From aed9621fe8d2a9f0313580d236ab7fbfb5e4d11e Mon Sep 17 00:00:00 2001 From: sherlock2010 <15151851377@163.com> Date: Fri, 20 Sep 2024 11:11:13 +0000 Subject: [PATCH] url: allow DoH transfers to override max connection limit (cherry picked from commit 7fcf2bc39f4026809762d02770975127352b768d) --- ...ers-to-override-max-connection-limit.patch | 50 +++++++++++++++++++ curl.spec | 9 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch diff --git a/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch b/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch new file mode 100644 index 0000000..f9a1c34 --- /dev/null +++ b/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch @@ -0,0 +1,50 @@ +From b049388d473a9a0189f3180e57e04a39a3793382 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 4 Jun 2024 17:00:05 +0200 +Subject: [PATCH] url: allow DoH transfers to override max connection limit + +When reaching the set maximum limit of allowed connections, allow a new +connection anyway if the transfer is created for the (internal) purpose +of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can +starve out new DoH requests making it impossible to name resolve for new +transfers. + +Bug: https://curl.se/mail/lib-2024-06/0001.html +Reported-by: kartatz +Closes #13880 + +Conflict:Curl_disconnect(data, conn_candidate, FALSE); => +(void)Curl_disconnect(data, conn_candidate, FALSE); +Reference:https://github.com/curl/curl/commit/b049388d473a9a0189f3180e57e04a39a3793382 +--- + lib/url.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 41e35e153..4eabf0c87 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -3662,10 +3662,16 @@ static CURLcode create_conn(struct Curl_easy *data, + conn_candidate = Curl_conncache_extract_oldest(data); + if(conn_candidate) + (void)Curl_disconnect(data, conn_candidate, FALSE); +- else { +- infof(data, "No connections available in cache"); +- connections_available = FALSE; +- } ++ else ++#ifndef CURL_DISABLE_DOH ++ if(data->set.dohfor) ++ infof(data, "Allowing DoH to override max connection limit"); ++ else ++#endif ++ { ++ infof(data, "No connections available in cache"); ++ connections_available = FALSE; ++ } + } + + if(!connections_available) { +-- +2.33.0 + diff --git a/curl.spec b/curl.spec index b5fec08..376b512 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Name: curl Version: 7.79.1 -Release: 31 +Release: 32 Summary: Curl is used in command lines or scripts to transfer data License: MIT URL: https://curl.haxx.se/ @@ -106,6 +106,7 @@ Patch92: backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch Patch93: backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch Patch94: backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch Patch95: backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch +Patch96: backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel @@ -274,6 +275,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %changelog +* Fri Sep 20 2024 zhouyihang - 7.79.1-32 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:url: allow DoH transfers to override max connection limit + * Thu Sep 12 2024 zhouyihang - 7.79.1-31 - Type:CVE - CVE:CVE-2024-8096