curl: backport CC version

Fixes #436

patches/openwrt/0043-curl-backport-CC-version.patch

@@ -0,0 +1,875 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Sun, 16 Aug 2015 10:50:20 +0200
+Subject: curl: backport CC version
+
+diff --git a/package/network/utils/curl/Config.in b/package/network/utils/curl/Config.in
+index 086f5c2..11cfa39 100644
+--- a/package/network/utils/curl/Config.in
++++ b/package/network/utils/curl/Config.in
+@@ -1,112 +1,154 @@
+-menu "Configuration"
+-	depends on PACKAGE_libcurl
++if PACKAGE_libcurl
++
++comment "SSL support"
+ 
+ choice
+-	prompt "SSL library"
++	prompt "Selected SSL library"
+ 	default LIBCURL_POLARSSL
+ 
+-config LIBCURL_POLARSSL
+-	bool "PolarSSL"
++	config LIBCURL_POLARSSL
++		bool "PolarSSL"
+ 
+-config LIBCURL_CYASSL
+-	bool "CyaSSL"
++	config LIBCURL_CYASSL
++		bool "CyaSSL"
+ 
+-config LIBCURL_AXTLS
+-	bool "axTLS"
++	config LIBCURL_AXTLS
++		bool "axTLS"
+ 
+-config LIBCURL_OPENSSL
+-	bool "OpenSSL"
++	config LIBCURL_OPENSSL
++		bool "OpenSSL"
+ 
+-config LIBCURL_GNUTLS
+-	bool "GNUTLS"
++	config LIBCURL_GNUTLS
++		bool "GNUTLS"
+ 
+-config LIBCURL_NOSSL
+-	bool "No SSL support"
++	config LIBCURL_NOSSL
++		bool "No SSL support"
+ 
+ endchoice
+ 
+-config LIBCURL_COOKIES
+-	bool "Enable cookies support"
+-	default y
+-
+-config LIBCURL_CRYPTO_AUTH
+-	bool "Enable cryptographic authentication"
+-	default n
++comment "Supported protocols"
+ 
+ config LIBCURL_DICT
+-	bool "Enable DICT support"
++	bool "DICT protocol"
+ 	default n
+ 
+ config LIBCURL_FILE
+-	bool "Enable FILE support"
++	bool "FILE protocol"
+ 	default y
+ 
+ config LIBCURL_FTP
+-	bool "Enable FTP support"
++	bool "FTP / FTPS protocol"
+ 	default y
+ 
+ config LIBCURL_GOPHER
+-	bool "Enable Gopher support"
++	bool "Gopher protocol"
+ 	default n
+ 
+ config LIBCURL_HTTP
+-	bool "Enable HTTP support"
++	bool "HTTP / HTTPS protocol"
++	default y
++
++config LIBCURL_COOKIES
++	bool "Enable Cookies support"
++	depends on LIBCURL_HTTP
+ 	default y
+ 
+ config LIBCURL_IMAP
+-	bool "Enable IMAP support"
++	bool "IMAP / IMAPS protocol"
+ 	default n
+ 
+ config LIBCURL_LDAP
+-	bool "Enable LDAP support"
++	bool "LDAP protocol"
+ 	default n
+ 
+ config LIBCURL_LDAPS
+ 	bool "Enable LDAPS support"
+-	default n
+-
+-config LIBCURL_LIBCURL_OPTION
+-	bool "Enable --libcurl C code generation support"
+-	default n
++	depends on LIBCURL_LDAP && !LIBCURL_NOSSL
++	default y
+ 
+ config LIBCURL_POP3
+-	bool "Enable POP3 support"
++	bool "POP3 / POP3S protocol"
+ 	default n
+ 
+-config LIBCURL_PROXY
+-	bool "Enable proxy support"
++config LIBCURL_RTSP
++	bool "RTSP protocol"
++	depends on LIBCURL_HTTP
+ 	default n
++config LIBCURL_NO_RTSP
++	string "RTSP require HTTP protocol"
++	depends on !LIBCURL_HTTP
++	default "!"
+ 
+-config LIBCURL_RTSP
+-	bool "Enable RTSP support"
++config LIBCURL_SSH2
++	bool "SCP / SFTP protocol"
+ 	default n
+ 
+-config LIBCURL_SMTP
+-	bool "Enable SMTP support"
++config LIBCURL_SMB
++	bool "SMB protocol (CIFS)"
++	depends on LIBCURL_CRYPTO_AUTH && (LIBCURL_GNUTLS || LIBCURL_OPENSSL)
+ 	default n
++config LIBCURL_NO_SMB
++	string "SMB require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL'"
++	depends on !LIBCURL_CRYPTO_AUTH || (!LIBCURL_GNUTLS && !LIBCURL_OPENSSL)
++	default "!"
+ 
+-config LIBCURL_SSPI
+-	bool "Enable SSPI"
++config LIBCURL_SMTP
++	bool "SMTP / SMTPS protocol"
+ 	default n
+ 
+ config LIBCURL_TELNET
+-	bool "Enable TELNET support"
++	bool "TELNET protocol"
+ 	default n
+ 
+ config LIBCURL_TFTP
+-	bool "Enable TFTP support"
++	bool "TFTP protocol"
+ 	default n
+ 
+-config LIBCURL_THREADED_RESOLVER
+-	bool "Enable threaded resolver"
++comment "Miscellaneous"
++
++config LIBCURL_PROXY
++	bool "Enable proxy support"
++	default y
++
++config LIBCURL_CRYPTO_AUTH
++	bool "Enable cryptographic authentication"
+ 	default n
+ 
+-config LIBCURL_TLS-SRP
++config LIBCURL_TLS_SRP
+ 	bool "Enable TLS-SRP authentication"
+ 	default n
+ 
++config LIBCURL_LIBIDN
++	bool "Enable IDN support"
++	default n
++
++config LIBCURL_THREADED_RESOLVER
++	bool "Enable threaded DNS resolver"
++	default n
++	help
++		Enable POSIX threaded asynchronous DNS resolution
++
+ config LIBCURL_ZLIB
+-	bool "Use zlib"
++	bool "Enable zlib support"
++	default n
++
++config LIBCURL_UNIX_SOCKETS
++	bool "Enable unix domain socket support"
++	default n
++	help
++		Enable HTTP over unix domain sockets.
++		To use this with the curl command line, you specify the socket path to the new --unix-domain option.
++		This feature is actually not limited to HTTP, you can do all the TCP-based protocols 
++		except FTP over the unix domain socket, but it is only HTTP that is regularly used this way. 
++		The reason FTP isn't supported is of course its use of two connections 
++		which would be even weirder to do like this.
++
++config LIBCURL_LIBCURL_OPTION
++	bool "Enable generation of C code"
++	default n
++
++config LIBCURL_VERBOSE
++	bool "Enable verbose error strings"
+ 	default n
+ 
+-endmenu
++endif
+diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
+index 0bb8323..7f6d355 100644
+--- a/package/network/utils/curl/Makefile
++++ b/package/network/utils/curl/Makefile
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (C) 2007-2014 OpenWrt.org
++# Copyright (C) 2007-2015 OpenWrt.org
+ #
+ # This is free software, licensed under the GNU General Public License v2.
+ # See /LICENSE for more information.
+@@ -8,8 +8,8 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=curl
+-PKG_VERSION:=7.38.0
+-PKG_RELEASE:=1
++PKG_VERSION:=7.40.0
++PKG_RELEASE:=3
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
+@@ -18,7 +18,7 @@ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
+ 	ftp://ftp.planetmirror.com/pub/curl/ \
+ 	http://www.mirrormonster.com/curl/download/ \
+ 	http://curl.mirrors.cyberservers.net/download/
+-PKG_MD5SUM:=af6b3c299bd891f43cb5f76c4091b7b4
++PKG_MD5SUM:=8d30594212e65657a5c32030f0998fa9
+ 
+ PKG_LICENSE:=MIT
+ PKG_LICENSE_FILES:=COPYING
+@@ -26,34 +26,45 @@ PKG_LICENSE_FILES:=COPYING
+ PKG_FIXUP:=autoreconf
+ PKG_BUILD_PARALLEL:=1
+ 
+-PKG_CONFIG_DEPENDS := \
+-  LIBCURL_AXTLS \
+-  LIBCURL_COOKIES \
+-  LIBCURL_CRYPTO_AUTH \
+-  LIBCURL_CYASSL \
+-  LIBCURL_DICT \
+-  LIBCURL_FILE \
+-  LIBCURL_FTP \
+-  LIBCURL_GNUTLS \
+-  LIBCURL_GOPHER \
+-  LIBCURL_HTTP \
+-  LIBCURL_IMAP \
+-  LIBCURL_LDAP \
+-  LIBCURL_LDAPS \
+-  LIBCURL_LIBCURL_OPTION \
+-  LIBCURL_NOSSL \
+-  LIBCURL_OPENSSL \
+-  LIBCURL_POLARSSL \
+-  LIBCURL_POP3 \
+-  LIBCURL_PROXY \
+-  LIBCURL_RTSP \
+-  LIBCURL_SMTP \
+-  LIBCURL_SSPI \
+-  LIBCURL_TELNET \
+-  LIBCURL_TFTP \
+-  LIBCURL_THREADED_RESOLVER \
+-  LIBCURL_TLS-SRP \
+-  LIBCURL_ZLIB
++PKG_CONFIG_DEPENDS:= \
++  CONFIG_IPV6 \
++  \
++  CONFIG_LIBCURL_AXTLS \
++  CONFIG_LIBCURL_CYASSL \
++  CONFIG_LIBCURL_GNUTLS \
++  CONFIG_LIBCURL_OPENSSL \
++  CONFIG_LIBCURL_POLARSSL \
++  CONFIG_LIBCURL_NOSSL \
++  \
++  CONFIG_LIBCURL_LIBIDN \
++  CONFIG_LIBCURL_SSH2 \
++  CONFIG_LIBCURL_ZLIB \
++  \
++  CONFIG_LIBCURL_DICT \
++  CONFIG_LIBCURL_FILE \
++  CONFIG_LIBCURL_FTP \
++  CONFIG_LIBCURL_GOPHER \
++  CONFIG_LIBCURL_HTTP \
++  CONFIG_LIBCURL_IMAP \
++  CONFIG_LIBCURL_LDAP \
++  CONFIG_LIBCURL_LDAPS \
++  CONFIG_LIBCURL_POP3 \
++  CONFIG_LIBCURL_RTSP \
++  CONFIG_LIBCURL_NO_RTSP \
++  CONFIG_LIBCURL_SMB \
++  CONFIG_LIBCURL_NO_SMB \
++  CONFIG_LIBCURL_SMTP \
++  CONFIG_LIBCURL_TELNET \
++  CONFIG_LIBCURL_TFTP \
++  \
++  CONFIG_LIBCURL_COOKIES \
++  CONFIG_LIBCURL_CRYPTO_AUTH \
++  CONFIG_LIBCURL_LIBCURL_OPTION \
++  CONFIG_LIBCURL_PROXY \
++  CONFIG_LIBCURL_THREADED_RESOLVER \
++  CONFIG_LIBCURL_TLS_SRP \
++  CONFIG_LIBCURL_UNIX_SOCKETS \
++  CONFIG_LIBCURL_VERBOSE
+ 
+ include $(INCLUDE_DIR)/package.mk
+ 
+@@ -75,8 +86,9 @@ define Package/libcurl
+   $(call Package/curl/Default)
+   SECTION:=libs
+   CATEGORY:=Libraries
+-  DEPENDS:=+LIBCURL_POLARSSL:libpolarssl +LIBCURL_CYASSL:libcyassl +LIBCURL_AXTLS:libaxtls +LIBCURL_OPENSSL:libopenssl +LIBCURL_GNUTLS:libgnutls +LIBCURL_ZLIB:zlib +LIBCURL_THREADED_RESOLVER:libpthread
+-  TITLE:=A client-side URL transfer library using $(if $(CONFIG_LIBCURL_POLARSSL),PolarSSL)$(if $(CONFIG_LIBCURL_OPENSSL),OpenSSL)$(if $(CONFIG_LIBCURL_GNUTLS),GNUTLS)$(if $(CONFIG_LIBCURL_NOSSL),no SSL)
++  DEPENDS:=+LIBCURL_POLARSSL:libpolarssl +LIBCURL_CYASSL:libcyassl +LIBCURL_AXTLS:libaxtls +LIBCURL_OPENSSL:libopenssl +LIBCURL_GNUTLS:libgnutls 
++  DEPENDS += +LIBCURL_ZLIB:zlib +LIBCURL_THREADED_RESOLVER:libpthread +LIBCURL_LDAP:libopenldap +LIBCURL_LIBIDN:libidn +LIBCURL_SSH2:libssh2
++  TITLE:=A client-side URL transfer library
+   MENU:=1
+ endef
+ 
+@@ -88,46 +100,51 @@ endef
+ TARGET_CFLAGS += $(FPIC)
+ 
+ CONFIGURE_ARGS += \
++	--disable-debug \
++	--disable-ares \
+ 	--enable-shared \
+ 	--enable-static \
+-	--disable-thread \
+-	--enable-nonblocking \
+-	--disable-ares \
+-	--disable-debug \
+ 	--disable-manual \
+-	--disable-verbose \
+ 	--without-ca-bundle \
+-	--without-krb4 \
+-	--without-libidn \
+ 	--without-nss \
+-	--without-libssh2 \
++	--without-libmetalink \
++	--without-librtmp \
++	\
+ 	$(call autoconf_bool,CONFIG_IPV6,ipv6) \
+-	$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr",--without-axtls) \
+-	$(if $(CONFIG_LIBCURL_COOKIES),--enable,--disable)-cookies \
+-	$(if $(CONFIG_LIBCURL_CRYPTO-AUTH),--enable,--disable)-crypto-auth \
+-	$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
+-	$(if $(CONFIG_LIBCURL_DICT),--enable,--disable)-dict \
+-	$(if $(CONFIG_LIBCURL_FILE),--enable,--disable)-file \
+-	$(if $(CONFIG_LIBCURL_FTP),--enable,--disable)-ftp \
+-	$(if $(CONFIG_LIBCURL_GOPHER),--enable,--disable)-gopher \
+-	$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
+-	$(if $(CONFIG_LIBCURL_HTTP),--enable,--disable)-http \
+-	$(if $(CONFIG_LIBCURL_IMAP),--enable,--disable)-imap \
+-	$(if $(CONFIG_LIBCURL_LDAP),--enable,--disable)-ldap \
+-	$(if $(CONFIG_LIBCURL_LDAPS),--enable,--disable)-ldaps \
+-	$(if $(CONFIG_LIBCURL_LIBCURL-OPTION),--enable,--disable)-libcurl-option \
+-	$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
+-	$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr",--without-polarssl) \
+-	$(if $(CONFIG_LIBCURL_POP3),--enable,--disable)-pop3 \
+-	$(if $(CONFIG_LIBCURL_PROXY),--enable,--disable)-proxy \
+-	$(if $(CONFIG_LIBCURL_RTSP),--enable,--disable)-rtsp \
+-	$(if $(CONFIG_LIBCURL_TELNET),--enable,--disable)-telnet \
+-	$(if $(CONFIG_LIBCURL_TFTP),--enable,--disable)-tftp \
+-	$(if $(CONFIG_LIBCURL_SMTP),--enable,--disable)-smtp \
+-	$(if $(CONFIG_LIBCURL_SSPI),--enable,--disable)-sspi \
+-	$(if $(CONFIG_LIBCURL_THREADED_RESOLVER),--enable,--disable)-threaded-resolver \
+-	$(if $(CONFIG_LIBCURL_TLS-SRP),--enable,--disable)-tls-srp \
++	\
++	$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr" --without-ca-path,--without-axtls) \
++	$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path,--without-cyassl) \
++	$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-path,--without-gnutls) \
++	$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-ssl) \
++	$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-polarssl) \
++	\
++	$(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
++	$(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
+ 	$(if $(CONFIG_LIBCURL_ZLIB),--with-zlib="$(STAGING_DIR)/usr",--without-zlib) \
++	\
++	$(call autoconf_bool,CONFIG_LIBCURL_DICT,dict) \
++	$(call autoconf_bool,CONFIG_LIBCURL_FILE,file) \
++	$(call autoconf_bool,CONFIG_LIBCURL_FTP,ftp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_GOPHER,gopher) \
++	$(call autoconf_bool,CONFIG_LIBCURL_HTTP,http) \
++	$(call autoconf_bool,CONFIG_LIBCURL_IMAP,imap) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LDAP,ldap) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LDAPS,ldaps) \
++	$(call autoconf_bool,CONFIG_LIBCURL_POP3,pop3) \
++	$(call autoconf_bool,CONFIG_LIBCURL_RTSP,rtsp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_SMB,smb) \
++	$(call autoconf_bool,CONFIG_LIBCURL_SMTP,smtp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TELNET,telnet) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TFTP,tftp) \
++	\
++	$(call autoconf_bool,CONFIG_LIBCURL_COOKIES,cookies) \
++	$(call autoconf_bool,CONFIG_LIBCURL_CRYPTO_AUTH,crypto-auth) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LIBCURL_OPTION,libcurl-option) \
++	$(call autoconf_bool,CONFIG_LIBCURL_PROXY,proxy) \
++	$(call autoconf_bool,CONFIG_LIBCURL_THREADED_RESOLVER,threaded-resolver) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TLS_SRP,tls-srp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_UNIX_SOCKETS,unix-sockets) \
++	$(call autoconf_bool,CONFIG_LIBCURL_VERBOSE,verbose) \
+ 
+ define Build/Compile
+ 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+@@ -144,7 +161,7 @@ define Build/InstallDev
+ 	$(CP) $(PKG_BUILD_DIR)/libcurl.pc $(1)/usr/lib/pkgconfig/
+ 	$(SED) 's,-L$$$${exec_prefix}/lib,,g' $(1)/usr/bin/curl-config
+ 	[ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/libcurl.pc || true
+-	ln -sf $(STAGING_DIR)/usr/bin/curl-config $(2)/bin/
++	$(LN) $(STAGING_DIR)/usr/bin/curl-config $(2)/bin/
+ endef
+ 
+ define Package/curl/install
+diff --git a/package/network/utils/curl/patches/010-CVE-2015-3143.patch b/package/network/utils/curl/patches/010-CVE-2015-3143.patch
+new file mode 100644
+index 0000000..697c9c9
+--- /dev/null
++++ b/package/network/utils/curl/patches/010-CVE-2015-3143.patch
+@@ -0,0 +1,28 @@
++From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 13:26:46 +0200
++Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
++ match
++
++CVE-2015-3143
++
++Bug: http://curl.haxx.se/docs/adv_20150422A.html
++Reported-by: Paras Sethia
++---
++ lib/url.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -3184,7 +3184,11 @@ ConnectionExists(struct SessionHandle *d
++       }
++ 
++       if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
+++#if defined(USE_NTLM)
+++         (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {
+++#else
++          wantNTLMhttp) {
+++#endif
++         /* This protocol requires credentials per connection or is HTTP+NTLM,
++            so verify that we're using the same name and password as well */
++         if(!strequal(needle->user, check->user) ||
+diff --git a/package/network/utils/curl/patches/011-CVE-2015-3144.patch b/package/network/utils/curl/patches/011-CVE-2015-3144.patch
+new file mode 100644
+index 0000000..7da9489
+--- /dev/null
++++ b/package/network/utils/curl/patches/011-CVE-2015-3144.patch
+@@ -0,0 +1,32 @@
++From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 23:52:04 +0200
++Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++If a URL is given with a zero-length host name, like in "http://:80" or
++just ":80", `fix_hostname()` will index the host name pointer with a -1
++offset (as it blindly assumes a non-zero length) and both read and
++assign that address.
++
++CVE-2015-3144
++
++Bug: http://curl.haxx.se/docs/adv_20150422D.html
++Reported-by: Hanno Böck
++---
++ lib/url.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -3606,7 +3606,7 @@ static void fix_hostname(struct SessionH
++   host->dispname = host->name;
++ 
++   len = strlen(host->name);
++-  if(host->name[len-1] == '.')
+++  if(len && (host->name[len-1] == '.'))
++     /* strip off a single trailing dot if present, primarily for SNI but
++        there's no use for it */
++     host->name[len-1]=0;
+diff --git a/package/network/utils/curl/patches/012-CVE-2015-3145.patch b/package/network/utils/curl/patches/012-CVE-2015-3145.patch
+new file mode 100644
+index 0000000..c7ecbe9
+--- /dev/null
++++ b/package/network/utils/curl/patches/012-CVE-2015-3145.patch
+@@ -0,0 +1,53 @@
++From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 16:37:40 +0200
++Subject: [PATCH] cookie: cookie parser out of boundary memory access
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++The internal libcurl function called sanitize_cookie_path() that cleans
++up the path element as given to it from a remote site or when read from
++a file, did not properly validate the input. If given a path that
++consisted of a single double-quote, libcurl would index a newly
++allocated memory area with index -1 and assign a zero to it, thus
++destroying heap memory it wasn't supposed to.
++
++CVE-2015-3145
++
++Bug: http://curl.haxx.se/docs/adv_20150422C.html
++Reported-by: Hanno Böck
++---
++ lib/cookie.c | 12 +++++++-----
++ 1 file changed, 7 insertions(+), 5 deletions(-)
++
++--- a/lib/cookie.c
+++++ b/lib/cookie.c
++@@ -236,11 +236,14 @@ static char *sanitize_cookie_path(const
++     return NULL;
++ 
++   /* some stupid site sends path attribute with '"'. */
+++  len = strlen(new_path);
++   if(new_path[0] == '\"') {
++-    memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
+++    memmove((void *)new_path, (const void *)(new_path + 1), len);
+++    len--;
++   }
++-  if(new_path[strlen(new_path) - 1] == '\"') {
++-    new_path[strlen(new_path) - 1] = 0x0;
+++  if(len && (new_path[len - 1] == '\"')) {
+++    new_path[len - 1] = 0x0;
+++    len--;
++   }
++ 
++   /* RFC6265 5.2.4 The Path Attribute */
++@@ -252,8 +255,7 @@ static char *sanitize_cookie_path(const
++   }
++ 
++   /* convert /hoge/ to /hoge */
++-  len = strlen(new_path);
++-  if(1 < len && new_path[len - 1] == '/') {
+++  if(len && new_path[len - 1] == '/') {
++     new_path[len - 1] = 0x0;
++   }
++ 
+diff --git a/package/network/utils/curl/patches/013-CVE-2015-3148.patch b/package/network/utils/curl/patches/013-CVE-2015-3148.patch
+new file mode 100644
+index 0000000..ed52160
+--- /dev/null
++++ b/package/network/utils/curl/patches/013-CVE-2015-3148.patch
+@@ -0,0 +1,37 @@
++From 6abfb512ed22c2de891a4398616d81a2a0690b5a Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Sat, 18 Apr 2015 23:50:16 +0200
++Subject: [PATCH] http_done: close Negotiate connections when done
++
++When doing HTTP requests Negotiate authenticated, the entire connnection
++may become authenticated and not just the specific HTTP request which is
++otherwise how HTTP works, as Negotiate can basically use NTLM under the
++hood. curl was not adhering to this fact but would assume that such
++requests would also be authenticated per request.
++
++CVE-2015-3148
++
++Bug: http://curl.haxx.se/docs/adv_20150422B.html
++Reported-by: Isaac Boukris
++---
++ lib/http.c | 8 +++++++-
++ 1 file changed, 7 insertions(+), 1 deletion(-)
++
++--- a/lib/http.c
+++++ b/lib/http.c
++@@ -1493,8 +1493,14 @@ CURLcode Curl_http_done(struct connectda
++ 
++ #ifdef USE_SPNEGO
++   if(data->state.proxyneg.state == GSS_AUTHSENT ||
++-      data->state.negotiate.state == GSS_AUTHSENT)
+++      data->state.negotiate.state == GSS_AUTHSENT) {
+++    /* add forbid re-use if http-code != 401 as a WA
+++     * only needed for 401 that failed handling
+++     * otherwie state will be RECV with current code */
+++    if((data->req.httpcode != 401) && (data->req.httpcode != 407))
+++      connclose(conn, "Negotiate transfer completed");
++     Curl_cleanup_negotiate(data);
+++  }
++ #endif
++ 
++   /* set the proper values (possibly modified on POST) */
+diff --git a/package/network/utils/curl/patches/014-CVE-2015-3153.patch b/package/network/utils/curl/patches/014-CVE-2015-3153.patch
+new file mode 100644
+index 0000000..f6d37d4
+--- /dev/null
++++ b/package/network/utils/curl/patches/014-CVE-2015-3153.patch
+@@ -0,0 +1,95 @@
++From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 23 Apr 2015 15:58:21 +0200
++Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
++
++Make the HTTP headers separated by default for improved security and
++reduced risk for information leakage.
++
++Bug: http://curl.haxx.se/docs/adv_20150429.html
++Reported-by: Yehezkel Horowitz, Oren Souroujon
++---
++ docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------
++ lib/url.c                             |  1 +
++ tests/data/test1527                   |  2 +-
++ tests/data/test287                    |  2 +-
++ tests/libtest/lib1527.c               |  1 +
++ 5 files changed, 10 insertions(+), 8 deletions(-)
++
++--- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+++++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3
++@@ -5,7 +5,7 @@
++ .\" *                            | (__| |_| |  _ <| |___
++ .\" *                             \___|\___/|_| \_\_____|
++ .\" *
++-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+++.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
++ .\" *
++ .\" * This software is licensed as described in the file COPYING, which
++ .\" * you should have received as part of this distribution. The terms
++@@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle,
++ Pass a long that is a bitmask of options of how to deal with headers. The two
++ mutually exclusive options are:
++ 
++-\fBCURLHEADER_UNIFIED\fP - keep working as before. This means
++-\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers
++-and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not
++-have any effect.
+++\fBCURLHEADER_UNIFIED\fP - the headers specified in
+++\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and
+++proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have
+++any effect.
++ 
++ \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get
++ sent to a server and not to a proxy. Proxy headers must be set with
++@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil
++ headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
++ the server.
++ .SH DEFAULT
++-CURLHEADER_UNIFIED
+++CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
++ .SH PROTOCOLS
++ HTTP
++ .SH EXAMPLE
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -605,6 +605,7 @@ CURLcode Curl_init_userdefined(struct Us
++   set->ssl_enable_alpn = TRUE;
++ 
++   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+++  set->sep_headers = TRUE; /* separated header lists by default */
++   return result;
++ }
++ 
++--- a/tests/data/test1527
+++++ b/tests/data/test1527
++@@ -45,7 +45,7 @@ http-proxy
++ lib1527
++ </tool>
++  <name>
++-Check same headers are generated without CURLOPT_PROXYHEADER
+++Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED
++  </name>
++  <command>
++  http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT
++--- a/tests/data/test287
+++++ b/tests/data/test287
++@@ -28,7 +28,7 @@ http
++ HTTP proxy CONNECT with custom User-Agent header
++  </name>
++  <command>
++-http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel
+++http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
++ </command>
++ </client>
++ 
++--- a/tests/libtest/lib1527.c
+++++ b/tests/libtest/lib1527.c
++@@ -83,6 +83,7 @@ int test(char *URL)
++   test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
++   test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
++   test_setopt(curl, CURLOPT_INFILESIZE, strlen(data));
+++  test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
++ 
++   res = curl_easy_perform(curl);
++ 
+diff --git a/package/network/utils/curl/patches/015-CVE-2015-3236.patch b/package/network/utils/curl/patches/015-CVE-2015-3236.patch
+new file mode 100644
+index 0000000..720fb94
+--- /dev/null
++++ b/package/network/utils/curl/patches/015-CVE-2015-3236.patch
+@@ -0,0 +1,42 @@
++From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
++From: Kamil Dudka <kdudka@redhat.com>
++Date: Thu, 28 May 2015 20:04:35 +0200
++Subject: [PATCH] http: do not leak basic auth credentials on re-used
++ connections
++
++CVE-2015-3236
++
++This partially reverts commit curl-7_39_0-237-g87c4abb
++
++Bug: http://curl.haxx.se/docs/adv_20150617A.html
++---
++ lib/http.c | 16 ++++------------
++ 1 file changed, 4 insertions(+), 12 deletions(-)
++
++--- a/lib/http.c
+++++ b/lib/http.c
++@@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c
++                      te
++       );
++ 
++-  /*
++-   * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
++-   * the connection and shouldn't be repeated over it either.
++-   */
++-  switch (data->state.authhost.picked) {
++-  case CURLAUTH_NEGOTIATE:
++-  case CURLAUTH_NTLM:
++-  case CURLAUTH_NTLM_WB:
++-    Curl_safefree(conn->allocptr.userpwd);
++-    break;
++-  }
+++  /* clear userpwd to avoid re-using credentials from re-used connections */
+++  Curl_safefree(conn->allocptr.userpwd);
++ 
++   /*
++-   * Same for proxyuserpwd
+++   * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
+++   * with the connection and shouldn't be repeated over it either.
++    */
++   switch (data->state.authproxy.picked) {
++   case CURLAUTH_NEGOTIATE:
+diff --git a/package/network/utils/curl/patches/016-CVE-2015-3237.patch b/package/network/utils/curl/patches/016-CVE-2015-3237.patch
+new file mode 100644
+index 0000000..6942a04
+--- /dev/null
++++ b/package/network/utils/curl/patches/016-CVE-2015-3237.patch
+@@ -0,0 +1,35 @@
++From d2f1a8bdce9d77a277d05adae025d369c1bdd9e6 Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Fri, 22 May 2015 10:28:21 +0200
++Subject: [PATCH] SMB: rangecheck values read off incoming packet
++
++CVE-2015-3237
++
++Detected by Coverity. CID 1299430.
++
++Bug: http://curl.haxx.se/docs/adv_20150617B.html
++---
++ lib/smb.c | 12 +++++++++---
++ 1 file changed, 9 insertions(+), 3 deletions(-)
++
++--- a/lib/smb.c
+++++ b/lib/smb.c
++@@ -783,9 +783,15 @@ static CURLcode smb_request_state(struct
++     off = Curl_read16_le(((unsigned char *) msg) +
++                          sizeof(struct smb_header) + 13);
++     if(len > 0) {
++-      result = Curl_client_write(conn, CLIENTWRITE_BODY,
++-                                 (char *)msg + off + sizeof(unsigned int),
++-                                 len);
+++      struct smb_conn *smbc = &conn->proto.smbc;
+++      if(off + sizeof(unsigned int) + len > smbc->got) {
+++        failf(conn->data, "Invalid input packet");
+++        result = CURLE_RECV_ERROR;
+++      }
+++      else
+++        result = Curl_client_write(conn, CLIENTWRITE_BODY,
+++                                   (char *)msg + off + sizeof(unsigned int),
+++                                   len);
++       if(result) {
++         req->result = result;
++         next_state = SMB_CLOSE;
+diff --git a/package/network/utils/curl/patches/100-check_long_long.patch b/package/network/utils/curl/patches/100-check_long_long.patch
+index 05fb1bf..2dd8cc7 100644
+--- a/package/network/utils/curl/patches/100-check_long_long.patch
++++ b/package/network/utils/curl/patches/100-check_long_long.patch
+@@ -1,6 +1,6 @@
+ --- a/configure.ac
+ +++ b/configure.ac
+-@@ -2877,6 +2877,7 @@ CURL_VERIFY_RUNTIMELIBS
++@@ -2885,6 +2885,7 @@ CURL_VERIFY_RUNTIMELIBS
+  
+  AC_CHECK_SIZEOF(size_t)
+  AC_CHECK_SIZEOF(long)
+diff --git a/package/network/utils/curl/patches/200-no_docs_tests.patch b/package/network/utils/curl/patches/200-no_docs_tests.patch
+index 42619a3..2845577 100644
+--- a/package/network/utils/curl/patches/200-no_docs_tests.patch
++++ b/package/network/utils/curl/patches/200-no_docs_tests.patch
+@@ -1,6 +1,6 @@
+ --- a/Makefile.am
+ +++ b/Makefile.am
+-@@ -128,7 +128,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
++@@ -129,7 +129,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
+  bin_SCRIPTS = curl-config
+  
+  SUBDIRS = lib src include
+@@ -11,7 +11,7 @@
+  pkgconfig_DATA = libcurl.pc
+ --- a/Makefile.in
+ +++ b/Makefile.in
+-@@ -574,7 +574,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
++@@ -577,7 +577,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
+  
+  bin_SCRIPTS = curl-config
+  SUBDIRS = lib src include
+@@ -19,4 +19,4 @@
+ +DIST_SUBDIRS = $(SUBDIRS) packages
+  pkgconfigdir = $(libdir)/pkgconfig
+  pkgconfig_DATA = libcurl.pc
+- LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c	\
++ LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
+diff --git a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
+new file mode 100644
+index 0000000..3f88861
+--- /dev/null
++++ b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
+@@ -0,0 +1,25 @@
++--- a/lib/curl_ntlm_msgs.c
+++++ b/lib/curl_ntlm_msgs.c
++@@ -571,7 +571,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes
++   else
++ #endif
++ 
++-#if USE_NTRESPONSES && USE_NTLM2SESSION
+++#if USE_NTRESPONSES && USE_NTLM2SESSION && !defined(CURL_DISABLE_CRYPTO_AUTH)
++   /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
++   if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
++     unsigned char ntbuffer[0x18];
++--- a/lib/vtls/vtls.c
+++++ b/lib/vtls/vtls.c
++@@ -835,9 +835,9 @@ void Curl_ssl_md5sum(unsigned char *tmp,
++                      unsigned char *md5sum, /* output */
++                      size_t md5len)
++ {
++-#ifdef curlssl_md5sum
+++#if defined(curlssl_md5sum)
++   curlssl_md5sum(tmp, tmplen, md5sum, md5len);
++-#else
+++#elif !defined(CURL_DISABLE_CRYPTO_AUTH)
++   MD5_context *MD5pw;
++ 
++   (void) md5len;
+diff --git a/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch
+new file mode 100644
+index 0000000..d008227
+--- /dev/null
++++ b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch
+@@ -0,0 +1,11 @@
++--- a/lib/vtls/polarssl.c
+++++ b/lib/vtls/polarssl.c
++@@ -591,7 +591,7 @@ void Curl_polarssl_session_free(void *pt
++ 
++ size_t Curl_polarssl_version(char *buffer, size_t size)
++ {
++-  unsigned int version = version_get_number();
+++  unsigned int version = POLARSSL_VERSION_NUMBER;
++   return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
++                   (version>>16)&0xff, (version>>8)&0xff);
++ }