diff --git a/0027-curl-7.76.1-CVE-2023-27535.patch b/0027-curl-7.76.1-CVE-2023-27535.patch index 219fccd..846a90c 100644 --- a/0027-curl-7.76.1-CVE-2023-27535.patch +++ b/0027-curl-7.76.1-CVE-2023-27535.patch @@ -83,9 +83,9 @@ Signed-off-by: Kamil Dudka lib/ftp.c | 28 ++++++++++++++++++++++++++-- lib/ftp.h | 5 +++++ lib/setopt.c | 2 +- - lib/url.c | 16 +++++++++++++++- + lib/url.c | 12 ++++++++++++ lib/urldata.h | 4 ++-- - 5 files changed, 49 insertions(+), 6 deletions(-) + 5 files changed, 46 insertions(+), 5 deletions(-) diff --git a/lib/ftp.c b/lib/ftp.c index 9442832..df15bc0 100644 @@ -184,17 +184,10 @@ diff --git a/lib/url.c b/lib/url.c index 61ba832..4e21838 100644 --- a/lib/url.c +++ b/lib/url.c -@@ -1325,10 +1325,24 @@ ConnectionExists(struct Curl_easy *data, - } - } - -- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { -+#ifdef USE_SSH -+ else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { +@@ -1329,6 +1329,18 @@ ConnectionExists(struct Curl_easy *data, if(!ssh_config_matches(needle, check)) continue; } -+#endif +#ifndef CURL_DISABLE_FTP + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ diff --git a/0028-curl-7.76.1-CVE-2023-27536.patch b/0028-curl-7.76.1-CVE-2023-27536.patch index 9479178..7888e19 100644 --- a/0028-curl-7.76.1-CVE-2023-27536.patch +++ b/0028-curl-7.76.1-CVE-2023-27536.patch @@ -26,10 +26,10 @@ index 3b11b7e..cbbc7f3 100644 + if(needle->gssapi_delegation != check->gssapi_delegation) + continue; + - #ifdef USE_SSH - else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { + if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { if(!ssh_config_matches(needle, check)) -@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) + continue; +@@ -1785,6 +1790,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->fclosesocket = data->set.fclosesocket; conn->closesocket_client = data->set.closesocket_client; conn->lastused = Curl_now(); /* used now */ diff --git a/0029-curl-7.76.1-CVE-2023-27538.patch b/0029-curl-7.76.1-CVE-2023-27538.patch index 32131dc..030b6bb 100644 --- a/0029-curl-7.76.1-CVE-2023-27538.patch +++ b/0029-curl-7.76.1-CVE-2023-27538.patch @@ -16,12 +16,12 @@ diff --git a/lib/url.c b/lib/url.c index 0c31486..3b11b7e 100644 --- a/lib/url.c +++ b/lib/url.c -@@ -1331,7 +1331,7 @@ ConnectionExists(struct Curl_easy *data, +@@ -1330,7 +1330,7 @@ ConnectionExists(struct Curl_easy *data, + if(needle->gssapi_delegation != check->gssapi_delegation) continue; - #ifdef USE_SSH -- else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { -+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { +- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { ++ if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { if(!ssh_config_matches(needle, check)) continue; } diff --git a/curl.spec b/curl.spec index 3fe670f..e90bf23 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 24%{?dist} +Release: 25%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz @@ -517,6 +517,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Apr 12 2023 Kamil Dudka - 7.76.1-25 +- adapt the fix of CVE-2023-27535 for RHEL 9 curl + * Fri Mar 24 2023 Kamil Dudka - 7.76.1-24 - fix SSH connection too eager reuse still (CVE-2023-27538) - fix GSS delegation too eager connection re-use (CVE-2023-27536)