Seonah Moon [Fri, 25 Sep 2020 08:06:27 +0000 (17:06 +0900)]
multi_done: if multiplexed, make conn->data point to another transfer
... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong since that handle might be
about to get freed.
Fixes #4845
Closes #4858
Reported-by: dmitrmax on github
https://github.com/curl/curl/issues/4845
Change-Id: I597f1538c7ff646a13d24ab547437fd2dc037f00
Seonah Moon [Fri, 25 Sep 2020 08:06:03 +0000 (17:06 +0900)]
Revert "multi_done: if multiplexed, make conn->data point to another transfer"
This reverts commit
44b97d568351daa1741b591bf0c3ab754ad07060.
Seonah Moon [Fri, 25 Sep 2020 08:04:59 +0000 (17:04 +0900)]
multi_done: if multiplexed, make conn->data point to another transfer
... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong since that handle might be
about to get freed.
Fixes #4845
Closes #4858
Reported-by: dmitrmax on github
Change-Id: Ic03d65132e8116b0423d8b6715207d2dd04c7c5b
Seonah Moon [Fri, 18 Sep 2020 01:09:50 +0000 (10:09 +0900)]
Add strict-ssl-check option to avoid unexpected 56 error
SSL_ERROR_SYSCALL has been handled little stricter since curl 7.67.
(For example, 56 error occurs when server clase the connection abruptly
without a close_notify alert.)
The change is applied only in debug build for compatibility with older
peers.
However, Curl in Tizen is built with debug option.
So, Unexpected 56 error can occurs.
To avoid it, This patch creates new option and disable it.
Change-Id: I6d2b493aa1ce1ea2ce7fe1151f8948537e52c332
Seonah Moon [Thu, 28 May 2020 05:23:01 +0000 (14:23 +0900)]
mime: properly check Content-Type even if it has parameters
New test 669 checks this fix is effective.
Fixes #5256
Reported-by: thanhchungbtc on github
https://github.com/curl/curl/pull/5258/commits/
96819869a975277308ef88b256f9ab9b788091f5
Change-Id: Icc77c1f01a859cb821dccc5a9cb1003e4e166117
Seonah Moon [Mon, 24 Feb 2020 08:22:32 +0000 (17:22 +0900)]
Imported Upstream version 7.68.0
Change-Id: Ifa484ccc2d444376bfa8c21ca8d9b63d8f48bf05
Seonah Moon [Mon, 24 Feb 2020 06:56:49 +0000 (15:56 +0900)]
Imported Upstream version 7.68.0
Change-Id: I37422e43c2c4c25904a4fc2a391c4a32ba3b9f5c
Seonah Moon [Tue, 3 Dec 2019 07:01:29 +0000 (16:01 +0900)]
Migrate to openssl 1.1
Change-Id: I465e6d39e1e167784bc79989c4b039721f61adc1
Seonah Moon [Thu, 9 Jan 2020 03:48:56 +0000 (12:48 +0900)]
http2: don't call stream-close on already closed streams
- bug: https://github.com/curl/curl/issues/4043
- fix: https://github.com/curl/curl/commit/
c0c40ab075cdf86424dfe346a70a31b08dc651da
Change-Id: I90808233da69e8fc3d03189f8514bca1f73d90ee
Nishant Chaprana [Mon, 6 Jan 2020 07:15:44 +0000 (12:45 +0530)]
Fix segfault in h2_session_send
The crash is observed after below patches are applied:-
Crash in upstream libcurl: https://github.com/curl/curl/commit/
fb445a1e18d12f577964c9347bc5bca74b37cd08
Crash in Tizen: https://review.tizen.org/gerrit/#/c/platform/upstream/curl/+/220576
The same crash has been reported in upstream libcurl package.
Issue #1: https://github.com/curl/curl/issues/3463
Issue #2: https://github.com/curl/curl/issues/3541
Below are the solution patches are used for creating this fix
Patch #1: https://github.com/curl/curl/commit/
54b201b48c90a2fb03c2baf90837c6b63adbc344
Patch #2: https://github.com/curl/curl/commit/
f1af63149389cab2519b39b8056df68f5df36b91
Patch #3: https://github.com/curl/curl/commit/
4015fae044ce52a639c9358e22a9e948f287c89f
Change-Id: Iaa4a05feb6a66d9781d4e7ae07297ce369744d3d
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Daniel Stenberg [Thu, 19 Dec 2019 11:47:27 +0000 (17:17 +0530)]
url: make Curl_close() NULLify the pointer too.
This is the common pattern used in the code and by a unified approach we
avoid mistakes.
Backported patch details:
https://github.com/curl/curl/commit/
dcd7e37c3a0ce108635b89cacc1e3425e57bd3bc
Change-Id: I453175ca40d8e8dfa7611f026ec7513dc230d16f
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Daniel Stenberg [Thu, 19 Dec 2019 09:00:41 +0000 (14:30 +0530)]
disconnect: set conn->data for protocol disconnect
Follow-up to
fb445a1e18d: Set conn->data explicitly to point out the
current transfer when invoking the protocol-specific disconnect function
so that it can work correctly.
Backported patch details:
https://github.com/curl/curl/commit/
f3ce38739fa49008e36959aa8189c01ab1bad5b5
Change-Id: I0f86f4f9e086ebc0954f0d9935830bb93acb4090
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Daniel Stenberg [Thu, 19 Dec 2019 08:56:40 +0000 (14:26 +0530)]
disconnect: separate connections and easy handles better
Do not assume/store assocation between a given easy handle and the
connection if it can be avoided.
Long-term, the 'conn->data' pointer should probably be removed as it is a
little too error-prone. Still used very widely though.
Backported patch details:
https://github.com/curl/curl/pull/3400/commits/
fb445a1e18d12f577964c9347bc5bca74b37cd08
Change-Id: I18aa2cb7097b8598c90ddf8c8c68a9fecd86e295
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Niraj Kumar Goit [Fri, 13 Dec 2019 13:47:06 +0000 (19:17 +0530)]
Revert "ares: remove fd from multi fd set when ares is about to close the fd"
ares: remove fd from multi fd set when ares is about to close the fd
8dfb92873af9de5d883e191e0097be32c78a7d0f
Change-Id: Ic6ce203ae3609a539f70c5ae4cb1d4b3812ae80d
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Thu, 12 Dec 2019 04:26:58 +0000 (13:26 +0900)]
Change HAPPY_EYEBALLS_DNS_TIMEOUT to 1 sec for TV profile
Change-Id: I8f29a511322905036005cf8df13640518c6be7bc
Seonah Moon [Thu, 12 Dec 2019 02:18:13 +0000 (11:18 +0900)]
Apply the Happy Eyeballs philosophy to parallel c-ares queries
Change-Id: Ic067a067b2562a1b2b4f978f32f20b269abd0886
Niraj Kumar Goit [Mon, 2 Dec 2019 15:13:52 +0000 (20:43 +0530)]
curl_multi_remove_handle() don't block terminating c-ares requests
Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to confirm
curl_multi_remove_handle() doesn't block unless it must.
Backported patch details:
https://github.com/curl/curl/commit/
84a30d0a419ad95c53cbdfc76eb2eb75d2e51835
Change-Id: I40917dbf8262249250942c9dcb71a31e6cf0df90
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Niraj Kumar Goit [Mon, 2 Dec 2019 10:04:23 +0000 (15:34 +0530)]
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.
By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.
In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data
Backported patch details:
https://github.com/curl/curl/commit/
6765e6d9e6a32bb4fc666d744cb57e2d55d4e13b
Change-Id: I62b2d244cb0f38a4c4a76ad804c7fd69f9222484
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Wed, 30 Oct 2019 02:34:31 +0000 (11:34 +0900)]
Curl_fillreadbuffer: avoid double-free trailer buf on error
Backported Patch link:
https://github.com/curl/curl/pull/4307
Change-Id: I5b695b661cf946b74e065d1a65697e74d7ef8af6
Seonah Moon [Tue, 8 Oct 2019 06:29:30 +0000 (15:29 +0900)]
Revert "Use openssl-1.1"
This reverts commit
6b333876d2db240bd01e0dcec950b2d12dc8eae5.
Change-Id: Ia687599375fb2953e9df43f7195877726c5ffa29
Seonah Moon [Tue, 24 Sep 2019 06:25:37 +0000 (15:25 +0900)]
http2: Stop drain from being permanently set on
Various functions called within Curl_http2_done() can have the
side-effect of setting the Easy connection into drain mode (by calling
drain_this()). However, the last time we unset this for a transfer (by
calling drained_transfer()) is at the beginning of Curl_http2_done().
If the Curl_easy is reused for another transfer, it is then stuck in
drain mode permanently, which in practice makes it unable to write any
data in the new transfer.
This fix moves the last call to drained_transfer() to later in
Curl_http2_done(), after the functions that could potentially call for a
drain.
Fixes #3966
Reported-by: Josie-H
Change-Id: I83ee02bf9017c9aa3d27d50580a0f89b8ec1d05d
Daniel Stenberg [Tue, 3 Sep 2019 20:59:32 +0000 (22:59 +0200)]
security:read_data fix bad realloc()
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
Change-Id: I4eab9aceba3ad01607eb4f302200e9f949ea4312
Seonah Moon [Thu, 19 Sep 2019 04:56:58 +0000 (13:56 +0900)]
ftp: Alloc maximum blksize, and use default unless OACK is received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
Change-Id: I6c63f958f4b49aa214ea4adb55c8f85a4b1606cc
Daniel Stenberg [Fri, 3 May 2019 20:20:37 +0000 (22:20 +0200)]
tftp: use the current blksize for recvfrom()
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
link: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275.patch
Change-Id: Ic6093d1d475ed9ba87e41cff315befdc3aca9c1d
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Jaehyun Kim [Wed, 24 Jul 2019 06:56:29 +0000 (06:56 +0000)]
Merge "curl_easy_perform: fix timeout handling" into tizen_base
Daniel Stenberg [Sat, 24 Nov 2018 22:20:19 +0000 (23:20 +0100)]
curl_easy_perform: fix timeout handling
curl_multi_wait() was erroneously used from within
curl_easy_perform(). It could lead to it believing there was no socket
to wait for and then instead sleep for a while instead of monitoring the
socket and then miss acting on that activity as swiftly as it should
(causing an up to 1000 ms delay).
Reported-by: Antoni Villalonga
Fixes #3305
Clodes #3306
Backported patch details:
https://github.com/curl/curl/commit/
d04cef9ce1d710902d90b62de01115b9bbe958bf.patch
Change-Id: I08d95e996dd9bab5d9fd7c7fe581fdb40c8a0de8
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Tue, 23 Jul 2019 08:51:14 +0000 (17:51 +0900)]
CURL_MAX_INPUT_LENGTH: largest acceptable string input size
This limits all accepted input strings passed to libcurl to be less than
CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls:
curl_easy_setopt() and curl_url_set().
The 8000000 number is arbitrary picked and is meant to detect mistakes
or abuse, not to limit actual practical use cases. By limiting the
acceptable string lengths we also reduce the risk of integer overflows
all over.
NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
Test 1559 verifies.
ClosesThis commit closes pull request #3805. #3805
CVE-2019-5435
Change-Id: I0a6d76769e1471352a477a8b1160672757a2de54
cheoleun moon [Thu, 9 May 2019 09:21:00 +0000 (09:21 +0000)]
Merge "Use openssl-1.1" into tizen_base
Seonah Moon [Thu, 9 May 2019 02:27:13 +0000 (11:27 +0900)]
link missed library for DLP
Change-Id: I77ab3d84ffae5851d9a81a8f834dfce08b34bf6f
Seonah Moon [Thu, 9 May 2019 04:26:42 +0000 (13:26 +0900)]
Revert "link missed library for DLP"
This reverts commit
14bcc6b79f4f26ee7821f1809961bddc3a1ae63d.
Change-Id: I2fe882d909e8a4d0669ad4a5a63a856ebd0b6d53
Seonah Moon [Thu, 9 May 2019 02:27:13 +0000 (11:27 +0900)]
link missed library for DLP
Change-Id: If9719a2c13e7d2f37ed1d53b81f070fbfd5bc022
Cheoleun Moon [Tue, 7 May 2019 08:46:36 +0000 (17:46 +0900)]
Use openssl-1.1
Change-Id: I152d19a11c8bd12e63c3e573bba73668262099e8
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:51:06 +0000 (12:21 +0530)]
NTLM: fix size check condition for type2 received data
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890
Backported patch details:-
Link: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb.patch
Change-Id: I15fc8002280680a7cf194dd02a5d7751cc7dbc71
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:45:26 +0000 (12:15 +0530)]
ntlm: fix *_type3_message size check to avoid buffer overflow
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822
Backported patch details:-
Link: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc.patch
Change-Id: I40a37af26b81a4cefe4a26f19697e7a73b17eaf6
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:41:38 +0000 (12:11 +0530)]
smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
Backported patch details:-
Link: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484.patch
Change-Id: Ie00a759a464e51ded79d2288844053740db055b4
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
cheoleun moon [Tue, 4 Dec 2018 04:39:52 +0000 (04:39 +0000)]
Merge "Force to use getifaddrs() to get interface addresses" into tizen_base
Seonah Moon [Tue, 20 Nov 2018 08:08:13 +0000 (17:08 +0900)]
Force to use getifaddrs() to get interface addresses
Change-Id: I19edb6f0066af959de76d86e75eabfee29ea5c00
Seonah Moon [Thu, 8 Nov 2018 05:10:19 +0000 (14:10 +0900)]
Merge tag 'upstream/7.62.0' into tizen_base
Change-Id: I9fd8d310e211fdeb3b0e60097b6bd81fb8e78e9b
Seonah Moon [Thu, 8 Nov 2018 05:02:01 +0000 (14:02 +0900)]
Imported Upstream version 7.62.0
Change-Id: Ie916d8e445e0cc69e112cee470744a96a9c84799
Seonah Moon [Wed, 19 Sep 2018 04:09:40 +0000 (13:09 +0900)]
Set dns timeout and tries for TV
Change-Id: Id46d468d2dcf15ec39dabf45f5edf077a260f6f7
Seonah Moon [Mon, 17 Sep 2018 06:39:17 +0000 (15:39 +0900)]
Add cipher selection for TV
ipv6 option will be enabled next commit
Change-Id: Ie0e32617cf8140b6267b82548bc9b531de2f09d5
Seonah Moon [Fri, 14 Sep 2018 02:46:56 +0000 (11:46 +0900)]
Enable IPv6 for TV
Change-Id: I409747255d59b5e67716b606ce8c377b652fe72c
Seonah Moon [Fri, 14 Sep 2018 02:45:12 +0000 (11:45 +0900)]
Revert "Enable IPv6 for TV"
This reverts commit
5ca14f8d2be7326d956b3aa61f45102c472b0392.
Seonah Moon [Fri, 14 Sep 2018 02:34:24 +0000 (11:34 +0900)]
Enable IPv6 for TV
Change-Id: I53d34c6604be5cc01583f1b148c8fb4ad9db83e9
Seonah Moon [Mon, 2 Jul 2018 05:04:50 +0000 (14:04 +0900)]
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.
Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.htm
Change-Id: I02d35b9494356aaec1ca1f8eab0353a58c849e11
Seonah Moon [Mon, 2 Jul 2018 04:54:24 +0000 (13:54 +0900)]
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
Change-Id: I0bd3b891aef2bf08fdb485d135e695c2eeab86a7
chleun.moon [Fri, 27 Apr 2018 02:54:50 +0000 (11:54 +0900)]
Modify macro for tv profile
Change-Id: Idb324c07ce007d1949f790c75cf703ff269e342f
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Seonah Moon [Wed, 18 Apr 2018 07:52:58 +0000 (16:52 +0900)]
Apply DLP feature
Change-Id: I5d53e6655bb57364d5008a1beab388b7ba53be66
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: I13eaf3ca85d8b516dbc091acae9646e705a75f5e
Seonah Moon [Fri, 20 Apr 2018 06:42:40 +0000 (15:42 +0900)]
Update version to 7.59.0
Change-Id: I6be132aa9b0e2b3be821aae3cdac292525a7aa09
Seonah Moon [Thu, 12 Apr 2018 07:25:13 +0000 (16:25 +0900)]
Imported Upstream version 7.59.0
Change-Id: I06221d49da39082f95030ab57617a1e23fbda58b
Seonah Moon [Thu, 25 Jan 2018 05:47:22 +0000 (14:47 +0900)]
Disable the IDN feature temporary
This feature will be enabled after resolving build dependency issue
Change-Id: I6b7d8292015adbe5b488210176cf19c085b0aaf1
taesub kim [Wed, 24 Jan 2018 04:54:47 +0000 (04:54 +0000)]
Merge "Use icu library for IDN feature" into tizen
taesub kim [Wed, 24 Jan 2018 04:48:31 +0000 (04:48 +0000)]
Merge "Use icu library for IDN feature" into tizen
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: Ie0cae521c7eacfcd788a32b90adc20ba19ec66da
Abhishek Sansanwal [Mon, 22 Jan 2018 09:27:02 +0000 (14:57 +0530)]
Added hardening compiler flags in the spec file.
Description: Enabled stack protector, relro, PIE,
fortify source and other flags
Change-Id: I2e569da65cec7120f8ed250a06808f5efb408eb9
Signed-off-by: Abhishek Sansanwal <abhishek.s94@samsung.com>
tizen [Wed, 1 Nov 2017 18:08:44 +0000 (16:08 -0200)]
Fix dlclose issue when calling DLP feature
Change-Id: Id84c9f70c250b3798b4c2b730a45f817b5341c2a
Signed-off-by: tizen <s.moraes@samsung.com>
jungkon.kim [Thu, 19 Oct 2017 09:36:59 +0000 (18:36 +0900)]
fix the handle_leak (Svace 302948 and 302613)
Change-Id: Id67c2f7b034ead0a74db4b652a4065dac8e8b4d9
tizen [Wed, 18 Oct 2017 17:08:53 +0000 (15:08 -0200)]
Adding integration with DLP feature from privacy-guard
Change-Id: I2959feebaecfc6acbd87ab483a4f017d48b65de1
Signed-off-by: tizen <s.moraes@samsung.com>
taesub kim [Tue, 17 Oct 2017 05:59:17 +0000 (05:59 +0000)]
Revert "Integration w/ DLP feature from privacy-guard"
This reverts commit
a6b689d7dfbfaab9138d32e148b08bf51b175703.
Change-Id: I7d32406cd7f4368e8ee60e3ad8b068c3d2d86c84
Saulo Moraes [Tue, 12 Sep 2017 21:08:31 +0000 (18:08 -0300)]
Integration w/ DLP feature from privacy-guard
Change-Id: I5ccf039d400dfd5ba0d7bcab7e75bc82aef5b6e8
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: I4c00d1921e5ee15f3572af5e5a060049e7815a14
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 9 Aug 2017 08:19:56 +0000 (17:19 +0900)]
Apply ASLR to curl command tool
Change-Id: Iffcece4c6629c0521545a1e841fe1858687befad
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 1 Aug 2017 06:57:10 +0000 (15:57 +0900)]
Fixed build error
Change-Id: Ib87d1e5101f430bfdde69d8f1afaddbfefc6c61b
Seonah Moon [Fri, 21 Jul 2017 07:24:55 +0000 (16:24 +0900)]
Remove unnecessary configure file
Change-Id: I84ad19bc5aa63967edc68c7797d524823a962b23
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 21 Jul 2017 06:54:13 +0000 (15:54 +0900)]
Add glib2 dependency to support IDN
Change-Id: Ie330340da408b1cf57fca5c30c0f7dac88d85eb7
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Daniel Stenberg [Tue, 6 Jun 2017 22:21:04 +0000 (00:21 +0200)]
[CVE-2017-9502] url: fix buffer overwrite with file protocol
https://github.com/curl/curl/issues/1540
Change-Id: Ic0c511886a16d0655e416882ee9719d1ac120be6
Jay Satiro [Wed, 22 Mar 2017 05:59:49 +0000 (01:59 -0400)]
[CVE-2017-7468] TLS: Fix switching off SSL session id when client cert is used
- Move the sessionid flag to ssl_primary_config so that ssl and
proxy_ssl will each have their own sessionid flag.
Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
this issue had been fixed in 247d890, CVE-2016-5419.
https://github.com/curl/curl/issues/1341
Change-Id: I3e6e176dafc6e6f103e5d9c077835f620783a3b1
Seonah Moon [Mon, 19 Jun 2017 01:15:46 +0000 (10:15 +0900)]
[CVE-2017-7407] --write-out out of buffer read
https://curl.haxx.se/docs/adv_20170403.html
Change-Id: I3cc866289e8929b52d31914f2f3164e18a2e1b5d
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub kim [Fri, 9 Jun 2017 01:40:59 +0000 (01:40 +0000)]
Revert "Add dependency of nghttp2-devel"
This reverts commit
129a8fb222e334176769a51ab28cdc0923af4ece.
Change-Id: Icc2a618a477fec16c28256a2ea36dd8a10fe114c
Seonah Moon [Thu, 8 Jun 2017 06:15:47 +0000 (15:15 +0900)]
Add dependency of nghttp2-devel
Change-Id: Ib78ccd11318ed885fd19f3b809c1b47c94167b4f
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 28 Mar 2017 10:07:37 +0000 (19:07 +0900)]
Used %license macro
Change-Id: Ia5c38d98ea11d1e457014f7210913261a59f5b43
Seonah Moon [Thu, 23 Mar 2017 08:02:09 +0000 (17:02 +0900)]
Update version to 7.53.1
Change-Id: I1833883d4e258c60fb93020688eb7e3ff3e2eb47
taesub kim [Thu, 23 Mar 2017 07:45:32 +0000 (16:45 +0900)]
Imported Upstream version 7.53.1
Change-Id: Id0454e17b6cb083c803c5497d34964dd8fa0dbc6
taesub kim [Thu, 23 Mar 2017 07:38:33 +0000 (00:38 -0700)]
Revert "Imported Upstream version 7.53.1"
This reverts commit
e9bdad71c8277e20607fa1eaf0027d53a0dc1f37.
Change-Id: I4a4edd3ce2207a6f13162aaaf92467a7c1dffd72
taesub kim [Thu, 23 Mar 2017 07:35:59 +0000 (00:35 -0700)]
Revert "Changed the path of license by using '%license' macro"
This reverts commit
3487493aece049d88444f96dee3a2d3f4fdfbb9c.
Change-Id: I1e29fb50e16c45d649779de96404adbc184f1f5e
Seonah Moon [Wed, 22 Mar 2017 05:43:30 +0000 (14:43 +0900)]
Changed the path of license by using '%license' macro
Change-Id: I685efdeb2ab23b18d7935a95e42690d723db632c
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub kim [Wed, 22 Mar 2017 05:21:38 +0000 (14:21 +0900)]
Imported Upstream version 7.53.1
Change-Id: I575eb99bf2face4938a57889412327e285116bf3
Daniel Stenberg [Tue, 7 Mar 2017 07:08:55 +0000 (08:08 +0100)]
ares: Curl_resolver_wait_resolv: clear *entry first in function
Change-Id: Ia55a6ca41ba2c75fedd114fcfb8aef8ddb968e4e
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Daniel Stenberg [Mon, 6 Mar 2017 21:45:10 +0000 (22:45 +0100)]
ares: better error return on timeouts
Assisted-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
Change-Id: I7779aa144996b539d7a706b776cee09eebae6dcb
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Daniel Stenberg [Mon, 6 Mar 2017 08:21:01 +0000 (09:21 +0100)]
ares: return error at once if timed out before name resolve starts
Pointed-out-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
Change-Id: I7c38e9dc6f386001692fa3b02f5bba00b59f4f45
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Seonah Moon [Thu, 29 Dec 2016 10:18:45 +0000 (19:18 +0900)]
[P161227-02691, P161220-01444] Force ongoing connections to close in close_all_connections()
Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html
Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html
Change-Id: I6e015569958cc0da3bd9b03f17d4b32d475ebd0e
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 24 Nov 2016 08:27:17 +0000 (17:27 +0900)]
Remove dependency with ca-certificates
Change-Id: Ic4b50ae08734463d9d1a37f86ec60a8f2459e818
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 22 Nov 2016 07:53:24 +0000 (16:53 +0900)]
[CVE-2016-7167] curl escape and unescape integer overflows
Change-Id: Iffbaa7823c992cd93b8961ce69e7f6ac3f903e36
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 14 Nov 2016 06:50:11 +0000 (15:50 +0900)]
Add default CA bundle
Change-Id: Icc8dd83f8ab59cb18e6d9d6a7f732c6d1ba7cfa4
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 1 Oct 2015 04:27:10 +0000 (13:27 +0900)]
Add default cipher list for TV
Change-Id: Ibe293221f37388b85aed58ec40793baac2cccd14
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 4 Oct 2016 07:35:59 +0000 (16:35 +0900)]
openssl: fix bad memory free (regression)
The allocation could be made by OpenSSL so the free must be made with OPENSSL_free() to avoid problems.
(https://github.com/curl/curl/issues/1005)
Change-Id: I07527924fe20ed859cbd5d7ade356410c64d71c7
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 23 Sep 2016 05:12:16 +0000 (14:12 +0900)]
Update to 7.50.2
Change-Id: I1c5ba709c310e2c1735c12102e48f71d3413146b
Seonah Moon [Fri, 23 Sep 2016 04:49:53 +0000 (13:49 +0900)]
Imported Upstream version 7.50.2
Change-Id: I91c6040940a21b2bebab9d6cab11d50767b7bac4
Seonah Moon [Fri, 26 Aug 2016 05:29:23 +0000 (14:29 +0900)]
Change build macro for Tizen TV
This macro is ignored on build.tizen.org
It's only for Tizen TV build system
Change-Id: I0aa69505ddcfc1973d864f260d2b5e3f2fd87a3d
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 1 Oct 2015 04:27:10 +0000 (13:27 +0900)]
Add default cipher list for TV
Change-Id: I91579c36473a9619d00990c5897831006d89670f
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 22 Jun 2016 05:43:54 +0000 (14:43 +0900)]
[CVE-2016-4802] Windows DLL hijacking
Change-Id: I52bc7cb34ac493c20588876294d59039af03cbe1
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 22 Jun 2016 05:23:07 +0000 (14:23 +0900)]
[CVE-2016-3739] TLS certificate check bypass with mbedTLS/PolarSSL
Change-Id: I76d120f5c9e696ecd402a2099b94759cc22a51e2
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 26 Apr 2016 05:52:32 +0000 (14:52 +0900)]
Merge branch 'upstream' into tizen
Upgrade version 7.48.0
Change-Id: Ibb643307cb5add844a733bb23cb6051bc0fdb100
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesubkim [Mon, 25 Apr 2016 01:21:23 +0000 (10:21 +0900)]
Imported Upstream version 7.48.0
Change-Id: Ibca5368d95ef0b73c945bb0df8b7ef9fc3e3bd82
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
seonah moon [Mon, 11 Apr 2016 11:05:33 +0000 (04:05 -0700)]
Revert "Imported Upstream version 7.44.0"
This reverts commit
8a08705db260779441360e959b97b6c172f8acb0.
Change-Id: Ie319aab9015869b714a03b8aa890a67ccbc9233e
seonah moon [Thu, 7 Apr 2016 06:59:58 +0000 (23:59 -0700)]
Revert "Update to 7.44.0"
This reverts commit
2bc9d6bb53df44a0c5174767de734620c2cdfd9e.
Change-Id: I831001a99b6ad80dc062c84b3877208e1b40b80a
Seonah Moon [Thu, 7 Apr 2016 04:35:45 +0000 (13:35 +0900)]
Update to 7.44.0
Change-Id: I5b1e06765d1fe3c75597ff7db9831228ea0cad05
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 7 Apr 2016 02:41:57 +0000 (11:41 +0900)]
Imported Upstream version 7.44.0
Change-Id: I04e7fac0b620653ff8c174e87039756e98c4fb02
seonah moon [Thu, 7 Apr 2016 02:31:17 +0000 (19:31 -0700)]
Revert "Imported Upstream version 7.44.0"
This reverts commit
31368b6eac8092a307849518e912b4c475c0238a.
Change-Id: I3428294b4931a00ba9684528d3ffb326f92ed4e8
projects / platform / upstream / curl.git / log