Builder curl-unthreaded-solaris11-i386 Build #5157
Results:
Build successful
SourceStamp:
| Project | curl |
| Repository | https://github.com/curl/curl.git |
| Branch | master |
| Revision | be6c4ee7faaa55c62567a8c3fb0f4e98a482292e |
| Got Revision | be6c4ee7faaa55c62567a8c3fb0f4e98a482292e |
| Changes | 2 changes |
BuildSlave:
unstable11xReason:
The SingleBranchScheduler scheduler named 'schedule-curl-unthreaded-solaris11-i386' triggered this build
Steps and Logfiles:
Build Properties:
| Name | Value | Source |
|---|---|---|
| branch | master | Build |
| builddir | /export/home/buildbot/slave/curl-unthreaded-solaris11-i386 | slave |
| buildername | curl-unthreaded-solaris11-i386 | Builder |
| buildnumber | 5157 | Build |
| codebase | Build | |
| got_revision | be6c4ee7faaa55c62567a8c3fb0f4e98a482292e | Git |
| osplatform | I386 | SetPropertyFromCommand Step |
| osrelease | 11 | SetPropertyFromCommand Step |
| project | curl | Build |
| repository | https://github.com/curl/curl.git | Build |
| revision | be6c4ee7faaa55c62567a8c3fb0f4e98a482292e | Build |
| scheduler | schedule-curl-unthreaded-solaris11-i386 | Scheduler |
| slavename | unstable11x | BuildSlave |
| workdir | /export/home/buildbot/slave/curl-unthreaded-solaris11-i386 | slave (deprecated) |
Forced Build Properties:
| Name | Label | Value |
|---|
Responsible Users:
- Joshua RogersMegaManSec@users.noreply.github.com
Timing:
| Start | Tue Jun 2 13:58:54 2026 |
| End | Tue Jun 2 15:57:58 2026 |
| Elapsed | 1 hrs, 59 mins, 4 secs |
All Changes:
:
Change #269185
Category curl Changed by Joshua Rogers <MegaManSec@users.noreply.github.com> Changed at Tue 02 Jun 2026 11:43:00 Repository https://github.com/curl/curl.git Project curl Branch master Revision d191de891a4d2be48908c6964e5cb157d002dae6 Comments
telnet: honor CURLOPT_TIMEOUT in send_telnet_data() The poll-before-write loop used -1 (infinite) as the Curl_poll timeout, so a peer that stops reading could stall the transfer indefinitely, bypassing CURLOPT_TIMEOUT. Use Curl_timeleft_ms() instead and return CURLE_OPERATION_TIMEDOUT when the deadline is reached or exceeded. Closes #21685
Changed files
- lib/telnet.c
Change #269196
Category curl Changed by Joshua Rogers <MegaManSec@users.noreply.github.com> Changed at Tue 02 Jun 2026 13:30:35 Repository https://github.com/curl/curl.git Project curl Branch master Revision be6c4ee7faaa55c62567a8c3fb0f4e98a482292e Comments
gtls: verify OCSP response signature in gtls_verify_ocsp_status Since aeb1a281ca ("gtls: fix OCSP stapling management"), the function parses the stapled OCSP response and reads the certificate status via gnutls_ocsp_resp_get_single(), but never calls gnutls_ocsp_resp_verify() or gnutls_ocsp_resp_verify_direct(). A response with a forged or corrupted signature is accepted without question. Fix by calling gnutls_ocsp_resp_verify() against the trust list obtained from the session credentials immediately after gnutls_ocsp_resp_import(). This handles both directly-signed responses and delegated OCSP responders without requiring the issuer certificate to be present in the peer chain. The missing check only affects the CURLOPT_SSL_VERIFYSTATUS code path when CURLOPT_SSL_VERIFYPEER is disabled. With peer verification enabled, gnutls_certificate_verify_peers2() independently catches the invalid response via GNUTLS_CERT_INVALID_OCSP_STATUS before gtls_verify_ocsp_status() is reached. As a result, no attack is possible that is not already trivially achievable without OCSP stapling when peer verification is off. This is a correctness and consistency fix, not a security vulnerability. Reported-by: Joshua Rogers Closes #21677Changed files
- lib/vtls/gtls.c