From 474e31202215c54db5a6d5b8ee923799101f2d2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= Date: Tue, 18 Jun 2024 13:55:31 +0200 Subject: [PATCH] Unconditionally set OpenSSL option SSL_OP_IGNORE_UNEXPECTED_EOF This is needed to avoid an error when server doesn't close correctly, e.g.: curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0 Resolves: RHEL-39995 --- 0037-curl-7.76.1-ignore-unexpected-eof.patch | 14 ++++++++++++++ curl.spec | 9 ++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 0037-curl-7.76.1-ignore-unexpected-eof.patch diff --git a/0037-curl-7.76.1-ignore-unexpected-eof.patch b/0037-curl-7.76.1-ignore-unexpected-eof.patch new file mode 100644 index 0000000..94f2183 --- /dev/null +++ b/0037-curl-7.76.1-ignore-unexpected-eof.patch @@ -0,0 +1,14 @@ +diff -up curl-7.76.1/lib/vtls/openssl.c.ignore_unexpected_eof curl-7.76.1/lib/vtls/openssl.c +--- curl-7.76.1/lib/vtls/openssl.c.ignore_unexpected_eof 2024-06-17 07:03:17.428620354 +0200 ++++ curl-7.76.1/lib/vtls/openssl.c 2024-06-17 07:03:54.125799894 +0200 +@@ -2761,6 +2761,10 @@ static CURLcode ossl_connect_step1(struc + return CURLE_SSL_CONNECT_ERROR; + } + ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; ++#endif ++ + SSL_CTX_set_options(backend->ctx, ctx_options); + + #ifdef HAS_NPN diff --git a/curl.spec b/curl.spec index f450c08..477adb1 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 29%{?dist} +Release: 30%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz @@ -110,6 +110,9 @@ Patch35: 0035-curl-7.76.1-64K-sftp.patch # lowercase the domain names before PSL checks (CVE-2023-46218) Patch36: 0036-curl-7.76.1-CVE-2023-46218.patch +# ignore unexpected EOF (RHEL-39995) +Patch37: 0037-curl-7.76.1-ignore-unexpected-eof.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -320,6 +323,7 @@ be installed. %patch34 -p1 %patch35 -p1 %patch36 -p1 +%patch37 -p1 # Fedora patches %patch101 -p1 @@ -578,6 +582,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Tue Jun 18 2024 Jacek Migacz - 7.76.1-30 +- ignore unexpected EOF (RHEL-39995) + * Wed Mar 6 2024 Jacek Migacz - 7.76.1-29 - rebuild for 9.4 GA