Patching CVE-2022-43552 and CVE-2023-27536 - v1

SPECS/cmake/CVE-2022-43552.patch

@@ -0,0 +1,74 @@
+From 6967f3bebe94e6878500dea358438e8ac95baf47 Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa <[email protected]>
+Date: Tue, 12 Nov 2024 17:05:45 -0800
+Subject: [PATCH] Patch for CVE-2022-43552
+
+Upstream patch: https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2.patch
+
+---
+ Utilities/cmcurl/lib/smb.c    | 14 ++------------
+ Utilities/cmcurl/lib/telnet.c |  3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/Utilities/cmcurl/lib/smb.c b/Utilities/cmcurl/lib/smb.c
+index 39facb267d..eb4ef15be0 100644
+--- a/Utilities/cmcurl/lib/smb.c
++++ b/Utilities/cmcurl/lib/smb.c
+@@ -60,8 +60,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
+ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
+ static CURLcode smb_do(struct Curl_easy *data, bool *done);
+ static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature);
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead);
+ static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
+@@ -76,7 +74,7 @@ const struct Curl_handler Curl_handler_smb = {
+   "SMB",                                /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+@@ -103,7 +101,7 @@ const struct Curl_handler Curl_handler_smbs = {
+   "SMBS",                               /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+@@ -940,14 +938,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+   return CURLE_OK;
+ }
+
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature)
+-{
+-  (void) premature;
+-  Curl_safefree(data->req.p.smb);
+-  return status;
+-}
+-
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead)
+ {
+diff --git a/Utilities/cmcurl/lib/telnet.c b/Utilities/cmcurl/lib/telnet.c
+index fdd137fb0c..96c89096e5 100644
+--- a/Utilities/cmcurl/lib/telnet.c
++++ b/Utilities/cmcurl/lib/telnet.c
+@@ -1243,9 +1243,6 @@ static CURLcode telnet_done(struct Curl_easy *data,
+
+   curl_slist_free_all(tn->telnet_vars);
+   tn->telnet_vars = NULL;
+-
+-  Curl_safefree(data->req.p.telnet);
+-
+   return CURLE_OK;
+ }
+
+--
+2.45.2

SPECS/cmake/CVE-2023-27536.patch

@@ -0,0 +1,51 @@
+From f7da0416e4b6374fd336fdcf3b708a493a492969 Mon Sep 17 00:00:00 2001
+From: Sharath Srikanth Chellappa <[email protected]>
+Date: Tue, 12 Nov 2024 17:19:13 -0800
+Subject: [PATCH] Patch for CVE-2023-27536
+
+Upstream patch: https://github.com/curl/curl/commit/cb49e67303dba.patch
+
+---
+ Utilities/cmcurl/lib/url.c     | 6 ++++++
+ Utilities/cmcurl/lib/urldata.h | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c
+index 1ee38af0d5..4ab389af48 100644
+--- a/Utilities/cmcurl/lib/url.c
++++ b/Utilities/cmcurl/lib/url.c
+@@ -1322,6 +1322,11 @@ ConnectionExists(struct Curl_easy *data,
+         }
+       }
+
++      /* GSS delegation differences do not actually affect every connection
++         and auth method, but this check takes precaution before efficiency */
++      if(needle->gssapi_delegation != check->gssapi_delegation)
++        continue;
++
+       /* If multiplexing isn't enabled on the h2 connection and h1 is
+          explicitly requested, handle it: */
+       if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
+@@ -1766,6 +1771,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
+   conn->fclosesocket = data->set.fclosesocket;
+   conn->closesocket_client = data->set.closesocket_client;
+   conn->lastused = Curl_now(); /* used now */
++  conn->gssapi_delegation = data->set.gssapi_delegation;
+
+   return conn;
+   error:
+diff --git a/Utilities/cmcurl/lib/urldata.h b/Utilities/cmcurl/lib/urldata.h
+index fb905c36c5..365b6821b1 100644
+--- a/Utilities/cmcurl/lib/urldata.h
++++ b/Utilities/cmcurl/lib/urldata.h
+@@ -1120,6 +1120,7 @@ struct connectdata {
+   int socks5_gssapi_enctype;
+ #endif
+   unsigned short localport;
++  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
+ };
+
+ /* The end of connectdata. */
+--
+2.45.2
+

SPECS/cmake/cmake.spec

@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.21.4
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -23,6 +23,8 @@ Patch8:         cve-2023-44487.patch
 Patch9:         CVE-2023-28320.patch
 Patch10:        CVE-2023-27533.patch
 Patch11:        CVE-2023-27534.patch
+Patch12:        CVE-2022-43552.patch
+Patch13:        CVE-2023-27536.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@@ -88,6 +90,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_prefix}/doc/%{name}-*/*
 
 %changelog
+* Wed Nov 12 2024 Sharath Srikanth Chellappa <[email protected]> - 3.21.4-13
+- Patch CVE-2022-43552 and CVE-2023-27536
+
 * Wed Sep 18 2024 Suresh Thelkar <[email protected]> - 3.21.4-12
 - Patch CVE-2023-27533 and CVE-2023-27534