Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
curl
curl-CVE-2020-8284.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2020-8284.patch of Package curl
From 20ceeeeb6df4ad7444d0ac6f080557954e05ec1d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 24 Nov 2020 14:56:57 +0100 Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default The command line tool also independently sets --ftp-skip-pasv-ip by default. Ten test cases updated to adapt the modified --libcurl output. Bug: https://curl.se/docs/CVE-2020-8284.html CVE-2020-8284 Reported-by: Varnavas Papaioannou --- lib/url.c | 1 + src/tool_cfgable.c | 1 + tests/data/test1400 | 1 + tests/data/test1401 | 1 + tests/data/test1402 | 1 + tests/data/test1403 | 1 + tests/data/test1404 | 1 + tests/data/test1405 | 1 + tests/data/test1406 | 1 + tests/data/test1407 | 1 + Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c +++ curl-7.37.0/lib/url.c @@ -510,6 +510,7 @@ CURLcode Curl_init_userdefined(struct Us set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */ set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */ set->ftp_filemethod = FTPFILE_MULTICWD; + set->ftp_skip_ip = TRUE; /* skip PASV IP by default */ set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */ Index: curl-7.37.0/src/tool_cfgable.c =================================================================== --- curl-7.37.0.orig/src/tool_cfgable.c +++ curl-7.37.0/src/tool_cfgable.c @@ -39,6 +39,7 @@ void config_init(struct OperationConfig* config->proto_redir = CURLPROTO_ALL & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */ config->proto_redir_present = FALSE; + config->ftp_skip_ip = TRUE; } static void free_config_fields(struct OperationConfig *config) Index: curl-7.37.0/tests/data/test1400 =================================================================== --- curl-7.37.0.orig/tests/data/test1400 +++ curl-7.37.0/tests/data/test1400 @@ -69,6 +69,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated Index: curl-7.37.0/tests/data/test1401 =================================================================== --- curl-7.37.0.orig/tests/data/test1401 +++ curl-7.37.0/tests/data/test1401 @@ -85,6 +85,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC); curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip"); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE | (long)CURLPROTO_FTP | Index: curl-7.37.0/tests/data/test1402 =================================================================== --- curl-7.37.0.orig/tests/data/test1402 +++ curl-7.37.0/tests/data/test1402 @@ -76,6 +76,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated Index: curl-7.37.0/tests/data/test1403 =================================================================== --- curl-7.37.0.orig/tests/data/test1403 +++ curl-7.37.0/tests/data/test1403 @@ -71,6 +71,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated Index: curl-7.37.0/tests/data/test1404 =================================================================== --- curl-7.37.0.orig/tests/data/test1404 +++ curl-7.37.0/tests/data/test1404 @@ -125,6 +125,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated Index: curl-7.37.0/tests/data/test1405 =================================================================== --- curl-7.37.0.orig/tests/data/test1405 +++ curl-7.37.0/tests/data/test1405 @@ -86,6 +86,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2); curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated Index: curl-7.37.0/tests/data/test1406 =================================================================== --- curl-7.37.0.orig/tests/data/test1406 +++ curl-7.37.0/tests/data/test1406 @@ -79,6 +79,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "sender@example.com"); curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1); Index: curl-7.37.0/tests/data/test1407 =================================================================== --- curl-7.37.0.orig/tests/data/test1407 +++ curl-7.37.0/tests/data/test1407 @@ -60,6 +60,7 @@ int main(int argc, char *argv[]) curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(hnd, CURLOPT_FTP_SKIP_PASV_IP, 1L); curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L); /* Here is a list of options the curl code used that cannot get generated
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor