diff options
author | Christian Melki <christian.melki@t2data.com> | 2022-05-11 09:20:28 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2022-05-13 14:12:32 +0200 |
commit | c261fdaa3bc36e02c7c3b94397e8de4764b05165 (patch) | |
tree | 64e3561b587d4da5752a902128a6611af2c5bb13 /patches | |
parent | a637a4e50bac0bfd9ae809220d8841dd9c344f2a (diff) | |
download | ptxdist-c261fdaa3bc36e02c7c3b94397e8de4764b05165.tar.gz ptxdist-c261fdaa3bc36e02c7c3b94397e8de4764b05165.tar.xz |
libcurl: Version bump. 7.83.0 -> 7.83.1
Usual churn of fixes.
Curl is seeing an accelerated CVE ticketing.
Probably due to a functioning bug bounty program.
https://hackerone.com/curl?type=team
With 30 reports in the last 90 days.
So probably expect more CVEs in the near future.
Changelog: https://curl.se/changes.html
Security: https://curl.se/docs/security.html
Plugs CVEs: CVE-2022-30115, CVE-2022-27782, CVE-2022-27781,
CVE-2022-27780, CVE-2022-27779, CVE-2022-27778
Signed-off-by: Christian Melki <christian.melki@t2data.com>
Message-Id: <20220511072028.1152041-1-christian.melki@t2data.com>
[mol: remove obsolte patch]
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches')
-rw-r--r-- | patches/curl-7.83.0/0001-http-move-Curl_allow_auth_to_host.patch | 61 | ||||
-rw-r--r-- | patches/curl-7.83.0/series | 4 |
2 files changed, 0 insertions, 65 deletions
diff --git a/patches/curl-7.83.0/0001-http-move-Curl_allow_auth_to_host.patch b/patches/curl-7.83.0/0001-http-move-Curl_allow_auth_to_host.patch deleted file mode 100644 index e94cc87a5..000000000 --- a/patches/curl-7.83.0/0001-http-move-Curl_allow_auth_to_host.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Daniel Stenberg <daniel@haxx.se> -Date: Fri, 29 Apr 2022 22:56:47 +0200 -Subject: [PATCH] http: move Curl_allow_auth_to_host() - -It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef - -Reported-by: Michael Olbrich -Fixes #8772 -Closes #8775 ---- - lib/http.c | 30 +++++++++++++++--------------- - 1 file changed, 15 insertions(+), 15 deletions(-) - -diff --git a/lib/http.c b/lib/http.c -index 0d5c449bc72a..b215307dcaaa 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -651,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) - return result; - } - -+/* -+ * Curl_allow_auth_to_host() tells if authentication, cookies or other -+ * "sensitive data" can (still) be sent to this host. -+ */ -+bool Curl_allow_auth_to_host(struct Curl_easy *data) -+{ -+ struct connectdata *conn = data->conn; -+ return (!data->state.this_is_a_follow || -+ data->set.allow_auth_to_other_hosts || -+ (data->state.first_host && -+ strcasecompare(data->state.first_host, conn->host.name) && -+ (data->state.first_remote_port == conn->remote_port) && -+ (data->state.first_remote_protocol == conn->handler->protocol))); -+} -+ - #ifndef CURL_DISABLE_HTTP_AUTH - /* - * Output the correct authentication header depending on the auth type -@@ -775,21 +790,6 @@ output_auth_headers(struct Curl_easy *data, - return CURLE_OK; - } - --/* -- * Curl_allow_auth_to_host() tells if authentication, cookies or other -- * "sensitive data" can (still) be sent to this host. -- */ --bool Curl_allow_auth_to_host(struct Curl_easy *data) --{ -- struct connectdata *conn = data->conn; -- return (!data->state.this_is_a_follow || -- data->set.allow_auth_to_other_hosts || -- (data->state.first_host && -- strcasecompare(data->state.first_host, conn->host.name) && -- (data->state.first_remote_port == conn->remote_port) && -- (data->state.first_remote_protocol == conn->handler->protocol))); --} -- - /** - * Curl_http_output_auth() setups the authentication headers for the - * host/proxy and the correct authentication diff --git a/patches/curl-7.83.0/series b/patches/curl-7.83.0/series deleted file mode 100644 index 9ccc49f9c..000000000 --- a/patches/curl-7.83.0/series +++ /dev/null @@ -1,4 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-http-move-Curl_allow_auth_to_host.patch -# c4e69d4d6fe80949a188daf1e2e80518 - git-ptx-patches magic |