1 files changed, 132 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-38546.patch b/meta/recipes-support/curl/curl/CVE-2023-38546.patch
new file mode 100644
index 0000000000..30ef2fd038
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-38546.patch
@@ -0,0 +1,132 @@
+From 7b67721f12cbe6ed1a41e7332f3b5a7186a5e23f Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 14 Sep 2023 23:28:32 +0200
+Subject: [PATCH] cookie: remove unnecessary struct fields
+To: libcurl development <curl-library@cool.haxx.se>
+Plus: reduce the hash table size from 256 to 63. It seems unlikely to
+make much of a speed difference for most use cases but saves 1.5KB of
+data per instance.
+Closes #11862
+This patch taken from Debian's 7.64.0-4+deb10u7 package which applied with
+only a little fuzz.
+CVE: CVE-2023-38546
+Upstream-Status: Backport [61275672b46d9abb32857404]
+Signed-off-by: Mike Crowe <mac@mcrowe.com>
+---
+ lib/cookie.c | 13 +------------
+ lib/cookie.h |  7 ++-----
+ lib/easy.c   |  4 +---
+ 3 files changed, 4 insertions(+), 20 deletions(-)
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 68054e1c4..a378f28e1 100644
+--- a/lib/cookie.c
+++ b/lib/cookie.c
+@@ -114,7 +114,6 @@ static void freecookie(struct Cookie *co)
+   free(co->name);
+   free(co->value);
+   free(co->maxage);
+-  free(co->version);
+   free(co);
+ }
+ 
+@@ -641,11 +640,7 @@ Curl_cookie_add(struct Curl_easy *data,
+           }
+         }
+         else if(strcasecompare("version", name)) {
+-          strstore(&co->version, whatptr);
+-          if(!co->version) {
+-            badcookie = TRUE;
+-            break;
+-          }
+          /* just ignore */
+         }
+         else if(strcasecompare("max-age", name)) {
+           /* Defined in RFC2109:
+@@ -1042,7 +1037,6 @@ Curl_cookie_add(struct Curl_easy *data,
+         free(clist->path);
+         free(clist->spath);
+         free(clist->expirestr);
+-        free(clist->version);
+         free(clist->maxage);
+ 
+         *clist = *co;  /* then store all the new data */
+@@ -1111,9 +1105,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+     c = calloc(1, sizeof(struct CookieInfo));
+     if(!c)
+       return NULL; /* failed to get memory */
+-    c->filename = strdup(file?file:"none"); /* copy the name just in case */
+-    if(!c->filename)
+-      goto fail; /* failed to get memory */
+   }
+   else {
+     /* we got an already existing one, use that */
+@@ -1241,7 +1232,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
+     CLONE(name);
+     CLONE(value);
+     CLONE(maxage);
+-    CLONE(version);
+     d->expires = src->expires;
+     d->tailmatch = src->tailmatch;
+     d->secure = src->secure;
+@@ -1457,7 +1447,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
+ {
+   if(c) {
+     unsigned int i;
+-    free(c->filename);
+     for(i = 0; i < COOKIE_HASH_SIZE; i++)
+       Curl_cookie_freelist(c->cookies[i]);
+     free(c); /* free the base struct as well */
+diff --git a/lib/cookie.h b/lib/cookie.h
+index b3865e601..2e667cda0 100644
+--- a/lib/cookie.h
+++ b/lib/cookie.h
+@@ -36,8 +36,6 @@ struct Cookie {
+   char *expirestr;   /* the plain text version */
+   bool tailmatch;    /* whether we do tail-matching of the domain name */
+ 
+-  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
+-  char *version;     /* Version = <value> */
+   char *maxage;      /* Max-Age = <value> */
+ 
+   bool secure;       /* whether the 'secure' keyword was used */
+@@ -54,15 +52,14 @@ struct Cookie {
+ #define COOKIE_PREFIX__SECURE (1<<0)
+ #define COOKIE_PREFIX__HOST (1<<1)
+ 
+-#define COOKIE_HASH_SIZE 256
+#define COOKIE_HASH_SIZE 63
+ 
+ struct CookieInfo {
+   /* linked list of cookies we know of */
+   struct Cookie *cookies[COOKIE_HASH_SIZE];
+ 
+-  char *filename;  /* file we read from/write to */
+   bool running;    /* state info, for cookie adding information */
+-  long numcookies; /* number of cookies in the "jar" */
+  int numcookies;  /* number of cookies in the "jar" */
+   bool newsession; /* new session, discard session cookies on load */
+   int lastct;      /* last creation-time used in the jar */
+ };
+diff --git a/lib/easy.c b/lib/easy.c
+index b648e80c1..cdca0fb03 100644
+--- a/lib/easy.c
+++ b/lib/easy.c
+@@ -840,9 +840,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+   if(data->cookies) {
+     /* If cookies are enabled in the parent handle, we enable them
+        in the clone as well! */
+-    outcurl->cookies = Curl_cookie_init(data,
+-                                        data->cookies->filename,
+-                                        outcurl->cookies,
+    outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
+                                         data->set.cookiesession);
+     if(!outcurl->cookies)
+       goto fail;
+-- 
+2.39.2

diff --git a/meta/recipes-support/curl/curl/CVE-2023-38546.patch b/meta/recipes-support/curl/curl/CVE-2023-38546.patch new file mode 100644 index 0000000000..30ef2fd038 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-38546.patch
@@ -0,0 +1,132 @@
	1	From 7b67721f12cbe6ed1a41e7332f3b5a7186a5e23f Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Thu, 14 Sep 2023 23:28:32 +0200
	4	Subject: [PATCH] cookie: remove unnecessary struct fields
	5	To: libcurl development <curl-library@cool.haxx.se>
	6
	7	Plus: reduce the hash table size from 256 to 63. It seems unlikely to
	8	make much of a speed difference for most use cases but saves 1.5KB of
	9	data per instance.
	10
	11	Closes #11862
	12
	13	This patch taken from Debian's 7.64.0-4+deb10u7 package which applied with
	14	only a little fuzz.
	15
	16	CVE: CVE-2023-38546
	17	Upstream-Status: Backport [61275672b46d9abb32857404]
	18	Signed-off-by: Mike Crowe <mac@mcrowe.com>
	19	---
	20	lib/cookie.c \| 13 +------------
	21	lib/cookie.h \| 7 ++-----
	22	lib/easy.c \| 4 +---
	23	3 files changed, 4 insertions(+), 20 deletions(-)
	24
	25	diff --git a/lib/cookie.c b/lib/cookie.c
	26	index 68054e1c4..a378f28e1 100644
	27	--- a/lib/cookie.c
	28	+++ b/lib/cookie.c
	29	@@ -114,7 +114,6 @@ static void freecookie(struct Cookie *co)
	30	free(co->name);
	31	free(co->value);
	32	free(co->maxage);
	33	- free(co->version);
	34	free(co);
	35	}
	36
	37	@@ -641,11 +640,7 @@ Curl_cookie_add(struct Curl_easy *data,
	38	}
	39	}
	40	else if(strcasecompare("version", name)) {
	41	- strstore(&co->version, whatptr);
	42	- if(!co->version) {
	43	- badcookie = TRUE;
	44	- break;
	45	- }
	46	+ /* just ignore */
	47	}
	48	else if(strcasecompare("max-age", name)) {
	49	/* Defined in RFC2109:
	50	@@ -1042,7 +1037,6 @@ Curl_cookie_add(struct Curl_easy *data,
	51	free(clist->path);
	52	free(clist->spath);
	53	free(clist->expirestr);
	54	- free(clist->version);
	55	free(clist->maxage);
	56
	57	clist = co; /* then store all the new data */
	58	@@ -1111,9 +1105,6 @@ struct CookieInfo Curl_cookie_init(struct Curl_easy data,
	59	c = calloc(1, sizeof(struct CookieInfo));
	60	if(!c)
	61	return NULL; /* failed to get memory */
	62	- c->filename = strdup(file?file:"none"); /* copy the name just in case */
	63	- if(!c->filename)
	64	- goto fail; /* failed to get memory */
	65	}
	66	else {
	67	/* we got an already existing one, use that */
	68	@@ -1241,7 +1232,6 @@ static struct Cookie dup_cookie(struct Cookie src)
	69	CLONE(name);
	70	CLONE(value);
	71	CLONE(maxage);
	72	- CLONE(version);
	73	d->expires = src->expires;
	74	d->tailmatch = src->tailmatch;
	75	d->secure = src->secure;
	76	@@ -1457,7 +1447,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
	77	{
	78	if(c) {
	79	unsigned int i;
	80	- free(c->filename);
	81	for(i = 0; i < COOKIE_HASH_SIZE; i++)
	82	Curl_cookie_freelist(c->cookies[i]);
	83	free(c); /* free the base struct as well */
	84	diff --git a/lib/cookie.h b/lib/cookie.h
	85	index b3865e601..2e667cda0 100644
	86	--- a/lib/cookie.h
	87	+++ b/lib/cookie.h
	88	@@ -36,8 +36,6 @@ struct Cookie {
	89	char expirestr; / the plain text version */
	90	bool tailmatch; /* whether we do tail-matching of the domain name */
	91
	92	- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
	93	- char version; / Version = <value> */
	94	char maxage; / Max-Age = <value> */
	95
	96	bool secure; /* whether the 'secure' keyword was used */
	97	@@ -54,15 +52,14 @@ struct Cookie {
	98	#define COOKIE_PREFIX__SECURE (1<<0)
	99	#define COOKIE_PREFIX__HOST (1<<1)
	100
	101	-#define COOKIE_HASH_SIZE 256
	102	+#define COOKIE_HASH_SIZE 63
	103
	104	struct CookieInfo {
	105	/* linked list of cookies we know of */
	106	struct Cookie *cookies[COOKIE_HASH_SIZE];
	107
	108	- char filename; / file we read from/write to */
	109	bool running; /* state info, for cookie adding information */
	110	- long numcookies; /* number of cookies in the "jar" */
	111	+ int numcookies; /* number of cookies in the "jar" */
	112	bool newsession; /* new session, discard session cookies on load */
	113	int lastct; /* last creation-time used in the jar */
	114	};
	115	diff --git a/lib/easy.c b/lib/easy.c
	116	index b648e80c1..cdca0fb03 100644
	117	--- a/lib/easy.c
	118	+++ b/lib/easy.c
	119	@@ -840,9 +840,7 @@ struct Curl_easy curl_easy_duphandle(struct Curl_easy data)
	120	if(data->cookies) {
	121	/* If cookies are enabled in the parent handle, we enable them
	122	in the clone as well! */
	123	- outcurl->cookies = Curl_cookie_init(data,
	124	- data->cookies->filename,
	125	- outcurl->cookies,
	126	+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
	127	data->set.cookiesession);
	128	if(!outcurl->cookies)
	129	goto fail;
	130	--
	131	2.39.2
	132