backport some patches from community

(cherry picked from commit 79ba570156f5e984751e62ce52cbd4f6504273e0)
2024-01-05 02:40:34 +00:00 · 2024-01-05 02:40:34 +00:00 · 22926c42d1
commit 22926c42d1
parent f831f64428
3 changed files with 93 additions and 1 deletions
--- a/backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch
+++ b/backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch
@ -0,0 +1,37 @@
+From b9f832edcce9db2de31070e76c3cbe59ca9ef512 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 12 Oct 2023 16:00:38 +0200
+Subject: [PATCH] openssl: avoid BN_num_bits() NULL pointer derefs
+
+Reported-by: icy17 on github
+Fixes #12099
+Closes #12100
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/b9f832edcce9db2de31070e76c3cbe59ca9ef512
+---
+ lib/vtls/openssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 00b56e2..50c3553 100644
+--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
+@@ -3676,13 +3676,13 @@ static CURLcode get_cert_chain(struct Curl_easy *data,
+           const BIGNUM *e;
+
+           RSA_get0_key(rsa, &n, &e, NULL);
+-          BIO_printf(mem, "%d", BN_num_bits(n));
+          BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
+           push_certinfo("RSA Public Key", i);
+           print_pubkey_BN(rsa, n, i);
+           print_pubkey_BN(rsa, e, i);
+         }
+ #else
+-        BIO_printf(mem, "%d", BN_num_bits(rsa->n));
+        BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
+         push_certinfo("RSA Public Key", i);
+         print_pubkey_BN(rsa, n, i);
+         print_pubkey_BN(rsa, e, i);
+--
+2.33.0
--- a/backport-transfer-also-stop-the-sending-on-closed-connection.patch
+++ b/backport-transfer-also-stop-the-sending-on-closed-connection.patch
@ -0,0 +1,46 @@
+From 95a865b462195d9d847f7f2676f0c789179e2073 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 4 Sep 2023 14:14:32 +0200
+Subject: [PATCH] transfer: also stop the sending on closed connection
+
+Previously this cleared the receiving bit only but in some cases it is
+also still sending (like a request-body) when disconnected and neither
+direction can continue then.
+
+Fixes #11769
+Reported-by: Oleg Jukovec
+Closes #11795
+
+Conflict: context adapt
+Reference: https://github.com/curl/curl/commit/95a865b462195d9d847f7f2676f0c789179e2073
+---
+ lib/transfer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index fdfa6b1..c8db8d9 100644
+--- a/lib/transfer.c
+++ b/lib/transfer.c
+@@ -633,7 +633,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
+     if(0 < nread || is_empty_data) {
+       buf[nread] = 0;
+     }
+-    else {
+    if(!nread) {
+       /* if we receive 0 or less here, either the http2 stream is closed or the
+          server closed the connection and we bail out from this! */
+ #ifdef USE_NGHTTP2
+@@ -642,8 +642,9 @@ static CURLcode readwrite_data(struct Curl_easy *data,
+       else
+ #endif
+         DEBUGF(infof(data, "nread <= 0, server closed connection, bailing"));
+-      k->keepon &= ~KEEP_RECV;
+-      break;
+      k->keepon = 0; /* stop sending as well */
+      if(!is_empty_data)
+        break;
+     }
+
+     /* Default buffer to use when we write the buffer, it may be changed
+--
+2.33.0
--- a/curl.spec
+++ b/curl.spec
@ -6,7 +6,7 @@

 Name:           curl
 Version:        7.79.1
-Release:        26
+Release:        27
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@ -94,6 +94,8 @@ Patch80:        backport-http-free-the-url-before-storing-a-new-copy.patch
 Patch81:        backport-url-fix-null-dispname-for-connect-to-option.patch
 Patch82:        backport-vtls-avoid-memory-leak-if-sha256-call-fails.patch
 Patch83:        backport-urlapi-make-sure-zoneid-is-also-duplicated-in-curl_u.patch
+Patch84:        backport-transfer-also-stop-the-sending-on-closed-connection.patch
+Patch85:        backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch

 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@ -262,6 +264,13 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*

 %changelog
+* Fri Jan 05 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-27
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:transfer: also stop the sending on closed connection
+       openssl: avoid BN_num_bits() NULL pointer derefs
+
 * Wed Jan 03 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-26
 - Type:bugfix
 - CVE:NA