diff --git a/SPECS/cmake/CVE-2024-2398.patch b/SPECS/cmake/CVE-2024-2398.patch new file mode 100644 index 00000000000..d1c192e24f6 --- /dev/null +++ b/SPECS/cmake/CVE-2024-2398.patch @@ -0,0 +1,94 @@ +From c9adb2114e9d9d4a50ff273234c2a1f8518aafd1 Mon Sep 17 00:00:00 2001 +From: Vince Perri <5596945+vinceaperri@users.noreply.github.com> +Date: Wed, 20 Nov 2024 22:38:53 +0000 +Subject: [PATCH] http2: push headers better cleanup + +Original patch: https://github.com/curl/curl/commit/deca8039991886a559b67bcd6 +--- + Utilities/cmcurl/lib/http2.c | 34 +++++++++++++++------------------- + 1 file changed, 15 insertions(+), 19 deletions(-) + +diff --git a/Utilities/cmcurl/lib/http2.c b/Utilities/cmcurl/lib/http2.c +index f194c18b..50b8cd54 100644 +--- a/Utilities/cmcurl/lib/http2.c ++++ b/Utilities/cmcurl/lib/http2.c +@@ -116,6 +116,15 @@ static int http2_getsock(struct Curl_easy *data, + return bitmap; + } + ++static void free_push_headers(struct HTTP *stream) ++{ ++ size_t i; ++ for(i = 0; ipush_headers_used; i++) ++ free(stream->push_headers[i]); ++ Curl_safefree(stream->push_headers); ++ stream->push_headers_used = 0; ++} ++ + /* + * http2_stream_free() free HTTP2 stream related data + */ +@@ -123,11 +132,7 @@ static void http2_stream_free(struct HTTP *http) + { + if(http) { + Curl_dyn_free(&http->header_recvbuf); +- for(; http->push_headers_used > 0; --http->push_headers_used) { +- free(http->push_headers[http->push_headers_used - 1]); +- } +- free(http->push_headers); +- http->push_headers = NULL; ++ free_push_headers(http); + } + } + +@@ -559,7 +564,6 @@ static int push_promise(struct Curl_easy *data, + struct curl_pushheaders heads; + CURLMcode rc; + struct http_conn *httpc; +- size_t i; + /* clone the parent */ + struct Curl_easy *newhandle = duphandle(data); + if(!newhandle) { +@@ -595,11 +599,7 @@ static int push_promise(struct Curl_easy *data, + Curl_set_in_callback(data, false); + + /* free the headers again */ +- for(i = 0; ipush_headers_used; i++) +- free(stream->push_headers[i]); +- free(stream->push_headers); +- stream->push_headers = NULL; +- stream->push_headers_used = 0; ++ free_push_headers(stream); + + if(rv) { + DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT)); +@@ -1033,10 +1033,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, + stream->push_headers_alloc) { + char **headp; + stream->push_headers_alloc *= 2; +- headp = Curl_saferealloc(stream->push_headers, +- stream->push_headers_alloc * sizeof(char *)); ++ headp = realloc(stream->push_headers, ++ stream->push_headers_alloc * sizeof(char *)); + if(!headp) { +- stream->push_headers = NULL; ++ free_push_headers(stream); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + stream->push_headers = headp; +@@ -1204,11 +1204,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) + Curl_dyn_free(&http->trailer_recvbuf); + if(http->push_headers) { + /* if they weren't used and then freed before */ +- for(; http->push_headers_used > 0; --http->push_headers_used) { +- free(http->push_headers[http->push_headers_used - 1]); +- } +- free(http->push_headers); +- http->push_headers = NULL; ++ free_push_headers(http); + } + + if(!(data->conn->handler->protocol&PROTO_FAMILY_HTTP) || +-- +2.34.1 + diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec index 7cbf857dc73..4b293d7d013 100644 --- a/SPECS/cmake/cmake.spec +++ b/SPECS/cmake/cmake.spec @@ -2,7 +2,7 @@ Summary: Cmake Name: cmake Version: 3.21.4 -Release: 13%{?dist} +Release: 14%{?dist} License: BSD AND LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -29,6 +29,7 @@ Patch14: CVE-2023-27538.patch Patch15: CVE-2023-27535.patch Patch16: CVE-2023-23916.patch Patch17: CVE-2023-46218.patch +Patch18: CVE-2024-2398.patch BuildRequires: bzip2 BuildRequires: bzip2-devel BuildRequires: curl @@ -94,6 +95,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure %{_prefix}/doc/%{name}-*/* %changelog +* Tue Nov 19 2024 Vince Perri - 3.21.4-14 +- Patch CVE-2024-2398 (bundled curl). + * Thu Nov 14 2024 Sharath Srikanth Chellappa - 3.21.4-13 - Patch CVE-2022-43552, CVE-2023-27536, CVE-2023-27535, CVE-2023-27538, CVE-2023-23916 and CVE-2023-46218. diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 8f25b9c9dbe..4f542e0608f 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -30,8 +30,8 @@ check-debuginfo-0.15.2-1.cm2.aarch64.rpm chkconfig-1.20-4.cm2.aarch64.rpm chkconfig-debuginfo-1.20-4.cm2.aarch64.rpm chkconfig-lang-1.20-4.cm2.aarch64.rpm -cmake-3.21.4-13.cm2.aarch64.rpm -cmake-debuginfo-3.21.4-13.cm2.aarch64.rpm +cmake-3.21.4-14.cm2.aarch64.rpm +cmake-debuginfo-3.21.4-14.cm2.aarch64.rpm coreutils-8.32-7.cm2.aarch64.rpm coreutils-debuginfo-8.32-7.cm2.aarch64.rpm coreutils-lang-8.32-7.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 2b821d4f2aa..e017743db16 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -31,8 +31,8 @@ check-debuginfo-0.15.2-1.cm2.x86_64.rpm chkconfig-1.20-4.cm2.x86_64.rpm chkconfig-debuginfo-1.20-4.cm2.x86_64.rpm chkconfig-lang-1.20-4.cm2.x86_64.rpm -cmake-3.21.4-13.cm2.x86_64.rpm -cmake-debuginfo-3.21.4-13.cm2.x86_64.rpm +cmake-3.21.4-14.cm2.x86_64.rpm +cmake-debuginfo-3.21.4-14.cm2.x86_64.rpm coreutils-8.32-7.cm2.x86_64.rpm coreutils-debuginfo-8.32-7.cm2.x86_64.rpm coreutils-lang-8.32-7.cm2.x86_64.rpm