[scarthgap,01/10] curl: Patch CVE-2024-6197

Message ID	0f172ed0c94d287c96ec465e4724c8b47f846a4c.1723083840.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.180, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/10] curl: Patch CVE-2024-6197 Date: Wed, 7 Aug 2024 19:28:37 -0700 Message-Id: <0f172ed0c94d287c96ec465e4724c8b47f846a4c.1723083840.git.steve@sakoman.com> In-Reply-To: <cover.1723083840.git.steve@sakoman.com> References: <cover.1723083840.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/10] curl: Patch CVE-2024-6197 \| expand [scarthgap,01/10] curl: Patch CVE-2024-6197 [scarthgap,02/10] glibc: cleanup old cve status [scarthgap,03/10] qemu: set cve status for CVE-2023-6683 [scarthgap,04/10] ffmpeg: fix CVE-2024-31582 [scarthgap,05/10] nasm: Upgrade 2.16.01 -> 2.16.03 [scarthgap,06/10] orc: upgrade 0.4.38 -> 0.4.39 [scarthgap,07/10] bind: Upgrade 9.18.25 -> 9.18.28 [scarthgap,08/10] curl: correct the PACKAGECONFIG for native/nativesdk [scarthgap,09/10] libmnl: explicitly disable doxygen [scarthgap,10/10] libpng: update SRC_URI

Message ID

0f172ed0c94d287c96ec465e4724c8b47f846a4c.1723083840.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/10] curl: Patch CVE-2024-6197
Date: Wed,  7 Aug 2024 19:28:37 -0700
Message-Id: 
 <0f172ed0c94d287c96ec465e4724c8b47f846a4c.1723083840.git.steve@sakoman.com>
In-Reply-To: <cover.1723083840.git.steve@sakoman.com>
References: <cover.1723083840.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/10] curl: Patch CVE-2024-6197 | expand

Commit Message

Steve Sakoman Aug. 8, 2024, 2:28 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Picked commit per https://curl.se/docs/CVE-2024-6197.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2024-6197.patch             | 24 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-6197.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2024-6197.patch b/meta/recipes-support/curl/curl/CVE-2024-6197.patch
new file mode 100644
index 0000000000..0622e70dc8
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-6197.patch
@@ -0,0 +1,24 @@ 
+From 3a537a4db9e65e545ec45b1b5d5575ee09a2569d Mon Sep 17 00:00:00 2001
+From: z2_ <88509734+z2-2z@users.noreply.github.com>
+Date: Fri, 28 Jun 2024 14:45:47 +0200
+Subject: [PATCH] x509asn1: remove superfluous free()
+
+CVE: CVE-2024-6197
+Upstream-Status: Backport [https://github.com/curl/curl/commit/3a537a4db9e65e545ec45b1b5d5575ee09a2569d.patch]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vtls/x509asn1.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
+index f71ab0b90a5931..1bc4243ddae343 100644
+--- a/lib/vtls/x509asn1.c
++++ b/lib/vtls/x509asn1.c
+@@ -393,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
+         if(wc >= 0x00000800) {
+           if(wc >= 0x00010000) {
+             if(wc >= 0x00200000) {
+-              free(buf);
+               /* Invalid char. size for target encoding. */
+               return CURLE_WEIRD_SERVER_REPLY;
+             }
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 3fdad6a4cf..136782ffec 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -15,6 +15,7 @@  SRC_URI = " \
     file://run-ptest \
     file://disable-tests \
     file://no-test-timeout.patch \
+    file://CVE-2024-6197.patch \
 "
 SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"