mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-04 19:56:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

changelog: Add an entry

Browse Source
This commit is contained in:
Krzesimir Nowak 2023-10-13 13:31:15 +02:00
parent 023f53f3ea
commit 4645717b47
2 changed files with 20 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/security/2023-10-13-curl-backport.md Normal file
View File

@ -0,0 +1 @@
- curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))

46
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/net-misc/curl/CVE-2023-38546.patch vendored
View File

@ -14,11 +14,10 @@ Closes #11862
lib/easy.c | 4 +---
3 files changed, 6 insertions(+), 24 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 4345a84c6fd9d..e39c89a94a960 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co)
diff -r -u -p curl-8.0.1/lib/cookie.c curl-8.0.1-patched/lib/cookie.c
--- curl-8.0.1/lib/cookie.c 2023-03-20 11:38:42.000000000 -0000
+++ curl-8.0.1-patched/lib/cookie.c 2023-10-13 11:42:44.820188193 -0000
@@ -119,7 +119,6 @@ static void freecookie(struct Cookie *co
free(co->name);
free(co->value);
free(co->maxage);
@ -26,7 +25,7 @@ index 4345a84c6fd9d..e39c89a94a960 100644
free(co);
}
@@ -718,11 +717,7 @@ Curl_cookie_add(struct Curl_easy *data,
@@ -726,11 +725,7 @@ Curl_cookie_add(struct Curl_easy *data,
}
}
else if((nlen == 7) && strncasecompare("version", namep, 7)) {
@ -39,7 +38,7 @@ index 4345a84c6fd9d..e39c89a94a960 100644
}
else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
/*
@@ -1160,7 +1155,6 @@ Curl_cookie_add(struct Curl_easy *data,
@@ -1174,7 +1169,6 @@ Curl_cookie_add(struct Curl_easy *data,
free(clist->path);
free(clist->spath);
free(clist->expirestr);
@ -47,7 +46,7 @@ index 4345a84c6fd9d..e39c89a94a960 100644
free(clist->maxage);
*clist = *co; /* then store all the new data */
@@ -1224,9 +1218,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
@@ -1238,9 +1232,6 @@ struct CookieInfo *Curl_cookie_init(stru
c = calloc(1, sizeof(struct CookieInfo));
if(!c)
return NULL; /* failed to get memory */
@ -57,7 +56,7 @@ index 4345a84c6fd9d..e39c89a94a960 100644
/*
* Initialize the next_expiration time to signal that we don't have enough
* information yet.
@@ -1378,7 +1369,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
@@ -1394,7 +1385,6 @@ static struct Cookie *dup_cookie(struct
CLONE(name);
CLONE(value);
CLONE(maxage);
@ -65,7 +64,7 @@ index 4345a84c6fd9d..e39c89a94a960 100644
d->expires = src->expires;
d->tailmatch = src->tailmatch;
d->secure = src->secure;
@@ -1595,7 +1585,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
@@ -1611,7 +1601,6 @@ void Curl_cookie_cleanup(struct CookieIn
{
if(c) {
unsigned int i;
@ -73,10 +72,9 @@ index 4345a84c6fd9d..e39c89a94a960 100644
for(i = 0; i < COOKIE_HASH_SIZE; i++)
Curl_cookie_freelist(c->cookies[i]);
free(c); /* free the base struct as well */
diff --git a/lib/cookie.h b/lib/cookie.h
index b3c0063b2cfb2..41e9e7a6914e0 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
diff -r -u -p curl-8.0.1/lib/cookie.h curl-8.0.1-patched/lib/cookie.h
--- curl-8.0.1/lib/cookie.h 2023-03-17 23:34:19.000000000 -0000
+++ curl-8.0.1-patched/lib/cookie.h 2023-10-13 11:47:39.693438491 -0000
@@ -36,11 +36,7 @@ struct Cookie {
char *domain; /* domain = <this> */
curl_off_t expires; /* expires = <this> */
@ -89,16 +87,11 @@ index b3c0063b2cfb2..41e9e7a6914e0 100644
bool tailmatch; /* whether we do tail-matching of the domain name */
bool secure; /* whether the 'secure' keyword was used */
bool livecookie; /* updated from a server, not a stored file */
@@ -56,17 +52,16 @@ struct Cookie {
#define COOKIE_PREFIX__SECURE (1<<0)
#define COOKIE_PREFIX__HOST (1<<1)
-#define COOKIE_HASH_SIZE 256
+#define COOKIE_HASH_SIZE 63
@@ -61,13 +57,11 @@ struct Cookie {
struct CookieInfo {
/* linked list of cookies we know of */
struct Cookie *cookies[COOKIE_HASH_SIZE];
-
- char *filename; /* file we read from/write to */
- long numcookies; /* number of cookies in the "jar" */
+ curl_off_t next_expiration; /* the next time at which expiration happens */
@ -110,12 +103,11 @@ index b3c0063b2cfb2..41e9e7a6914e0 100644
- curl_off_t next_expiration; /* the next time at which expiration happens */
};
/* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
diff --git a/lib/easy.c b/lib/easy.c
index 16bbd35251d40..03195481f9780 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -925,9 +925,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
/* This is the maximum line length we accept for a cookie line. RFC 2109
diff -r -u -p curl-8.0.1/lib/easy.c curl-8.0.1-patched/lib/easy.c
--- curl-8.0.1/lib/easy.c 2023-03-20 11:28:32.000000000 -0000
+++ curl-8.0.1-patched/lib/easy.c 2023-10-13 11:42:44.824188258 -0000
@@ -911,9 +911,7 @@ struct Curl_easy *curl_easy_duphandle(st
if(data->cookies) {
/* If cookies are enabled in the parent handle, we enable them
in the clone as well! */