diff --git a/0051-curl-7.61.1-CVE-2023-28321.patch b/0051-curl-7.61.1-CVE-2023-28321.patch index bd66821..e3909b3 100644 --- a/0051-curl-7.61.1-CVE-2023-28321.patch +++ b/0051-curl-7.61.1-CVE-2023-28321.patch @@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644 /* * Match a hostname against a wildcard pattern. * E.g. -@@ -65,26 +76,27 @@ +@@ -65,26 +76,31 @@ static int hostmatch(char *hostname, char *pattern) { @@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644 - if(pattern_wildcard == NULL) - return strcasecompare(pattern, hostname) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; -+ if(hostname[hostlen-1]=='.') ++ if(hostname[hostlen-1]=='.') { + hostname[hostlen-1] = 0; -+ if(pattern[patternlen-1]=='.') ++ hostlen--; ++ } ++ if(pattern[patternlen-1]=='.') { + pattern[patternlen-1] = 0; ++ patternlen--; ++ } + + if(strncmp(pattern, "*.", 2)) + return pmatch(hostname, hostlen, pattern, patternlen); @@ -170,7 +174,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644 static CURLcode unit_setup(void) { return CURLE_OK; -@@ -30,50 +28,93 @@ static CURLcode unit_setup(void) +@@ -30,50 +28,91 @@ static CURLcode unit_setup(void) static void unit_stop(void) { @@ -281,9 +285,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644 + int i; + for(i = 0; tests[i].host; i++) { + if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern, -+ strlen(tests[i].pattern), -+ tests[i].host, -+ strlen(tests[i].host))) { ++ tests[i].host)) { + fprintf(stderr, + "HOST: %s\n" + "PTRN: %s\n" diff --git a/curl.spec b/curl.spec index 8054b4c..d69959e 100644 --- a/curl.spec +++ b/curl.spec @@ -582,6 +582,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Jan 08 2025 Jacek Migacz - 7.61.1-34.el8_10.4 +- make up incomplete patch for host name wildcard checking (RHEL-5680) + * Wed Oct 30 2024 Jacek Migacz - 7.61.1-34.el8_10.3 - asyn-thread: create a socketpair to wait on (RHEL-34906) - fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641)