From 6c51666ba1a8e7eaef0c5eb0a765f9f4131ea23b Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Fri, 31 May 2024 16:48:38 +0000
Subject: [PATCH] Import from AlmaLinux stable repository

---
 .libmicrohttpd.metadata      |  1 -
 SOURCES/cve-2023-27371.patch | 13 +++++++++++++
 SPECS/libmicrohttpd.spec     |  8 +++++++-
 3 files changed, 20 insertions(+), 2 deletions(-)
 delete mode 100644 .libmicrohttpd.metadata
 create mode 100644 SOURCES/cve-2023-27371.patch

diff --git a/.libmicrohttpd.metadata b/.libmicrohttpd.metadata
deleted file mode 100644
index 1cccffa..0000000
--- a/.libmicrohttpd.metadata
+++ /dev/null
@@ -1 +0,0 @@
-468bf0cf6f27bba36049533c6c7cdc958f4122cb SOURCES/libmicrohttpd-0.9.59.tar.gz
diff --git a/SOURCES/cve-2023-27371.patch b/SOURCES/cve-2023-27371.patch
new file mode 100644
index 0000000..4008a11
--- /dev/null
+++ b/SOURCES/cve-2023-27371.patch
@@ -0,0 +1,13 @@
+diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c
+index 8b710ea..427d4c6 100644
+--- a/src/microhttpd/postprocessor.c
++++ b/src/microhttpd/postprocessor.c
+@@ -310,7 +310,7 @@ MHD_create_post_processor (struct MHD_Connection *connection,
+ 	return NULL; /* failed to determine boundary */
+       boundary += MHD_STATICSTR_LEN_ ("boundary=");
+       blen = strlen (boundary);
+-      if ( (blen == 0) ||
++      if ( (blen < 2) ||
+            (blen * 2 + 2 > buffer_size) )
+         return NULL;            /* (will be) out of memory or invalid boundary */
+       if ( (boundary[0] == '"') &&
diff --git a/SPECS/libmicrohttpd.spec b/SPECS/libmicrohttpd.spec
index 759397f..d90997f 100644
--- a/SPECS/libmicrohttpd.spec
+++ b/SPECS/libmicrohttpd.spec
@@ -1,12 +1,13 @@
 Name:           libmicrohttpd
 Version:        0.9.59
-Release:        2%{?dist}
+Release:        3%{?dist}
 Epoch:          1
 Summary:        Lightweight library for embedding a webserver in applications
 License:        LGPLv2+
 URL:            http://www.gnu.org/software/libmicrohttpd/
 Source0:        https://ftp.gnu.org/gnu/libmicrohttpd/%{name}-%{version}.tar.gz
 Patch0:         gnutls-utilize-system-crypto-policy.patch
+Patch1:         cve-2023-27371.patch
 
 BuildRequires:  autoconf, automake, libtool, gettext-devel
 BuildRequires:  texinfo
@@ -111,6 +112,11 @@ fi
 %doc html
 
 %changelog
+* Thu Apr 06 2023 Pavel Šimovec <psimovec@redhat.com> - 1:0.9.59-3
+- Add cve-2023-27371.patch
+  Related: rhbz#2174639
+  CVE-2023-27371
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.59-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild