From d1151168acca7beb0b4e9b9a0037c8177a0f8f93 Mon Sep 17 00:00:00 2001 From: shenzl Date: Mon, 10 Mar 2025 17:21:19 +0800 Subject: [PATCH] to #18865 fix CVE-2025-0665 Project: TC2024080204 Signed-off-by: shenzl --- ...c-thread-avoid-closing-eventfd-twice.patch | 36 +++++++++++++++++++ curl.spec | 7 +++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 0003-async-thread-avoid-closing-eventfd-twice.patch diff --git a/0003-async-thread-avoid-closing-eventfd-twice.patch b/0003-async-thread-avoid-closing-eventfd-twice.patch new file mode 100644 index 0000000..d18fee0 --- /dev/null +++ b/0003-async-thread-avoid-closing-eventfd-twice.patch @@ -0,0 +1,36 @@ +From 270e881d0902a1efa24ceb7736768ec38ffa12a9 Mon Sep 17 00:00:00 2001 +From: Andy Pan +Date: Thu, 12 Dec 2024 12:48:56 +0000 +Subject: [PATCH] async-thread: avoid closing eventfd twice + +When employing eventfd for socketpair, there is only one file +descriptor. Closing that fd twice might result in fd corruption. +Thus, we should avoid closing the eventfd twice, following the +pattern in lib/multi.c. + +Fixes #15725 +Closes #15727 +Reported-by: Christian Heusel +--- + lib/asyn-thread.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c +index a2e294f..518e81a 100644 +--- a/lib/asyn-thread.c ++++ b/lib/asyn-thread.c +@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) + * close one end of the socket pair (may be done in resolver thread); + * the other end (for reading) is always closed in the parent thread. + */ ++#ifndef USE_EVENTFD + if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { + sclose(tsd->sock_pair[1]); + } ++#endif + #endif + memset(tsd, 0, sizeof(*tsd)); + } +-- +2.39.3 + diff --git a/curl.spec b/curl.spec index 25abac5..3e372e5 100644 --- a/curl.spec +++ b/curl.spec @@ -1,4 +1,4 @@ -%define anolis_release 5 +%define anolis_release 6 Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Epoch: 1 @@ -78,6 +78,8 @@ BuildRequires: perl(vars) Patch: 0001-fix-cve-2024-2398.patch # https://github.com/curl/curl/commit/a94973805df96269bf Patch: 0002-fix-cve-2024-9681.patch +#https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf +Patch: 0003-async-thread-avoid-closing-eventfd-twice.patch # The test-suite runs automatically through valgrind if valgrind is available # on the system. By not installing valgrind into mock's chroot, we disable @@ -369,6 +371,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish %doc docs/TheArtOfHttpScripting.md %changelog +* Mon Mar 10 2025 shenzl - 8.4.0-6 +- fix CVE-2025-0665 + * Wed Jan 15 2025 Kaiqiang Wang - 8.4.0-5 - fix CVE-2024-9681 -- Gitee