!184 [sync] PR-180: backport to fix build error when user don't use glibc

From: @openeuler-sync-bot Reviewed-by: @seuzw Signed-off-by: @seuzw
2023-04-20 06:34:17 +00:00 · 2023-04-20 06:34:17 +00:00 · 5c3496837b
commit 5c3496837b
parent 79fef6e0e3 71b919d6d8
2 changed files with 119 additions and 1 deletions
--- a/backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch
+++ b/backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch
@ -0,0 +1,111 @@
 From 20f9dd6bae50b7223171b17ba7798946e74f877f Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Wed, 25 May 2022 10:09:53 +0200
 Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files
                 backport to fix build error when user don't use glibc
 ---
 CMakeLists.txt          |  1 +
 configure.ac            |  1 +
 lib/curl_config.h.cmake |  3 +++
 lib/fopen.c             | 19 +++++++++++++------
 lib/fopen.h             |  2 ++
 5 files changed, 20 insertions(+), 6 deletions(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index d8084de..3a64f02 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -1013,6 +1013,7 @@ elseif(HAVE_LIBSOCKET)
   set(CMAKE_REQUIRED_LIBRARIES socket)
 endif()
 +check_symbol_exists(fchmod        "${CURL_INCLUDES}" HAVE_FCHMOD)
 check_symbol_exists(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
 check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
 check_symbol_exists(select        "${CURL_INCLUDES}" HAVE_SELECT)
 diff --git a/configure.ac b/configure.ac
 index 152b047..245a731 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -3320,6 +3320,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
 AC_CHECK_FUNCS([fnmatch \
 +  fchmod \
   geteuid \
   getpass_r \
   getppid \
 diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
 index 4ef4883..7bd563b 100644
 --- a/lib/curl_config.h.cmake
 +++ b/lib/curl_config.h.cmake
@@ -157,6 +157,9 @@
 /* Define to 1 if you have the <assert.h> header file. */
 #cmakedefine HAVE_ASSERT_H 1
 +/* Define to 1 if you have the `fchmod' function. */
 +#cmakedefine HAVE_FCHMOD 1
 +
 /* Define to 1 if you have the `basename' function. */
 #cmakedefine HAVE_BASENAME 1
 diff --git a/lib/fopen.c b/lib/fopen.c
 index 94b87f5..ad3691b 100644
 --- a/lib/fopen.c
 +++ b/lib/fopen.c
@@ -18,6 +18,8 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
 + * SPDX-License-Identifier: curl
 + *
  ***************************************************************************/
 #include "curl_setup.h"
@@ -50,7 +52,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
   CURLcode result = CURLE_WRITE_ERROR;
   unsigned char randsuffix[9];
   char *tempstore = NULL;
 -  struct_stat sb, nsb;
 +  struct_stat sb;
   int fd = -1;
   *tempname = NULL;
@@ -77,12 +79,17 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
   if(fd == -1)
     goto fail;
 -  if((fstat(fd, &nsb) != -1) &&
 -     (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
 -    /* if the user and group are the same, clone the original mode */
 -    if(fchmod(fd, sb.st_mode) == -1)
 -      goto fail;
 +#ifdef HAVE_FCHMOD
 +  {
 +    struct_stat nsb;
 +    if((fstat(fd, &nsb) != -1) &&
 +       (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
 +      /* if the user and group are the same, clone the original mode */
 +      if(fchmod(fd, sb.st_mode) == -1)
 +        goto fail;
 +    }
   }
 +#endif
   *fh = fdopen(fd, FOPEN_WRITETEXT);
   if(!*fh)
 diff --git a/lib/fopen.h b/lib/fopen.h
 index 1020f3c..289e55f 100644
 --- a/lib/fopen.h
 +++ b/lib/fopen.h
@@ -20,6 +20,8 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
 + * SPDX-License-Identifier: curl
 + *
  ***************************************************************************/
 CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
 -- 
 2.39.1
--- a/curl.spec
+++ b/curl.spec
@ -6,7 +6,7 @@
 Name:           curl
 Version:        7.79.1
-Release:        15
+Release:        16
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@ -47,6 +47,7 @@ Patch32:        backport-CVE-2023-27538.patch
 Patch33:        backport-CVE-2023-27535-pre1.patch
 Patch34:        backport-CVE-2023-27536.patch
 Patch35:        backport-CVE-2023-27535.patch
 Patch36:        backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@ -221,6 +222,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 %changelog
 * Wed Apr 19 2023 gaihuiying <eaglegai@163.com> - 7.79.1-16
 - Type:bugfix
 - CVE:NA
 - SUG:NA
 - DESC:backport to fix build error when user don't use glibc
 * Wed Mar 22 2023 xingwei <xingwei14@h-partners.com> - 7.79.1-15
 - Type:cves
 - CVE:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538