This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 82551c04d2d054a1a067304faa2286dab1c80d5e (commit) via 0f7cdd7661a030e58c9b438df39cbbf41e40c149 (commit) via a85e9d4eb1c5a9d5b9bac3d90f59a321e4151871 (commit) via c48872ef769681f980c20172a29f82c2c9eb9e88 (commit) from 4bcceb83f97557491b8ad6851785ffe97abb7413 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 82551c04d2d054a1a067304faa2286dab1c80d5e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 11 07:50:32 2023 +0000
core181: Ship cURL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0f7cdd7661a030e58c9b438df39cbbf41e40c149 Merge: 4bcceb83f a85e9d4eb Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 11 07:50:21 2023 +0000
Merge branch 'master' into next
-----------------------------------------------------------------------
Summary of changes: .../{oldcore/104 => core/181}/filelists/curl | 0 .../rootfiles/oldcore/{104 => 180}/filelists/curl | 0 lfs/curl | 1 + ...-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch | 38 ++++++++++++++++++++++ 4 files changed, 39 insertions(+) copy config/rootfiles/{oldcore/104 => core/181}/filelists/curl (100%) copy config/rootfiles/oldcore/{104 => 180}/filelists/curl (100%) create mode 100644 src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch
Difference in files: diff --git a/config/rootfiles/core/181/filelists/curl b/config/rootfiles/core/181/filelists/curl new file mode 120000 index 000000000..4b84bef53 --- /dev/null +++ b/config/rootfiles/core/181/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/oldcore/180/filelists/curl b/config/rootfiles/oldcore/180/filelists/curl new file mode 120000 index 000000000..4b84bef53 --- /dev/null +++ b/config/rootfiles/oldcore/180/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/lfs/curl b/lfs/curl index fb98b21af..a4fa21b1c 100644 --- a/lfs/curl +++ b/lfs/curl @@ -70,6 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ diff --git a/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch new file mode 100644 index 000000000..0de35055f --- /dev/null +++ b/src/patches/curl-8.4.0-fb4415d8aee6c1045be932a34fe6107c2f5ed147.patch @@ -0,0 +1,38 @@ +From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001 +From: Jay Satiro raysatiro@yahoo.com +Date: Wed, 11 Oct 2023 07:34:19 +0200 +Subject: [PATCH] socks: return error if hostname too long for remote resolve + +Prior to this change the state machine attempted to change the remote +resolve to a local resolve if the hostname was longer than 255 +characters. Unfortunately that did not work as intended and caused a +security issue. + +Bug: https://curl.se/docs/CVE-2023-38545.html + +diff --git a/lib/socks.c b/lib/socks.c +index c492d663c4738..a7b5ab07e47d0 100644 +--- a/lib/socks.c ++++ b/lib/socks.c +@@ -587,9 +587,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, + + /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ + if(!socks5_resolve_local && hostname_len > 255) { +- infof(data, "SOCKS5: server resolving disabled for hostnames of " +- "length > 255 [actual len=%zu]", hostname_len); +- socks5_resolve_local = TRUE; ++ failf(data, "SOCKS5: the destination hostname is too long to be " ++ "resolved remotely by the proxy."); ++ return CURLPX_LONG_HOSTNAME; + } + + if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) +@@ -903,7 +903,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, + } + else { + socksreq[len++] = 3; +- socksreq[len++] = (char) hostname_len; /* one byte address length */ ++ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ + memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ + len += hostname_len; + }
hooks/post-receive -- IPFire 2.x development tree