ -566,7 +566,7 @@ - face_index = FT_ABS( face_instance_index ) & 0xFFFF; - - /* value -(N+1) requests information on index N */ -- if ( face_instance_index < 0 ) -+ if ( face_instance_index < 0 && face_index > 0 ) - face_index--; - - if ( face_index >= face->ttc_header.count ) -diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c -index cb1e0664a..165b875e5 100644 ---- a/src/sfnt/sfwoff2.c -+++ b/src/sfnt/sfwoff2.c -@@ -2085,7 +2085,7 @@ - /* Validate requested face index. */ - *num_faces = woff2.num_fonts; - /* value -(N+1) requests information on index N */ -- if ( *face_instance_index < 0 ) -+ if ( *face_instance_index < 0 && face_index > 0 ) - face_index--; - - if ( face_index >= woff2.num_fonts ) --- -GitLab diff --git a/SPECS/freetype/freetype.signatures.json b/SPECS/freetype/freetype.signatures.json index 399c199811d..82bb20d0821 100644 --- a/SPECS/freetype/freetype.signatures.json +++ b/SPECS/freetype/freetype.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "freetype-2.11.1.tar.gz": "f8db94d307e9c54961b39a1cc799a67d46681480696ed72ecf78d4473770f09b" + "freetype-2.12.1.tar.gz": "efe71fd4b8246f1b0b1b9bfca13cfff1c9ad85930340c27df469733bbb620938" } } \ No newline at end of file diff --git a/SPECS/freetype/freetype.spec b/SPECS/freetype/freetype.spec index 264c8aa4db7..54161a5ed10 100644 --- a/SPECS/freetype/freetype.spec +++ b/SPECS/freetype/freetype.spec @@ -1,14 +1,13 @@ Summary: software font engine. Name: freetype -Version: 2.11.1 -Release: 2%{?dist} +Version: 2.12.1 +Release: 1%{?dist} License: BSD WITH advertising OR GPLv2 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Libraries URL: https://www.freetype.org/ Source0: https://download.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz -Patch0: CVE-2022-27404.patch BuildRequires: libtool BuildRequires: zlib-devel @@ -55,6 +54,9 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} %{_libdir}/pkgconfig/*.pc %changelog +* Thu Aug 11 2022 Pawel Winogrodzki - 2.12.1-1 +- Updating to version 2.12.1 to address CVEs: 2022-27405 and 2022-27406. + * Mon May 16 2022 Neha Agarwal - 2.11.1-2 - Add patch to address CVE-2022-27404. diff --git a/cgmanifest.json b/cgmanifest.json index f47d21247b1..395dedbefa9 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1595,8 +1595,8 @@ "type": "other", "other": { "name": "freetype", - "version": "2.11.1", - "downloadUrl": "https://bigsearcher.com/mirrors/nongnu/freetype/freetype-2.11.1.tar.gz" + "version": "2.12.1", + "downloadUrl": "https://download.savannah.gnu.org/releases/freetype/freetype-2.12.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 9aff64eade3..ea852965e91 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -95,9 +95,9 @@ findutils-lang-4.6.0-8.cm1.aarch64.rpm flex-2.6.4-6.cm1.aarch64.rpm flex-debuginfo-2.6.4-6.cm1.aarch64.rpm flex-devel-2.6.4-6.cm1.aarch64.rpm -freetype-2.11.1-2.cm1.aarch64.rpm -freetype-debuginfo-2.11.1-2.cm1.aarch64.rpm -freetype-devel-2.11.1-2.cm1.aarch64.rpm +freetype-2.12.1-1.cm1.aarch64.rpm +freetype-debuginfo-2.12.1-1.cm1.aarch64.rpm +freetype-devel-2.12.1-1.cm1.aarch64.rpm gawk-4.2.1-4.cm1.aarch64.rpm gawk-debuginfo-4.2.1-4.cm1.aarch64.rpm gcc-9.1.0-7.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index bf67f96d266..2b03800fc11 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -95,9 +95,9 @@ findutils-lang-4.6.0-8.cm1.x86_64.rpm flex-2.6.4-6.cm1.x86_64.rpm flex-debuginfo-2.6.4-6.cm1.x86_64.rpm flex-devel-2.6.4-6.cm1.x86_64.rpm -freetype-2.11.1-2.cm1.x86_64.rpm -freetype-debuginfo-2.11.1-2.cm1.x86_64.rpm -freetype-devel-2.11.1-2.cm1.x86_64.rpm +freetype-2.12.1-1.cm1.x86_64.rpm +freetype-debuginfo-2.12.1-1.cm1.x86_64.rpm +freetype-devel-2.12.1-1.cm1.x86_64.rpm gawk-4.2.1-4.cm1.x86_64.rpm gawk-debuginfo-4.2.1-4.cm1.x86_64.rpm gcc-9.1.0-7.cm1.x86_64.rpm From 7a2f085b9fa6463b2733cc600e3cc66edb0e4b47 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 15 Aug 2022 13:44:39 -0700 Subject: [PATCH 5/8] libarchive: update to version 3.6.1 to fix CVE-2021-36976. (#3529) --- SPECS/libarchive/libarchive.signatures.json | 2 +- SPECS/libarchive/libarchive.spec | 7 +++++-- cgmanifest.json | 4 ++-- toolkit/resources/manifests/package/toolchain_aarch64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_x86_64.txt | 6 +++--- .../toolchain/container/toolchain-remote-wget-list | 2 +- toolkit/scripts/toolchain/container/toolchain-sha256sums | 2 +- .../toolchain/container/toolchain_build_in_chroot.sh | 8 ++++---- 8 files changed, 20 insertions(+), 17 deletions(-) diff --git a/SPECS/libarchive/libarchive.signatures.json b/SPECS/libarchive/libarchive.signatures.json index 2303fab6913..1d93549b304 100644 --- a/SPECS/libarchive/libarchive.signatures.json +++ b/SPECS/libarchive/libarchive.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libarchive-3.4.2.tar.gz": "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176" + "libarchive-3.6.1.tar.gz": "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2" } } \ No newline at end of file diff --git a/SPECS/libarchive/libarchive.spec b/SPECS/libarchive/libarchive.spec index f3ec4ffb3cd..9c98acf488e 100644 --- a/SPECS/libarchive/libarchive.spec +++ b/SPECS/libarchive/libarchive.spec @@ -1,7 +1,7 @@ Summary: Multi-format archive and compression library Name: libarchive -Version: 3.4.2 -Release: 3%{?dist} +Version: 3.6.1 +Release: 1%{?dist} # Certain files have individual licenses. For more details see contents of "COPYING". License: BSD AND Public Domain AND (ASL 2.0 OR CC0 1.0 OR OpenSSL) Vendor: Microsoft Corporation @@ -58,6 +58,9 @@ make %{?_smp_mflags} check %{_libdir}/pkgconfig/*.pc %changelog +* Fri Aug 12 2022 Pawel Winogrodzki - 3.6.1-1 +- Updating to version 3.6.1 to fix CVE-2021-36976. + * Tue Nov 24 2020 Henry Beberman - 3.4.2-3 - Update Source URL to GitHub instead of libarchive.org diff --git a/cgmanifest.json b/cgmanifest.json index 395dedbefa9..771feab851e 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2705,8 +2705,8 @@ "type": "other", "other": { "name": "libarchive", - "version": "3.4.2", - "downloadUrl": "https://github.com/libarchive/libarchive/releases/download/v3.4.2/libarchive-3.4.2.tar.gz" + "version": "3.6.1", + "downloadUrl": "https://github.com/libarchive/libarchive/releases/download/v3.6.1/libarchive-3.6.1.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index ea852965e91..6f4e9118dd8 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -163,9 +163,9 @@ krb5-lang-1.18.4-2.cm1.aarch64.rpm libaio-0.3.112-3.cm1.aarch64.rpm libaio-debuginfo-0.3.112-3.cm1.aarch64.rpm libaio-devel-0.3.112-3.cm1.aarch64.rpm -libarchive-3.4.2-3.cm1.aarch64.rpm -libarchive-debuginfo-3.4.2-3.cm1.aarch64.rpm -libarchive-devel-3.4.2-3.cm1.aarch64.rpm +libarchive-3.6.1-1.cm1.aarch64.rpm +libarchive-debuginfo-3.6.1-1.cm1.aarch64.rpm +libarchive-devel-3.6.1-1.cm1.aarch64.rpm libassuan-2.5.1-3.cm1.aarch64.rpm libassuan-debuginfo-2.5.1-3.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 2b03800fc11..70f5c158555 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -163,9 +163,9 @@ krb5-lang-1.18.4-2.cm1.x86_64.rpm libaio-0.3.112-3.cm1.x86_64.rpm libaio-debuginfo-0.3.112-3.cm1.x86_64.rpm libaio-devel-0.3.112-3.cm1.x86_64.rpm -libarchive-3.4.2-3.cm1.x86_64.rpm -libarchive-debuginfo-3.4.2-3.cm1.x86_64.rpm -libarchive-devel-3.4.2-3.cm1.x86_64.rpm +libarchive-3.6.1-1.cm1.x86_64.rpm +libarchive-debuginfo-3.6.1-1.cm1.x86_64.rpm +libarchive-devel-3.6.1-1.cm1.x86_64.rpm libassuan-2.5.1-3.cm1.x86_64.rpm libassuan-debuginfo-2.5.1-3.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list index 871ad5054fb..add96c3051f 100644 --- a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list +++ b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list @@ -27,7 +27,7 @@ https://tukaani.org/xz/xz-5.2.4.tar.xz https://zlib.net/zlib-1.2.12.tar.xz https://ftp.gnu.org/gnu/cpio/cpio-2.13.tar.bz2 http://anduin.linuxfromscratch.org/BLFS/bdb/db-5.3.28.tar.gz -https://github.com/libarchive/libarchive/releases/download/v3.4.2/libarchive-3.4.2.tar.gz +https://github.com/libarchive/libarchive/releases/download/v3.6.1/libarchive-3.6.1.tar.gz http://www.lua.org/ftp/lua-5.3.5.tar.gz ftp://anduin.linuxfromscratch.org/BLFS/popt/popt-1.16.tar.gz http://ftp.rpm.org/releases/rpm-4.14.x/rpm-4.14.2.tar.bz2 diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums index e5d88bab0ab..1c61df3da81 100644 --- a/toolkit/scripts/toolchain/container/toolchain-sha256sums +++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums @@ -60,7 +60,7 @@ b725c9b2e9793df7bf5d4d300390db11aa27bd98df9f33021d539be9bd603846 jdk8u212-b04-j 6d28bdd752c056de98f6faf897b338d6ce8938810d72a69c2f5c1d81d628d44a jdk8u212-b04.tar.bz2 f882210b76376e3fa006b11dbd890e56ec0942bc56e65d1249ff4af86f90b857 kbproto-1.0.7.tar.bz2 648e92ed6c42730054c3c147b52169003dee23b00b0ee2612a48ab4202ebcb35 kernel-5.10.131.1.tar.gz -b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176 libarchive-3.4.2.tar.gz +c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2 libarchive-3.6.1.tar.gz b630b7c484271b3ba867680d6a14b10a86cfa67247a14631b14c06731d5a458b libcap-2.26.tar.xz c97da36d2e56a2d7b6e4f896241785acc95e97eb9557465fd66ba2a155a7b201 libdmx-1.1.3.tar.bz2 d06ebb8e1d9a22d19e38d63fdb83954253f39bedc5d46232a05645685722ca37 libffi-3.2.1.tar.gz diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh index 8affa41590e..21fcb5ce39d 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh @@ -1116,14 +1116,14 @@ popd rm -rf cpio-2.13 touch /logs/status_cpio_complete -echo libarchive-3.4.2 -tar xf libarchive-3.4.2.tar.gz -pushd libarchive-3.4.2 +echo libarchive-3.6.1 +tar xf libarchive-3.6.1.tar.gz +pushd libarchive-3.6.1 ./configure --prefix=/usr --disable-static make -j$(nproc) make install popd -rm -rf libarchive-3.4.2 +rm -rf libarchive-3.6.1 touch /logs/status_libarchive_complete echo lua-5.3.5 From 53c8cc5091fced115a544a423f17a233da5944e0 Mon Sep 17 00:00:00 2001 From: Olivia Crain Date: Tue, 16 Aug 2022 14:53:24 -0500 Subject: [PATCH 6/8] Patch CVE-2022-37434 in zlib (#3548) --- SPECS/zlib/CVE-2022-37434.patch | 62 +++++++++++++++++++ SPECS/zlib/zlib.spec | 10 ++- .../manifests/package/pkggen_core_aarch64.txt | 4 +- .../manifests/package/pkggen_core_x86_64.txt | 4 +- .../manifests/package/toolchain_aarch64.txt | 6 +- .../manifests/package/toolchain_x86_64.txt | 6 +- 6 files changed, 80 insertions(+), 12 deletions(-) create mode 100644 SPECS/zlib/CVE-2022-37434.patch diff --git a/SPECS/zlib/CVE-2022-37434.patch b/SPECS/zlib/CVE-2022-37434.patch new file mode 100644 index 00000000000..ad2a849d3b8 --- /dev/null +++ b/SPECS/zlib/CVE-2022-37434.patch @@ -0,0 +1,62 @@ +From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 30 Jul 2022 15:51:11 -0700 +Subject: [PATCH] Fix a bug when getting a gzip header extra field with + inflate(). + +If the extra field was larger than the space the user provided with +inflateGetHeader(), and if multiple calls of inflate() delivered +the extra header data, then there could be a buffer overflow of the +provided space. This commit assures that provided space is not +exceeded. +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index 7be8c6366..7a7289749 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -763,9 +763,10 @@ int flush; + copy = state->length; + if (copy > have) copy = have; + if (copy) { ++ len = state->head->extra_len - state->length; + if (state->head != Z_NULL && +- state->head->extra != Z_NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != Z_NULL && ++ len < state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); + +From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 8 Aug 2022 10:50:09 -0700 +Subject: [PATCH] Fix extra field processing bug that dereferences NULL + state->head. + +The recent commit to fix a gzip header extra field processing bug +introduced the new bug fixed here. +--- + inflate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index 7a7289749..2a3c4fe98 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -763,10 +763,10 @@ int flush; + copy = state->length; + if (copy > have) copy = have; + if (copy) { +- len = state->head->extra_len - state->length; + if (state->head != Z_NULL && + state->head->extra != Z_NULL && +- len < state->head->extra_max) { ++ (len = state->head->extra_len - state->length) < ++ state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); diff --git a/SPECS/zlib/zlib.spec b/SPECS/zlib/zlib.spec index 9c04e719fef..b1d4ac26e39 100644 --- a/SPECS/zlib/zlib.spec +++ b/SPECS/zlib/zlib.spec @@ -1,13 +1,14 @@ Summary: Compression and decompression routines Name: zlib Version: 1.2.12 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://www.zlib.net/ License: zlib Group: Applications/System Vendor: Microsoft Corporation Distribution: Mariner Source0: http://www.zlib.net/%{name}-%{version}.tar.xz +Patch0: CVE-2022-37434.patch %define sha1 zlib=e1cb0d5c92da8e9a8c2635dfa249c341dfd00322 %description Compression and decompression routines @@ -35,7 +36,7 @@ make %{?_smp_mflags} check %postun -p /sbin/ldconfig %files %defattr(-,root,root) -%license contrib/dotzlib/LICENSE_1_0.txt +%license README %{_libdir}/libz.so.* %files devel @@ -47,6 +48,11 @@ make %{?_smp_mflags} check %{_mandir}/man3/zlib.3.gz %changelog +* Tue Aug 16 2022 Olivia Crain - 1.2.12-2 +- Add upstream patches for CVE-2022-37434 +- Fix packaged license- actual license is contained within README +- License verified + * Wed May 04 2022 Nick Samson - 1.2.12-1 - Upgraded to 1.2.12 to fix CVE-2018-25032 * Sat May 09 2020 Nick Samson - 1.2.11-3 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index fbffe00c2d2..7ff3a4c280e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -7,8 +7,8 @@ glibc-iconv-2.28-23.cm1.aarch64.rpm glibc-lang-2.28-23.cm1.aarch64.rpm glibc-nscd-2.28-23.cm1.aarch64.rpm glibc-tools-2.28-23.cm1.aarch64.rpm -zlib-1.2.12-1.cm1.aarch64.rpm -zlib-devel-1.2.12-1.cm1.aarch64.rpm +zlib-1.2.12-2.cm1.aarch64.rpm +zlib-devel-1.2.12-2.cm1.aarch64.rpm file-5.38-1.cm1.aarch64.rpm file-devel-5.38-1.cm1.aarch64.rpm file-libs-5.38-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index ed4a8b717cd..a5bc51093c8 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -7,8 +7,8 @@ glibc-iconv-2.28-23.cm1.x86_64.rpm glibc-lang-2.28-23.cm1.x86_64.rpm glibc-nscd-2.28-23.cm1.x86_64.rpm glibc-tools-2.28-23.cm1.x86_64.rpm -zlib-1.2.12-1.cm1.x86_64.rpm -zlib-devel-1.2.12-1.cm1.x86_64.rpm +zlib-1.2.12-2.cm1.x86_64.rpm +zlib-devel-1.2.12-2.cm1.x86_64.rpm file-5.38-1.cm1.x86_64.rpm file-devel-5.38-1.cm1.x86_64.rpm file-libs-5.38-1.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 6f4e9118dd8..46c586d14a9 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -425,9 +425,9 @@ xz-lang-5.2.4-3.cm1.aarch64.rpm xz-libs-5.2.4-3.cm1.aarch64.rpm zip-3.0-5.cm1.aarch64.rpm zip-debuginfo-3.0-5.cm1.aarch64.rpm -zlib-1.2.12-1.cm1.aarch64.rpm -zlib-debuginfo-1.2.12-1.cm1.aarch64.rpm -zlib-devel-1.2.12-1.cm1.aarch64.rpm +zlib-1.2.12-2.cm1.aarch64.rpm +zlib-debuginfo-1.2.12-2.cm1.aarch64.rpm +zlib-devel-1.2.12-2.cm1.aarch64.rpm zstd-1.4.9-1.cm1.aarch64.rpm zstd-debuginfo-1.4.9-1.cm1.aarch64.rpm zstd-devel-1.4.9-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 70f5c158555..c44e1007191 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -425,9 +425,9 @@ xz-lang-5.2.4-3.cm1.x86_64.rpm xz-libs-5.2.4-3.cm1.x86_64.rpm zip-3.0-5.cm1.x86_64.rpm zip-debuginfo-3.0-5.cm1.x86_64.rpm -zlib-1.2.12-1.cm1.x86_64.rpm -zlib-debuginfo-1.2.12-1.cm1.x86_64.rpm -zlib-devel-1.2.12-1.cm1.x86_64.rpm +zlib-1.2.12-2.cm1.x86_64.rpm +zlib-debuginfo-1.2.12-2.cm1.x86_64.rpm +zlib-devel-1.2.12-2.cm1.x86_64.rpm zstd-1.4.9-1.cm1.x86_64.rpm zstd-debuginfo-1.4.9-1.cm1.x86_64.rpm zstd-devel-1.4.9-1.cm1.x86_64.rpm From 5d6f0d75a4059771311602327f0d6574d6d37cb0 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 16 Aug 2022 17:17:42 -0700 Subject: [PATCH 7/8] mariner-release: bump 'Release' tag for August Update 2. (#3552) --- SPECS/mariner-release/mariner-release.spec | 4 +++- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index f9a1ed10c57..e780a289177 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 1.0 -Release: 43%{?dist} +Release: 44%{?dist} License: MIT Group: System Environment/Base URL: https://aka.ms/cbl-mariner @@ -67,6 +67,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /etc/issue.net %changelog +* Tue Aug 16 2022 Pawel Winogrodzki - 1.0-44 +- Updating version for August update 2. * Wed Aug 04 2022 Andrew Phelps - 1.0-43 - Updating version for August update. * Fri Jul 08 2022 Jon Slobodzian - 1.0-42 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 7ff3a4c280e..898fa8e1a64 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.aarch64.rpm gettext-0.19.8.1-5.cm1.aarch64.rpm gzip-1.9-5.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm -mariner-release-1.0-43.cm1.noarch.rpm +mariner-release-1.0-44.cm1.noarch.rpm patch-2.7.6-7.cm1.aarch64.rpm util-linux-2.32.1-7.cm1.aarch64.rpm util-linux-devel-2.32.1-7.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index a5bc51093c8..a5004502213 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.x86_64.rpm gettext-0.19.8.1-5.cm1.x86_64.rpm gzip-1.9-5.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm -mariner-release-1.0-43.cm1.noarch.rpm +mariner-release-1.0-44.cm1.noarch.rpm patch-2.7.6-7.cm1.x86_64.rpm util-linux-2.32.1-7.cm1.x86_64.rpm util-linux-devel-2.32.1-7.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 46c586d14a9..17b7eae971b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -259,7 +259,7 @@ m4-debuginfo-1.4.18-4.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm make-debuginfo-4.2.1-5.cm1.aarch64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-43.cm1.noarch.rpm +mariner-release-1.0-44.cm1.noarch.rpm mariner-repos-1.0-15.cm1.noarch.rpm mariner-repos-extras-1.0-15.cm1.noarch.rpm mariner-repos-extras-preview-1.0-15.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index c44e1007191..b757c9a260b 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -259,7 +259,7 @@ m4-debuginfo-1.4.18-4.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm make-debuginfo-4.2.1-5.cm1.x86_64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-43.cm1.noarch.rpm +mariner-release-1.0-44.cm1.noarch.rpm mariner-repos-1.0-15.cm1.noarch.rpm mariner-repos-extras-1.0-15.cm1.noarch.rpm mariner-repos-extras-preview-1.0-15.cm1.noarch.rpm From 78082242c8a64d5e15aa16eef8d73365af7a6f78 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 16 Aug 2022 17:56:57 -0700 Subject: [PATCH 8/8] kernel: nopatch CVE-2022-1012. (#3555) Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com> --- SPECS/kernel/CVE-2022-1012.nopatch | 1 + 1 file changed, 1 insertion(+) create mode 100644 SPECS/kernel/CVE-2022-1012.nopatch diff --git a/SPECS/kernel/CVE-2022-1012.nopatch b/SPECS/kernel/CVE-2022-1012.nopatch new file mode 100644 index 00000000000..4c760f65555 --- /dev/null +++ b/SPECS/kernel/CVE-2022-1012.nopatch @@ -0,0 +1 @@ +CVE-2022-1012 - patched in 5.10.123.1 \ No newline at end of file