From 035e650d85497aec16774d1922d4074e35776ce9 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 1 May 2024 03:35:47 +0300 Subject: [PATCH] import curl-7.76.1-29.el9_4 --- ...word-when-keyboard-interactive-fails.patch | 169 ++++++++++++++++++ ... => 0033-curl-7.76.1-CVE-2023-38545.patch} | 0 ... => 0034-curl-7.76.1-CVE-2023-38546.patch} | 2 +- ....patch => 0035-curl-7.76.1-64K-sftp.patch} | 0 ... => 0036-curl-7.76.1-CVE-2023-46218.patch} | 0 SPECS/curl.spec | 32 ++-- 6 files changed, 189 insertions(+), 14 deletions(-) create mode 100644 SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch rename SOURCES/{0032-curl-7.76.1-CVE-2023-38545.patch => 0033-curl-7.76.1-CVE-2023-38545.patch} (100%) rename SOURCES/{0033-curl-7.61.1-CVE-2023-38546.patch => 0034-curl-7.76.1-CVE-2023-38546.patch} (98%) rename SOURCES/{0034-curl-7.61.1-64K-sftp.patch => 0035-curl-7.76.1-64K-sftp.patch} (100%) rename SOURCES/{0035-curl-7.76.1-CVE-2023-46218.patch => 0036-curl-7.76.1-CVE-2023-46218.patch} (100%) diff --git a/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch b/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch new file mode 100644 index 0000000..e2b4ac1 --- /dev/null +++ b/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch @@ -0,0 +1,169 @@ +From be17dc9d31e805c03372b690dde67838b3bfc12d Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 24 May 2023 16:34:11 +0200 +Subject: [PATCH] libssh: when keyboard-interactive auth fails, try password +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The state machine had a mistake in that it would not carry on to that +next step. + +This also adds a verbose output what methods that are available from the +server and renames the macros that change to the next auth methods to +try. + +Reported-by: 左潇峰 +Fixes #11196 +Closes #11197 +--- + lib/vssh/libssh.c | 43 +++++++++++++++++++++++++++---------------- + 1 file changed, 27 insertions(+), 16 deletions(-) + +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index 7ebe61321419f..1cecb649cb623 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -565,7 +565,7 @@ static int myssh_is_known(struct Curl_easy *data) + break; \ + } + +-#define MOVE_TO_LAST_AUTH \ ++#define MOVE_TO_PASSWD_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_PASS_INIT); \ +@@ -575,25 +575,25 @@ static int myssh_is_known(struct Curl_easy *data) + MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); \ + } + +-#define MOVE_TO_TERTIARY_AUTH \ ++#define MOVE_TO_KEY_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_KEY_INIT); \ + break; \ + } \ + else { \ +- MOVE_TO_LAST_AUTH; \ ++ MOVE_TO_PASSWD_AUTH; \ + } + +-#define MOVE_TO_SECONDARY_AUTH \ ++#define MOVE_TO_GSSAPI_AUTH \ + if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) { \ + rc = SSH_OK; \ + state(data, SSH_AUTH_GSSAPI); \ + break; \ + } \ + else { \ +- MOVE_TO_TERTIARY_AUTH; \ ++ MOVE_TO_KEY_AUTH; \ + } + + static + int myssh_auth_interactive(struct connectdata *conn) +@@ -740,6 +740,16 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); ++ if(sshc->auth_methods) ++ infof(data, "SSH authentication methods available: %s%s%s%s", ++ sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY ? ++ "public key, ": "", ++ sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC ? ++ "GSSAPI, " : "", ++ sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE ? ++ "keyboard-interactive, " : "", ++ sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD ? ++ "password": ""); + if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { + state(data, SSH_AUTH_PKEY_INIT); + infof(data, "Authentication using SSH public key file\n"); +@@ -761,8 +761,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + case SSH_AUTH_PKEY_INIT: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY)) { +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + + /* Two choices, (1) private key was given on CMD, + * (2) use the "default" keys. */ +@@ -776,7 +776,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + if(rc != SSH_OK) { +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + } + +@@ -826,7 +836,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + break; + case SSH_AUTH_PKEY: +@@ -828,13 +828,13 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + else { + infof(data, "Failed public key authentication (rc: %d)\n", rc); +- MOVE_TO_SECONDARY_AUTH; ++ MOVE_TO_GSSAPI_AUTH; + } + break; + + case SSH_AUTH_GSSAPI: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_GSSAPI)) { +- MOVE_TO_TERTIARY_AUTH; ++ MOVE_TO_KEY_AUTH; + } + + rc = ssh_userauth_gssapi(sshc->ssh_session); +@@ -851,7 +851,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + break; + } + +- MOVE_TO_TERTIARY_AUTH; ++ MOVE_TO_KEY_AUTH; + break; + + case SSH_AUTH_KEY_INIT: +@@ -859,13 +859,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + state(data, SSH_AUTH_KEY); + } + else { +- MOVE_TO_LAST_AUTH; ++ MOVE_TO_PASSWD_AUTH; + } + break; + + case SSH_AUTH_KEY: +- +- /* Authentication failed. Continue with keyboard-interactive now. */ ++ /* keyboard-interactive authentication */ + rc = myssh_auth_interactive(conn); + if(rc == SSH_AGAIN) { + break; +@@ -873,13 +873,15 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + if(rc == SSH_OK) { + sshc->authed = TRUE; + infof(data, "completed keyboard interactive authentication\n"); ++ state(data, SSH_AUTH_DONE); ++ } ++ else { ++ MOVE_TO_PASSWD_AUTH; + } +- state(data, SSH_AUTH_DONE); + break; + + case SSH_AUTH_PASS_INIT: + if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD)) { +- /* Host key authentication is intentionally not implemented */ + MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); + } + state(data, SSH_AUTH_PASS); diff --git a/SOURCES/0032-curl-7.76.1-CVE-2023-38545.patch b/SOURCES/0033-curl-7.76.1-CVE-2023-38545.patch similarity index 100% rename from SOURCES/0032-curl-7.76.1-CVE-2023-38545.patch rename to SOURCES/0033-curl-7.76.1-CVE-2023-38545.patch diff --git a/SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch b/SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch similarity index 98% rename from SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch rename to SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch index 770ff68..36b9afc 100644 --- a/SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch +++ b/SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch @@ -102,7 +102,7 @@ index b3c0063b2cfb2..41e9e7a6914e0 100644 - char *filename; /* file we read from/write to */ - long numcookies; /* number of cookies in the "jar" */ -+ int numcookies; /* number of cookies in the "jar" */ ++ int numcookies; /* number of cookies in the "jar" */ bool running; /* state info, for cookie adding information */ bool newsession; /* new session, discard session cookies on load */ int lastct; /* last creation-time used in the jar */ diff --git a/SOURCES/0034-curl-7.61.1-64K-sftp.patch b/SOURCES/0035-curl-7.76.1-64K-sftp.patch similarity index 100% rename from SOURCES/0034-curl-7.61.1-64K-sftp.patch rename to SOURCES/0035-curl-7.76.1-64K-sftp.patch diff --git a/SOURCES/0035-curl-7.76.1-CVE-2023-46218.patch b/SOURCES/0036-curl-7.76.1-CVE-2023-46218.patch similarity index 100% rename from SOURCES/0035-curl-7.76.1-CVE-2023-46218.patch rename to SOURCES/0036-curl-7.76.1-CVE-2023-46218.patch diff --git a/SPECS/curl.spec b/SPECS/curl.spec index ab0e6c3..4ab8cee 100644 --- a/SPECS/curl.spec +++ b/SPECS/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 26%{?dist}.3 +Release: 29%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz @@ -95,17 +95,20 @@ Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch # fix host name wildcard checking Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch -# return error if hostname too long for remote resolve (CVE-2023-38545) -Patch32: 0032-curl-7.76.1-CVE-2023-38545.patch +# when keyboard-interactive auth fails, try password +Patch32: 0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch + +# return error if hostname too long for remote resolve +Patch33: 0033-curl-7.76.1-CVE-2023-38545.patch # fix cookie injection with none file (CVE-2023-38546) -Patch33: 0033-curl-7.61.1-CVE-2023-38546.patch +Patch34: 0034-curl-7.76.1-CVE-2023-38546.patch -# cap SFTP packet size sent (RHEL-14837) -Patch34: 0034-curl-7.61.1-64K-sftp.patch +# cap SFTP packet size sent (RHEL-14697) +Patch35: 0035-curl-7.76.1-64K-sftp.patch # lowercase the domain names before PSL checks (CVE-2023-46218) -Patch35: 0035-curl-7.76.1-CVE-2023-46218.patch +Patch36: 0036-curl-7.76.1-CVE-2023-46218.patch # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -316,6 +319,7 @@ be installed. %patch33 -p1 %patch34 -p1 %patch35 -p1 +%patch36 -p1 # Fedora patches %patch101 -p1 @@ -541,15 +545,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog -* Tue Nov 28 2023 Jacek Migacz - 7.76.1-26.el9_3.3 -- cap SFTP packet size sent (RHEL-14837) -- lowercase the domain names before PSL checks (CVE-2023-46218) +* Wed Mar 6 2024 Jacek Migacz - 7.76.1-29 +- rebuild for 9.4 GA -* Thu Oct 12 2023 Jacek Migacz - 7.76.1-26.el9_3.2 +* Tue Oct 10 2023 Jacek Migacz - 7.76.1-28 +- return error if hostname too long for remote resolve (CVE-2023-38545) - fix cookie injection with none file (CVE-2023-38546) +- cap SFTP packet size sent (RHEL-14697) +- lowercase the domain names before PSL checks (CVE-2023-46218) -* Tue Oct 10 2023 Jacek Migacz - 7.76.1-26.el9_3.1 -- socks: return error if hostname too long for remote resolve (CVE-2023-38545) +* Tue Sep 12 2023 Jacek Migacz - 7.76.1-27 +- when keyboard-interactive auth fails, try password (#2229800) * Mon Jun 12 2023 Jacek Migacz - 7.76.1-26 - unify the upload/method handling (CVE-2023-28322)