!90 delete useless patch
Merge pull request !90 from robertxw/openEuler-22.03-LTS-Next-dev
This commit is contained in:
openeuler-ci-bot
Gitee
commit
d7c4fad75e
@ -1,45 +0,0 @@
|
|||||||
From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Stenberg <daniel@haxx.se>
|
|
||||||
Date: Thu, 7 Nov 2019 10:13:01 +0100
|
|
||||||
Subject: [PATCH] file: on Windows, refuse paths that start with \\
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
... as that might cause an unexpected SMB connection to a given host
|
|
||||||
name.
|
|
||||||
|
|
||||||
Reported-by: Fernando Muñoz
|
|
||||||
CVE-2019-15601
|
|
||||||
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
|
|
||||||
---
|
|
||||||
lib/file.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/file.c b/lib/file.c
|
|
||||||
index d349cd9..166931d 100644
|
|
||||||
--- a/lib/file.c
|
|
||||||
+++ b/lib/file.c
|
|
||||||
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
|
||||||
{
|
|
||||||
char *real_path;
|
|
||||||
struct FILEPROTO *file = data->req.p.file;
|
|
||||||
- int fd;
|
|
||||||
+ int fd = -1;
|
|
||||||
#ifdef DOS_FILESYSTEM
|
|
||||||
size_t i;
|
|
||||||
char *actual_path;
|
|
||||||
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
|
||||||
return CURLE_URL_MALFORMAT;
|
|
||||||
}
|
|
||||||
|
|
||||||
- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
|
||||||
+ if(strncmp("\\\\", actual_path, 2))
|
|
||||||
+ /* refuse to open path that starts with two backslashes */
|
|
||||||
+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
|
||||||
file->path = actual_path;
|
|
||||||
#else
|
|
||||||
if(memchr(real_path, 0, real_path_len)) {
|
|
||||||
--
|
|
||||||
1.8.3.1
|
|
||||||
|
|
||||||
@ -6,14 +6,13 @@
|
|||||||
|
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.79.1
|
Version: 7.79.1
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: Curl is used in command lines or scripts to transfer data
|
Summary: Curl is used in command lines or scripts to transfer data
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://curl.haxx.se/
|
URL: https://curl.haxx.se/
|
||||||
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
|
||||||
|
|
||||||
Patch1: backport-0101-curl-7.32.0-multilib.patch
|
Patch1: backport-0101-curl-7.32.0-multilib.patch
|
||||||
Patch2: backport-0106-curl-fix-CVE-2019-15601.patch
|
|
||||||
|
|
||||||
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
||||||
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
|
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
|
||||||
@ -162,6 +161,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 20 2022 yanglu <yanglu72@huawei.com> - 7.79.1-2
|
||||||
|
- Type:bugfix
|
||||||
|
- CVE:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:delete useless patch
|
||||||
|
|
||||||
* Tue Dec 14 2021 yanglu <yanglu72@huawei.com> - 7.79.1-1
|
* Tue Dec 14 2021 yanglu <yanglu72@huawei.com> - 7.79.1-1
|
||||||
- Type:requirement
|
- Type:requirement
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user