diff options
Diffstat (limited to 'meta/recipes-support/curl/curl')
8 files changed, 141 insertions, 765 deletions
diff --git a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch deleted file mode 100644 index a7db1b3c9e..0000000000 --- a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001 -From: Roy Li <rongqing.li@windriver.com> -Date: Tue, 26 Apr 2016 13:13:01 +0800 -Subject: [PATCH] replace krb5-config with pkg-config - -Upstream-Status: Pending - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5569a26..56b0380 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi, - fi - ]) - --: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} -+KRB5CONFIG=`which pkg-config` - - save_CPPFLAGS="$CPPFLAGS" - AC_MSG_CHECKING([if GSS-API support is requested]) -@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then - if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then -- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` -+ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` - elif test "$GSSAPI_ROOT" != "yes"; then - GSSAPI_INCS="-I$GSSAPI_ROOT/include" - fi -@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then - elif test -f "$KRB5CONFIG"; then - dnl krb5-config doesn't have --libs-only-L or similar, put everything - dnl into LIBS -- gss_libs=`$KRB5CONFIG --libs gssapi` -+ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` - LIBS="$gss_libs $LIBS" - else - case $host in diff --git a/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch b/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch new file mode 100644 index 0000000000..98f7db93e8 --- /dev/null +++ b/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch @@ -0,0 +1,64 @@ +From 721941aadf4adf4f6aeb3f4c0ab489bb89610c36 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <stefan@eissing.org> +Date: Mon, 1 Apr 2024 15:41:18 +0200 +Subject: [PATCH] http: with chunked POST forced, disable length check on read + callback + +- when an application forces HTTP/1.1 chunked transfer encoding + by setting the corresponding header and instructs curl to use + the CURLOPT_READFUNCTION, disregard any POST length information. +- this establishes backward compatibility with previous curl versions + +Applications are encouraged to not force "chunked", but rather +set length information for a POST. By setting -1, curl will +auto-select chunked on HTTP/1.1 and work properly on other HTTP +versions. + +Reported-by: Jeff King +Fixes #13229 +Closes #13257 +Upstream-Status: Backport +--- + lib/http.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 92c04e69cd8373..a764d3c4403c39 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) + else + result = Curl_creader_set_null(data); + } +- else { /* we read the bytes from the callback */ +- result = Curl_creader_set_fread(data, postsize); ++ else { ++ /* we read the bytes from the callback. In case "chunked" encoding ++ * is forced by the application, we disregard `postsize`. This is ++ * a backward compatibility decision to earlier versions where ++ * chunking disregarded this. See issue #13229. */ ++ bool chunked = FALSE; ++ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); ++ if(ptr) { ++ /* Some kind of TE is requested, check if 'chunked' is chosen */ ++ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), ++ STRCONST("chunked")); ++ } ++ result = Curl_creader_set_fread(data, chunked? -1 : postsize); + } + return result; + +@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data, + data->req.upload_chunky = + Curl_compareheader(ptr, + STRCONST("Transfer-Encoding:"), STRCONST("chunked")); ++ if(data->req.upload_chunky && ++ Curl_use_http_1_1plus(data, data->conn) && ++ (data->conn->httpversion >= 20)) { ++ infof(data, "suppressing chunked transfer encoding on connection " ++ "using HTTP version 2 or higher"); ++ data->req.upload_chunky = FALSE; ++ } + } + else { + curl_off_t req_clen = Curl_creader_total_length(data); diff --git a/meta/recipes-support/curl/curl/cve-2021-22945.patch b/meta/recipes-support/curl/curl/cve-2021-22945.patch deleted file mode 100644 index 2cbe110332..0000000000 --- a/meta/recipes-support/curl/curl/cve-2021-22945.patch +++ /dev/null @@ -1,34 +0,0 @@ -CVE: CVE-2021-22945 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001 -From: z2_ on hackerone <> -Date: Tue, 24 Aug 2021 09:50:33 +0200 -Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds - -CVE-2021-22945 - -Bug: https://curl.se/docs/CVE-2021-22945.html ---- - lib/mqtt.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/mqtt.c b/lib/mqtt.c -index f077e6c3d..fcd40b41e 100644 ---- a/lib/mqtt.c -+++ b/lib/mqtt.c -@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, - mq->sendleftovers = sendleftovers; - mq->nsend = nsend; - } -+ else { -+ mq->sendleftovers = NULL; -+ mq->nsend = 0; -+ } - return result; - } - --- -2.25.1 - diff --git a/meta/recipes-support/curl/curl/cve-2021-22946.patch b/meta/recipes-support/curl/curl/cve-2021-22946.patch deleted file mode 100644 index 1a4b3e1144..0000000000 --- a/meta/recipes-support/curl/curl/cve-2021-22946.patch +++ /dev/null @@ -1,332 +0,0 @@ -CVE: CVE-2021-22946 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 089e18aefcee9b5093a96e9e1aa92751dde1f991 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat <patrick@monnerat.net> -Date: Wed, 8 Sep 2021 11:56:22 +0200 -Subject: [PATCH 2/3] ftp,imap,pop3: do not ignore --ssl-reqd - -In imap and pop3, check if TLS is required even when capabilities -request has failed. - -In ftp, ignore preauthentication (230 status of server greeting) if TLS -is required. - -Bug: https://curl.se/docs/CVE-2021-22946.html - -CVE-2021-22946 ---- - lib/ftp.c | 9 ++++--- - lib/imap.c | 24 ++++++++---------- - lib/pop3.c | 33 +++++++++++------------- - tests/data/Makefile.inc | 2 ++ - tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ - tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ - 7 files changed, 195 insertions(+), 36 deletions(-) - create mode 100644 tests/data/test984 - create mode 100644 tests/data/test985 - create mode 100644 tests/data/test986 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 1a699de59..08d18ca74 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - /* we have now received a full FTP server response */ - switch(ftpc->state) { - case FTP_WAIT220: -- if(ftpcode == 230) -- /* 230 User logged in - already! */ -- return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ if(ftpcode == 230) { -+ /* 230 User logged in - already! Take as 220 if TLS required. */ -+ if(data->set.use_ssl <= CURLUSESSL_TRY || -+ conn->bits.ftp_use_control_ssl) -+ return ftp_state_user_resp(data, ftpcode, ftpc->state); -+ } - else if(ftpcode != 220) { - failf(data, "Got a %03d ftp-server response when 220 was expected", - ftpcode); -diff --git a/lib/imap.c b/lib/imap.c -index ab4d412ee..efc0420ce 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, - line += wordlen; - } - } -- else if(imapcode == IMAP_RESP_OK) { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(imapc->tls_supported) -- /* Switch to TLS connection now */ -- result = imap_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = imap_perform_authentication(data, conn); -- else { -- failf(data, "STARTTLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -+ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -+ /* PREAUTH is not compatible with STARTTLS. */ -+ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { -+ /* Switch to TLS connection now */ -+ result = imap_perform_starttls(data, conn); - } -- else -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) - result = imap_perform_authentication(data, conn); -+ else { -+ failf(data, "STARTTLS not available."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - else - result = imap_perform_authentication(data, conn); -diff --git a/lib/pop3.c b/lib/pop3.c -index 5fdd6f3e0..f97e10eab 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -741,28 +741,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, - } - } - } -- else if(pop3code == '+') { -- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { -- /* We don't have a SSL/TLS connection yet, but SSL is requested */ -- if(pop3c->tls_supported) -- /* Switch to TLS connection now */ -- result = pop3_perform_starttls(data, conn); -- else if(data->set.use_ssl == CURLUSESSL_TRY) -- /* Fallback and carry on with authentication */ -- result = pop3_perform_authentication(data, conn); -- else { -- failf(data, "STLS not supported."); -- result = CURLE_USE_SSL_FAILED; -- } -- } -- else -- result = pop3_perform_authentication(data, conn); -- } - else { - /* Clear text is supported when CAPA isn't recognised */ -- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; -+ if(pop3code != '+') -+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; - -- result = pop3_perform_authentication(data, conn); -+ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) -+ result = pop3_perform_authentication(data, conn); -+ else if(pop3code == '+' && pop3c->tls_supported) -+ /* Switch to TLS connection now */ -+ result = pop3_perform_starttls(data, conn); -+ else if(data->set.use_ssl <= CURLUSESSL_TRY) -+ /* Fallback and carry on with authentication */ -+ result = pop3_perform_authentication(data, conn); -+ else { -+ failf(data, "STLS not supported."); -+ result = CURLE_USE_SSL_FAILED; -+ } - } - - return result; -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 163696962..5cd092192 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - test972 \ - \ -+test984 test985 test986 \ -+\ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ - test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ -diff --git a/tests/data/test984 b/tests/data/test984 -new file mode 100644 -index 000000000..e573f23c1 ---- /dev/null -+++ b/tests/data/test984 -@@ -0,0 +1,56 @@ -+<testcase> -+<info> -+<keywords> -+IMAP -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+REPLY CAPABILITY A001 BAD Not implemented -+</servercmd> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+imap -+</server> -+ <name> -+IMAP require STARTTLS with failing capabilities -+ </name> -+ <command> -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd -+</command> -+<file name="log/upload%TESTNUMBER"> -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar <foobar@example.COM> -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: <B27397-0100000@example.COM> -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+</file> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# 64 is CURLE_USE_SSL_FAILED -+<errorcode> -+64 -+</errorcode> -+<protocol> -+A001 CAPABILITY -+</protocol> -+</verify> -+</testcase> -diff --git a/tests/data/test985 b/tests/data/test985 -new file mode 100644 -index 000000000..d0db4aadf ---- /dev/null -+++ b/tests/data/test985 -@@ -0,0 +1,54 @@ -+<testcase> -+<info> -+<keywords> -+POP3 -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+REPLY CAPA -ERR Not implemented -+</servercmd> -+<data nocheck="yes"> -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+</data> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+pop3 -+</server> -+ <name> -+POP3 require STARTTLS with failing capabilities -+ </name> -+ <command> -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd -+ </command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# 64 is CURLE_USE_SSL_FAILED -+<errorcode> -+64 -+</errorcode> -+<protocol> -+CAPA -+</protocol> -+</verify> -+</testcase> -diff --git a/tests/data/test986 b/tests/data/test986 -new file mode 100644 -index 000000000..a709437a4 ---- /dev/null -+++ b/tests/data/test986 -@@ -0,0 +1,53 @@ -+<testcase> -+<info> -+<keywords> -+FTP -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+REPLY welcome 230 Welcome -+REPLY AUTH 500 unknown command -+</servercmd> -+</reply> -+ -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+ftp -+</server> -+ <name> -+FTP require STARTTLS while preauthenticated -+ </name> -+<file name="log/test%TESTNUMBER.txt"> -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+</file> -+ <command> -+--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -+</command> -+</client> -+ -+# Verify data after the test has been "shot" -+<verify> -+# 64 is CURLE_USE_SSL_FAILED -+<errorcode> -+64 -+</errorcode> -+<protocol> -+AUTH SSL -+AUTH TLS -+</protocol> -+</verify> -+</testcase> --- -2.25.1 - diff --git a/meta/recipes-support/curl/curl/cve-2021-22947.patch b/meta/recipes-support/curl/curl/cve-2021-22947.patch deleted file mode 100644 index 8a5031275a..0000000000 --- a/meta/recipes-support/curl/curl/cve-2021-22947.patch +++ /dev/null @@ -1,355 +0,0 @@ -CVE: CVE-2021-22947 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From aefa7370cb02801a571d51287d290d67068998b8 Mon Sep 17 00:00:00 2001 -From: Patrick Monnerat <patrick@monnerat.net> -Date: Tue, 7 Sep 2021 13:26:42 +0200 -Subject: [PATCH 3/3] ftp,imap,pop3,smtp: reject STARTTLS server response - pipelining - -If a server pipelines future responses within the STARTTLS response, the -former are preserved in the pingpong cache across TLS negotiation and -used as responses to the encrypted commands. - -This fix detects pipelined STARTTLS responses and rejects them with an -error. - -CVE-2021-22947 - -Bug: https://curl.se/docs/CVE-2021-22947.html ---- - lib/ftp.c | 3 +++ - lib/imap.c | 4 +++ - lib/pop3.c | 4 +++ - lib/smtp.c | 4 +++ - tests/data/Makefile.inc | 2 +- - tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ - tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ - tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ - tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ - 9 files changed, 236 insertions(+), 1 deletion(-) - create mode 100644 tests/data/test980 - create mode 100644 tests/data/test981 - create mode 100644 tests/data/test982 - create mode 100644 tests/data/test983 - -diff --git a/lib/ftp.c b/lib/ftp.c -index 08d18ca74..0b9c9b732 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, - case FTP_AUTH: - /* we have gotten the response to a previous AUTH command */ - -+ if(pp->cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ -+ - /* RFC2228 (page 5) says: - * - * If the server is willing to accept the named security mechanism, -diff --git a/lib/imap.c b/lib/imap.c -index efc0420ce..d1a48d7e3 100644 ---- a/lib/imap.c -+++ b/lib/imap.c -@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, - - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.imapc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(imapcode != IMAP_RESP_OK) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); -diff --git a/lib/pop3.c b/lib/pop3.c -index f97e10eab..a06acb7b8 100644 ---- a/lib/pop3.c -+++ b/lib/pop3.c -@@ -772,6 +772,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.pop3c.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(pop3code != '+') { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied"); -diff --git a/lib/smtp.c b/lib/smtp.c -index 1a3da1559..9b9403b3d 100644 ---- a/lib/smtp.c -+++ b/lib/smtp.c -@@ -835,6 +835,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, - CURLcode result = CURLE_OK; - (void)instate; /* no use for this yet */ - -+ /* Pipelining in response is forbidden. */ -+ if(data->conn->proto.smtpc.pp.cache_size) -+ return CURLE_WEIRD_SERVER_REPLY; -+ - if(smtpcode != 220) { - if(data->set.use_ssl != CURLUSESSL_TRY) { - failf(data, "STARTTLS denied, code %d", smtpcode); -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 5cd092192..c524b993e 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ - test963 test964 test965 test966 test967 test968 test969 test970 test971 \ - test972 \ - \ --test984 test985 test986 \ -+test980 test981 test982 test983 test984 test985 test986 \ - \ - test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ - test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ -diff --git a/tests/data/test980 b/tests/data/test980 -new file mode 100644 -index 000000000..97567f856 ---- /dev/null -+++ b/tests/data/test980 -@@ -0,0 +1,52 @@ -+<testcase> -+<info> -+<keywords> -+SMTP -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+CAPA STARTTLS -+AUTH PLAIN -+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted -+REPLY AUTH 535 5.7.8 Authentication credentials invalid -+</servercmd> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+smtp -+</server> -+ <name> -+SMTP STARTTLS pipelined server response -+ </name> -+<stdin> -+mail body -+</stdin> -+ <command> -+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - -+</command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# 8 is CURLE_WEIRD_SERVER_REPLY -+<errorcode> -+8 -+</errorcode> -+<protocol> -+EHLO %TESTNUMBER -+STARTTLS -+</protocol> -+</verify> -+</testcase> -diff --git a/tests/data/test981 b/tests/data/test981 -new file mode 100644 -index 000000000..2b98ce42a ---- /dev/null -+++ b/tests/data/test981 -@@ -0,0 +1,59 @@ -+<testcase> -+<info> -+<keywords> -+IMAP -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+CAPA STARTTLS -+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted -+REPLY LOGIN A003 BAD Authentication credentials invalid -+</servercmd> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+imap -+</server> -+ <name> -+IMAP STARTTLS pipelined server response -+ </name> -+ <command> -+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl -+</command> -+<file name="log/upload%TESTNUMBER"> -+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) -+From: Fred Foobar <foobar@example.COM> -+Subject: afternoon meeting -+To: joe@example.com -+Message-Id: <B27397-0100000@example.COM> -+MIME-Version: 1.0 -+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII -+ -+Hello Joe, do you think we can meet at 3:30 tomorrow? -+</file> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# 8 is CURLE_WEIRD_SERVER_REPLY -+<errorcode> -+8 -+</errorcode> -+<protocol> -+A001 CAPABILITY -+A002 STARTTLS -+</protocol> -+</verify> -+</testcase> -diff --git a/tests/data/test982 b/tests/data/test982 -new file mode 100644 -index 000000000..9e07cc0b3 ---- /dev/null -+++ b/tests/data/test982 -@@ -0,0 +1,57 @@ -+<testcase> -+<info> -+<keywords> -+POP3 -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+CAPA STLS USER -+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated -+REPLY PASS -ERR Authentication credentials invalid -+</servercmd> -+<data nocheck="yes"> -+From: me@somewhere -+To: fake@nowhere -+ -+body -+ -+-- -+ yours sincerely -+</data> -+</reply> -+ -+# -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+pop3 -+</server> -+ <name> -+POP3 STARTTLS pipelined server response -+ </name> -+ <command> -+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl -+ </command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# 8 is CURLE_WEIRD_SERVER_REPLY -+<errorcode> -+8 -+</errorcode> -+<protocol> -+CAPA -+STLS -+</protocol> -+</verify> -+</testcase> -diff --git a/tests/data/test983 b/tests/data/test983 -new file mode 100644 -index 000000000..300ec459c ---- /dev/null -+++ b/tests/data/test983 -@@ -0,0 +1,52 @@ -+<testcase> -+<info> -+<keywords> -+FTP -+STARTTLS -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+<servercmd> -+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete -+REPLY PASS 530 Login incorrect -+</servercmd> -+</reply> -+ -+# Client-side -+<client> -+<features> -+SSL -+</features> -+<server> -+ftp -+</server> -+ <name> -+FTP STARTTLS pipelined server response -+ </name> -+<file name="log/test%TESTNUMBER.txt"> -+data -+ to -+ see -+that FTPS -+works -+ so does it? -+</file> -+ <command> -+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP -+</command> -+</client> -+ -+# Verify data after the test has been "shot" -+<verify> -+# 8 is CURLE_WEIRD_SERVER_REPLY -+<errorcode> -+8 -+</errorcode> -+<protocol> -+AUTH SSL -+</protocol> -+</verify> -+</testcase> --- -2.25.1 - diff --git a/meta/recipes-support/curl/curl/disable-tests b/meta/recipes-support/curl/curl/disable-tests new file mode 100644 index 0000000000..259576fd01 --- /dev/null +++ b/meta/recipes-support/curl/curl/disable-tests @@ -0,0 +1,41 @@ +# Intermittently fails e.g. https://autobuilder.yocto.io/pub/non-release/20231220-28/testresults/qemux86-64-ptest/curl.log +# https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log +337 +# These CRL test (alt-avc) are failing +356 +412 +413 +# These CRL tests are scanning docs +971 +# Intermittently hangs e.g http://autobuilder.yocto.io/pub/non-release/20231228-18/testresults/qemux86-64-ptest/curl.log +1091 +# Intermittently hangs e.g https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log +1096 +# These CRL tests are scanning docs +1119 +1132 +1135 +1478 +# These CRL tests are scanning headers +1167 +1477 +# These CRL tests are scanning man pages +1139 +1140 +1173 +1177 +# This CRL test is looking for m4 files +1165 +# This CRL test is looking for src files +1185 +# This test is scanning the source tree +1222 +# These CRL tests need --libcurl option to be enabled +1279 +1400 +1401 +1402 +1403 +1404 +1405 +1465 diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch new file mode 100644 index 0000000000..7122b6f043 --- /dev/null +++ b/meta/recipes-support/curl/curl/no-test-timeout.patch @@ -0,0 +1,25 @@ +From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Fri, 15 Mar 2024 14:37:37 +0000 +Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes + instead of 13 seconds. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tests/servers.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/servers.pm b/tests/servers.pm +index d4472d5..9999938 100644 +--- a/tests/servers.pm ++++ b/tests/servers.pm +@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string + my $sshderror; # for socks server, ssh daemon version error + my %doesntrun; # servers that don't work, identified by pidfile + my %PORT = (nolisten => 47); # port we use for a local non-listening service +-my $server_response_maxtime=13; ++my $server_response_maxtime=600; + my $httptlssrv = find_httptlssrv(); + my %run; # running server + my %runcert; # cert file currently in use by an ssl running server diff --git a/meta/recipes-support/curl/curl/run-ptest b/meta/recipes-support/curl/curl/run-ptest new file mode 100644 index 0000000000..3d25f3d90b --- /dev/null +++ b/meta/recipes-support/curl/curl/run-ptest @@ -0,0 +1,11 @@ +#!/bin/sh + +cd tests + +# Run all tests, don't stop on first failure +# Don't use valgrind if it is found +# Use automake-style output +# Run four tests in parallel +# Print log output on failure +# Don't run the flaky or timing dependent tests +./runtests.pl -a -n -am -j4 -p !flaky !timing-dependent |