Package: curl / 7.26.0-1+wheezy13
Metadata
Package | Version | Patches format |
---|---|---|
curl | 7.26.0-1+wheezy13 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_runtests_gdb.patch | (download) |
tests/runtests.pl |
6 3 + 3 - 0 ! |
runtests_gdb. |
02_art_http_scripting.patch | (download) |
docs/index.html |
2 1 + 1 - 0 ! |
fix path to "theartofhttpscripting" in docs. |
03_keep_symbols_compat.patch | (download) |
lib/libcurl.vers.in |
2 1 + 1 - 0 ! |
keep versioned symbols backwards compatibility. |
04_workaround_as_needed_bug.patch | (download) |
ltmain.sh |
14 14 + 0 - 0 ! |
work around libtool --as-needed reordering bug |
05_curl sasl CVE 2013 0249.patch | (download) |
lib/smtp.c |
25 8 + 17 - 0 ! |
fix buffer overflow in smtp digest-md5 negotiation When negotiating SMTP DIGEST-MD5 authentication, the function smtp_state_authdigest_resp() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack. |
06_curl tailmatch CVE 2013 1944.patch | (download) |
lib/cookie.c |
24 19 + 5 - 0 ! |
[patch] cookie: fix tailmatching to prevent cross-domain leakage Cookies set for 'example.com' could accidentaly also be sent by libcurl to the 'bexample.com' (ie with a prefix to the first domain name). lib/cookie.c | 24 |
07_test1218 another cookie tailmatch test.patch | (download) |
tests/data/Makefile.am |
1 1 + 0 - 0 ! |
[patch] test1218: another cookie tailmatch test ... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html |
08_CVE 2013 2174.patch | (download) |
lib/escape.c |
3 2 + 1 - 0 ! |
[patch] curl_urldecode: no peeking beyond end of input buffer Security problem: CVE-2013-2174 If a program would give a string like "%" to curl_easy_unescape(), it would still consider the % as start of an encoded character. The function then not only read beyond the buffer but it would also deduct the *unsigned* counter variable for how many more bytes there's left to read in the buffer by two, making the counter wrap. Continuing this, the function would go on reading beyond the buffer and soon writing beyond the allocated target buffer... Bug: http://curl.haxx.se/docs/adv_20130622.html Reported-by: Timo Sirainen |
09_reset timecond.patch | (download) |
lib/getinfo.c |
1 1 + 0 - 0 ! |
[patch] getinfo.c: reset timecond when clearing session-info variables Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783 Reported-by: Ludovico Cavedon <cavedon@debian.org> |
10_CVE 2013 4545.patch | (download) |
lib/ssluse.c |
2 1 + 1 - 0 ! |
[patch] openssl: acknowledge curlopt_ssl_verifyhost without VERIFYPEER Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett |
11_disable verifyhost with insecure.patch | (download) |
src/tool_operate.c |
2 1 + 1 - 0 ! |
[patch] curl: set curlopt_ssl_verifyhost to 0 to disable Bug-Debian: http://bugs.debian.org/729965 |
12_CVE 2013 6422.patch | (download) |
lib/gtls.c |
8 2 + 6 - 0 ! |
[patch] gtls: respect *verifyhost independently of *verifypeer This is basically the same fix that 3c3622b6 brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit 59cf93cc, present in the code since the libcurl 7.21.4 release. Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers |
13_CVE 2014 0015.patch | (download) |
lib/url.c |
4 2 + 2 - 0 ! |
[patch] connectionexists: fix ntlm check for new connection When the requested authentication bitmask includes NTLM, we cannot re-use a connection for another username/password as we then risk re-using NTLM (connection-based auth). This has the unfortunate downside that if you include NTLM as a possible auth, you cannot re-use connections for other usernames/passwords even if NTLM doesn't end up the auth type used. Reported-by: Paras S Patched-by: Paras S Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html |
14_CVE 2014 0138.patch | (download) |
lib/http.c |
2 1 + 1 - 0 ! |
fix connection re-use when using different log-in credentials In addition to FTP, other connection based protocols such as IMAP, POP3, |
15_CVE 2014 0139.patch | (download) |
lib/ssluse.c |
14 14 + 0 - 0 ! |
reject ip address wildcard matches There are server certificates used with IP address in the CN field, but we MUST not allow wildcard certs for hostnames given as IP addresses only. Therefore we must make Curl_cert_hostcheck() fail such attempts. |
16_CVE 2014 3613.patch | (download) |
lib/cookie.c |
49 39 + 10 - 0 ! |
only use full host matches for hosts used as ip address |
17_CVE 2014 3620.patch | (download) |
lib/cookie.c |
6 6 + 0 - 0 ! |
reject incoming cookies set for tlds |
18_CVE 2014 3707.patch | (download) |
lib/formdata.c |
52 9 + 43 - 0 ! |
[patch] curl_easy_duphandle: curlopt_copypostfields read out of bounds When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis |
19_CVE 2014 8150.patch | (download) |
lib/url.c |
7 7 + 0 - 0 ! |
[patch] url-parsing: reject crlfs within urls Bug: http://curl.haxx.se/docs/adv_20150108B.html Reported-by: Andrey Labunets |
20_CVE 2015 3143.patch | (download) |
lib/url.c |
5 3 + 2 - 0 ! |
[patch] connectionexists: for ntlm re-use, require credentials to match Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia |
21_CVE 2015 3148 1.patch | (download) |
lib/http.c |
6 6 + 0 - 0 ! |
[patch] don't clear gssapi state between each exchange in the negotiation GSSAPI doesn't work very well if we forget everything ever time. XX: Is Curl_http_done() the right place to do the final cleanup? |
22_CVE 2015 3148 2.patch | (download) |
lib/http.c |
8 7 + 1 - 0 ! |
[patch] http_done: close negotiate connections if not 401 When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris |
90_gnutls.patch | (download) |
configure.ac |
4 2 + 2 - 0 ! |
build with gnutls. |
99_nss.patch | (download) |
configure.ac |
2 1 + 1 - 0 ! |
build with nss. |