import UBI curl-7.76.1-31.el9_6.1

2025-08-05 05:08:44 +00:00 · 2025-08-05 05:08:44 +00:00 · 67af8bdfa7
commit 67af8bdfa7
parent 945afe1885
3 changed files with 89 additions and 50 deletions
--- a/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch
+++ b/SOURCES/0031-curl-7.76.1-CVE-2023-28321.patch
@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
 /*
  * Match a hostname against a wildcard pattern.
  * E.g.
-@@ -65,26 +76,27 @@
+@@ -65,26 +76,31 @@
 
 static int hostmatch(char *hostname, char *pattern)
 {
@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
 -  if(pattern_wildcard == NULL)
 -    return strcasecompare(pattern, hostname) ?
 -      CURL_HOST_MATCH : CURL_HOST_NOMATCH;
-+  if(hostname[hostlen-1]=='.')
+  if(hostname[hostlen-1]=='.') {
 +    hostname[hostlen-1] = 0;
-+  if(pattern[patternlen-1]=='.')
+    hostlen--;
+  }
+  if(pattern[patternlen-1]=='.') {
 +    pattern[patternlen-1] = 0;
+    patternlen--;
+  }
 +
 +  if(strncmp(pattern, "*.", 2))
 +    return pmatch(hostname, hostlen, pattern, patternlen);
@ -143,7 +147,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
 </keywords>
 </info>
 
-@@ -15,9 +14,9 @@ none
+@@ -14,9 +13,9 @@ none
 <features>
 unittest
 </features>
@ -154,7 +158,7 @@ index 84f962abebee3..f31b2c2a3f330 100644
 +Curl_cert_hostcheck unit tests
 +</name>
 </client>
- 
+
 </testcase>
 diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
 index 2f3d3aa4d09e1..3ae75618d5d10 100644
@ -169,7 +173,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
 static CURLcode unit_setup(void)
 {
   return CURLE_OK;
-@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
+@@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
 
 static void unit_stop(void)
 {
@ -280,9 +284,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
 +  int i;
 +  for(i = 0; tests[i].host; i++) {
 +    if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
-+                                             strlen(tests[i].pattern),
-+                                             tests[i].host,
-+                                             strlen(tests[i].host))) {
+                                             tests[i].host)) {
 +      fprintf(stderr,
 +              "HOST: %s\n"
 +              "PTRN: %s\n"
--- a/SOURCES/0039-curl-7.76.1-pause-on-http.patch
+++ b/SOURCES/0039-curl-7.76.1-pause-on-http.patch
@ -0,0 +1,28 @@
+From badcf275bc5e7a13128734968102a48c93962cef Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 17 May 2021 09:05:39 +0200
+Subject: [PATCH] http2: make sure pause is done on HTTP
+
+Since the function is called for any protocol, we can't assume that the
+HTTP struct is there without first making sure it is HTTP.
+
+Reported-by: Denis Goleshchikhin
+Fixes #7079
+---
+ lib/http2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index ac04d348c495..bc604ce1551a 100644
+--- a/lib/http2.c
+++ b/lib/http2.c
+@@ -2353,7 +2353,8 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
+   DEBUGASSERT(data);
+   DEBUGASSERT(data->conn);
+   /* if it isn't HTTP/2, we're done */
+-  if(!data->conn->proto.httpc.h2)
+  if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
+     !data->conn->proto.httpc.h2)
+     return CURLE_OK;
+ #ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
+   else {
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 31%{?dist}
+Release: 31%{?dist}.1
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz

@ -116,6 +116,9 @@ Patch37:  0037-curl-7.76.1-ignore-unexpected-eof.patch
 # provide common cleanup method for push headers (CVE-2024-2398)
 Patch38:  0038-curl-7.76.1-CVE-2024-2398.patch

+# make sure pause is done on HTTP
+Patch39:  0039-curl-7.76.1-pause-on-http.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -291,48 +294,49 @@ be installed.
 %setup -q

 # upstream patches
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-%patch34 -p1
-%patch35 -p1
-%patch36 -p1
-%patch37 -p1
-%patch38 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
+%patch -P 9 -p1
+%patch -P 10 -p1
+%patch -P 11 -p1
+%patch -P 12 -p1
+%patch -P 13 -p1
+%patch -P 14 -p1
+%patch -P 15 -p1
+%patch -P 16 -p1
+%patch -P 17 -p1
+%patch -P 19 -p1
+%patch -P 20 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 23 -p1
+%patch -P 24 -p1
+%patch -P 25 -p1
+%patch -P 26 -p1
+%patch -P 27 -p1
+%patch -P 28 -p1
+%patch -P 29 -p1
+%patch -P 30 -p1
+%patch -P 31 -p1
+%patch -P 32 -p1
+%patch -P 33 -p1
+%patch -P 34 -p1
+%patch -P 35 -p1
+%patch -P 36 -p1
+%patch -P 37 -p1
+%patch -P 38 -p1
+%patch -P 39 -p1

 # Fedora patches
-%patch101 -p1
-%patch102 -p1
-%patch105 -p1
+%patch -P 101 -p1
+%patch -P 102 -p1
+%patch -P 105 -p1

 # disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
 # with errno 98: Address already in use' in Koji environment), and test 1801
@ -586,6 +590,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Tue Dec 17 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31.el9_6.1
+- make up incomplete patch for host name wildcard checking (RHEL-5675)
+- eliminate use of obsolete patch syntax (RHEL-65791)
+- http2: make sure pause is done on HTTP (RHEL-86805)
+
 * Thu Aug 22 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-31
 - provide common cleanup method for push headers (CVE-2024-2398)