backport to fix build error when user don't use glibc

(cherry picked from commit e5747300b7647d12797adf591e1b7c5a6c8e84b2)
2023-04-19 09:12:16 +00:00 · 2023-04-19 09:12:16 +00:00 · 71b919d6d8
commit 71b919d6d8
parent 79fef6e0e3
2 changed files with 119 additions and 1 deletions
--- a/backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch
+++ b/backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch
@ -0,0 +1,111 @@
+From 20f9dd6bae50b7223171b17ba7798946e74f877f Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 25 May 2022 10:09:53 +0200
+Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files
+                 backport to fix build error when user don't use glibc
+---
+ CMakeLists.txt          |  1 +
+ configure.ac            |  1 +
+ lib/curl_config.h.cmake |  3 +++
+ lib/fopen.c             | 19 +++++++++++++------
+ lib/fopen.h             |  2 ++
+ 5 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d8084de..3a64f02 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -1013,6 +1013,7 @@ elseif(HAVE_LIBSOCKET)
+   set(CMAKE_REQUIRED_LIBRARIES socket)
+ endif()
+ 
+check_symbol_exists(fchmod        "${CURL_INCLUDES}" HAVE_FCHMOD)
+ check_symbol_exists(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
+ check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
+ check_symbol_exists(select        "${CURL_INCLUDES}" HAVE_SELECT)
+diff --git a/configure.ac b/configure.ac
+index 152b047..245a731 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -3320,6 +3320,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
+ 
+ 
+ AC_CHECK_FUNCS([fnmatch \
+  fchmod \
+   geteuid \
+   getpass_r \
+   getppid \
+diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
+index 4ef4883..7bd563b 100644
+--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
+@@ -157,6 +157,9 @@
+ /* Define to 1 if you have the <assert.h> header file. */
+ #cmakedefine HAVE_ASSERT_H 1
+ 
+/* Define to 1 if you have the `fchmod' function. */
+#cmakedefine HAVE_FCHMOD 1
+
+ /* Define to 1 if you have the `basename' function. */
+ #cmakedefine HAVE_BASENAME 1
+ 
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 94b87f5..ad3691b 100644
+--- a/lib/fopen.c
+++ b/lib/fopen.c
+@@ -18,6 +18,8 @@
+  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+  * KIND, either express or implied.
+  *
+ * SPDX-License-Identifier: curl
+ *
+  ***************************************************************************/
+ 
+ #include "curl_setup.h"
+@@ -50,7 +52,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   CURLcode result = CURLE_WRITE_ERROR;
+   unsigned char randsuffix[9];
+   char *tempstore = NULL;
+-  struct_stat sb, nsb;
+  struct_stat sb;
+   int fd = -1;
+   *tempname = NULL;
+ 
+@@ -77,12 +79,17 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(fd == -1)
+     goto fail;
+ 
+-  if((fstat(fd, &nsb) != -1) &&
+-     (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
+-    /* if the user and group are the same, clone the original mode */
+-    if(fchmod(fd, sb.st_mode) == -1)
+-      goto fail;
+#ifdef HAVE_FCHMOD
+  {
+    struct_stat nsb;
+    if((fstat(fd, &nsb) != -1) &&
+       (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) {
+      /* if the user and group are the same, clone the original mode */
+      if(fchmod(fd, sb.st_mode) == -1)
+        goto fail;
+    }
+   }
+#endif
+ 
+   *fh = fdopen(fd, FOPEN_WRITETEXT);
+   if(!*fh)
+diff --git a/lib/fopen.h b/lib/fopen.h
+index 1020f3c..289e55f 100644
+--- a/lib/fopen.h
+++ b/lib/fopen.h
+@@ -20,6 +20,8 @@
+  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+  * KIND, either express or implied.
+  *
+ * SPDX-License-Identifier: curl
+ *
+  ***************************************************************************/
+ 
+ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+-- 
+2.39.1
--- a/curl.spec
+++ b/curl.spec
@ -6,7 +6,7 @@

 Name:           curl
 Version:        7.79.1
-Release:        15
+Release:        16
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@ -47,6 +47,7 @@ Patch32:        backport-CVE-2023-27538.patch
 Patch33:        backport-CVE-2023-27535-pre1.patch
 Patch34:        backport-CVE-2023-27536.patch
 Patch35:        backport-CVE-2023-27535.patch
+Patch36:        backport-after-CVE-2022-32207-to-fix-build-error-when-user-don-t-use-glibc.patch

 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@ -221,6 +222,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*

 %changelog
+* Wed Apr 19 2023 gaihuiying <eaglegai@163.com> - 7.79.1-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport to fix build error when user don't use glibc
+
 * Wed Mar 22 2023 xingwei <xingwei14@h-partners.com> - 7.79.1-15
 - Type:cves
 - CVE:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538