From unknown Sun Aug 17 04:16:07 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#73361 <73361@debbugs.gnu.org> To: bug#73361 <73361@debbugs.gnu.org> Subject: Status: [PATCH v2] gnu: curl: Fix security vulnerability. Reply-To: bug#73361 <73361@debbugs.gnu.org> Date: Sun, 17 Aug 2025 11:16:07 +0000 retitle 73361 [PATCH v2] gnu: curl: Fix security vulnerability. reassign 73361 guix-patches submitter 73361 Ashish SHUKLA severity 73361 normal tag 73361 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 19 11:18:40 2024 Received: (at submit) by debbugs.gnu.org; 19 Sep 2024 15:18:40 +0000 Received: from localhost ([127.0.0.1]:33261 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1srIvX-0005Hd-QI for submit@debbugs.gnu.org; Thu, 19 Sep 2024 11:18:40 -0400 Received: from lists.gnu.org ([209.51.188.17]:39038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1srIvT-0005HR-OL for submit@debbugs.gnu.org; Thu, 19 Sep 2024 11:18:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1srIvB-0001Xd-S2 for guix-patches@gnu.org; Thu, 19 Sep 2024 11:18:17 -0400 Received: from anamika.lostca.se ([65.21.75.227]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1srIv9-0000bq-C9 for guix-patches@gnu.org; Thu, 19 Sep 2024 11:18:17 -0400 Received: from seneca.inet6.in (unknown [IPv6:2401:c080:3400:28a8:5400:5ff:fe16:9400]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id CEF822C4AE; Thu, 19 Sep 2024 15:18:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1726759081; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IkV83umnIbHI96sa/aNZVTVL0wxjgpiapDjwlHSdpb4=; b=d5L+Z09HKhmlByb2HNhpuC65zuJrqxw91vJSqYb08oNASh8il18+JKr752CyayI5nZDwxT KRw3yHYEp6HWzRTdIcAKtT0eSY87XSB6I2PBJhdNh0Q62YPuBam8mV6CgAgaHAY5Hf31CM mzu0whCP1KVxSM5aQj+yfJszR7J9K3o= From: Ashish SHUKLA To: guix-patches@gnu.org Subject: [PATCH] gnu: curl: Update to 8.10.1 [security fixes]. Date: Thu, 19 Sep 2024 15:17:29 +0000 Message-ID: <5cadbf4fe10768fae553fd71f8b0edeb384c7fb0.1726759049.git.ashish.is@lostca.se> X-Mailer: git-send-email 2.46.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=65.21.75.227; envelope-from=ashish.is@lostca.se; helo=anamika.lostca.se X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Ashish SHUKLA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) * gnu/packages/curl.scm (curl): Update to 8.10.1. * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1. Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8 --- gnu/packages/curl.scm | 5 ++- .../patches/curl-use-ssl-cert-env.patch | 41 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 9f74018205..7ab886f195 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2021 Felix Gruber ;;; Copyright © 2023 Sharlatan Hellseher ;;; Copyright © 2023 John Kehayias +;;; Copyright © 2024 Ashish SHUKLA ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,14 +67,14 @@ (define-module (gnu packages curl) (define-public curl (package (name "curl") - (version "8.6.0") + (version "8.10.1") (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) + "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k")) (patches (search-patches "curl-use-ssl-cert-env.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packages/patches/curl-use-ssl-cert-env.patch index c39c1f7e98..2a57f0f8be 100644 --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch @@ -37,28 +37,27 @@ for other future workarounds. #ifdef _WIN32 Curl_win32_cleanup(easy_init_flags); #endif -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c ---- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 -+++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 -@@ -524,6 +524,21 @@ - if(result) - return result; +--- curl-8.10.0/lib/url.c.orig 2024-09-17 16:57:50.407214691 +0000 ++++ curl-8.10.0/lib/url.c 2024-09-17 16:59:47.507214691 +0000 +@@ -455,6 +455,21 @@ + #endif #endif -+ extern char * Curl_ssl_cert_dir; -+ extern char * Curl_ssl_cert_file; -+ if(Curl_ssl_cert_dir) { -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) -+ return result; -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) -+ return result; -+ } -+ -+ if(Curl_ssl_cert_file) { -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) -+ return result; -+ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) -+ return result; -+ } } ++ extern char * Curl_ssl_cert_dir; ++ extern char * Curl_ssl_cert_file; ++ if(Curl_ssl_cert_dir) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) ++ return result; ++ } ++ ++ if(Curl_ssl_cert_file) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) ++ return result; ++ } + #ifndef CURL_DISABLE_FTP set->wildcard_enabled = FALSE; base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9 -- 2.46.1 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 27 14:53:04 2024 Received: (at 73361) by debbugs.gnu.org; 27 Sep 2024 18:53:04 +0000 Received: from localhost ([127.0.0.1]:47938 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suG5Q-0000DS-8j for submit@debbugs.gnu.org; Fri, 27 Sep 2024 14:53:04 -0400 Received: from mail-40134.protonmail.ch ([185.70.40.134]:55963) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suG5O-0000Cp-1K for 73361@debbugs.gnu.org; Fri, 27 Sep 2024 14:53:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1727463143; x=1727722343; bh=illttrb+YCUnnHcjIHifqe3Z/KQlRrNYUiwAaqqN9oM=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=IiNIaJqA9vH2dd/TdW7Ibfuu1IEdsmiAxx/W1TnXVMjQdEPj6FwXJJu5T7TuCiwpF ZpGmOf5+iFfPRHq8XfrcvSRe2MOvPlbpG833vWO4Ru8GfojiAiF8W+7nXnCrmv+Zop ZOdrYMF5J4nfOJh6SSWECa/hAbYNiPQRfMTlYS5d9F2sc0Tlq4/+kNv4Bjk/CgbfrT 4u01KcPTA23Y6ZsgvjN9oSe3qrMDoMT3Jd4fpiecrxGm/QWgL5ba/+OT+eNhDNfDY4 ziaSjUvufrnazfxQRHcMhdGYDkZ3lQhjAB01gIUtW2TyKMZcl3xQXncredpfr/ccID cwhNjPs/IzSPA== Date: Fri, 27 Sep 2024 18:52:21 +0000 To: Ashish SHUKLA From: John Kehayias Subject: Re: [bug#73361] [PATCH] gnu: curl: Update to 8.10.1 [security fixes]. Message-ID: <87tte13p5q.fsf@protonmail.com> Feedback-ID: 7805494:user:proton X-Pm-Message-ID: e802a69946c40535519de4ac9893c50c276499a1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 73361 Cc: 73361@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote: > * gnu/packages/curl.scm (curl): Update to 8.10.1. > As curl causes a rebuild of just about everything, this will need to done as a graft on master. (And ungrafted with a world rebuild on a branch.) Would you like to take a stab at that? Also, please note what the security fixes are (CVE numbers). Thanks for the patch so far! John > * gnu/packages/patches/curl-use-ssl-cert-env.patch: Update for 8.10.1. > > Change-Id: I2a1566a3b7ca0a097c77f158bd370945cf16baf8 > --- > gnu/packages/curl.scm | 5 ++- > .../patches/curl-use-ssl-cert-env.patch | 41 +++++++++---------- > 2 files changed, 23 insertions(+), 23 deletions(-) > > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 9f74018205..7ab886f195 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -16,6 +16,7 @@ > ;;; Copyright =C2=A9 2021 Felix Gruber > ;;; Copyright =C2=A9 2023 Sharlatan Hellseher > ;;; Copyright =C2=A9 2023 John Kehayias > +;;; Copyright =C2=A9 2024 Ashish SHUKLA > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -66,14 +67,14 @@ (define-module (gnu packages curl) > (define-public curl > (package > (name "curl") > - (version "8.6.0") > + (version "8.10.1") > (source (origin > (method url-fetch) > (uri (string-append "https://curl.se/download/curl-" > version ".tar.xz")) > (sha256 > (base32 > - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) > + "1vh4rvmln4ygp4mc18hq1pd5za4mp7jbfksajajrz84njplv193k")) > (patches (search-patches "curl-use-ssl-cert-env.patch")))) > (outputs '("out" > "doc")) ;1.2 MiB of man3 pages > diff --git a/gnu/packages/patches/curl-use-ssl-cert-env.patch b/gnu/packa= ges/patches/curl-use-ssl-cert-env.patch > index c39c1f7e98..2a57f0f8be 100644 > --- a/gnu/packages/patches/curl-use-ssl-cert-env.patch > +++ b/gnu/packages/patches/curl-use-ssl-cert-env.patch > @@ -37,28 +37,27 @@ for other future workarounds. > #ifdef _WIN32 > Curl_win32_cleanup(easy_init_flags); > #endif > -diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c > ---- curl-7.66.0.orig/lib/url.c=092020-01-02 15:43:11.883921171 +0100 > -+++ curl-7.66.0/lib/url.c=092020-01-02 16:21:11.563880346 +0100 > -@@ -524,6 +524,21 @@ > - if(result) > - return result; > +--- curl-8.10.0/lib/url.c.orig=092024-09-17 16:57:50.407214691 +0000 > ++++ curl-8.10.0/lib/url.c=092024-09-17 16:59:47.507214691 +0000 > +@@ -455,6 +455,21 @@ > + #endif > #endif > -+ extern char * Curl_ssl_cert_dir; > -+ extern char * Curl_ssl_cert_file; > -+ if(Curl_ssl_cert_dir) { > -+ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl= _ssl_cert_dir)) > -+ return result; > -+ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY]= , Curl_ssl_cert_dir)) > -+ return result; > -+ } > -+ > -+ if(Curl_ssl_cert_file) { > -+ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl= _ssl_cert_file)) > -+ return result; > -+ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY]= , Curl_ssl_cert_file)) > -+ return result; > -+ } > } > ++ extern char * Curl_ssl_cert_dir; > ++ extern char * Curl_ssl_cert_file; > ++ if(Curl_ssl_cert_dir) { > ++ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_s= sl_cert_dir)) > ++ return result; > ++ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], = Curl_ssl_cert_dir)) > ++ return result; > ++ } > ++ > ++ if(Curl_ssl_cert_file) { > ++ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_s= sl_cert_file)) > ++ return result; > ++ if(result =3D Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], = Curl_ssl_cert_file)) > ++ return result; > ++ } > > + #ifndef CURL_DISABLE_FTP > set->wildcard_enabled =3D FALSE; > > base-commit: e85f52e826b0701c3dcf9acf9d81e5ae57aec8f9 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 27 21:25:19 2024 Received: (at 73361) by debbugs.gnu.org; 28 Sep 2024 01:25:19 +0000 Received: from localhost ([127.0.0.1]:33729 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suMD0-0000fz-1q for submit@debbugs.gnu.org; Fri, 27 Sep 2024 21:25:18 -0400 Received: from anamika.lostca.se ([65.21.75.227]:32806) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suMCw-0000fP-02 for 73361@debbugs.gnu.org; Fri, 27 Sep 2024 21:25:16 -0400 Received: from localhost (78.red-81-34-86.dynamicip.rima-tde.net [81.34.86.78]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id EA7DD2DEFA; Sat, 28 Sep 2024 01:24:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1727486647; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RUKJh/FL5eKoU5FkjmPO+yrpbPOB8eiSW9HyDwbrBJ0=; b=R6w0fu4M69uXi4K+dk3NfHvttbpLA2XIEo8tUBlHnvPRE2WWzuewJLB703AjvTcRe5zQQe 1TsLp5wbJcmrSmb6PgeDkSWWPloUkdUhCdwc3gJO8UniYPcyJO1tm+PUCbbDvI7nNHk0hn Ur+XOp7wzylMTkncgoIbhGQJr0OpJ58= Mime-Version: 1.0 Content-Type: multipart/signed; boundary=a1ca296df16216e3d7db2ae9ad166ddbe8710cb03508a97be5ed2186234d; micalg=pgp-sha512; protocol="application/pgp-signature" Date: Sat, 28 Sep 2024 01:24:05 +0000 Message-Id: Subject: Re: [bug#73361] [PATCH] gnu: curl: Update to 8.10.1 [security fixes]. From: "Ashish SHUKLA" To: "John Kehayias" X-Mailer: aerc 0.18.2 References: <87tte13p5q.fsf@protonmail.com> In-Reply-To: <87tte13p5q.fsf@protonmail.com> X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 73361 Cc: 73361@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --a1ca296df16216e3d7db2ae9ad166ddbe8710cb03508a97be5ed2186234d Content-Type: multipart/mixed; boundary=03d532396f0ea03f4da6e6c2f2da6fd44169556aff3b26ecb11477de5c4c --03d532396f0ea03f4da6e6c2f2da6fd44169556aff3b26ecb11477de5c4c Content-Type: multipart/alternative; boundary=3bebc1bfe83d03acfb0dc2d4579c0264bcc92e2d82d5021deb730a8bad0e --3bebc1bfe83d03acfb0dc2d4579c0264bcc92e2d82d5021deb730a8bad0e Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Type: text/plain; charset=UTF-8; format=Flowed On Fri Sep 27, 2024 at 8:52 PM CEST, John Kehayias wrote: > Hello, > > On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote: > > > * gnu/packages/curl.scm (curl): Update to 8.10.1. > > > > As curl causes a rebuild of just about everything, this will need to > done as a graft on master. (And ungrafted with a world rebuild on a > branch.) Would you like to take a stab at that? Prepared a new revision (attached) to add a new package 'curl/fixed'=20 with just the fix from upstream applied[0][1]. As for the actual update to 8.10.1, I can send a patch (either in this=20 thread, or in separate issue report). Please let me know if something is amiss with my patch. References: [0] https://curl.se/docs/CVE-2024-8096.html [1] https://github.com/curl/curl/commit/aeb1a281cab13c7ba Thanks! -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 "If I destroy you, what business is it of yours ?" (Dark Forest, Liu Cixin) --3bebc1bfe83d03acfb0dc2d4579c0264bcc92e2d82d5021deb730a8bad0e-- --03d532396f0ea03f4da6e6c2f2da6fd44169556aff3b26ecb11477de5c4c Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=v2-0001-gnu-curl-Fix-security-vulnerability.patch Content-Type: text/plain; charset=utf-8; name=v2-0001-gnu-curl-Fix-security-vulnerability.patch RnJvbSA4MmU0YzlmZGYyZTRiYzc4ZGZhZDg3ZWU5NTZmZDc4MDUxYmJjNzYzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpNZXNzYWdlLUlEOiA8ODJlNGM5ZmRmMmU0YmM3OGRmYWQ4N2VlOTU2ZmQ3 ODA1MWJiYzc2My4xNzI3NDg2Mjc0LmdpdC5hc2hpc2guaXNAbG9zdGNhLnNlPgpGcm9tOiBBc2hp c2ggU0hVS0xBIDxhc2hpc2guaXNAbG9zdGNhLnNlPgpEYXRlOiBTYXQsIDI4IFNlcCAyMDI0IDAx OjQwOjQ1ICswMjAwClN1YmplY3Q6IFtQQVRDSCB2Ml0gZ251OiBjdXJsOiBGaXggc2VjdXJpdHkg dnVsbmVyYWJpbGl0eS4KCkZpeGVzIENWRS0yMDI0LTgwOTYuCgoqIGdudS9wYWNrYWdlcy9jdXJs LnNjbSAoY3VybClbcmVwbGFjZW1lbnRdOiBOZXcgZmllbGQuCihjdXJsL2ZpeGVkKTogTmV3IHZh cmlhYmxlLgoqIGdudS9wYWNrYWdlcy9wYXRjaGVzL2N1cmwtQ1ZFLTIwMjQtODA5Ni5wYXRjaDog TmV3IGZpbGUuCiogZ251L2xvY2FsLm1rIChkaXN0X3BhdGNoX0RBVEEpOiBSZWdpc3RlciBpdC4K CkNoYW5nZS1JZDogSTQyZmFjYWQwOTVkOTdkYzk0MzAyZTlkYjYwNjI2YjlmYTAwZjM3MzgKLS0t CiBnbnUvbG9jYWwubWsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgIDEgKwog Z251L3BhY2thZ2VzL2N1cmwuc2NtICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDExICsKIGdu dS9wYWNrYWdlcy9wYXRjaGVzL2N1cmwtQ1ZFLTIwMjQtODA5Ni5wYXRjaCB8IDIwMCArKysrKysr KysrKysrKysrKysKIDMgZmlsZXMgY2hhbmdlZCwgMjEyIGluc2VydGlvbnMoKykKIGNyZWF0ZSBt b2RlIDEwMDY0NCBnbnUvcGFja2FnZXMvcGF0Y2hlcy9jdXJsLUNWRS0yMDI0LTgwOTYucGF0Y2gK CmRpZmYgLS1naXQgYS9nbnUvbG9jYWwubWsgYi9nbnUvbG9jYWwubWsKaW5kZXggOWZkYWQxMmI2 My4uYTIyMTVhZDRjMiAxMDA2NDQKLS0tIGEvZ251L2xvY2FsLm1rCisrKyBiL2dudS9sb2NhbC5t awpAQCAtMTExNCw2ICsxMTE0LDcgQEAgZGlzdF9wYXRjaF9EQVRBID0JCQkJCQlcCiAgICVEJS9w YWNrYWdlcy9wYXRjaGVzL2NyZGEtb3B0aW9uYWwtZ2NyeXB0LnBhdGNoCQlcCiAgICVEJS9wYWNr YWdlcy9wYXRjaGVzL2NsdWNlbmUtY29udHJpYnMtbGliLnBhdGNoICAgICAgICAgICAgICAgXAog ICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9jdWJlLW5vY2hlY2sucGF0Y2gJCQlcCisgICVEJS9wYWNr YWdlcy9wYXRjaGVzL2N1cmwtQ1ZFLTIwMjQtODA5Ni5wYXRjaAkJCVwKICAgJUQlL3BhY2thZ2Vz L3BhdGNoZXMvY3VybC11c2Utc3NsLWNlcnQtZW52LnBhdGNoCQlcCiAgICVEJS9wYWNrYWdlcy9w YXRjaGVzL2N1cmxmdHBmcy1maXgtZXJyb3ItY2xvc2luZy1maWxlLnBhdGNoCVwKICAgJUQlL3Bh Y2thZ2VzL3BhdGNoZXMvY3VybGZ0cGZzLWZpeC1maWxlLW5hbWVzLnBhdGNoCQlcCmRpZmYgLS1n aXQgYS9nbnUvcGFja2FnZXMvY3VybC5zY20gYi9nbnUvcGFja2FnZXMvY3VybC5zY20KaW5kZXgg OWY3NDAxODIwNS4uYmJiMjY2ZTIzNiAxMDA2NDQKLS0tIGEvZ251L3BhY2thZ2VzL2N1cmwuc2Nt CisrKyBiL2dudS9wYWNrYWdlcy9jdXJsLnNjbQpAQCAtMTYsNiArMTYsNyBAQAogOzs7IENvcHly aWdodCDCqSAyMDIxIEZlbGl4IEdydWJlciA8ZmVsZ3J1QHBvc3Rlby5uZXQ+CiA7OzsgQ29weXJp Z2h0IMKpIDIwMjMgU2hhcmxhdGFuIEhlbGxzZWhlciA8c2hhcmxhdGFudXNAZ21haWwuY29tPgog Ozs7IENvcHlyaWdodCDCqSAyMDIzIEpvaG4gS2VoYXlpYXMgPGpvaG4ua2VoYXlpYXNAcHJvdG9u bWFpbC5jb20+Cis7OzsgQ29weXJpZ2h0IMKpIDIwMjQgQXNoaXNoIFNIVUtMQSA8YXNoaXNoLmlz QGxvc3RjYS5zZT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBHdWl4LgogOzs7 CkBAIC02Nyw2ICs2OCw3IEBAIChkZWZpbmUtcHVibGljIGN1cmwKICAgKHBhY2thZ2UKICAgICAo bmFtZSAiY3VybCIpCiAgICAgKHZlcnNpb24gIjguNi4wIikKKyAgICAocmVwbGFjZW1lbnQgY3Vy bC9maXhlZCkKICAgICAoc291cmNlIChvcmlnaW4KICAgICAgICAgICAgICAgKG1ldGhvZCB1cmwt ZmV0Y2gpCiAgICAgICAgICAgICAgICh1cmkgKHN0cmluZy1hcHBlbmQgImh0dHBzOi8vY3VybC5z ZS9kb3dubG9hZC9jdXJsLSIKQEAgLTE3Niw2ICsxNzgsMTUgQEAgKGRlZmluZS1wdWJsaWMgY3Vy bAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiU2VlIENPUFlJTkcgaW4gdGhl IGRpc3RyaWJ1dGlvbi4iKSkKICAgICAoaG9tZS1wYWdlICJodHRwczovL2N1cmwuaGF4eC5zZS8i KSkpCiAKKyhkZWZpbmUtcHVibGljIGN1cmwvZml4ZWQKKyAgKGhpZGRlbi1wYWNrYWdlCisgICAo cGFja2FnZQorICAgICAoaW5oZXJpdCBjdXJsKQorICAgICAocmVwbGFjZW1lbnQgY3VybC9maXhl ZCkKKyAgICAgKHNvdXJjZSAob3JpZ2luCisgICAgICAgICAgICAgICAoaW5oZXJpdCAocGFja2Fn ZS1zb3VyY2UgY3VybCkpCisgICAgICAgICAgICAgICAocGF0Y2hlcyAoc2VhcmNoLXBhdGNoZXMg ImN1cmwtQ1ZFLTIwMjQtODA5Ni5wYXRjaCIpKSkpKSkpCisKIChkZWZpbmUtcHVibGljIGdudXJs IChkZXByZWNhdGVkLXBhY2thZ2UgImdudXJsIiBjdXJsKSkKIAogKGRlZmluZS1wdWJsaWMgY3Vy bC1zc2gKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9wYXRjaGVzL2N1cmwtQ1ZFLTIwMjQtODA5 Ni5wYXRjaCBiL2dudS9wYWNrYWdlcy9wYXRjaGVzL2N1cmwtQ1ZFLTIwMjQtODA5Ni5wYXRjaApu ZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwLi4wZjc4MGYwOGMzCi0tLSAvZGV2 L251bGwKKysrIGIvZ251L3BhY2thZ2VzL3BhdGNoZXMvY3VybC1DVkUtMjAyNC04MDk2LnBhdGNo CkBAIC0wLDAgKzEsMjAwIEBACitGcm9tIGFlYjFhMjgxY2FiMTNjN2JhNzkxY2IxMDRlNTU2YjIw ZTcxMzk0MWYgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCitGcm9tOiBEYW5pZWwgU3RlbmJlcmcg PGRhbmllbEBoYXh4LnNlPgorRGF0ZTogVHVlLCAyMCBBdWcgMjAyNCAxNjoxNDozOSArMDIwMAor U3ViamVjdDogW1BBVENIXSBndGxzOiBmaXggT0NTUCBzdGFwbGluZyBtYW5hZ2VtZW50CisKK1Jl cG9ydGVkLWJ5OiBIaXJva2kgS3Vyb3Nhd2EKK0Nsb3NlcyAjMTQ2NDIKKy0tLQorIGxpYi92dGxz L2d0bHMuYyB8IDE0NiArKysrKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0KKyAxIGZpbGUgY2hhbmdlZCwgNzMgaW5zZXJ0aW9ucygrKSwgNzMgZGVsZXRpb25zKC0p CisKK2RpZmYgLS1naXQgYS9saWIvdnRscy9ndGxzLmMgYi9saWIvdnRscy9ndGxzLmMKK2luZGV4 IDAzZDZmY2MwMzhhYWMzLi5jNzU4OWQ5ZDM5YmM4MSAxMDA2NDQKKy0tLSBhL2xpYi92dGxzL2d0 bHMuYworKysrIGIvbGliL3Z0bHMvZ3Rscy5jCitAQCAtODUwLDYgKzg1MCwxMyBAQCBzdGF0aWMg Q1VSTGNvZGUgZ3Rsc19jbGllbnRfaW5pdChzdHJ1Y3QgQ3VybF9jZmlsdGVyICpjZiwKKyAgIGlu aXRfZmxhZ3MgfD0gR05VVExTX05PX1RJQ0tFVFM7CisgI2VuZGlmCisgCisrI2lmIGRlZmluZWQo R05VVExTX05PX1NUQVRVU19SRVFVRVNUKQorKyAgaWYoIWNvbmZpZy0+dmVyaWZ5c3RhdHVzKQor KyAgICAvKiBEaXNhYmxlIHRoZSAic3RhdHVzX3JlcXVlc3QiIFRMUyBleHRlbnNpb24sIGVuYWJs ZWQgYnkgZGVmYXVsdCBzaW5jZQorKyAgICAgICBHbnVUTFMgMy44LjAuICovCisrICAgIGluaXRf ZmxhZ3MgfD0gR05VVExTX05PX1NUQVRVU19SRVFVRVNUOworKyNlbmRpZgorKworICAgcmMgPSBn bnV0bHNfaW5pdCgmZ3Rscy0+c2Vzc2lvbiwgaW5pdF9mbGFncyk7CisgICBpZihyYyAhPSBHTlVU TFNfRV9TVUNDRVNTKSB7CisgICAgIGZhaWxmKGRhdGEsICJnbnV0bHNfaW5pdCgpIGZhaWxlZDog JWQiLCByYyk7CitAQCAtMTMyMSwxMDQgKzEzMjgsOTcgQEAgQ3VybF9ndGxzX3ZlcmlmeXNlcnZl cihzdHJ1Y3QgQ3VybF9lYXN5ICpkYXRhLAorICAgICBpbmZvZihkYXRhLCAiICBzZXJ2ZXIgY2Vy dGlmaWNhdGUgdmVyaWZpY2F0aW9uIFNLSVBQRUQiKTsKKyAKKyAgIGlmKGNvbmZpZy0+dmVyaWZ5 c3RhdHVzKSB7CistICAgIGlmKGdudXRsc19vY3NwX3N0YXR1c19yZXF1ZXN0X2lzX2NoZWNrZWQo c2Vzc2lvbiwgMCkgPT0gMCkgeworLSAgICAgIGdudXRsc19kYXR1bV90IHN0YXR1c19yZXF1ZXN0 OworLSAgICAgIGdudXRsc19vY3NwX3Jlc3BfdCBvY3NwX3Jlc3A7CisrICAgIGdudXRsc19kYXR1 bV90IHN0YXR1c19yZXF1ZXN0OworKyAgICBnbnV0bHNfb2NzcF9yZXNwX3Qgb2NzcF9yZXNwOwor KyAgICBnbnV0bHNfb2NzcF9jZXJ0X3N0YXR1c190IHN0YXR1czsKKysgICAgZ251dGxzX3g1MDlf Y3JsX3JlYXNvbl90IHJlYXNvbjsKKyAKKy0gICAgICBnbnV0bHNfb2NzcF9jZXJ0X3N0YXR1c190 IHN0YXR1czsKKy0gICAgICBnbnV0bHNfeDUwOV9jcmxfcmVhc29uX3QgcmVhc29uOworKyAgICBy YyA9IGdudXRsc19vY3NwX3N0YXR1c19yZXF1ZXN0X2dldChzZXNzaW9uLCAmc3RhdHVzX3JlcXVl c3QpOworIAorLSAgICAgIHJjID0gZ251dGxzX29jc3Bfc3RhdHVzX3JlcXVlc3RfZ2V0KHNlc3Np b24sICZzdGF0dXNfcmVxdWVzdCk7CisrICAgIGlmKHJjID09IEdOVVRMU19FX1JFUVVFU1RFRF9E QVRBX05PVF9BVkFJTEFCTEUpIHsKKysgICAgICBmYWlsZihkYXRhLCAiTm8gT0NTUCByZXNwb25z ZSByZWNlaXZlZCIpOworKyAgICAgIHJldHVybiBDVVJMRV9TU0xfSU5WQUxJRENFUlRTVEFUVVM7 CisrICAgIH0KKyAKKy0gICAgICBpbmZvZihkYXRhLCAiIHNlcnZlciBjZXJ0aWZpY2F0ZSBzdGF0 dXMgdmVyaWZpY2F0aW9uIEZBSUxFRCIpOworKyAgICBpZihyYyA8IDApIHsKKysgICAgICBmYWls ZihkYXRhLCAiSW52YWxpZCBPQ1NQIHJlc3BvbnNlIHJlY2VpdmVkIik7CisrICAgICAgcmV0dXJu IENVUkxFX1NTTF9JTlZBTElEQ0VSVFNUQVRVUzsKKysgICAgfQorIAorLSAgICAgIGlmKHJjID09 IEdOVVRMU19FX1JFUVVFU1RFRF9EQVRBX05PVF9BVkFJTEFCTEUpIHsKKy0gICAgICAgIGZhaWxm KGRhdGEsICJObyBPQ1NQIHJlc3BvbnNlIHJlY2VpdmVkIik7CistICAgICAgICByZXR1cm4gQ1VS TEVfU1NMX0lOVkFMSURDRVJUU1RBVFVTOworLSAgICAgIH0KKysgICAgZ251dGxzX29jc3BfcmVz cF9pbml0KCZvY3NwX3Jlc3ApOworIAorLSAgICAgIGlmKHJjIDwgMCkgeworLSAgICAgICAgZmFp bGYoZGF0YSwgIkludmFsaWQgT0NTUCByZXNwb25zZSByZWNlaXZlZCIpOworLSAgICAgICAgcmV0 dXJuIENVUkxFX1NTTF9JTlZBTElEQ0VSVFNUQVRVUzsKKy0gICAgICB9CisrICAgIHJjID0gZ251 dGxzX29jc3BfcmVzcF9pbXBvcnQob2NzcF9yZXNwLCAmc3RhdHVzX3JlcXVlc3QpOworKyAgICBp ZihyYyA8IDApIHsKKysgICAgICBmYWlsZihkYXRhLCAiSW52YWxpZCBPQ1NQIHJlc3BvbnNlIHJl Y2VpdmVkIik7CisrICAgICAgcmV0dXJuIENVUkxFX1NTTF9JTlZBTElEQ0VSVFNUQVRVUzsKKysg ICAgfQorIAorLSAgICAgIGdudXRsc19vY3NwX3Jlc3BfaW5pdCgmb2NzcF9yZXNwKTsKKysgICAg KHZvaWQpZ251dGxzX29jc3BfcmVzcF9nZXRfc2luZ2xlKG9jc3BfcmVzcCwgMCwgTlVMTCwgTlVM TCwgTlVMTCwgTlVMTCwKKysgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICZz dGF0dXMsIE5VTEwsIE5VTEwsIE5VTEwsICZyZWFzb24pOworIAorLSAgICAgIHJjID0gZ251dGxz X29jc3BfcmVzcF9pbXBvcnQob2NzcF9yZXNwLCAmc3RhdHVzX3JlcXVlc3QpOworLSAgICAgIGlm KHJjIDwgMCkgeworLSAgICAgICAgZmFpbGYoZGF0YSwgIkludmFsaWQgT0NTUCByZXNwb25zZSBy ZWNlaXZlZCIpOworLSAgICAgICAgcmV0dXJuIENVUkxFX1NTTF9JTlZBTElEQ0VSVFNUQVRVUzsK Ky0gICAgICB9CisrICAgIHN3aXRjaChzdGF0dXMpIHsKKysgICAgY2FzZSBHTlVUTFNfT0NTUF9D RVJUX0dPT0Q6CisrICAgICAgYnJlYWs7CisgCistICAgICAgKHZvaWQpZ251dGxzX29jc3BfcmVz cF9nZXRfc2luZ2xlKG9jc3BfcmVzcCwgMCwgTlVMTCwgTlVMTCwgTlVMTCwgTlVMTCwKKy0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJnN0YXR1cywgTlVMTCwgTlVMTCwg TlVMTCwgJnJlYXNvbik7CisrICAgIGNhc2UgR05VVExTX09DU1BfQ0VSVF9SRVZPS0VEOiB7Cisr ICAgICAgY29uc3QgY2hhciAqY3JsX3JlYXNvbjsKKyAKKy0gICAgICBzd2l0Y2goc3RhdHVzKSB7 CistICAgICAgY2FzZSBHTlVUTFNfT0NTUF9DRVJUX0dPT0Q6CisrICAgICAgc3dpdGNoKHJlYXNv bikgeworKyAgICAgIGRlZmF1bHQ6CisrICAgICAgY2FzZSBHTlVUTFNfWDUwOV9DUkxSRUFTT05f VU5TUEVDSUZJRUQ6CisrICAgICAgICBjcmxfcmVhc29uID0gInVuc3BlY2lmaWVkIHJlYXNvbiI7 CisgICAgICAgICBicmVhazsKKyAKKy0gICAgICBjYXNlIEdOVVRMU19PQ1NQX0NFUlRfUkVWT0tF RDogeworLSAgICAgICAgY29uc3QgY2hhciAqY3JsX3JlYXNvbjsKKy0KKy0gICAgICAgIHN3aXRj aChyZWFzb24pIHsKKy0gICAgICAgICAgZGVmYXVsdDoKKy0gICAgICAgICAgY2FzZSBHTlVUTFNf WDUwOV9DUkxSRUFTT05fVU5TUEVDSUZJRUQ6CistICAgICAgICAgICAgY3JsX3JlYXNvbiA9ICJ1 bnNwZWNpZmllZCByZWFzb24iOworLSAgICAgICAgICAgIGJyZWFrOworLQorLSAgICAgICAgICBj YXNlIEdOVVRMU19YNTA5X0NSTFJFQVNPTl9LRVlDT01QUk9NSVNFOgorLSAgICAgICAgICAgIGNy bF9yZWFzb24gPSAicHJpdmF0ZSBrZXkgY29tcHJvbWlzZWQiOworLSAgICAgICAgICAgIGJyZWFr OworLQorLSAgICAgICAgICBjYXNlIEdOVVRMU19YNTA5X0NSTFJFQVNPTl9DQUNPTVBST01JU0U6 CistICAgICAgICAgICAgY3JsX3JlYXNvbiA9ICJDQSBjb21wcm9taXNlZCI7CistICAgICAgICAg ICAgYnJlYWs7CistCistICAgICAgICAgIGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09OX0FGRklM SUFUSU9OQ0hBTkdFRDoKKy0gICAgICAgICAgICBjcmxfcmVhc29uID0gImFmZmlsaWF0aW9uIGhh cyBjaGFuZ2VkIjsKKy0gICAgICAgICAgICBicmVhazsKKysgICAgICBjYXNlIEdOVVRMU19YNTA5 X0NSTFJFQVNPTl9LRVlDT01QUk9NSVNFOgorKyAgICAgICAgY3JsX3JlYXNvbiA9ICJwcml2YXRl IGtleSBjb21wcm9taXNlZCI7CisrICAgICAgICBicmVhazsKKyAKKy0gICAgICAgICAgY2FzZSBH TlVUTFNfWDUwOV9DUkxSRUFTT05fU1VQRVJTRURFRDoKKy0gICAgICAgICAgICBjcmxfcmVhc29u ID0gImNlcnRpZmljYXRlIHN1cGVyc2VkZWQiOworLSAgICAgICAgICAgIGJyZWFrOworKyAgICAg IGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09OX0NBQ09NUFJPTUlTRToKKysgICAgICAgIGNybF9y ZWFzb24gPSAiQ0EgY29tcHJvbWlzZWQiOworKyAgICAgICAgYnJlYWs7CisgCistICAgICAgICAg IGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09OX0NFU1NBVElPTk9GT1BFUkFUSU9OOgorLSAgICAg ICAgICAgIGNybF9yZWFzb24gPSAib3BlcmF0aW9uIGhhcyBjZWFzZWQiOworLSAgICAgICAgICAg IGJyZWFrOworKyAgICAgIGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09OX0FGRklMSUFUSU9OQ0hB TkdFRDoKKysgICAgICAgIGNybF9yZWFzb24gPSAiYWZmaWxpYXRpb24gaGFzIGNoYW5nZWQiOwor KyAgICAgICAgYnJlYWs7CisgCistICAgICAgICAgIGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09O X0NFUlRJRklDQVRFSE9MRDoKKy0gICAgICAgICAgICBjcmxfcmVhc29uID0gImNlcnRpZmljYXRl IGlzIG9uIGhvbGQiOworLSAgICAgICAgICAgIGJyZWFrOworKyAgICAgIGNhc2UgR05VVExTX1g1 MDlfQ1JMUkVBU09OX1NVUEVSU0VERUQ6CisrICAgICAgICBjcmxfcmVhc29uID0gImNlcnRpZmlj YXRlIHN1cGVyc2VkZWQiOworKyAgICAgICAgYnJlYWs7CisgCistICAgICAgICAgIGNhc2UgR05V VExTX1g1MDlfQ1JMUkVBU09OX1JFTU9WRUZST01DUkw6CistICAgICAgICAgICAgY3JsX3JlYXNv biA9ICJ3aWxsIGJlIHJlbW92ZWQgZnJvbSBkZWx0YSBDUkwiOworLSAgICAgICAgICAgIGJyZWFr OworKyAgICAgIGNhc2UgR05VVExTX1g1MDlfQ1JMUkVBU09OX0NFU1NBVElPTk9GT1BFUkFUSU9O OgorKyAgICAgICAgY3JsX3JlYXNvbiA9ICJvcGVyYXRpb24gaGFzIGNlYXNlZCI7CisrICAgICAg ICBicmVhazsKKyAKKy0gICAgICAgICAgY2FzZSBHTlVUTFNfWDUwOV9DUkxSRUFTT05fUFJJVklM RUdFV0lUSERSQVdOOgorLSAgICAgICAgICAgIGNybF9yZWFzb24gPSAicHJpdmlsZWdlIHdpdGhk cmF3biI7CistICAgICAgICAgICAgYnJlYWs7CisrICAgICAgY2FzZSBHTlVUTFNfWDUwOV9DUkxS RUFTT05fQ0VSVElGSUNBVEVIT0xEOgorKyAgICAgICAgY3JsX3JlYXNvbiA9ICJjZXJ0aWZpY2F0 ZSBpcyBvbiBob2xkIjsKKysgICAgICAgIGJyZWFrOworIAorLSAgICAgICAgICBjYXNlIEdOVVRM U19YNTA5X0NSTFJFQVNPTl9BQUNPTVBST01JU0U6CistICAgICAgICAgICAgY3JsX3JlYXNvbiA9 ICJBQSBjb21wcm9taXNlZCI7CistICAgICAgICAgICAgYnJlYWs7CistICAgICAgICB9CisrICAg ICAgY2FzZSBHTlVUTFNfWDUwOV9DUkxSRUFTT05fUkVNT1ZFRlJPTUNSTDoKKysgICAgICAgIGNy bF9yZWFzb24gPSAid2lsbCBiZSByZW1vdmVkIGZyb20gZGVsdGEgQ1JMIjsKKysgICAgICAgIGJy ZWFrOworIAorLSAgICAgICAgZmFpbGYoZGF0YSwgIlNlcnZlciBjZXJ0aWZpY2F0ZSB3YXMgcmV2 b2tlZDogJXMiLCBjcmxfcmVhc29uKTsKKysgICAgICBjYXNlIEdOVVRMU19YNTA5X0NSTFJFQVNP Tl9QUklWSUxFR0VXSVRIRFJBV046CisrICAgICAgICBjcmxfcmVhc29uID0gInByaXZpbGVnZSB3 aXRoZHJhd24iOworICAgICAgICAgYnJlYWs7CistICAgICAgfQorIAorLSAgICAgIGRlZmF1bHQ6 CistICAgICAgY2FzZSBHTlVUTFNfT0NTUF9DRVJUX1VOS05PV046CistICAgICAgICBmYWlsZihk YXRhLCAiU2VydmVyIGNlcnRpZmljYXRlIHN0YXR1cyBpcyB1bmtub3duIik7CisrICAgICAgY2Fz ZSBHTlVUTFNfWDUwOV9DUkxSRUFTT05fQUFDT01QUk9NSVNFOgorKyAgICAgICAgY3JsX3JlYXNv biA9ICJBQSBjb21wcm9taXNlZCI7CisgICAgICAgICBicmVhazsKKyAgICAgICB9CisgCistICAg ICAgZ251dGxzX29jc3BfcmVzcF9kZWluaXQob2NzcF9yZXNwKTsKKysgICAgICBmYWlsZihkYXRh LCAiU2VydmVyIGNlcnRpZmljYXRlIHdhcyByZXZva2VkOiAlcyIsIGNybF9yZWFzb24pOworKyAg ICAgIGJyZWFrOworKyAgICB9CisgCistICAgICAgcmV0dXJuIENVUkxFX1NTTF9JTlZBTElEQ0VS VFNUQVRVUzsKKysgICAgZGVmYXVsdDoKKysgICAgY2FzZSBHTlVUTFNfT0NTUF9DRVJUX1VOS05P V046CisrICAgICAgZmFpbGYoZGF0YSwgIlNlcnZlciBjZXJ0aWZpY2F0ZSBzdGF0dXMgaXMgdW5r bm93biIpOworKyAgICAgIGJyZWFrOworICAgICB9CistICAgIGVsc2UKKy0gICAgICBpbmZvZihk YXRhLCAiICBzZXJ2ZXIgY2VydGlmaWNhdGUgc3RhdHVzIHZlcmlmaWNhdGlvbiBPSyIpOworKwor KyAgICBnbnV0bHNfb2NzcF9yZXNwX2RlaW5pdChvY3NwX3Jlc3ApOworKyAgICBpZihzdGF0dXMg IT0gR05VVExTX09DU1BfQ0VSVF9HT09EKQorKyAgICAgIHJldHVybiBDVVJMRV9TU0xfSU5WQUxJ RENFUlRTVEFUVVM7CisgICB9CisgICBlbHNlCisgICAgIGluZm9mKGRhdGEsICIgIHNlcnZlciBj ZXJ0aWZpY2F0ZSBzdGF0dXMgdmVyaWZpY2F0aW9uIFNLSVBQRUQiKTsKCmJhc2UtY29tbWl0OiA1 ZTg4OGVjOTE1Y2ZkZDI1NmU3MjY5NTljZGMyMzI5M2JjMzYyNzdlCi0tIAoyLjQ2LjEKCg== --03d532396f0ea03f4da6e6c2f2da6fd44169556aff3b26ecb11477de5c4c-- --a1ca296df16216e3d7db2ae9ad166ddbe8710cb03508a97be5ed2186234d Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAABCgCSFiEE9oLNzDncD+rhFiC2x0bPqedPpLAFAmb3WrdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY2 ODJDRENDMzlEQzBGRUFFMTE2MjBCNkM3NDZDRkE5RTc0RkE0QjAUHGFzaGlzaC5p c0Bsb3N0Y2Euc2UACgkQx0bPqedPpLDtjxAAt8cDBdwuLD7O5eytqis/rOhlO904 gdLYUyDf54qjN8+QmeZaR2Wj6YE36waHLHq59/hfs6kt0FsptOTzFSZd2LEGShkt BPtM4392q0bnPuuABwFawQsMRYM9UNbWvGCcm9H5BVQ9YmXT/X/ZQq4dZjkm65Rd s/AXiUxElt1lbH1aIh21ywK7djsSPTSDqvqFHYviN66yGRdkAvzpsdwp5XOaCtAU gcIUVqVdOTimGxd/pGsq48i7yPwO/M0754y1cTVbHKIj9GNPYQzTPTkbkhQemcas 5zcexfOosHsJGvypAxZYuJt2f8yCSAzTfa5VgipeZamv6fJBp4uIyMryK30YUP43 vnKhrukvXkfWj285WqbU4zh3N3dg5m4krfhFbs5kZ1KJBlnLUSZaxa/0viRvimuv jh52eFYgDqbSA/Dd8NFx50vOs/L1tc/Qd/mST+KjwUCq/d9ElzL5Y3yHUsn3gYie ZuUroSx9GhmXfUbc8lVPStuOPeFYCCwFLMxod5IyzgP/rOQS5BfAPrF4FetrW8Ch o7i9UOjP6oncF0QGwU3tZUEsSwAPHRoKR0DXsYjL+5UMSazczs6QxptTaromluui ugR88ICAEJmpUDNSXdqUjaQcaU1FcUD2d1DBINxZBwmwpBGPYRQn82xAqpQeF8Dt w5NzZeP5RcHR6b8= =yHtE -----END PGP SIGNATURE----- --a1ca296df16216e3d7db2ae9ad166ddbe8710cb03508a97be5ed2186234d-- From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 27 21:28:49 2024 Received: (at control) by debbugs.gnu.org; 28 Sep 2024 01:28:49 +0000 Received: from localhost ([127.0.0.1]:33959 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suMGP-0000y5-B7 for submit@debbugs.gnu.org; Fri, 27 Sep 2024 21:28:49 -0400 Received: from anamika.lostca.se ([65.21.75.227]:55366) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1suMGN-0000xi-Ei for control@debbugs.gnu.org; Fri, 27 Sep 2024 21:28:48 -0400 Received: from localhost (78.red-81-34-86.dynamicip.rima-tde.net [81.34.86.78]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: abbe) by anamika.lostca.se (Postfix) with ESMTPSA id D39CC2E158 for ; Sat, 28 Sep 2024 01:28:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; t=1727486892; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=q6FWmzmFc2TjgbfXPV0CTP9WccVGj6wg0NV1TFynQH8=; b=XuHtFeRYGWUbexAGXL9dDs5JjtU4pBrNL73OquCK7Rcc+623rkuv5Qv5UFPohlBTcKEG9S 5J89LeoS2WWXlu313jq1pHH4OEoy+OheCTatg/KeqNbMcKeOenN7fw4bqzIVViTBeiIZUR vjBoT8hpohMpc8s7v9KmzcePsvA8OEM= Mime-Version: 1.0 Content-Type: multipart/signed; boundary=db9dc4d57263d8fcef8a850a61e4d8d43cdb6da5e8770a733192f90ace74; micalg=pgp-sha512; protocol="application/pgp-signature" Date: Sat, 28 Sep 2024 01:28:11 +0000 Message-Id: Subject: retitle bug report From: "Ashish SHUKLA" To: X-Mailer: aerc 0.18.2 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --db9dc4d57263d8fcef8a850a61e4d8d43cdb6da5e8770a733192f90ace74 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8; format=Flowed retitle 73361 [PATCH v2] gnu: curl: Fix security vulnerability. quit --db9dc4d57263d8fcef8a850a61e4d8d43cdb6da5e8770a733192f90ace74 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAABCgCSFiEE9oLNzDncD+rhFiC2x0bPqedPpLAFAmb3W6xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY2 ODJDRENDMzlEQzBGRUFFMTE2MjBCNkM3NDZDRkE5RTc0RkE0QjAUHGFzaGlzaC5p c0Bsb3N0Y2Euc2UACgkQx0bPqedPpLDXqA/+MXjggeiIve4V6cNVsSnVhyLWlkA7 ohd9GdnafFjRuBTn4o/f1zjxSLtCPWGALpLixLiOvpVC3THMzSCHQIJO1SvMHcge yj54relI4/xVA6vgifIsya7g6uIiJyWkjg0iYB+yA5UfRBy9Dwk0b9i0smZcYtzK dAOqdDTtL80zCvOvdVNl9su6sUTyUTktjbI/85LOe1O0sPP4oiJdlND0b1k9VOSV XYZyPeAN9PKEC3Z/Fn4ED1/e0nf4bGrxQ6p6CWer747ivYJ1p1j6goO+cVX7AQhc ZLthB1F0/rRc0eDw+eQFoxcqzsgySFfBanKPqT6gHsXdeuz17c7AP3psh8Q4kjlj pLoOEg8pRQ+LESyIPZq+mb9awdhz6in9fgzUNHd+YZyfktQWU0cUJpqv7GFQQzie opdKvi1whNax9qtDbo2VNMRsXGE2qw+KxoextcA7+zqdRmEOAK/V+QeLAec/Lr7l kOwyCxTw3saHskNjTb9nb7l1m2NLou1KC66DWpwHGa33HC5d0GQgORF6Fhti34Ju vsPD5jrg9s/QlUb3TY4fP3RIqQTO2kLNBCNPs60BlYRWCqWdKZxlyl900m9WsVcz JXBxy2zCECf6N+K+OOGKcMauogLoHujH4nH/CnceCy87mPMCCf0EzrrwAcGR2m56 rB3WDQm+w7AyiFc= =WSY7 -----END PGP SIGNATURE----- --db9dc4d57263d8fcef8a850a61e4d8d43cdb6da5e8770a733192f90ace74-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 12 07:08:34 2024 Received: (at 73361-done) by debbugs.gnu.org; 12 Nov 2024 12:08:34 +0000 Received: from localhost ([127.0.0.1]:60959 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tAphB-0003p6-Ky for submit@debbugs.gnu.org; Tue, 12 Nov 2024 07:08:34 -0500 Received: from mail-pg1-f169.google.com ([209.85.215.169]:52555) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tAph9-0003oo-93 for 73361-done@debbugs.gnu.org; Tue, 12 Nov 2024 07:08:32 -0500 Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-7f3e30a43f1so3790856a12.1 for <73361-done@debbugs.gnu.org>; Tue, 12 Nov 2024 04:08:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731413245; x=1732018045; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=myHlEN9RCfeabSRQims4sfBScnskQdhzWz6FNEsNFYY=; b=CnOaO+Gh/yyF4c3P38tmYldo61bhJFirJ4w/ivHXY+Pf19D6vfxl/+eoREQ1ugp3wa /Fy774VSiMY1hWMQ18VYdnfaseVWQMgxuoYB1O1F/JgOIuyREOaHgJxjC1pmSNr4PBeV hM9Jrrq/hijjoE9C0g7vAXxRroEHn64KPRQ/KRRRMwVdnwTfF5leeyRZabTBISah+qdD kwIzu7S+FRKFmIJbxvKEyba6FVFgfJe/8Kr+CExdpNqt6C9Go3MPl8ZHfLOA4ZEEZ4Bj u6LAoiejZ/JM2OFFT2m2IONhcVDaXXvO3gmuWUolq/gLABlC8vCw8+dbepgx/YzO9O/v mB3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731413245; x=1732018045; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=myHlEN9RCfeabSRQims4sfBScnskQdhzWz6FNEsNFYY=; b=Rhdgq9zClOMfSY5eu5ypws9rBCHcK+8VomrGPq2qf0fJlzdeQ+H5F967CRpwykUDmY QFb6XPPwXHD3TzHNaTIdhAkd0ZVwjoE2kVILzhcE+IQ0Y8l05sc+8W4MlaZ7uk+xtTkk 66cmcHSurCPPxrKyuNINy5zSPHV9u1goNdw15WWzCANxRk/R62D73fR+DC7HXhnKOOuz 5wvyjM1S2kRDuku3AuQr8/F9aCQh5Lf0RCXFNUA1G/m4/RuOwmkO+oF3YEoJlvvPuwVE VHnU5wfVl9vgBHa+Z4xs4z2laiQF8mmdV5zM/P0O/bw075AYwbvU53602FYfYVEOhE01 wuug== X-Forwarded-Encrypted: i=1; AJvYcCXl8G96LkOiN9gpMfMtP8josYQCY3SudZB7pK+3/GOcbKcxvCwKlz+2E2Z3U7r0ApCQ/VNBcABF3eic@debbugs.gnu.org X-Gm-Message-State: AOJu0YwayJWwC7cOk/9Lf5sVlB8nPUYHacssxi05hZZUy3v4/7u6qnYM MxVeWHqVgLCNhbsYhK5huFA3qfs6NqchbZj7l+pekJ0lLgBBYVmRY8ELlH51 X-Google-Smtp-Source: AGHT+IGv2yxaubA3xfCO8vYKyw6vgOAoJqngy2L14dc5PbKotw2Y7pKY9/xQ5XhWzXykRye+xgeDgg== X-Received: by 2002:a17:90b:240c:b0:2e9:e443:34d0 with SMTP id 98e67ed59e1d1-2e9e44334f8mr3163964a91.15.1731413244796; Tue, 12 Nov 2024 04:07:24 -0800 (PST) Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e99a4f994asm12243371a91.1.2024.11.12.04.07.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 04:07:23 -0800 (PST) From: Maxim Cournoyer To: "Ashish SHUKLA" Subject: Re: bug#73361: [PATCH v2] gnu: curl: Fix security vulnerability. In-Reply-To: (Ashish SHUKLA's message of "Sat, 28 Sep 2024 01:24:05 +0000") References: <87tte13p5q.fsf@protonmail.com> Date: Tue, 12 Nov 2024 21:07:17 +0900 Message-ID: <875xos4pvu.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 73361-done Cc: John Kehayias , 73361-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, "Ashish SHUKLA" writes: > On Fri Sep 27, 2024 at 8:52 PM CEST, John Kehayias wrote: >> Hello, >> >> On Thu, Sep 19, 2024 at 03:17 PM, Ashish SHUKLA wrote: >> >> > * gnu/packages/curl.scm (curl): Update to 8.10.1. >> > >> >> As curl causes a rebuild of just about everything, this will need to >> done as a graft on master. (And ungrafted with a world rebuild on a >> branch.) Would you like to take a stab at that? > > Prepared a new revision (attached) to add a new package 'curl/fixed'=20 > with just the fix from upstream applied[0][1]. > > As for the actual update to 8.10.1, I can send a patch (either in this=20 > thread, or in separate issue report). > > Please let me know if something is amiss with my patch. > > References: > [0] https://curl.se/docs/CVE-2024-8096.html > [1] https://github.com/curl/curl/commit/aeb1a281cab13c7ba > > Thanks! > -- > Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 > > "If I destroy you, what business is it of yours ?" (Dark Forest, Liu Cixi= n) > > From 82e4c9fdf2e4bc78dfad87ee956fd78051bbc763 Mon Sep 17 00:00:00 2001 > Message-ID: <82e4c9fdf2e4bc78dfad87ee956fd78051bbc763.1727486274.git.ashi= sh.is@lostca.se> > From: Ashish SHUKLA > Date: Sat, 28 Sep 2024 01:40:45 +0200 > Subject: [PATCH v2] gnu: curl: Fix security vulnerability. > > Fixes CVE-2024-8096. > > * gnu/packages/curl.scm (curl)[replacement]: New field. > (curl/fixed): New variable. > * gnu/packages/patches/curl-CVE-2024-8096.patch: New file. > * gnu/local.mk (dist_patch_DATA): Register it. > > Change-Id: I42facad095d97dc94302e9db60626b9fa00f3738 > --- > gnu/local.mk | 1 + > gnu/packages/curl.scm | 11 + > gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ++++++++++++++++++ > 3 files changed, 212 insertions(+) > create mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch > > diff --git a/gnu/local.mk b/gnu/local.mk > index 9fdad12b63..a2215ad4c2 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -1114,6 +1114,7 @@ dist_patch_DATA =3D \ > %D%/packages/patches/crda-optional-gcrypt.patch \ > %D%/packages/patches/clucene-contribs-lib.patch \ > %D%/packages/patches/cube-nocheck.patch \ > + %D%/packages/patches/curl-CVE-2024-8096.patch \ > %D%/packages/patches/curl-use-ssl-cert-env.patch \ > %D%/packages/patches/curlftpfs-fix-error-closing-file.patch \ > %D%/packages/patches/curlftpfs-fix-file-names.patch \ > diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm > index 9f74018205..bbb266e236 100644 > --- a/gnu/packages/curl.scm > +++ b/gnu/packages/curl.scm > @@ -16,6 +16,7 @@ > ;;; Copyright =C2=A9 2021 Felix Gruber > ;;; Copyright =C2=A9 2023 Sharlatan Hellseher > ;;; Copyright =C2=A9 2023 John Kehayias > +;;; Copyright =C2=A9 2024 Ashish SHUKLA > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -67,6 +68,7 @@ (define-public curl > (package > (name "curl") > (version "8.6.0") > + (replacement curl/fixed) > (source (origin > (method url-fetch) > (uri (string-append "https://curl.se/download/curl-" > @@ -176,6 +178,15 @@ (define-public curl > "See COPYING in the distribution.")) > (home-page "https://curl.haxx.se/"))) >=20=20 > +(define-public curl/fixed > + (hidden-package > + (package > + (inherit curl) > + (replacement curl/fixed) > + (source (origin > + (inherit (package-source curl)) > + (patches (search-patches "curl-CVE-2024-8096.patch"))))))) > + I've applied it already, but noticed after that this doesn't add the curl patch 'curl-use-ssl-cert-env.patch'; which I've now fixed in commit b10ce47d8b. Closing! --=20 Thanks, Maxim From unknown Sun Aug 17 04:16:07 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 10 Dec 2024 12:24:11 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator