From 9555c9e2a72df319b437cfcf64619a2621a8932e Mon Sep 17 00:00:00 2001 From: shenzl Date: Wed, 12 Mar 2025 10:07:28 +0800 Subject: [PATCH] to #18865 fix CVE-2025-0665 Project: TC2024080204 Signed-off-by: shenzl --- 0003-fix-cve-2025-0665.patch | 36 ++++++++++++++++++++++++++++++++++++ curl.spec | 6 +++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 0003-fix-cve-2025-0665.patch diff --git a/0003-fix-cve-2025-0665.patch b/0003-fix-cve-2025-0665.patch new file mode 100644 index 0000000..d18fee0 --- /dev/null +++ b/0003-fix-cve-2025-0665.patch @@ -0,0 +1,36 @@ +From 270e881d0902a1efa24ceb7736768ec38ffa12a9 Mon Sep 17 00:00:00 2001 +From: Andy Pan +Date: Thu, 12 Dec 2024 12:48:56 +0000 +Subject: [PATCH] async-thread: avoid closing eventfd twice + +When employing eventfd for socketpair, there is only one file +descriptor. Closing that fd twice might result in fd corruption. +Thus, we should avoid closing the eventfd twice, following the +pattern in lib/multi.c. + +Fixes #15725 +Closes #15727 +Reported-by: Christian Heusel +--- + lib/asyn-thread.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c +index a2e294f..518e81a 100644 +--- a/lib/asyn-thread.c ++++ b/lib/asyn-thread.c +@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) + * close one end of the socket pair (may be done in resolver thread); + * the other end (for reading) is always closed in the parent thread. + */ ++#ifndef USE_EVENTFD + if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { + sclose(tsd->sock_pair[1]); + } ++#endif + #endif + memset(tsd, 0, sizeof(*tsd)); + } +-- +2.39.3 + diff --git a/curl.spec b/curl.spec index 0d5f2d6..9ff57e9 100644 --- a/curl.spec +++ b/curl.spec @@ -1,4 +1,4 @@ -%define anolis_release 6 +%define anolis_release 7 Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Epoch: 1 @@ -78,6 +78,7 @@ BuildRequires: perl(vars) Patch: 0001-fix-cve-2024-2398.patch # https://github.com/curl/curl/commit/a94973805df96269bf Patch: 0002-fix-cve-2024-9681.patch +Patch: 0003-fix-cve-2025-0665.patch # https://github.com/curl/curl/commit/17d302e56221f5040092db77d4f85086e8a20e0e Patch: 1000-fix-CVE-2024-2004.patch # https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb @@ -375,6 +376,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish %doc docs/TheArtOfHttpScripting.md %changelog +* Wed Mar 12 2025 shenzl - 8.4.0-7 +- fix CVE-2025-0665 + * Tue Aug 13 2024 mgb01105731 - 8.4.0-6 - cherry-pick fix CVE-2024-2004 and add Epoch for requires and provides - Fix CVE-2023-46218 and CVE-2023-46219 -- Gitee