diff --git a/0001-curl-7.61.1-test320-gnutls.patch b/0001-curl-7.61.1-test320-gnutls.patch deleted file mode 100644 index a9cbaac0465b35f46df6ae3220ab4476bbb4589e..0000000000000000000000000000000000000000 --- a/0001-curl-7.61.1-test320-gnutls.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 4 Oct 2018 15:34:13 +0200 -Subject: [PATCH] test320: strip out more HTML when comparing - -To make the test case work with different gnutls-serv versions better. - -Reported-by: Kamil Dudka -Fixes #3093 -Closes #3094 - -Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3 -Signed-off-by: Kamil Dudka ---- - tests/data/test320 | 24 ++++-------------------- - 1 file changed, 4 insertions(+), 20 deletions(-) - -diff --git a/tests/data/test320 b/tests/data/test320 -index 457a11eb2..87311d4f2 100644 ---- a/tests/data/test320 -+++ b/tests/data/test320 -@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response - HTTP/1.0 200 OK - Content-type: text/html - -- -- --

This is GnuTLS

-- -- -- --
If your browser supports session resuming, then you should see the same session ID, when you press the reload button.
--

Connected as user 'jsmith'.

--

-- -- -- -- -- --

Key Exchange:SRP
CompressionNULL
CipherAES-NNN-CBC
MACSHA1
CiphersuiteSRP_SHA_AES_NNN_CBC_SHA1
--

Your HTTP header was:

Host: %HOSTIP:%HTTPTLSPORT
-+FINE
- User-Agent: curl-test-suite
- Accept: */*
- 
--

-- -- - - --s/^

Session ID:.*// -+s/^

Connected as user 'jsmith'.*/FINE/ - s/Protocol version:.*[0-9]// - s/GNUTLS/GnuTLS/ - s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/ -+s/^<.*\n// -+s/^\n// - - - --- -2.17.1 - diff --git a/0001-curl-7.66.0-metalink-memleak.patch b/0001-curl-7.66.0-metalink-memleak.patch new file mode 100644 index 0000000000000000000000000000000000000000..16c8ae2b04fd2791b036d3dec54306c7ba32bb5f --- /dev/null +++ b/0001-curl-7.66.0-metalink-memleak.patch @@ -0,0 +1,71 @@ +From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 11 Sep 2019 16:32:11 +0200 +Subject: [PATCH] curl: fix memory leaked by parse_metalink() + +This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. +Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind +and libmetalink enabled. + +Closes #4326 + +Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732 +Signed-off-by: Kamil Dudka +--- + src/tool_metalink.c | 2 +- + src/tool_metalink.h | 3 +++ + src/tool_operate.c | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/tool_metalink.c b/src/tool_metalink.c +index 0740407f9..cd5a7d650 100644 +--- a/src/tool_metalink.c ++++ b/src/tool_metalink.c +@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res) + Curl_safefree(res); + } + +-static void delete_metalinkfile(metalinkfile *mlfile) ++void delete_metalinkfile(metalinkfile *mlfile) + { + metalink_resource *res; + if(mlfile == NULL) { +diff --git a/src/tool_metalink.h b/src/tool_metalink.h +index 1e367033c..f5ec306f7 100644 +--- a/src/tool_metalink.h ++++ b/src/tool_metalink.h +@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1]; + * Counts the resource in the metalinkfile. + */ + int count_next_metalink_resource(metalinkfile *mlfile); ++ ++void delete_metalinkfile(metalinkfile *mlfile); + void clean_metalink(struct OperationConfig *config); + + /* +@@ -158,6 +160,7 @@ void metalink_cleanup(void); + #else /* USE_METALINK */ + + #define count_next_metalink_resource(x) 0 ++#define delete_metalinkfile(x) (void)x + #define clean_metalink(x) (void)x + + /* metalink_cleanup() takes no arguments */ +diff --git a/src/tool_operate.c b/src/tool_operate.c +index d2ad9642d..09dfc0c84 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global, + result = post_transfer(global, share, per, result, &retry); + if(retry) + continue; ++ ++ /* Release metalink related resources here */ ++ delete_metalinkfile(per->mlfile); ++ + per = del_transfer(per); + + /* Bail out upon critical errors or --fail-early */ +-- +2.20.1 + diff --git a/0001-fix-double-free-when-multi-perform.patch b/0001-fix-double-free-when-multi-perform.patch deleted file mode 100644 index ad0d61b94d491da2d3377d7aa464f9187f42fac7..0000000000000000000000000000000000000000 --- a/0001-fix-double-free-when-multi-perform.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 8df95297b910daa93627eb3edb89f863e6867b93 Mon Sep 17 00:00:00 2001 -From: wangjia -Date: Sat, 30 Mar 2019 01:14:21 -0400 -Subject: [PATCH] fix double free when multi perform - ---- - lib/multi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/multi.c b/lib/multi.c -index 49b8b19..228a3da 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -2034,7 +2034,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - else if(comeback) - rc = CURLM_CALL_MULTI_PERFORM; - -- free(newurl); - break; - } - --- -2.19.1 - diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 532980eb568d8652351a071d8ffdd4f721268d97..613106dab3313d021dfea2b9cf6bcc989f9e0f3b 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -22,7 +22,7 @@ index 150004d..95d0759 100644 ;; --prefix) -@@ -143,32 +143,17 @@ while test $# -gt 0; do +@@ -155,32 +155,17 @@ while test $# -gt 0; do ;; --libs) diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch index bbb253faae7f985224c9c12cd8ae60b054ddfba1..affe9f069ce63fd7472c4eebd4fe3a1e11fa02f9 100644 --- a/0102-curl-7.36.0-debug.patch +++ b/0102-curl-7.36.0-debug.patch @@ -12,7 +12,7 @@ diff --git a/configure b/configure index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; } +@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` @@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 index 0cbba7a..9175b5b 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 -@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ +@@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/0103-curl-7.59.0-python3.patch b/0103-curl-7.59.0-python3.patch index f66b6c0a9485f72b3d5c91b158b55485ee76a453..56485fed9ba23f24aa198faa2899cbd556b616e1 100644 --- a/0103-curl-7.59.0-python3.patch +++ b/0103-curl-7.59.0-python3.patch @@ -1,88 +1,23 @@ -From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Thu, 15 Mar 2018 13:21:40 +0100 -Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3 - ---- - tests/http_pipe.py | 4 ++-- - tests/runtests.pl | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/http_pipe.py b/tests/http_pipe.py -index bc32173..75ac165 100755 ---- a/tests/http_pipe.py -+++ b/tests/http_pipe.py -@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler): - self.request.setblocking(True) - if not new_data: - return -- new_requests = self._request_parser.ParseAdditionalData(new_data) -+ new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8')) - self._response_builder.QueueRequests( - new_requests, self._request_parser.were_all_requests_http_1_1) - self._num_queued += len(new_requests) - self._last_queued_time = time.time() - elif fileno in wlist: -- num_bytes_sent = self.request.send(self._send_buffer[0:4096]) -+ num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8')) - self._send_buffer = self._send_buffer[num_bytes_sent:] - time.sleep(0.05) - -diff --git a/tests/runtests.pl b/tests/runtests.pl -index d6aa5ca..4d395ef 100755 ---- a/tests/runtests.pl -+++ b/tests/runtests.pl -@@ -1439,7 +1439,7 @@ sub runhttpserver { - elsif($alt eq "pipe") { - # basically the same, but another ID - $idnum = 3; -- $exe = "python $srcdir/http_pipe.py"; -+ $exe = "python3 $srcdir/http_pipe.py"; - $verbose_flag .= "1 "; - } - elsif($alt eq "unix") { --- -2.14.3 - - From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 15 Mar 2018 14:49:56 +0100 -Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3 +Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3 Unfortunately, smbserver.py does not work with Python 3 because there is no 'impacket' module available for Python 3: https://github.com/CoreSecurity/impacket/issues/61 --- - tests/negtelnetserver.py | 12 ++++++------ - tests/smbserver.py | 4 ++-- - 2 files changed, 8 insertions(+), 8 deletions(-) + tests/negtelnetserver.py | 4 ++-- + tests/smbserver.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py index 8cfd409..72ee771 100755 --- a/tests/negtelnetserver.py +++ b/tests/negtelnetserver.py -@@ -23,7 +23,7 @@ IDENT = "NTEL" - - # The strings that indicate the test framework is checking our aliveness - VERIFIED_REQ = b"verifiedserver" --VERIFIED_RSP = b"WE ROOLZ: {pid}" -+VERIFIED_RSP = "WE ROOLZ: {pid}" - - - def telnetserver(options): -@@ -34,7 +34,7 @@ def telnetserver(options): - if options.pidfile: - pid = os.getpid() - with open(options.pidfile, "w") as f: -- f.write(b"{0}".format(pid)) -+ f.write("{0}".format(pid)) - - local_bind = (HOST, options.port) - log.info("Listening on %s", local_bind) @@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): - response_data = VERIFIED_RSP.format(pid=os.getpid()) + response_data = response.encode('ascii') else: log.debug("Received normal request - echoing back") - response_data = data.strip() @@ -95,24 +30,6 @@ index 8cfd409..72ee771 100755 except IOError: log.exception("IOError hit during request") -@@ -132,7 +132,7 @@ class Negotiator(object): - return buffer - - def byte_to_int(self, byte): -- return struct.unpack(b'B', byte)[0] -+ return int(byte) - - def no_neg(self, byte, byte_int, buffer): - # Not negotiating anything thus far. Check to see if we -@@ -197,7 +197,7 @@ class Negotiator(object): - self.tcp.sendall(packed_message) - - def pack(self, arr): -- return struct.pack(b'{0}B'.format(len(arr)), *arr) -+ return struct.pack('{0}B'.format(len(arr)), *arr) - - def send_iac(self, arr): - message = [NegTokens.IAC] diff --git a/tests/smbserver.py b/tests/smbserver.py index 195ae39..b09cd44 100755 --- a/tests/smbserver.py diff --git a/0104-curl-7.19.7-localhost6.patch b/0104-curl-7.19.7-localhost6.patch index 4f664d3dcf543fca09002406844f2598b2dd34d2..caa8bc2f488bd9a157a2e21eafa3f0f5621d204b 100644 --- a/0104-curl-7.19.7-localhost6.patch +++ b/0104-curl-7.19.7-localhost6.patch @@ -14,8 +14,8 @@ index e441278..b0958b6 100644 +-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 --perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" -+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" +-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" ++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d05c672310543288e8f91a2e8fd1ac3d3d32ebb --- /dev/null +++ b/0105-curl-7.63.0-lib1560-valgrind.patch @@ -0,0 +1,39 @@ +From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 4 Feb 2019 17:32:56 +0100 +Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp + +... to prevent valgrind from reporting false positives on x86_64: + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCAA: part2id (lib1560.c:489) + by 0x10BCAA: updateurl (lib1560.c:521) + by 0x10BCAA: set_parts (lib1560.c:630) + by 0x10BCAA: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCC3: part2id (lib1560.c:491) + by 0x10BCC3: updateurl (lib1560.c:521) + by 0x10BCC3: set_parts (lib1560.c:630) + by 0x10BCC3: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) +--- + tests/libtest/Makefile.inc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index 080421b..ea3b806 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib1559_LDADD = $(TESTUTIL_LIBS) + + lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp + lib1560_LDADD = $(TESTUTIL_LIBS) + + lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +-- +2.17.2 + diff --git a/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch b/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch deleted file mode 100644 index bdecdc719dd3c2f7665411ae9572aea62517deea..0000000000000000000000000000000000000000 --- a/CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 28 Sep 2018 16:08:16 +0200 -Subject: [PATCH 225/557] Curl_auth_create_plain_message: fix - too-large-input-check - -CVE-2018-16839 -Reported-by: Harry Sintonen -Bug: https://curl.haxx.se/docs/CVE-2018-16839.html ---- - lib/vauth/cleartext.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c -index a10edbd..be6d611 100644 ---- a/lib/vauth/cleartext.c -+++ b/lib/vauth/cleartext.c -@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, - plen = strlen(passwdp); - - /* Compute binary message length. Check for overflows. */ -- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) -+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) - return CURLE_OUT_OF_MEMORY; - plainlen = 2 * ulen + plen + 2; - --- -1.8.3.1 - diff --git a/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch b/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch deleted file mode 100644 index 64ef0f39b31bf107a584a75e96f9f587ef2382a8..0000000000000000000000000000000000000000 --- a/CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 81d135d67155c5295b1033679c606165d4e28f3f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 18 Oct 2018 15:07:15 +0200 -Subject: [PATCH 224/557] Curl_close: clear data->multi_easy on free to avoid - use-after-free - -Regression from b46cfbc068 (7.59.0) -CVE-2018-16840 -Reported-by: Brian Carpenter (Geeknik Labs) - -Bug: https://curl.haxx.se/docs/CVE-2018-16840.html ---- - lib/url.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index 723b898..0d5a13f 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data) - and detach this handle from there. */ - curl_multi_remove_handle(data->multi, data); - -- if(data->multi_easy) -+ if(data->multi_easy) { - /* when curl_easy_perform() is used, it creates its own multi handle to - use and this is the one */ - curl_multi_cleanup(data->multi_easy); -+ data->multi_easy = NULL; -+ } - - /* Destroy the timeout list that is held in the easy handle. It is - /normally/ done by curl_multi_remove_handle() but this is "just in --- -1.8.3.1 - diff --git a/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch b/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch deleted file mode 100644 index b40e660a085f4c6251c41ca6b4c4734dc175df54..0000000000000000000000000000000000000000 --- a/CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 28 Oct 2018 01:33:23 +0200 -Subject: [PATCH 232/557] voutf: fix bad arethmetic when outputting warnings to - stderr - -CVE-2018-16842 -Reported-by: Brian Carpenter -Bug: https://curl.haxx.se/docs/CVE-2018-16842.html ---- - src/tool_msgs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tool_msgs.c b/src/tool_msgs.c -index 832ed81..f5e1df2 100644 ---- a/src/tool_msgs.c -+++ b/src/tool_msgs.c -@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config, - (void)fwrite(ptr, cut + 1, 1, config->errors); - fputs("\n", config->errors); - ptr += cut + 1; /* skip the space too */ -- len -= cut; -+ len -= cut + 1; - } - else { - fputs(ptr, config->errors); --- -1.8.3.1 - diff --git a/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch b/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch deleted file mode 100644 index a769dca23edf126cc7765b0523e2b22efe554d64..0000000000000000000000000000000000000000 --- a/CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 2 Jan 2019 20:33:08 +0100 -Subject: [PATCH 478/557] NTLM: fix size check condition for type2 received - data - -Bug: https://curl.haxx.se/docs/CVE-2018-16890.html -Reported-by: Wenxiang Qian -CVE-2018-16890 ---- - lib/vauth/ntlm.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index c3d55ed..0ad4d97 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, - target_info_len = Curl_read16_le(&buffer[40]); - target_info_offset = Curl_read32_le(&buffer[44]); - if(target_info_len > 0) { -- if(((target_info_offset + target_info_len) > size) || -+ if((target_info_offset >= size) || -+ ((target_info_offset + target_info_len) > size) || - (target_info_offset < 48)) { - infof(data, "NTLM handshake failure (bad type-2 message). " -- "Target Info Offset Len is set incorrect by the peer\n"); -+ "Target Info Offset Len is set incorrect by the peer\n"); - return CURLE_BAD_CONTENT_ENCODING; - } - --- -1.8.3.1 - diff --git a/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch b/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch deleted file mode 100644 index 9f411aeefd1e98d5f3f0a66739b13debaa94c789..0000000000000000000000000000000000000000 --- a/CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 3 Jan 2019 12:59:28 +0100 -Subject: [PATCH 479/557] ntlm: fix *_type3_message size check to avoid buffer - overflow - -Bug: https://curl.haxx.se/docs/CVE-2019-3822.html -Reported-by: Wenxiang Qian -CVE-2019-3822 ---- - lib/vauth/ntlm.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c -index 0ad4d97..6a8fc5a 100644 ---- a/lib/vauth/ntlm.c -+++ b/lib/vauth/ntlm.c -@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, - }); - - #ifdef USE_NTRESPONSES -- if(size < (NTLM_BUFSIZE - ntresplen)) { -- DEBUGASSERT(size == (size_t)ntrespoff); -- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -- size += ntresplen; -+ /* ntresplen + size should not be risking an integer overflow here */ -+ if(ntresplen + size > sizeof(ntlmbuf)) { -+ failf(data, "incoming NTLM message too big"); -+ return CURLE_OUT_OF_MEMORY; - } -+ DEBUGASSERT(size == (size_t)ntrespoff); -+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); -+ size += ntresplen; - - DEBUG_OUT({ - fprintf(stderr, "\n ntresp="); --- -1.8.3.1 - diff --git a/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch b/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch deleted file mode 100644 index f79544a5eb8e75c0010405674f1e485bf410a2e4..0000000000000000000000000000000000000000 --- a/CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Sat, 19 Jan 2019 00:42:47 +0100 -Subject: [PATCH 480/557] smtp: avoid risk of buffer overflow in strtol - -If the incoming len 5, but the buffer does not have a termination -after 5 bytes, the strtol() call may keep reading through the line -buffer until is exceeds its boundary. Fix by ensuring that we are -using a bounded read with a temporary buffer on the stack. - -Bug: https://curl.haxx.se/docs/CVE-2019-3823.html -Reported-by: Brian Carpenter (Geeknik Labs) -CVE-2019-3823 ---- - lib/smtp.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/lib/smtp.c b/lib/smtp.c -index 84fc68e..d55647b 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, - Section 4. Examples of RFC-4954 but some e-mail servers ignore this and - only send the response code instead as per Section 4.2. */ - if(line[3] == ' ' || len == 5) { -+ char tmpline[6]; -+ - result = TRUE; -- *resp = curlx_sltosi(strtol(line, NULL, 10)); -+ memset(tmpline, '\0', sizeof(tmpline)); -+ memcpy(tmpline, line, (len == 5 ? 5 : 3)); -+ *resp = curlx_sltosi(strtol(tmpline, NULL, 10)); - - /* Make sure real server never sends internal value */ - if(*resp == 1) --- -1.8.3.1 - diff --git a/CVE-2019-5436.patch b/CVE-2019-5436.patch deleted file mode 100644 index 9fdeb30bd4839bbf4bd06c01d44f7a7118bdde4d..0000000000000000000000000000000000000000 --- a/CVE-2019-5436.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 5c89b6583079cd4cccbdf59929fa14515397430a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 3 May 2019 22:20:37 +0200 -Subject: [PATCH] tftp: use the current blksize for recvfrom() - -bug: CVE-2019-XXXXX -Reported-by: l00p3r ---- - lib/tftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: curl-7.64.0/lib/tftp.c -=================================================================== ---- curl-7.64.0.orig/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400 -+++ curl-7.64.0/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400 -@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct conn - state->sockfd = state->conn->sock[FIRSTSOCKET]; - state->state = TFTP_STATE_START; - state->error = TFTP_ERR_NONE; -- state->blksize = TFTP_BLKSIZE_DEFAULT; -+ state->blksize = blksize; - state->requested_blksize = blksize; - - ((struct sockaddr *)&state->local_addr)->sa_family = - diff --git a/CVE-2019-5481.patch b/CVE-2019-5481.patch deleted file mode 100644 index 2aa4952cee44ff443568a2c21e198c78becb8c14..0000000000000000000000000000000000000000 --- a/CVE-2019-5481.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9069838b30fb3b48af0123e39f664cea683254a5 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 3 Sep 2019 22:59:32 +0200 -Subject: [PATCH] security:read_data fix bad realloc() - -... that could end up a double-free - -CVE-2019-5481 -Bug: https://curl.haxx.se/docs/CVE-2019-5481.html ---- - lib/security.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/lib/security.c b/lib/security.c -index 550ea2da8d..c5e4e135df 100644 ---- a/lib/security.c -+++ b/lib/security.c -@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn, - struct krb5buffer *buf) - { - int len; -- void *tmp = NULL; - CURLcode result; - - result = socket_read(fd, &len, sizeof(len)); -@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn, - if(len) { - /* only realloc if there was a length */ - len = ntohl(len); -- tmp = Curl_saferealloc(buf->data, len); -+ buf->data = Curl_saferealloc(buf->data, len); - } -- if(tmp == NULL) -+ if(!len || !buf->data) - return CURLE_OUT_OF_MEMORY; - -- buf->data = tmp; - result = socket_read(fd, buf->data, len); - if(result) - return result; diff --git a/CVE-2019-5482.patch b/CVE-2019-5482.patch deleted file mode 100644 index fc9dc73f7d003e728330eb8732f685546fd5d06b..0000000000000000000000000000000000000000 --- a/CVE-2019-5482.patch +++ /dev/null @@ -1,59 +0,0 @@ -From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001 -From: Thomas Vegas <> -Date: Sat, 31 Aug 2019 17:30:51 +0200 -Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is - received - -Fixes potential buffer overflow from 'recvfrom()', should the server -return an OACK without blksize. - -Bug: https://curl.haxx.se/docs/CVE-2019-5482.html -CVE-2019-5482 ---- - lib/tftp.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/lib/tftp.c b/lib/tftp.c -index a7176cec80..346f293dc5 100644 ---- a/lib/tftp.c -+++ b/lib/tftp.c -@@ -985,6 +985,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) - { - tftp_state_data_t *state; - int blksize; -+ int need_blksize; - - blksize = TFTP_BLKSIZE_DEFAULT; - -@@ -999,15 +1000,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) - return CURLE_TFTP_ILLEGAL; - } - -+ need_blksize = blksize; -+ /* default size is the fallback when no OACK is received */ -+ if(need_blksize < TFTP_BLKSIZE_DEFAULT) -+ need_blksize = TFTP_BLKSIZE_DEFAULT; -+ - if(!state->rpacket.data) { -- state->rpacket.data = calloc(1, blksize + 2 + 2); -+ state->rpacket.data = calloc(1, need_blksize + 2 + 2); - - if(!state->rpacket.data) - return CURLE_OUT_OF_MEMORY; - } - - if(!state->spacket.data) { -- state->spacket.data = calloc(1, blksize + 2 + 2); -+ state->spacket.data = calloc(1, need_blksize + 2 + 2); - - if(!state->spacket.data) - return CURLE_OUT_OF_MEMORY; -@@ -1021,7 +1027,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) - state->sockfd = state->conn->sock[FIRSTSOCKET]; - state->state = TFTP_STATE_START; - state->error = TFTP_ERR_NONE; -- state->blksize = blksize; -+ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ - state->requested_blksize = blksize; - - ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/Curl_dedotdotify-always-nul-terminate-returned-strin.patch b/Curl_dedotdotify-always-nul-terminate-returned-strin.patch deleted file mode 100644 index 983d7865fef1db84bd03cbd3cd6afe9c1fdbb448..0000000000000000000000000000000000000000 --- a/Curl_dedotdotify-always-nul-terminate-returned-strin.patch +++ /dev/null @@ -1,25 +0,0 @@ -From c558db3c39db1817f78ac1bd81ec03a99447d423 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Mon, 18 Mar 2019 12:47:43 -0400 -Subject: [PATCH] 0095 - ---- - lib/dotdot.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/dotdot.c b/lib/dotdot.c -index cbb308d..2c6177a 100644 ---- a/lib/dotdot.c -+++ b/lib/dotdot.c -@@ -62,6 +62,8 @@ char *Curl_dedotdotify(const char *input) - if(!out) - return NULL; /* out of memory */ - -+ *out = 0; /* zero terminates, for inputs like "./" */ -+ - /* get a cloned copy of the input */ - clone = strdup(input); - if(!clone) { --- -1.8.3.1 - diff --git a/Curl_http2_done-fix-memleak-in-error-path.patch b/Curl_http2_done-fix-memleak-in-error-path.patch deleted file mode 100644 index 4783beb2231c087c78c631a0a176a123cf3080f9..0000000000000000000000000000000000000000 --- a/Curl_http2_done-fix-memleak-in-error-path.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d26605818339acb190572a5c4291945160063ff0 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Mon, 18 Mar 2019 13:41:26 -0400 -Subject: [PATCH] 0101 - ---- - lib/http2.c | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/lib/http2.c b/lib/http2.c -index dfc780e..eb395f9 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -1085,12 +1085,8 @@ void Curl_http2_done(struct connectdata *conn, bool premature) - struct HTTP *http = data->req.protop; - struct http_conn *httpc = &conn->proto.httpc; - -- if(!httpc->h2) /* not HTTP/2 ? */ -- return; -- -- if(data->state.drain) -- drained_transfer(data, httpc); -- -+ /* there might be allocated resources done before this got the 'h2' pointer -+ setup */ - if(http->header_recvbuf) { - Curl_add_buffer_free(http->header_recvbuf); - http->header_recvbuf = NULL; /* clear the pointer */ -@@ -1106,6 +1102,12 @@ void Curl_http2_done(struct connectdata *conn, bool premature) - } - } - -+ if(!httpc->h2) /* not HTTP/2 ? */ -+ return; -+ -+ if(data->state.drain) -+ drained_transfer(data, httpc); -+ - if(premature) { - /* RST_STREAM */ - if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, --- -1.8.3.1 - diff --git a/Curl_retry_request-fix-memory-leak.patch b/Curl_retry_request-fix-memory-leak.patch deleted file mode 100644 index 1111b600f93c61b42ef10a840595393d3aa48572..0000000000000000000000000000000000000000 --- a/Curl_retry_request-fix-memory-leak.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ef695fc30144c8b92700c0161cdafd141c70ae60 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 24 Sep 2018 14:05:24 +0200 -Subject: [PATCH 098/557] Curl_retry_request: fix memory leak - -Detected by OSS-Fuzz - -Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 -Closes #3042 ---- - lib/transfer.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/lib/transfer.c b/lib/transfer.c -index 6a80bf3..efd9292 100644 ---- a/lib/transfer.c -+++ b/lib/transfer.c -@@ -1705,8 +1705,13 @@ CURLcode Curl_retry_request(struct connectdata *conn, - - if(conn->handler->protocol&PROTO_FAMILY_HTTP) { - struct HTTP *http = data->req.protop; -- if(http->writebytecount) -- return Curl_readrewind(conn); -+ if(http->writebytecount) { -+ CURLcode result = Curl_readrewind(conn); -+ if(result) { -+ Curl_safefree(*url); -+ return result; -+ } -+ } - } - } - return CURLE_OK; --- -1.8.3.1 - diff --git a/Curl_saferealloc-Fixed-typo-in-docblock.patch b/Curl_saferealloc-Fixed-typo-in-docblock.patch deleted file mode 100644 index 4857fedd31c3774e83d20c04037726d723155441..0000000000000000000000000000000000000000 --- a/Curl_saferealloc-Fixed-typo-in-docblock.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 39c9140cceaffd98c683e1f426cc451909703554 Mon Sep 17 00:00:00 2001 -From: Erik Minekus -Date: Fri, 21 Sep 2018 14:20:18 +0200 -Subject: [PATCH 081/557] Curl_saferealloc: Fixed typo in docblock - -Closes #3029 ---- - lib/strdup.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/strdup.c b/lib/strdup.c -index 19cb044..51e7978 100644 ---- a/lib/strdup.c -+++ b/lib/strdup.c -@@ -81,7 +81,7 @@ void *Curl_memdup(const void *src, size_t length) - * Curl_saferealloc(ptr, size) - * - * Does a normal realloc(), but will free the data pointer if the realloc -- * fails. If 'size' is zero, it will free the data and return a failure. -+ * fails. If 'size' is non-zero, it will free the data and return a failure. - * - * This convenience function is provided and used to help us avoid a common - * mistake pattern when we could pass in a zero, catch the NULL return and end --- -1.8.3.1 - diff --git a/OS400-handle-memory-error-in-list-conversion.patch b/OS400-handle-memory-error-in-list-conversion.patch deleted file mode 100644 index b1e032a5320fd4f7ae20a63f2c55f9a4ad8a7418..0000000000000000000000000000000000000000 --- a/OS400-handle-memory-error-in-list-conversion.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Thu, 13 Dec 2018 10:15:00 +0100 -Subject: [PATCH 363/557] OS400: handle memory error in list conversion - -Curl_slist_append_nodup() returns NULL when it fails to create a new -item for the specified list, and since the coding here reassigned the -new list on top of the old list it would result in a dangling pointer -and lost memory. Also, in case we hit an allocation failure at some -point during the conversion, with allocation succeeding again on the -subsequent call(s) we will return a truncated list around the malloc -failure point. Fix by assigning to a temporary list pointer, which can -be checked (which is the common pattern for slist appending), and free -all the resources on allocation failure. - -Closes #3372 -Reviewed-by: Daniel Stenberg ---- - packages/OS400/ccsidcurl.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c -index b1d3ba8..ca711d0 100644 ---- a/packages/OS400/ccsidcurl.c -+++ b/packages/OS400/ccsidcurl.c -@@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid) - struct curl_slist * to = (struct curl_slist *) NULL; - - for(; from; from = from->next) { -+ struct curl_slist *nl; - char * cp = dynconvert(dccsid, from->data, -1, sccsid); - - if(!cp) { - curl_slist_free_all(to); - return (struct curl_slist *) NULL; - } -- to = Curl_slist_append_nodup(to, cp); -+ nl = Curl_slist_append_nodup(to, cp); -+ if(!nl) { -+ curl_slist_free_all(to); -+ free(cp); -+ return NULL; -+ } -+ to = nl; - } - return to; - } --- -1.8.3.1 - diff --git a/configure-include-all-libraries-in-ssl-libs-fetch.patch b/configure-include-all-libraries-in-ssl-libs-fetch.patch deleted file mode 100644 index f44f9ff9043a4fcabf7c379932e04136149c38ee..0000000000000000000000000000000000000000 --- a/configure-include-all-libraries-in-ssl-libs-fetch.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0fac7a10fd08281f659df82a9d1c779bf61d7401 Mon Sep 17 00:00:00 2001 -From: James Knight -Date: Tue, 30 Oct 2018 03:17:44 -0400 -Subject: [PATCH 318/557] configure: include all libraries in ssl-libs fetch - -When compiling a collection of SSL libraries to link against (SSL_LIBS), -ensure all libraries are included. The call `--libs-only-l` can produce -only a subset of found in a `--libs` call (e.x. pthread may be excluded). -Adding `--libs-only-other` ensures other libraries are also included in -the list. This corrects select build environments compiling against a -static version of OpenSSL. Before the change, the following could be -observed: - - checking for openssl options with pkg-config... found - configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " - configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight//staging/usr/lib -L/home/jdknight//staging/usr/lib " - configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight//staging/usr/include " - checking for HMAC_Update in -lcrypto... no - checking for HMAC_Init_ex in -lcrypto... no - checking OpenSSL linking with -ldl... no - checking OpenSSL linking with -ldl and -lpthread... no - configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. - configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. - ... - SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) - ... - -And include the other libraries when compiling SSL_LIBS succeeds with: - - checking for openssl options with pkg-config... found - configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " - configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight//staging/usr/lib -L/home/jdknight//staging/usr/lib " - configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight//staging/usr/include " - checking for HMAC_Update in -lcrypto... yes - checking for SSL_connect in -lssl... yes - ... - SSL support: enabled (OpenSSL) - ... - -Signed-off-by: James Knight -Closes #3193 ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 80f8ae1..b0bd9a3 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -1623,7 +1623,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && - - if test "$PKGCONFIG" != "no" ; then - SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl -- $PKGCONFIG --libs-only-l openssl 2>/dev/null` -+ $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` - - SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl - $PKGCONFIG --libs-only-L openssl 2>/dev/null` --- -1.8.3.1 - diff --git a/curl-7.61.1.tar.xz b/curl-7.61.1.tar.xz deleted file mode 100644 index 11fe1c1748a3456136986d99235837e0cbb1584a..0000000000000000000000000000000000000000 Binary files a/curl-7.61.1.tar.xz and /dev/null differ diff --git a/curl-7.66.0.tar.xz b/curl-7.66.0.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..264e6c5a683dd173fda670208a8c3148352fa08b Binary files /dev/null and b/curl-7.66.0.tar.xz differ diff --git a/curl-fix-memory-leak-reading-writeout-from-file.patch b/curl-fix-memory-leak-reading-writeout-from-file.patch deleted file mode 100644 index 0791282371b931a01bd53b33d809bb18d73f0f22..0000000000000000000000000000000000000000 --- a/curl-fix-memory-leak-reading-writeout-from-file.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 650281ed5ba335d16a932ccba53665551197880f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 30 Nov 2018 11:59:04 +0100 -Subject: [PATCH 324/557] curl: fix memory leak reading --writeout from file - -If another string had been set first, the writout function for reading -the syntax from file would leak the previously allocated memory. - -Reported-by: Brian Carpenter -Fixes #3322 -Closes #3330 ---- - src/tool_getparam.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/tool_getparam.c b/src/tool_getparam.c -index cd21f77..c0d3a84 100644 ---- a/src/tool_getparam.c -+++ b/src/tool_getparam.c -@@ -2066,6 +2066,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ - fname = nextarg; - file = fopen(nextarg, FOPEN_READTEXT); - } -+ Curl_safefree(config->writeout); - err = file2string(&config->writeout, file); - if(file && (file != stdin)) - fclose(file); --- -1.8.3.1 - diff --git a/curl.spec b/curl.spec index 4c75ebd63a9aa26100e86f28fac0cbac13faedc7..6faad9eae1ea8b0b6d4c86f76a8a7615664973ff 100644 --- a/curl.spec +++ b/curl.spec @@ -4,109 +4,56 @@ %global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) %global _configure ../configure -#Basic Information -Name: curl -Version: 7.61.1 -Release: 4 -Summary: curl is used in command lines or scripts to transfer data -License: MIT -URL: https://curl.haxx.se/ -Source: https://curl.haxx.se/download/curl-%{version}.tar.xz - -Patch1: 0001-curl-7.61.1-test320-gnutls.patch -Patch101: 0101-curl-7.32.0-multilib.patch -Patch102: 0102-curl-7.36.0-debug.patch -Patch103: 0103-curl-7.59.0-python3.patch -Patch104: 0104-curl-7.19.7-localhost6.patch - -Patch6000: fix-leak-when-writing-cookies-to-file.patch -Patch6001: fix-gcc8-warning.patch -Patch6002: fix-gcc8-warning-on-Windows.patch -Patch6003: fix-compiler-warning-on-64-bit-Windows.patch -Patch6004: urlglob-improve-error-message.patch -Patch6005: krb5-fix-memory-leak-in-krb_auth.patch -Patch6006: secure-Openwall-URLs.patch -Patch6007: http2-fix-memory-leaks-on-error-path.patch -Patch6008: memory-add-missing-curl_printf-header.patch -Patch6009: examples-Fix-memory-leaks-from-realloc-errors.patch -Patch6010: darwinssl-Fix-realloc-memleak.patch -Patch6011: nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch -Patch6012: Curl_saferealloc-Fixed-typo-in-docblock.patch -Patch6013: Curl_dedotdotify-always-nul-terminate-returned-strin.patch -Patch6014: Curl_retry_request-fix-memory-leak.patch -Patch6015: http-fix-memleak-in-rewind-error-path.patch -Patch6016: Curl_http2_done-fix-memleak-in-error-path.patch -Patch6017: multi-fix-location-URL-memleak-in-error-path.patch -Patch6018: multi-fix-memory-leak-in-content-encoding-related-er.patch -Patch6019: memory-ensure-to-check-allocation-results.patch -Patch6020: hostip-fix-check-on-Curl_shuffle_addr-return-value.patch -Patch6021: nonblock-fix-unused-parameter-warning.patch -Patch6022: tool_cb_hdr-handle-failure-of-rename.patch -Patch6023: multi-avoid-double-free.patch -Patch6024: netrc-free-temporary-strings-if-memory-allocation-fa.patch -Patch6025: ssh-free-the-session-on-init-failures.patch -Patch6026: multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch -Patch6027: CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch -Patch6028: CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch -Patch6029: CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch -Patch6030: curl_multibyte-fix-a-malloc-overcalculation.patch -Patch6031: curl_easy_perform-fix-timeout-handling.patch -Patch6032: configure-include-all-libraries-in-ssl-libs-fetch.patch -Patch6033: curl-fix-memory-leak-reading-writeout-from-file.patch -Patch6034: OS400-handle-memory-error-in-list-conversion.patch -Patch6035: smb-fix-incorrect-path-in-request-if-connection-reus.patch -Patch6036: wolfssl-Perform-cleanup.patch -Patch6037: libssh-free-sftp_canonicalize_path-data-correctly.patch -Patch6038: openvms-fix-OpenSSL-discovery-on-VAX.patch -Patch6039: timediff-fix-math-for-unsigned-time_t.patch -Patch6040: tool_cb_prg-avoid-integer-overflow.patch -Patch6041: openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch -Patch6042: ssh-log-the-libssh2-error-message-when-ssh-session-s.patch -Patch6043: schannel-on-connection-close-there-might-not-be-a-tr.patch -Patch6044: CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch -Patch6045: CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch -Patch6046: CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch -Patch6047: zsh.pl-escape-character.patch -Patch6048: examples-postinmemory-Potential-leak-of-memory-point.patch -Patch6049: mbedtls-release-sessionid-resources-on-error.patch -Patch6050: CVE-2019-5436.patch -Patch6051: CVE-2019-5481.patch -Patch6052: CVE-2019-5482.patch -Patch9000: 0001-fix-double-free-when-multi-perform.patch - -Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release} -Provides: webclient libcurl = %{version}-%{release} -Obsoletes: libcurl - -BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel libidn2-devel libmetalink-devel -BuildRequires: libnghttp2-devel libpsl-devel libssh-devel make openldap-devel openssh-clients -BuildRequires: openssh-server openssl-devel pkgconfig python3-devel sed stunnel zlib-devel -BuildRequires: gnutls-utils nghttp2 perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) -BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) perl(strict) -BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(warnings) perl(vars) - +Name: curl +Version: 7.66.0 +Release: 1 +Summary: Curl is used in command lines or scripts to transfer data +License: MIT +URL: https://curl.haxx.se/ +Source: https://curl.haxx.se/download/curl-%{version}.tar.xz + +Patch1: 0001-curl-7.66.0-metalink-memleak.patch +Patch101: 0101-curl-7.32.0-multilib.patch +Patch102: 0102-curl-7.36.0-debug.patch +Patch103: 0103-curl-7.59.0-python3.patch +Patch104: 0104-curl-7.19.7-localhost6.patch +Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch + +BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel +BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel +BuildRequires: libssh-devel make openldap-devel openssh-clients openssh-server +BuildRequires: openssl-devel perl-interpreter pkgconfig python3-devel sed +BuildRequires: stunnel zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip) +BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings) +BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) +BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) +BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars) %ifarch x86_64 -BuildRequires: valgrind +BuildRequires: valgrind %endif -Requires: libpsl >= %{libpsl_version} -Requires: libssh >= %{libssh_version} openssl-libs >= 1:%{openssl_version} +Requires: libpsl >= %{libpsl_version} libssh >= %{libssh_version} +Requires: openssl-libs >= 1:%{openssl_version} + +Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release} +Provides: webclient libcurl = %{version}-%{release} +Obsoletes: libcurl < %{version}-%{release} %description cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols. -%package devel -Summary: Files needed for building applications with libcurl -Requires: curl = %{version}-%{release} -Provides: curl-devel = %{version}-%{release} -Provides: libcurl-devel = %{version}-%{release} -Obsoletes: curl-devel < %{version}-%{release} libcurl-devel +%package devel +Summary: Files needed for building applications with libcurl +Requires: curl = %{version}-%{release} +Provides: curl-devel = %{version}-%{release} +Provides: libcurl-devel = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} +Obsoletes: libcurl-devel < %{version}-%{release} -%description devel +%description devel The curl-devel package includes header files and libraries necessary for developing programs. - %package help Summary: Documents for autogen Buildarch: noarch @@ -130,7 +77,7 @@ printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED sed -e 's/^35$/35,52/' -i tests/data/test323 %build -install -d build-{full,minimal} +install -d build-full export common_configure_opts=" \ --cache-file=../config.cache \ --disable-static \ @@ -141,20 +88,6 @@ export common_configure_opts=" \ --with-nghttp2 \ --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" -# configure minimal build -( - cd build-minimal - %configure $common_configure_opts \ - --disable-ldap \ - --disable-ldaps \ - --disable-manual \ - --without-brotli \ - --without-libidn2 \ - --without-libmetalink \ - --without-libpsl \ - --without-libssh -) - # configure full build ( cd build-full @@ -171,20 +104,12 @@ export common_configure_opts=" \ sed -e 's/^runpath_var=.*/runpath_var=/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ - -i build-{full,minimal}/libtool + -i build-full/libtool -%make_build V=1 -C build-minimal %make_build V=1 -C build-full -%check - %install -# curl-minimal files install -%make_install -C build-minimal -for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do - mv -v $i $i.minimal -done -mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal} +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} # install libcurl.m4 for devel install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4 @@ -196,37 +121,24 @@ cd build-full # install zsh completion for curl LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts -%pre - -%preun - -%post -/sbin/ldconfig - +# do not install /usr/share/fish/completions/curl.fish which is also installed +# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict +rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish -%postun -/sbin/ldconfig +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +%ldconfig_scriptlets %files %defattr(-,root,root) %license COPYING - %{_bindir}/curl -%{_datadir}/zsh/site-functions +%{_datadir}/zsh %{_libdir}/libcurl.so.4 %{_libdir}/libcurl.so.4.[0-9].[0-9] -%exclude %{_libdir}/libcurl.la - -%exclude %{_bindir}/curl.minimal -%exclude %{_libdir}/libcurl.so.4.minimal -%exclude %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal -%exclude %{_libdir}/pkgconfig.minimal -%exclude %{_libdir}/libcurl.la.minimal -%exclude %{_libdir}/libcurl.so.minimal - %files devel +%defattr(-,root,root) %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md %doc docs/CONTRIBUTE.md docs/libcurl/ABI %{_bindir}/curl-config* @@ -236,16 +148,18 @@ LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C sc %{_datadir}/aclocal/libcurl.m4 %files help +%defattr(-,root,root) +%doc CHANGES README* +%doc docs/BUGS docs/FAQ docs/FEATURES docs/RESOURCES +%doc docs/TheArtOfHttpScripting docs/TODO %{_mandir}/man1/curl.1* %{_mandir}/man1/curl-config.1* %{_mandir}/man3/* -%doc CHANGES README* -%doc docs/BUGS docs/FAQ docs/FEATURES -%doc docs/MANUAL docs/RESOURCES -%doc docs/TheArtOfHttpScripting docs/TODO - %changelog +* Sat Jan 11 2020 openEuler Buildteam - 7.66.0-1 +- update to 7.66.0 + * Sat Dec 21 2019 openEuler Buildteam - 7.61.1-4 - Type:cves - ID:CVE-2019-5481 CVE-2019-5482 diff --git a/curl_easy_perform-fix-timeout-handling.patch b/curl_easy_perform-fix-timeout-handling.patch deleted file mode 100644 index a7773f090265925c9b6d8ab2407bd07cc5428059..0000000000000000000000000000000000000000 --- a/curl_easy_perform-fix-timeout-handling.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 34fe0e1622fd87f2945e734787bc29e314d253cc Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 24 Nov 2018 23:20:19 +0100 -Subject: [PATCH 314/557] curl_easy_perform: fix timeout handling - -curl_multi_wait() was erroneously used from within -curl_easy_perform(). It could lead to it believing there was no socket -to wait for and then instead sleep for a while instead of monitoring the -socket and then miss acting on that activity as swiftly as it should -(causing an up to 1000 ms delay). - -Reported-by: Antoni Villalonga -Fixes #3305 -Closes #3306 -Closes #3308 ---- - lib/easy.c | 7 ++++--- - lib/multi.c | 20 ++++++++++++++++++-- - lib/multiif.h | 8 ++++++++ - 3 files changed, 30 insertions(+), 5 deletions(-) - -diff --git a/lib/easy.c b/lib/easy.c -index d940b5d..e592d7a 100644 ---- a/lib/easy.c -+++ b/lib/easy.c -@@ -664,12 +664,12 @@ static CURLcode easy_transfer(struct Curl_multi *multi) - - while(!done && !mcode) { - int still_running = 0; -- int rc; -+ bool gotsocket = FALSE; - -- mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc); -+ mcode = Curl_multi_wait(multi, NULL, 0, 1000, NULL, &gotsocket); - - if(!mcode) { -- if(!rc) { -+ if(!gotsocket) { - long sleep_ms; - - /* If it returns without any filedescriptor instantly, we need to -@@ -688,6 +688,7 @@ static CURLcode easy_transfer(struct Curl_multi *multi) - - /* only read 'still_running' if curl_multi_perform() return OK */ - if(!mcode && !still_running) { -+ int rc; - CURLMsg *msg = curl_multi_info_read(multi, &rc); - if(msg) { - result = msg->data.result; -diff --git a/lib/multi.c b/lib/multi.c -index c2ef6c1..cca1380 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -985,11 +985,12 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, - - #define NUM_POLLS_ON_STACK 10 - --CURLMcode curl_multi_wait(struct Curl_multi *multi, -+CURLMcode Curl_multi_wait(struct Curl_multi *multi, - struct curl_waitfd extra_fds[], - unsigned int extra_nfds, - int timeout_ms, -- int *ret) -+ int *ret, -+ bool *gotsocket) /* if any socket was checked */ - { - struct Curl_easy *data; - curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; -@@ -1003,6 +1004,9 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, - int retcode = 0; - struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; - -+ if(gotsocket) -+ *gotsocket = FALSE; -+ - if(!GOOD_MULTI_HANDLE(multi)) - return CURLM_BAD_HANDLE; - -@@ -1135,9 +1139,21 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, - free(ufds); - if(ret) - *ret = retcode; -+ if(gotsocket && (extra_fds || curlfds)) -+ /* if any socket was checked */ -+ *gotsocket = TRUE; -+ - return CURLM_OK; - } - -+CURLMcode curl_multi_wait(struct Curl_multi *multi, -+ struct curl_waitfd extra_fds[], -+ unsigned int extra_nfds, -+ int timeout_ms, -+ int *ret) -+{ -+ return Curl_multi_wait(multi, extra_fds, extra_nfds, timeout_ms, ret, NULL); -+} - /* - * Curl_multi_connchanged() is called to tell that there is a connection in - * this multi handle that has changed state (pipelining become possible, the -diff --git a/lib/multiif.h b/lib/multiif.h -index c50063d..e44646b 100644 ---- a/lib/multiif.h -+++ b/lib/multiif.h -@@ -97,4 +97,12 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s); - CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, - struct Curl_easy *data, - struct connectdata *conn); -+ -+CURLMcode Curl_multi_wait(struct Curl_multi *multi, -+ struct curl_waitfd extra_fds[], -+ unsigned int extra_nfds, -+ int timeout_ms, -+ int *ret, -+ bool *gotsocket); /* if any socket was checked */ -+ - #endif /* HEADER_CURL_MULTIIF_H */ --- -1.8.3.1 - diff --git a/curl_multibyte-fix-a-malloc-overcalculation.patch b/curl_multibyte-fix-a-malloc-overcalculation.patch deleted file mode 100644 index 6cb9bf595ae3b8522c71342bfb544a9d27c8e3bd..0000000000000000000000000000000000000000 --- a/curl_multibyte-fix-a-malloc-overcalculation.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 28429fb1753d63a659f38577b39e0b5747f28939 Mon Sep 17 00:00:00 2001 -From: Jay Satiro -Date: Thu, 1 Nov 2018 02:53:22 -0400 -Subject: [PATCH 261/557] curl_multibyte: fix a malloc overcalculation - -Prior to this change twice as many bytes as necessary were malloc'd when -converting wchar to UTF8. To allay confusion in the future I also -changed the variable name for the amount of bytes from len to bytes. - -Closes https://github.com/curl/curl/pull/3209 ---- - lib/curl_multibyte.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/lib/curl_multibyte.c b/lib/curl_multibyte.c -index e78bb50..e48334f 100644 ---- a/lib/curl_multibyte.c -+++ b/lib/curl_multibyte.c -@@ -64,13 +64,13 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w) - char *str_utf8 = NULL; - - if(str_w) { -- int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL, -- 0, NULL, NULL); -- if(str_utf8_len > 0) { -- str_utf8 = malloc(str_utf8_len * sizeof(wchar_t)); -+ int bytes = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, -+ NULL, 0, NULL, NULL); -+ if(bytes > 0) { -+ str_utf8 = malloc(bytes); - if(str_utf8) { -- if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len, -- NULL, FALSE) == 0) { -+ if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, bytes, -+ NULL, NULL) == 0) { - free(str_utf8); - return NULL; - } --- -1.8.3.1 - diff --git a/darwinssl-Fix-realloc-memleak.patch b/darwinssl-Fix-realloc-memleak.patch deleted file mode 100644 index 18317635756dd564233daa9a67a00ce90afbaae2..0000000000000000000000000000000000000000 --- a/darwinssl-Fix-realloc-memleak.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a544df0b095d295e246f7aa5dcc613b80708d203 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 12:29:54 -0500 -Subject: [PATCH] darwinssl: Fix realloc memleak - -The reallocation was using the input pointer for the return value, which -leads to a memory leak on reallication failure. Fix by instead use the -safe internal API call Curl_saferealloc(). - ---- - lib/vtls/darwinssl.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c -index 1aea0dc..e963f27 100644 ---- a/lib/vtls/darwinssl.c -+++ b/lib/vtls/darwinssl.c -@@ -116,6 +116,7 @@ - #include "vtls.h" - #include "darwinssl.h" - #include "curl_printf.h" -+#include "strdup.h" - - #include "curl_memory.h" - /* The last #include file should be: */ -@@ -2039,7 +2040,7 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen) - - if(len + n >= cap) { - cap *= 2; -- data = realloc(data, cap); -+ data = Curl_saferealloc(data, cap); - if(!data) { - close(fd); - return -1; --- -1.8.3.1 - diff --git a/examples-Fix-memory-leaks-from-realloc-errors.patch b/examples-Fix-memory-leaks-from-realloc-errors.patch deleted file mode 100644 index 3296a20a2d9649ce5aa672ca43fc1adeecfe065b..0000000000000000000000000000000000000000 --- a/examples-Fix-memory-leaks-from-realloc-errors.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 23524bf85b887adbc513bc015c9530355967bc04 Mon Sep 17 00:00:00 2001 -From: Kruzya -Date: Sat, 15 Sep 2018 08:55:11 +0300 -Subject: [PATCH 065/557] examples: Fix memory leaks from realloc errors - -Make sure to not overwrite the reallocated pointer in realloc() calls -to avoid a memleak on memory errors. ---- - docs/examples/crawler.c | 8 +++++++- - docs/examples/curlx.c | 12 ++++++++++-- - docs/examples/getinmemory.c | 7 ++++--- - docs/examples/postinmemory.c | 7 ++++--- - docs/examples/xmlstream.c | 7 ++++--- - 5 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/docs/examples/crawler.c b/docs/examples/crawler.c -index 0aeb865..d8fa5a4 100644 ---- a/docs/examples/crawler.c -+++ b/docs/examples/crawler.c -@@ -52,7 +52,13 @@ size_t grow_buffer(void *contents, size_t sz, size_t nmemb, void *ctx) - { - size_t realsize = sz * nmemb; - memory *mem = (memory*) ctx; -- mem->buf = realloc(mem->buf, mem->size + realsize); -+ char *ptr = realloc(mem->buf, mem->size + realsize); -+ if(!ptr) { -+ /* out of memory */ -+ printf("not enough memory (realloc returned NULL)\n"); -+ return 0; -+ } -+ mem->buf = ptr; - memcpy(&(mem->buf[mem->size]), contents, realsize); - mem->size += realsize; - return realsize; -diff --git a/docs/examples/curlx.c b/docs/examples/curlx.c -index 141f5a8..49f52e6 100644 ---- a/docs/examples/curlx.c -+++ b/docs/examples/curlx.c -@@ -515,12 +515,20 @@ int main(int argc, char **argv) - curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p); - - { -+ char *ptr; - int lu; int i = 0; - while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) { - i += lu; - if(i == tabLength) { - tabLength += 100; -- binaryptr = realloc(binaryptr, tabLength); /* should be more careful */ -+ ptr = realloc(binaryptr, tabLength); /* should be more careful */ -+ if(!ptr) { -+ /* out of memory */ -+ BIO_printf(p.errorbio, "out of memory (realloc returned NULL)\n"); -+ goto fail; -+ } -+ binaryptr = ptr; -+ ptr = NULL; - } - } - tabLength = i; -@@ -551,7 +559,7 @@ int main(int argc, char **argv) - /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/ - - /* free the header list*/ -- -+fail: - curl_slist_free_all(headers); - - /* always cleanup */ -diff --git a/docs/examples/getinmemory.c b/docs/examples/getinmemory.c -index f5e8942..a21a2aa 100644 ---- a/docs/examples/getinmemory.c -+++ b/docs/examples/getinmemory.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -42,13 +42,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) - size_t realsize = size * nmemb; - struct MemoryStruct *mem = (struct MemoryStruct *)userp; - -- mem->memory = realloc(mem->memory, mem->size + realsize + 1); -- if(mem->memory == NULL) { -+ char *ptr = realloc(mem->memory, mem->size + realsize + 1); -+ if(ptr == NULL) { - /* out of memory! */ - printf("not enough memory (realloc returned NULL)\n"); - return 0; - } - -+ mem->memory = ptr; - memcpy(&(mem->memory[mem->size]), contents, realsize); - mem->size += realsize; - mem->memory[mem->size] = 0; -diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c -index 488d227..176f24a 100644 ---- a/docs/examples/postinmemory.c -+++ b/docs/examples/postinmemory.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -39,13 +39,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) - size_t realsize = size * nmemb; - struct MemoryStruct *mem = (struct MemoryStruct *)userp; - -- mem->memory = realloc(mem->memory, mem->size + realsize + 1); -- if(mem->memory == NULL) { -+ char *ptr = realloc(mem->memory, mem->size + realsize + 1); -+ if(!ptr) { - /* out of memory! */ - printf("not enough memory (realloc returned NULL)\n"); - return 0; - } - -+ mem->memory = ptr; - memcpy(&(mem->memory[mem->size]), contents, realsize); - mem->size += realsize; - mem->memory[mem->size] = 0; -diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c -index 9ee4a2e..296ae3b 100644 ---- a/docs/examples/xmlstream.c -+++ b/docs/examples/xmlstream.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -69,14 +69,15 @@ static void characterDataHandler(void *userData, const XML_Char *s, int len) - struct ParserStruct *state = (struct ParserStruct *) userData; - struct MemoryStruct *mem = &state->characters; - -- mem->memory = realloc(mem->memory, mem->size + len + 1); -- if(mem->memory == NULL) { -+ char *ptr = realloc(mem->memory, mem->size + len + 1); -+ if(!ptr) { - /* Out of memory. */ - fprintf(stderr, "Not enough memory (realloc returned NULL).\n"); - state->ok = 0; - return; - } - -+ mem->memory = ptr; - memcpy(&(mem->memory[mem->size]), s, len); - mem->size += len; - mem->memory[mem->size] = 0; --- -1.8.3.1 - diff --git a/examples-postinmemory-Potential-leak-of-memory-point.patch b/examples-postinmemory-Potential-leak-of-memory-point.patch deleted file mode 100644 index c0d4b38760921ce9b2be9496a8bee6897d68eb29..0000000000000000000000000000000000000000 --- a/examples-postinmemory-Potential-leak-of-memory-point.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 52d98194b539605a4bd5bfeddc367bff283ac28f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 14 Feb 2019 11:53:02 +0100 -Subject: [PATCH 541/557] examples/postinmemory: Potential leak of memory - pointed to by 'chunk.memory' - -Detected by scan-build ---- - docs/examples/postinmemory.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c -index 25a1e8e..376f334 100644 ---- a/docs/examples/postinmemory.c -+++ b/docs/examples/postinmemory.c -@@ -106,10 +105,9 @@ int main(void) - /* always cleanup */ - curl_easy_cleanup(curl); - -- free(chunk.memory); -- - /* we're done with libcurl, so clean it up */ - curl_global_cleanup(); - } -+ free(chunk.memory); - return 0; - } --- -1.8.3.1 - diff --git a/fix-compiler-warning-on-64-bit-Windows.patch b/fix-compiler-warning-on-64-bit-Windows.patch deleted file mode 100644 index bd2d613ac6ccd8df8b861508322053e8c472a6be..0000000000000000000000000000000000000000 --- a/fix-compiler-warning-on-64-bit-Windows.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 621ce8280ff250b67f44b5be667c637c445cd9f3 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 11:35:06 -0500 -Subject: [PATCH] anyauthput: fix compiler warning on 64-bit Windows - -On Windows, the read function from is used, which has its byte -count parameter as unsigned int instead of size_t. - -Closes https://github.com/curl/curl/pull/2972 ---- - docs/examples/anyauthput.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/docs/examples/anyauthput.c b/docs/examples/anyauthput.c -index eb91d99..14da10c 100644 ---- a/docs/examples/anyauthput.c -+++ b/docs/examples/anyauthput.c -@@ -26,15 +26,18 @@ - */ - #include - #include -+#include -+#include -+ -+#include -+ - #ifdef WIN32 - # include -+# define READ_3RD_ARG unsigned int - #else - # include -+# define READ_3RD_ARG size_t - #endif --#include --#include -- --#include - - #if LIBCURL_VERSION_NUM < 0x070c03 - #error "upgrade your libcurl to no less than 7.12.3" -@@ -83,7 +86,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream) - int *fdp = (int *)stream; - int fd = *fdp; - -- retcode = read(fd, ptr, size * nmemb); -+ retcode = read(fd, ptr, (READ_3RD_ARG)(size * nmemb)); - - nread = (curl_off_t)retcode; - --- -1.8.3.1 - diff --git a/fix-gcc8-warning-on-Windows.patch b/fix-gcc8-warning-on-Windows.patch deleted file mode 100644 index 18a62a261b70e8d471caf3e694872d14f2674102..0000000000000000000000000000000000000000 --- a/fix-gcc8-warning-on-Windows.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f7734f39b857f56abbd849e06e91fe2b46ed04c3 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 11:28:21 -0500 -Subject: [PATCH] lib: fix gcc8 warning on Windows - -Closes https://github.com/curl/curl/pull/2979 ---- - lib/curl_sspi.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c -index 11a7120..7d19342 100644 ---- a/lib/curl_sspi.c -+++ b/lib/curl_sspi.c -@@ -90,8 +90,9 @@ CURLcode Curl_sspi_global_init(void) - return CURLE_FAILED_INIT; - - /* Get address of the InitSecurityInterfaceA function from the SSPI dll */ -- pInitSecurityInterface = (INITSECURITYINTERFACE_FN) -- GetProcAddress(s_hSecDll, SECURITYENTRYPOINT); -+ pInitSecurityInterface = -+ CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN, -+ (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT))); - if(!pInitSecurityInterface) - return CURLE_FAILED_INIT; - --- -1.8.3.1 - diff --git a/fix-gcc8-warning.patch b/fix-gcc8-warning.patch deleted file mode 100644 index 6d772c21ef740ca7b0dab9e181f34dc75a6bc229..0000000000000000000000000000000000000000 --- a/fix-gcc8-warning.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b504d96674ba3684882fcc1244a23b7439f12b63 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 11:01:34 -0500 -Subject: [PATCH] openssl: fix gcc8 warning - Use memcpy instead of strncpy to copy a string without termination, - since gcc8 warns about using strncpy to copy as many bytes from a - string as its length. - - Closes https://github.com/curl/curl/issues/2980 ---- - lib/vtls/openssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index a487f55..955b661 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -253,7 +253,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line) - if(!buf) - return; - } -- strncpy(buf, line, linelen); -+ memcpy(buf, line, linelen); - buf[linelen] = '\n'; - buf[linelen + 1] = '\0'; - --- -1.8.3.1 - diff --git a/fix-leak-when-writing-cookies-to-file.patch b/fix-leak-when-writing-cookies-to-file.patch deleted file mode 100644 index 9ad3767a05f8247c034e2af84a0d1d5046beb3c7..0000000000000000000000000000000000000000 --- a/fix-leak-when-writing-cookies-to-file.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 315693699f5786dd8bfecfa25201fa68da1458cc Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 10:55:48 -0500 -Subject: [PATCH] cookies: fix leak when writing cookies to file - ---- - lib/cookie.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/cookie.c b/lib/cookie.c -index fd7341f..9cf8a36 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -1508,10 +1508,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) - format_ptr = get_netscape_format(array[i]); - if(format_ptr == NULL) { - fprintf(out, "#\n# Fatal libcurl error\n"); -- if(!use_stdout) { -- free(array); -+ free(array); -+ if(!use_stdout) - fclose(out); -- } -+ - return 1; - } - fprintf(out, "%s\n", format_ptr); --- -1.8.3.1 - diff --git a/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch b/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch deleted file mode 100644 index cd4c5436c7d64ee4abc96e16924022abf81ea5e8..0000000000000000000000000000000000000000 --- a/hostip-fix-check-on-Curl_shuffle_addr-return-value.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 3349a633b8b181bfd1825b36d8cca51f5a20defd Mon Sep 17 00:00:00 2001 -From: Rick Deist -Date: Sun, 7 Oct 2018 19:18:03 +0300 -Subject: [PATCH 160/557] hostip: fix check on Curl_shuffle_addr return value - -Closes #3110 ---- - lib/hostip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/hostip.c b/lib/hostip.c -index 0dd0cbc..f589a0b 100644 ---- a/lib/hostip.c -+++ b/lib/hostip.c -@@ -454,7 +454,7 @@ Curl_cache_addr(struct Curl_easy *data, - /* shuffle addresses if requested */ - if(data->set.dns_shuffle_addresses) { - CURLcode result = Curl_shuffle_addr(data, &addr); -- if(!result) -+ if(result) - return NULL; - } - --- -1.8.3.1 - diff --git a/http-fix-memleak-in-rewind-error-path.patch b/http-fix-memleak-in-rewind-error-path.patch deleted file mode 100644 index b81a45c7b8bb82e07fd3106ba74706daf17dd981..0000000000000000000000000000000000000000 --- a/http-fix-memleak-in-rewind-error-path.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4058cf2a7f7e2590c26588c4eb476ac5c029cb5a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 25 Sep 2018 07:49:35 +0200 -Subject: [PATCH 100/557] http: fix memleak in rewind error path - -If the rewind would fail, a strdup() would not get freed. - -Detected by OSS-Fuzz - -Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 -Closes #3044 ---- - lib/http.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/lib/http.c b/lib/http.c -index 02ba133..47e4719 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -537,14 +537,6 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) - } - - if(pickhost || pickproxy) { -- /* In case this is GSS auth, the newurl field is already allocated so -- we must make sure to free it before allocating a new one. As figured -- out in bug #2284386 */ -- Curl_safefree(data->req.newurl); -- data->req.newurl = strdup(data->change.url); /* clone URL */ -- if(!data->req.newurl) -- return CURLE_OUT_OF_MEMORY; -- - if((data->set.httpreq != HTTPREQ_GET) && - (data->set.httpreq != HTTPREQ_HEAD) && - !conn->bits.rewindaftersend) { -@@ -552,6 +544,13 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) - if(result) - return result; - } -+ /* In case this is GSS auth, the newurl field is already allocated so -+ we must make sure to free it before allocating a new one. As figured -+ out in bug #2284386 */ -+ Curl_safefree(data->req.newurl); -+ data->req.newurl = strdup(data->change.url); /* clone URL */ -+ if(!data->req.newurl) -+ return CURLE_OUT_OF_MEMORY; - } - else if((data->req.httpcode < 300) && - (!data->state.authhost.done) && --- -1.8.3.1 - diff --git a/http2-fix-memory-leaks-on-error-path.patch b/http2-fix-memory-leaks-on-error-path.patch deleted file mode 100644 index 2eca86eb8caf84e191282e0187e014b100a265fe..0000000000000000000000000000000000000000 --- a/http2-fix-memory-leaks-on-error-path.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 955e575f4e0a20a752e4fe1951f9d1107edd3925 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Fri, 8 Mar 2019 12:06:11 -0500 -Subject: [PATCH] http2: fix memory leaks on error-path - ---- - lib/http2.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/lib/http2.c b/lib/http2.c -index d769193..dfc780e 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -2060,8 +2060,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn) - - stream->stream_id = -1; - -- if(!stream->header_recvbuf) -+ if(!stream->header_recvbuf) { - stream->header_recvbuf = Curl_add_buffer_init(); -+ if(!stream->header_recvbuf) -+ return CURLE_OUT_OF_MEMORY; -+ } - - if((conn->handler == &Curl_handler_http2_ssl) || - (conn->handler == &Curl_handler_http2)) -@@ -2073,8 +2076,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn) - conn->handler = &Curl_handler_http2; - - result = Curl_http2_init(conn); -- if(result) -+ if(result) { -+ Curl_add_buffer_free(stream->header_recvbuf); -+ stream->header_recvbuf = NULL; - return result; -+ } - - infof(conn->data, "Using HTTP2, server supports multi-use\n"); - stream->upload_left = 0; --- -1.8.3.1 - diff --git a/krb5-fix-memory-leak-in-krb_auth.patch b/krb5-fix-memory-leak-in-krb_auth.patch deleted file mode 100644 index 93ff57cf265676330df4ae124f31521c19ef9f0d..0000000000000000000000000000000000000000 --- a/krb5-fix-memory-leak-in-krb_auth.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3c5ee47fc206036283bdbcbe4588464bc9a7a5ae Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Thu, 13 Sep 2018 10:10:55 +0200 -Subject: [PATCH 054/557] krb5: fix memory leak in krb_auth - -The FTP command allocated by aprintf() must be freed after usage. - -Reviewed-by: Daniel Stenberg ---- - lib/krb5.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/krb5.c b/lib/krb5.c -index 8b5a247..46c5608 100644 ---- a/lib/krb5.c -+++ b/lib/krb5.c -@@ -265,6 +265,7 @@ krb5_auth(void *app_data, struct connectdata *conn) - result = CURLE_OUT_OF_MEMORY; - - free(p); -+ free(cmd); - - if(result) { - ret = -2; --- -1.8.3.1 - diff --git a/libssh-free-sftp_canonicalize_path-data-correctly.patch b/libssh-free-sftp_canonicalize_path-data-correctly.patch deleted file mode 100644 index 415f31a4c129c09bc3ac3c3e1c2b48c9a3e2232c..0000000000000000000000000000000000000000 --- a/libssh-free-sftp_canonicalize_path-data-correctly.patch +++ /dev/null @@ -1,68 +0,0 @@ -From d18a5afaf07fdc093c6a6131cc7926a3d5a55407 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 21 Dec 2018 14:22:42 +0100 -Subject: [PATCH 386/557] libssh: free sftp_canonicalize_path() data correctly - -Assisted-by: Harry Sintonen - -Fixes #3402 -Closes #3403 ---- - lib/ssh-libssh.c | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c -index e38c01a..2e920f0 100644 ---- a/lib/ssh-libssh.c -+++ b/lib/ssh-libssh.c -@@ -95,6 +95,13 @@ - #include "memdebug.h" - #include "curl_path.h" - -+/* A recent macro provided by libssh. Or make our own. */ -+#ifndef SSH_STRING_FREE_CHAR -+/* !checksrc! disable ASSIGNWITHINCONDITION 1 */ -+#define SSH_STRING_FREE_CHAR(x) \ -+ do { if((x) != NULL) { ssh_string_free_char(x); x = NULL; } } while(0) -+#endif -+ - /* Local functions: */ - static CURLcode myssh_connect(struct connectdata *conn, bool *done); - static CURLcode myssh_multi_statemach(struct connectdata *conn, -@@ -1661,7 +1668,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - sshc->sftp_session = NULL; - } - -- Curl_safefree(sshc->homedir); -+ SSH_STRING_FREE_CHAR(sshc->homedir); - conn->data->state.most_recent_ftp_entrypath = NULL; - - state(conn, SSH_SESSION_DISCONNECT); -@@ -1829,7 +1836,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - - ssh_disconnect(sshc->ssh_session); - -- Curl_safefree(sshc->homedir); -+ SSH_STRING_FREE_CHAR(sshc->homedir); - conn->data->state.most_recent_ftp_entrypath = NULL; - - state(conn, SSH_SESSION_FREE); -@@ -1866,14 +1873,11 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - - Curl_safefree(sshc->rsa_pub); - Curl_safefree(sshc->rsa); -- - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); -- -- Curl_safefree(sshc->homedir); -- - Curl_safefree(sshc->readdir_line); - Curl_safefree(sshc->readdir_linkPath); -+ SSH_STRING_FREE_CHAR(sshc->homedir); - - /* the code we are about to return */ - result = sshc->actualcode; --- -1.8.3.1 - diff --git a/mbedtls-release-sessionid-resources-on-error.patch b/mbedtls-release-sessionid-resources-on-error.patch deleted file mode 100644 index 3d602e8eed58b09cacef9b17b837ddcc0f71344c..0000000000000000000000000000000000000000 --- a/mbedtls-release-sessionid-resources-on-error.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0299b262cd9c75adab546f4851c03995d98d61e1 Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Sat, 16 Feb 2019 22:30:31 +0100 -Subject: [PATCH 552/557] mbedtls: release sessionid resources on error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If mbedtls_ssl_get_session() fails, it may still have allocated -memory that needs to be freed to avoid leaking. Call the library -API function to release session resources on this errorpath as -well as on Curl_ssl_addsessionid() errors. - -Closes: #3574 -Reported-by: MichaƂ Antoniak -Reviewed-by: Daniel Stenberg ---- - lib/vtls/mbedtls.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c -index c36c93e..27a9402 100644 ---- a/lib/vtls/mbedtls.c -+++ b/lib/vtls/mbedtls.c -@@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn, - - ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid); - if(ret) { -+ if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED) -+ mbedtls_ssl_session_free(our_ssl_sessionid); - free(our_ssl_sessionid); - failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret); - return CURLE_SSL_CONNECT_ERROR; -@@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn, - retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex); - Curl_ssl_sessionid_unlock(conn); - if(retcode) { -+ mbedtls_ssl_session_free(our_ssl_sessionid); - free(our_ssl_sessionid); - failf(data, "failed to store ssl session"); - return retcode; --- -1.8.3.1 - diff --git a/memory-add-missing-curl_printf-header.patch b/memory-add-missing-curl_printf-header.patch deleted file mode 100644 index df3ff0a4cd5eb5fcba7c741411b8917434d1d4c9..0000000000000000000000000000000000000000 --- a/memory-add-missing-curl_printf-header.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 927cb3708e29fd88dcfadb9444d0dc93dc2aa4b2 Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Mon, 17 Sep 2018 09:28:10 +0200 -Subject: [PATCH 064/557] memory: add missing curl_printf header - -ftp_send_command() was using vsnprintf() without including the libcurl -*rintf() replacement header. Fix by including curl_printf.h and also -add curl_memory.h while at it since memdebug.h depends on it. - -Closes #2999 -Reviewed-by: Daniel Stenberg ---- - lib/security.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/security.c b/lib/security.c -index 5f52515..6165d0a 100644 ---- a/lib/security.c -+++ b/lib/security.c -@@ -61,7 +61,9 @@ - #include "strcase.h" - #include "warnless.h" - #include "strdup.h" --/* The last #include file should be: */ -+/* The last 3 #include files should be in this order */ -+#include "curl_printf.h" -+#include "curl_memory.h" - #include "memdebug.h" - - static const struct { --- -1.8.3.1 - diff --git a/memory-ensure-to-check-allocation-results.patch b/memory-ensure-to-check-allocation-results.patch deleted file mode 100644 index b9b5ad162f70584d919aa4d08ccdcb5a6b44f51c..0000000000000000000000000000000000000000 --- a/memory-ensure-to-check-allocation-results.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 2873971d6251b7c1eb278df1ee2b944d7c3fcdba Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Wed, 3 Oct 2018 00:56:29 +0200 -Subject: [PATCH 129/557] memory: ensure to check allocation results - -The result of a memory allocation should always be checked, as we may -run under memory pressure where even a small allocation can fail. This -adds checking and error handling to a few cases where the allocation -wasn't checked for success. In the ftp case, the freeing of the path -variable is moved ahead of the allocation since there is little point -in keeping it around across the strdup, and the separation makes for -more readable code. In nwlib, the lock is aslo freed in the error path. - -Also bumps the copyright years on affected files. - -Closes #3084 -Reviewed-by: Jay Satiro -Reviewed-by: Daniel Stenberg ---- - lib/ftp.c | 4 +++- - lib/http2.c | 2 ++ - lib/nwlib.c | 7 +++++-- - lib/vauth/digest.c | 4 +++- - lib/vtls/schannel_verify.c | 4 ++++ - 5 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/lib/ftp.c b/lib/ftp.c -index a966817..793d991 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status, - ftpc->prevpath[dlen] = 0; /* terminate */ - } - else { -+ free(path); - /* we never changed dir */ - ftpc->prevpath = strdup(""); -- free(path); -+ if(!ftpc->prevpath) -+ return CURLE_OUT_OF_MEMORY; - } - if(ftpc->prevpath) - infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath); -diff --git a/lib/http2.c b/lib/http2.c -index 29edfba..ed47b73 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -924,6 +924,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, - stream->push_headers_alloc = 10; - stream->push_headers = malloc(stream->push_headers_alloc * - sizeof(char *)); -+ if(!stream->push_headers) -+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - stream->push_headers_used = 0; - } - else if(stream->push_headers_used == -diff --git a/lib/nwlib.c b/lib/nwlib.c -index 215d933..7bf5f51 100644 ---- a/lib/nwlib.c -+++ b/lib/nwlib.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData, - if(!app_data->tenbytes || !app_data->lock) { - if(app_data->lock) - NXMutexFree(app_data->lock); -- -+ free(app_data->tenbytes); - free(app_data); - app_data = (libdata_t *) NULL; - err = ENOMEM; -@@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData, - err = set_app_data(gLibId, app_data); - - if(err) { -+ if(app_data->lock) -+ NXMutexFree(app_data->lock); -+ free(app_data->tenbytes); - free(app_data); - app_data = (libdata_t *) NULL; - err = ENOMEM; -diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c -index fae5a49..ab5156e 100644 ---- a/lib/vauth/digest.c -+++ b/lib/vauth/digest.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message( - */ - - hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); -+ if(!hashthis) -+ return CURLE_OUT_OF_MEMORY; - - if(digest->qop && strcasecompare(digest->qop, "auth-int")) { - /* We don't support auth-int for PUT or POST at the moment. -diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c -index cfc4adf..2516f56 100644 ---- a/lib/vtls/schannel_verify.c -+++ b/lib/vtls/schannel_verify.c -@@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data, - * embedded null bytes. This appears to be undocumented behavior. - */ - cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR)); -+ if(!cert_hostname_buff) { -+ result = CURLE_OUT_OF_MEMORY; -+ goto cleanup; -+ } - actual_len = CertGetNameString(pCertContextServer, - CERT_NAME_DNS_TYPE, - name_flags, --- -1.8.3.1 - diff --git a/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch b/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch deleted file mode 100644 index 748b3ff6d1291f7001914b999ef266ba0c430a40..0000000000000000000000000000000000000000 --- a/multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3793761a3777095d643e9f2da951615e1178782c Mon Sep 17 00:00:00 2001 -From: Michael Kaufmann -Date: Thu, 25 Oct 2018 13:07:03 +0200 -Subject: [PATCH 216/557] multi: Fix error handling in the SENDPROTOCONNECT - state - -If Curl_protocol_connect() returns an error code, -handle the error instead of switching to the next state. - -Closes #3170 ---- - lib/multi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/multi.c b/lib/multi.c -index 7c691a1..0db2a97 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -1608,7 +1608,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - - case CURLM_STATE_SENDPROTOCONNECT: - result = Curl_protocol_connect(data->easy_conn, &protocol_connect); -- if(!protocol_connect) -+ if(!result && !protocol_connect) - /* switch to waiting state */ - multistate(data, CURLM_STATE_PROTOCONNECT); - else if(!result) { --- -1.8.3.1 - diff --git a/multi-avoid-double-free.patch b/multi-avoid-double-free.patch deleted file mode 100644 index c035da251cd84b69441b42c73b79374979a58feb..0000000000000000000000000000000000000000 --- a/multi-avoid-double-free.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 42c2b14aefb9bd580fe5128147bf52840e61c292 Mon Sep 17 00:00:00 2001 -From: kangenbo -Date: Mon, 18 Mar 2019 17:22:21 -0400 -Subject: [PATCH] 0191 - ---- - lib/multi.c | 12 ++++-------- - 1 file changed, 4 insertions(+), 8 deletions(-) - -diff --git a/lib/multi.c b/lib/multi.c -index 8e920fc..3b85fee 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -1707,7 +1707,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - char *newurl = NULL; - followtype follow = FOLLOW_NONE; - CURLcode drc; -- bool retry = FALSE; - - drc = Curl_retry_request(data->easy_conn, &newurl); - if(drc) { -@@ -1715,15 +1714,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - result = drc; - stream_error = TRUE; - } -- else -- retry = (newurl)?TRUE:FALSE; - - Curl_posttransfer(data); - drc = multi_done(&data->easy_conn, result, FALSE); - - /* When set to retry the connection, we must to go back to - * the CONNECT state */ -- if(retry) { -+ if(newurl) { - if(!drc || (drc == CURLE_SEND_ERROR)) { - follow = FOLLOW_RETRY; - drc = Curl_follow(data, newurl, follow); -@@ -1986,16 +1983,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - else - follow = FOLLOW_RETRY; - result = multi_done(&data->easy_conn, CURLE_OK, FALSE); -- if(result) -- /* Curl_follow() would otherwise free this */ -- free(newurl); -- else { -+ if(!result) { - result = Curl_follow(data, newurl, follow); - if(!result) { - multistate(data, CURLM_STATE_CONNECT); - rc = CURLM_CALL_MULTI_PERFORM; - } - } -+ free(newurl); - } - else { - /* after the transfer is done, go DONE */ -@@ -2007,6 +2002,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - newurl = data->req.location; - data->req.location = NULL; - result = Curl_follow(data, newurl, FOLLOW_FAKE); -+ free(newurl); - if(result) { - stream_error = TRUE; - result = multi_done(&data->easy_conn, result, TRUE); --- -1.8.3.1 - diff --git a/multi-fix-location-URL-memleak-in-error-path.patch b/multi-fix-location-URL-memleak-in-error-path.patch deleted file mode 100644 index 5fecab3009f77c12a6d3988614a0fe15cc37a66a..0000000000000000000000000000000000000000 --- a/multi-fix-location-URL-memleak-in-error-path.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 454fa3fd7be9b4a8d51d19d3515a3a935c3bf400 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 28 Sep 2018 10:58:28 +0200 -Subject: [PATCH 108/557] multi: fix location URL memleak in error path - -Follow-up to #3044 - fix a leak OSS-Fuzz detected -Closes #3057 ---- - lib/multi.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/multi.c b/lib/multi.c -index d5e09aa..f202609 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -1984,7 +1984,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - else - follow = FOLLOW_RETRY; - result = multi_done(&data->easy_conn, CURLE_OK, FALSE); -- if(!result) { -+ if(result) -+ /* Curl_follow() would otherwise free this */ -+ free(newurl); -+ else { - result = Curl_follow(data, newurl, follow); - if(!result) { - multistate(data, CURLM_STATE_CONNECT); --- -1.8.3.1 - diff --git a/multi-fix-memory-leak-in-content-encoding-related-er.patch b/multi-fix-memory-leak-in-content-encoding-related-er.patch deleted file mode 100644 index 2be44c2f23a4903178e21452310097e8abc87b38..0000000000000000000000000000000000000000 --- a/multi-fix-memory-leak-in-content-encoding-related-er.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2dfc0dd6b59db0816821508418addcf62863c84c Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sat, 29 Sep 2018 11:32:07 +0200 -Subject: [PATCH 111/557] multi: fix memory leak in content encoding related - error path - -... a missing multi_done() call. - -Credit to OSS-Fuzz -Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 -Closes #3063 ---- - lib/multi.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/lib/multi.c b/lib/multi.c -index f202609..9a98435 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -2005,12 +2005,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, - newurl = data->req.location; - data->req.location = NULL; - result = Curl_follow(data, newurl, FOLLOW_FAKE); -- if(result) -+ if(result) { - stream_error = TRUE; -+ result = multi_done(&data->easy_conn, result, TRUE); -+ } - } - -- multistate(data, CURLM_STATE_DONE); -- rc = CURLM_CALL_MULTI_PERFORM; -+ if(!result) { -+ multistate(data, CURLM_STATE_DONE); -+ rc = CURLM_CALL_MULTI_PERFORM; -+ } - } - } - else if(comeback) --- -1.8.3.1 - diff --git a/netrc-free-temporary-strings-if-memory-allocation-fa.patch b/netrc-free-temporary-strings-if-memory-allocation-fa.patch deleted file mode 100644 index e64c0f5d0218a6f79b64f062d72ed68f0ef549a6..0000000000000000000000000000000000000000 --- a/netrc-free-temporary-strings-if-memory-allocation-fa.patch +++ /dev/null @@ -1,111 +0,0 @@ -From d48e6b7f9558ae2a21c74f9054221af8f5c6b607 Mon Sep 17 00:00:00 2001 -From: Michael Kaufmann -Date: Wed, 10 Oct 2018 22:38:50 +0200 -Subject: [PATCH 200/557] netrc: free temporary strings if memory allocation - fails - -- Change the inout parameters after all needed memory has been - allocated. Do not change them if something goes wrong. -- Free the allocated temporary strings if strdup() fails. - -Closes #3122 ---- - lib/netrc.c | 48 +++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 39 insertions(+), 9 deletions(-) - -diff --git a/lib/netrc.c b/lib/netrc.c -index a407bda..1724b35 100644 ---- a/lib/netrc.c -+++ b/lib/netrc.c -@@ -57,7 +57,11 @@ int Curl_parsenetrc(const char *host, - { - FILE *file; - int retcode = 1; -- int specific_login = (*loginp && **loginp != 0); -+ char *login = *loginp; -+ char *password = *passwordp; -+ bool specific_login = (login && *login != 0); -+ bool login_alloc = FALSE; -+ bool password_alloc = FALSE; - bool netrc_alloc = FALSE; - enum host_lookup_state state = NOTHING; - -@@ -125,7 +129,7 @@ int Curl_parsenetrc(const char *host, - continue; - while(!done && tok) { - -- if((*loginp && **loginp) && (*passwordp && **passwordp)) { -+ if((login && *login) && (password && *password)) { - done = TRUE; - break; - } -@@ -158,26 +162,34 @@ int Curl_parsenetrc(const char *host, - /* we are now parsing sub-keywords concerning "our" host */ - if(state_login) { - if(specific_login) { -- state_our_login = strcasecompare(*loginp, tok); -+ state_our_login = strcasecompare(login, tok); - } - else { -- free(*loginp); -- *loginp = strdup(tok); -- if(!*loginp) { -+ if(login_alloc) { -+ free(login); -+ login_alloc = FALSE; -+ } -+ login = strdup(tok); -+ if(!login) { - retcode = -1; /* allocation failed */ - goto out; - } -+ login_alloc = TRUE; - } - state_login = 0; - } - else if(state_password) { - if(state_our_login || !specific_login) { -- free(*passwordp); -- *passwordp = strdup(tok); -- if(!*passwordp) { -+ if(password_alloc) { -+ free(password); -+ password_alloc = FALSE; -+ } -+ password = strdup(tok); -+ if(!password) { - retcode = -1; /* allocation failed */ - goto out; - } -+ password_alloc = TRUE; - } - state_password = 0; - } -@@ -198,6 +210,24 @@ int Curl_parsenetrc(const char *host, - } /* while fgets() */ - - out: -+ if(!retcode) { -+ if(login_alloc) { -+ if(*loginp) -+ free(*loginp); -+ *loginp = login; -+ } -+ if(password_alloc) { -+ if(*passwordp) -+ free(*passwordp); -+ *passwordp = password; -+ } -+ } -+ else { -+ if(login_alloc) -+ free(login); -+ if(password_alloc) -+ free(password); -+ } - fclose(file); - } - --- -1.8.3.1 - diff --git a/nonblock-fix-unused-parameter-warning.patch b/nonblock-fix-unused-parameter-warning.patch deleted file mode 100644 index 75604b53f85cdd48c16c7a0ad2e1087ecc46fa2c..0000000000000000000000000000000000000000 --- a/nonblock-fix-unused-parameter-warning.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6c413648ec440230d2988be2d9ed8b70f8dba24b Mon Sep 17 00:00:00 2001 -From: Marcel Raad -Date: Sun, 14 Oct 2018 21:07:45 +0200 -Subject: [PATCH 181/557] nonblock: fix unused parameter warning - -If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not -used. ---- - lib/nonblock.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/nonblock.c b/lib/nonblock.c -index 5959281..4d105c1 100644 ---- a/lib/nonblock.c -+++ b/lib/nonblock.c -@@ -48,7 +48,8 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ - int nonblock /* TRUE or FALSE */) - { - #if defined(USE_BLOCKING_SOCKETS) -- -+ (void)sockfd; -+ (void)nonblock; - return 0; /* returns success */ - - #elif defined(HAVE_FCNTL_O_NONBLOCK) --- -1.8.3.1 - diff --git a/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch b/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch deleted file mode 100644 index 0cd017598743629b34f71060ef3f6ccbf5bce6ee..0000000000000000000000000000000000000000 --- a/nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch +++ /dev/null @@ -1,35 +0,0 @@ -From eb0b3acbc1beb08489222ed713ac387ca900fe90 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 19 Sep 2018 10:05:56 +0200 -Subject: [PATCH 073/557] nss: try to connect even if libnssckbi.so fails to - load - -One can still use CA certificates stored in NSS database. - -Reported-by: Maxime Legros -Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html - -Closes #3016 ---- - lib/vtls/nss.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index 4eb6a77..0c5a806 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn, - infof(data, "%s %s\n", (result) ? "failed to load" : "loaded", - trust_library); - if(result == CURLE_FAILED_INIT) -- /* make the error non-fatal if we are not going to verify peer */ -- result = CURLE_SSL_CACERT_BADFILE; -+ /* If libnssckbi.so is not available (or fails to load), one can still -+ use CA certificates stored in NSS database. Ignore the failure. */ -+ result = CURLE_OK; - } - else if(!use_trust_module && trust_module) { - /* libnssckbi.so not needed but already loaded --> unload it! */ --- -1.8.3.1 - diff --git a/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch b/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch deleted file mode 100644 index d232a542b760c267907036b73ae38beb5000670b..0000000000000000000000000000000000000000 --- a/openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 16a3307e813fa82776dc265201ffc7dac1c842a7 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 15 Jan 2019 23:57:25 +0100 -Subject: [PATCH 451/557] openssl: fix the SSL_get_tlsext_status_ocsp_resp call - -.... to not pass in a const in the second argument as that's not how it -is supposed to be used and might cause compiler warnings. - -Reported-by: Pavel Pavlov -Fixes #3477 -Closes #3478 ---- - lib/vtls/openssl.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 45e72d6..9d11b89 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn, - struct ssl_connect_data *connssl) - { - int i, ocsp_status; -+ unsigned char *status; - const unsigned char *p; - CURLcode result = CURLE_OK; - struct Curl_easy *data = conn->data; -@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn, - X509_STORE *st = NULL; - STACK_OF(X509) *ch = NULL; - -- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p); -+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status); - -- if(!p) { -+ if(!status) { - failf(data, "No OCSP response received"); - result = CURLE_SSL_INVALIDCERTSTATUS; - goto end; - } -- -+ p = status; - rsp = d2i_OCSP_RESPONSE(NULL, &p, len); - if(!rsp) { - failf(data, "Invalid OCSP response"); --- -1.8.3.1 - diff --git a/openvms-fix-OpenSSL-discovery-on-VAX.patch b/openvms-fix-OpenSSL-discovery-on-VAX.patch deleted file mode 100644 index 65a690b44b4ca9ea3d37ea5be09c790f4de485b7..0000000000000000000000000000000000000000 --- a/openvms-fix-OpenSSL-discovery-on-VAX.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 35221ecb14e1bb6c201ddf05d051fd15d8632fb3 Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Tue, 25 Dec 2018 22:27:29 +0100 -Subject: [PATCH 394/557] openvms: fix OpenSSL discovery on VAX - -The DCL code had a typo in one of the commands which would make the -OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. - -Closes #3407 -Reviewed-by: Viktor Szakats ---- - packages/vms/generate_config_vms_h_curl.com | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/packages/vms/generate_config_vms_h_curl.com b/packages/vms/generate_config_vms_h_curl.com -index 6e1b202..ef9efc2 100644 ---- a/packages/vms/generate_config_vms_h_curl.com -+++ b/packages/vms/generate_config_vms_h_curl.com -@@ -406,7 +406,7 @@ $ write cvh "#define USE_OPENSSL 1" - $ write cvh "#endif" - $ if arch_name .eqs. "VAX" - $ then --$ old_mes = f$enviroment("message") -+$ old_mes = f$environment("message") - $ set message/notext/nofaci/noseve/noident - $ search/output=nla0: ssl$include:*.h CONF_MFLAGS_IGNORE_MISSING_FILE - $ status = $severity --- -1.8.3.1 - diff --git a/schannel-on-connection-close-there-might-not-be-a-tr.patch b/schannel-on-connection-close-there-might-not-be-a-tr.patch deleted file mode 100644 index e6031cae20771a94807e0fc7c30d8078cf12b7a3..0000000000000000000000000000000000000000 --- a/schannel-on-connection-close-there-might-not-be-a-tr.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 6ee672970972a40603d8141293ca91c4d4854187 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 18 Jan 2019 11:21:25 +0100 -Subject: [PATCH 457/557] schannel: on connection close there might not be a - transfer - -Reported-by: Marcel Raad -Fixes #3412 -Closes #3483 ---- - lib/vtls/schannel.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c -index 56fd93e..ab7f83f 100644 ---- a/lib/vtls/schannel.c -+++ b/lib/vtls/schannel.c -@@ -7,7 +7,7 @@ - * - * Copyright (C) 2012 - 2016, Marc Hoersken, - * Copyright (C) 2012, Mark Salisbury, -- * Copyright (C) 2012 - 2018, Daniel Stenberg, , et al. -+ * Copyright (C) 2012 - 2019, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -2013,9 +2013,16 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) - - /* free SSPI Schannel API credential handle */ - if(BACKEND->cred) { -- Curl_ssl_sessionid_lock(conn); -+ /* -+ * When this function is called from Curl_schannel_close() the connection -+ * might not have an associated transfer so the check for conn->data is -+ * necessary. -+ */ -+ if(conn->data) -+ Curl_ssl_sessionid_lock(conn); - Curl_schannel_session_free(BACKEND->cred); -- Curl_ssl_sessionid_unlock(conn); -+ if(conn->data) -+ Curl_ssl_sessionid_unlock(conn); - BACKEND->cred = NULL; - } - --- -1.8.3.1 - diff --git a/secure-Openwall-URLs.patch b/secure-Openwall-URLs.patch deleted file mode 100644 index 62f68836fd48bbcee5f1906477b48d6bbb69e2e7..0000000000000000000000000000000000000000 --- a/secure-Openwall-URLs.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 420087bb306528530ebdbf7f7806312882b1adba Mon Sep 17 00:00:00 2001 -From: Viktor Szakats -Date: Fri, 14 Sep 2018 18:48:35 +0000 -Subject: [PATCH 059/557] secure Openwall URLs - ---- - docs/SECURITY-PROCESS.md | 2 +- - lib/md4.c | 2 +- - lib/md5.c | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md -index 6ef7757..6cae503 100644 ---- a/docs/SECURITY-PROCESS.md -+++ b/docs/SECURITY-PROCESS.md -@@ -61,7 +61,7 @@ announcement. - Figure out the CWE (Common Weakness Enumeration) number for the flaw. - - - Request a CVE number from -- [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) -+ [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) - when also informing and preparing them for the upcoming public security - vulnerability announcement - attach the advisory draft for information. Note - that 'distros' won't accept an embargo longer than 14 days and they do not -diff --git a/lib/md4.c b/lib/md4.c -index 2bb7dcc..d350602 100644 ---- a/lib/md4.c -+++ b/lib/md4.c -@@ -3,7 +3,7 @@ - * MD4 Message-Digest Algorithm (RFC 1320). - * - * Homepage: -- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 -+ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 - * - * Author: - * Alexander Peslyak, better known as Solar Designer -diff --git a/lib/md5.c b/lib/md5.c -index b819d39..45f45bb 100644 ---- a/lib/md5.c -+++ b/lib/md5.c -@@ -177,7 +177,7 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx) - * MD5 Message-Digest Algorithm (RFC 1321). - * - * Homepage: -- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 -+ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 - * - * Author: - * Alexander Peslyak, better known as Solar Designer --- -1.8.3.1 - diff --git a/smb-fix-incorrect-path-in-request-if-connection-reus.patch b/smb-fix-incorrect-path-in-request-if-connection-reus.patch deleted file mode 100644 index 0fb8c007ec51ea8524a4e99415033f43e564a62c..0000000000000000000000000000000000000000 --- a/smb-fix-incorrect-path-in-request-if-connection-reus.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 462037ad487c0457451e66afd0cb50a9f70c0c28 Mon Sep 17 00:00:00 2001 -From: Matus Uzak -Date: Tue, 18 Dec 2018 22:28:20 +0100 -Subject: [PATCH 377/557] smb: fix incorrect path in request if connection - reused - -Follow-up to 09e401e01bf9. If connection gets reused, then data member -will be copied, but not the proto member. As a result, in smb_do(), -path has been set from the original proto.share data. - -Closes #3388 ---- - lib/smb.c | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/lib/smb.c b/lib/smb.c -index e4f266e..76c99a2 100644 ---- a/lib/smb.c -+++ b/lib/smb.c -@@ -947,15 +947,10 @@ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks, - static CURLcode smb_do(struct connectdata *conn, bool *done) - { - struct smb_conn *smbc = &conn->proto.smbc; -- struct smb_request *req = conn->data->req.protop; - - *done = FALSE; - if(smbc->share) { -- req->path = strchr(smbc->share, '\0'); -- if(req->path) { -- req->path++; -- return CURLE_OK; -- } -+ return CURLE_OK; - } - return CURLE_URL_MALFORMAT; - } -@@ -964,6 +959,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) - { - CURLcode result = CURLE_OK; - struct Curl_easy *data = conn->data; -+ struct smb_request *req = data->req.protop; - struct smb_conn *smbc = &conn->proto.smbc; - char *path; - char *slash; -@@ -992,6 +988,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) - /* Parse the path for the file path converting any forward slashes into - backslashes */ - *slash++ = 0; -+ req->path = slash; - - for(; *slash; slash++) { - if(*slash == '/') --- -1.8.3.1 - diff --git a/ssh-free-the-session-on-init-failures.patch b/ssh-free-the-session-on-init-failures.patch deleted file mode 100644 index b2ec6a7fd71b2ccdcfb7d8a71a462d4a508c0f6c..0000000000000000000000000000000000000000 --- a/ssh-free-the-session-on-init-failures.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5c8c310edb1e5dbf41c5d2d68622b63f7700488e Mon Sep 17 00:00:00 2001 -From: Daniel Gustafsson -Date: Fri, 26 Oct 2018 15:39:15 +0200 -Subject: [PATCH 211/557] ssh: free the session on init failures - -Ensure to clear the session object in case the libssh2 initialization -fails. - -It could be argued that the libssh2 error function should be called to -get a proper error message in this case. But since the only error path -in libssh2_knownhost_init() is memory a allocation failure it's safest -to avoid since the libssh2 error handling allocates memory. - -Closes #3179 -Reviewed-by: Daniel Stenberg ---- - lib/ssh.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/ssh.c b/lib/ssh.c -index a4b2ca4..da89619 100644 ---- a/lib/ssh.c -+++ b/lib/ssh.c -@@ -2926,7 +2926,7 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done) - int rc; - ssh->kh = libssh2_knownhost_init(ssh->ssh_session); - if(!ssh->kh) { -- /* eeek. TODO: free the ssh_session! */ -+ libssh2_session_free(ssh->ssh_session); - return CURLE_FAILED_INIT; - } - --- -1.8.3.1 - diff --git a/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch b/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch deleted file mode 100644 index 83cc33c8f03baf8bf2ca57757ca3c7dee62d46d6..0000000000000000000000000000000000000000 --- a/ssh-log-the-libssh2-error-message-when-ssh-session-s.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b095a1ca63ab4962e7256616ff02607c5a77e089 Mon Sep 17 00:00:00 2001 -From: JDepooter -Date: Wed, 16 Jan 2019 17:18:20 -0800 -Subject: [PATCH 456/557] ssh: log the libssh2 error message when ssh session - startup fails - -When a ssh session startup fails, it is useful to know why it has -failed. This commit changes the message from: - "Failure establishing ssh session" -to something like this, for example: - "Failure establishing ssh session: -5, Unable to exchange encryption keys" - -Closes #3481 ---- - lib/ssh.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/ssh.c b/lib/ssh.c -index f3b0a58..8c68adc 100644 ---- a/lib/ssh.c -+++ b/lib/ssh.c -@@ -667,7 +667,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) - break; - } - if(rc) { -- failf(data, "Failure establishing ssh session"); -+ char *err_msg = NULL; -+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0); -+ failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg); -+ - state(conn, SSH_SESSION_FREE); - sshc->actualcode = CURLE_FAILED_INIT; - break; --- -1.8.3.1 - diff --git a/timediff-fix-math-for-unsigned-time_t.patch b/timediff-fix-math-for-unsigned-time_t.patch deleted file mode 100644 index 92773d1ff3e83c8d35485571d555120ffa4b23ea..0000000000000000000000000000000000000000 --- a/timediff-fix-math-for-unsigned-time_t.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 1a93153783c0ae626acf0b9041eeb2cb2fe7944a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 8 Jan 2019 17:34:45 +0100 -Subject: [PATCH 423/557] timediff: fix math for unsigned time_t - -Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html - -Closes #3449 ---- - lib/timeval.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/timeval.c b/lib/timeval.c -index 2d7c782..f1cbfe6 100644 ---- a/lib/timeval.c -+++ b/lib/timeval.c -@@ -163,7 +163,7 @@ struct curltime Curl_now(void) - */ - timediff_t Curl_timediff(struct curltime newer, struct curltime older) - { -- timediff_t diff = newer.tv_sec-older.tv_sec; -+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; - if(diff >= (TIME_MAX/1000)) - return TIME_MAX; - else if(diff <= (TIME_MIN/1000)) -@@ -177,7 +177,7 @@ timediff_t Curl_timediff(struct curltime newer, struct curltime older) - */ - timediff_t Curl_timediff_us(struct curltime newer, struct curltime older) - { -- timediff_t diff = newer.tv_sec-older.tv_sec; -+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec; - if(diff >= (TIME_MAX/1000000)) - return TIME_MAX; - else if(diff <= (TIME_MIN/1000000)) --- -1.8.3.1 - diff --git a/tool_cb_hdr-handle-failure-of-rename.patch b/tool_cb_hdr-handle-failure-of-rename.patch deleted file mode 100644 index 2aaed2dc3e2af229be233a94b751c0b228f24877..0000000000000000000000000000000000000000 --- a/tool_cb_hdr-handle-failure-of-rename.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 6b6ba1dc29857f5eb4c31fed3d63619fea99d5f4 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 15 Oct 2018 16:03:46 +0200 -Subject: [PATCH 186/557] tool_cb_hdr: handle failure of rename() - -Detected by Coverity. - -Closes #3140 -Reviewed-by: Jay Satiro ---- - src/tool_cb_hdr.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c -index 983258c..7a7a836 100644 ---- a/src/tool_cb_hdr.c -+++ b/src/tool_cb_hdr.c -@@ -132,15 +132,24 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) - filename = parse_filename(p, len); - if(filename) { - if(outs->stream) { -+ int rc; - /* already opened and possibly written to */ - if(outs->fopened) - fclose(outs->stream); - outs->stream = NULL; - - /* rename the initial file name to the new file name */ -- rename(outs->filename, filename); -+ rc = rename(outs->filename, filename); -+ if(rc != 0) { -+ warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", -+ outs->filename, filename, strerror(errno)); -+ } - if(outs->alloc_filename) -- free(outs->filename); -+ Curl_safefree(outs->filename); -+ if(rc != 0) { -+ free(filename); -+ return failure; -+ } - } - outs->is_cd_filename = TRUE; - outs->s_isreg = TRUE; --- -1.8.3.1 - diff --git a/tool_cb_prg-avoid-integer-overflow.patch b/tool_cb_prg-avoid-integer-overflow.patch deleted file mode 100644 index c6f42c8abdd9e89df98ae683841bd3744804241f..0000000000000000000000000000000000000000 --- a/tool_cb_prg-avoid-integer-overflow.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 11 Jan 2019 00:25:46 +0100 -Subject: [PATCH 437/557] tool_cb_prg: avoid integer overflow - -When calculating the progress bar width. - -Reported-by: Peng Li -Fixes #3456 -Closes #3458 ---- - src/tool_cb_prg.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c -index 15ff5b2..0539e98 100644 ---- a/src/tool_cb_prg.c -+++ b/src/tool_cb_prg.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -106,6 +106,13 @@ static void fly(struct ProgressData *bar, bool moved) - - #define MAX_BARLENGTH 256 - -+#if (SIZEOF_CURL_OFF_T == 4) -+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF) -+#else -+ /* assume CURL_SIZEOF_CURL_OFF_T == 8 */ -+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF) -+#endif -+ - int tool_progress_cb(void *clientp, - curl_off_t dltotal, curl_off_t dlnow, - curl_off_t ultotal, curl_off_t ulnow) -@@ -119,10 +126,16 @@ int tool_progress_cb(void *clientp, - curl_off_t point; - - /* expected transfer size */ -- total = dltotal + ultotal + bar->initial_size; -+ if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal)) -+ total = CURL_OFF_T_MAX; -+ else -+ total = dltotal + ultotal + bar->initial_size; - - /* we've come this far */ -- point = dlnow + ulnow + bar->initial_size; -+ if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow)) -+ point = CURL_OFF_T_MAX; -+ else -+ point = dlnow + ulnow + bar->initial_size; - - if(bar->calls) { - /* after first call... */ --- -1.8.3.1 - diff --git a/urlglob-improve-error-message.patch b/urlglob-improve-error-message.patch deleted file mode 100644 index 5d7db074c83fe580b4b8b15ee1645453e0dfab29..0000000000000000000000000000000000000000 --- a/urlglob-improve-error-message.patch +++ /dev/null @@ -1,71 +0,0 @@ -From ddb06ffc0f680322ce746c6e8d524dee4de84955 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 11 Sep 2018 22:03:47 +0200 -Subject: [PATCH 045/557] urlglob: improve error message - -to help user understand what the problem is - -Reported-by: Daniel Shahaf - -Fixes #2763 -Closes #2977 ---- - src/tool_urlglob.c | 11 ++++++----- - tests/data/test75 | 4 +++- - 2 files changed, 9 insertions(+), 6 deletions(-) - -diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c -index cb87706..e4a5c33 100644 ---- a/src/tool_urlglob.c -+++ b/src/tool_urlglob.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -459,18 +459,19 @@ CURLcode glob_url(URLGlob **glob, char *url, unsigned long *urlnum, - *urlnum = amount; - else { - if(error && glob_expand->error) { -- char text[128]; -+ char text[512]; - const char *t; - if(glob_expand->pos) { -- snprintf(text, sizeof(text), "%s in column %zu", glob_expand->error, -- glob_expand->pos); -+ snprintf(text, sizeof(text), "%s in URL position %zu:\n%s\n%*s^", -+ glob_expand->error, -+ glob_expand->pos, url, glob_expand->pos - 1, " "); - t = text; - } - else - t = glob_expand->error; - - /* send error description to the error-stream */ -- fprintf(error, "curl: (%d) [globbing] %s\n", res, t); -+ fprintf(error, "curl: (%d) %s\n", res, t); - } - /* it failed, we cleanup */ - glob_cleanup(glob_expand); -diff --git a/tests/data/test75 b/tests/data/test75 -index d8836b9..115963d 100644 ---- a/tests/data/test75 -+++ b/tests/data/test75 -@@ -44,7 +44,9 @@ perl %SRCDIR/libtest/test75.pl http://%HOSTIP:%HTTPPORT/ 22 - 3 - - --curl: (3) [globbing] bad range in column 47 -+curl: (3) bad range in URL position 47: -+http://a-site-never-accessed.example.org/[2-1] -+ ^ - - - --- -1.8.3.1 - diff --git a/wolfssl-Perform-cleanup.patch b/wolfssl-Perform-cleanup.patch deleted file mode 100644 index c008c038be6d374fcb1ee742b428716eaee9e3a7..0000000000000000000000000000000000000000 --- a/wolfssl-Perform-cleanup.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 982a897b4bc22fa49da2501af8242e8c8ce1792c Mon Sep 17 00:00:00 2001 -From: David Garske -Date: Wed, 19 Dec 2018 08:30:44 -0800 -Subject: [PATCH 381/557] wolfssl: Perform cleanup - -This adds a cleanup callback for cyassl. Resolves possible memory leak -when using ECC fixed point cache. - -Closes #3395 -Reviewed-by: Daniel Stenberg -Reviewed-by: Daniel Gustafsson ---- - lib/vtls/cyassl.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c -index 0d45afb..ea96cf6 100644 ---- a/lib/vtls/cyassl.c -+++ b/lib/vtls/cyassl.c -@@ -794,6 +794,12 @@ static int Curl_cyassl_init(void) - } - - -+static void Curl_cyassl_cleanup(void) -+{ -+ CyaSSL_Cleanup(); -+} -+ -+ - static bool Curl_cyassl_data_pending(const struct connectdata* conn, - int connindex) - { -@@ -1004,7 +1010,7 @@ const struct Curl_ssl Curl_ssl_cyassl = { - sizeof(struct ssl_backend_data), - - Curl_cyassl_init, /* init */ -- Curl_none_cleanup, /* cleanup */ -+ Curl_cyassl_cleanup, /* cleanup */ - Curl_cyassl_version, /* version */ - Curl_none_check_cxn, /* check_cxn */ - Curl_cyassl_shutdown, /* shutdown */ --- -1.8.3.1 - diff --git a/zsh.pl-escape-character.patch b/zsh.pl-escape-character.patch deleted file mode 100644 index b84aa8693de49236c36205f3c394ad593747d45a..0000000000000000000000000000000000000000 --- a/zsh.pl-escape-character.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b3cc8017b7364f588365be2b2629c49c142efdb7 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini -Date: Tue, 5 Feb 2019 21:06:26 +0000 -Subject: [PATCH 492/557] zsh.pl: escape ':' character - -':' is interpreted as separator by zsh, so if used as part of the argument -or option's description it needs to be escaped. - -The problem can be reproduced as follows: - - % curl --reso - % curl -E - -Bug: https://bugs.debian.org/921452 ---- - scripts/zsh.pl | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/scripts/zsh.pl b/scripts/zsh.pl -index 941b322..0f9cbec 100755 ---- a/scripts/zsh.pl -+++ b/scripts/zsh.pl -@@ -45,9 +45,12 @@ sub parse_main_opts { - - my $option = ''; - -+ $arg =~ s/\:/\\\:/g if defined $arg; -+ - $desc =~ s/'/'\\''/g if defined $desc; - $desc =~ s/\[/\\\[/g if defined $desc; - $desc =~ s/\]/\\\]/g if defined $desc; -+ $desc =~ s/\:/\\\:/g if defined $desc; - - $option .= '{' . trim($short) . ',' if defined $short; - $option .= trim($long) if defined $long; --- -1.8.3.1 -