curl: Fix CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. (From OE-Core rev: e0f503594e7bc0da9771b69ca7243a34dcadbdde) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2024-02-08 10:45:00 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-02-15 03:51:56 -1000
commit: 51e62bcbaf160a217e30f9221051144edce7e4c4 (patch)
tree: 312b03240b20378d2709e1542991e43b78c860cb
parent: 74f2c36c4df18e874422387f2e805a0c13e8448e (diff)
download: poky-51e62bcbaf160a217e30f9221051144edce7e4c4.tar.gz
4 files changed, 259 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch
new file mode 100644
index 0000000000..55e8f6fac9
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch
@@ -0,0 +1,42 @@
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+Closes #11419
+CVE: CVE-2023-46219
+Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/fopen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+diff --git a/lib/fopen.c b/lib/fopen.c
+index ad3691b..92f39cf 100644
+--- a/lib/fopen.c
+++ b/lib/fopen.c
+@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   int fd = -1;
+   *tempname = NULL;
+-  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
+-    /* a non-regular file, fallback to direct fopen() */
+-    *fh = fopen(filename, FOPEN_WRITETEXT);
+-    if(*fh)
+-      return CURLE_OK;
+  *fh = fopen(filename, FOPEN_WRITETEXT);
+  if(!*fh)
+     goto fail;
+-  }
+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
+    return CURLE_OK;
+  fclose(*fh);
+  *fh = NULL;
+   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+   if(result)
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch
new file mode 100644
index 0000000000..f432fabbb1
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch
@@ -0,0 +1,133 @@
+From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 23 Nov 2023 08:23:17 +0100
+Subject: [PATCH] fopen: create short(er) temporary file name
+Only using random letters in the name plus a ".tmp" extension. Not by
+appending characters to the final file name.
+Reported-by: Maksymilian Arciemowicz
+Closes #12388
+CVE: CVE-2023-46219
+Upstream-Status: Backport [https://github.com/curl/curl/commit/73b65e94f3531179]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/fopen.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 59 insertions(+), 4 deletions(-)
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 92f39cf..1670e32 100644
+--- a/lib/fopen.c
+++ b/lib/fopen.c
+@@ -39,6 +39,50 @@
+ #include "curl_memory.h"
+ #include "memdebug.h"
+
+/*
+  The dirslash() function breaks a null-terminated pathname string into
+  directory and filename components then returns the directory component up
+  to, *AND INCLUDING*, a final '/'.  If there is no directory in the path,
+  this instead returns a "" string.
+  This function returns a pointer to malloc'ed memory.
+  The input path to this function is expected to have a file name part.
+*/
+
+#ifdef _WIN32
+#define PATHSEP "\\"
+#define IS_SEP(x) (((x) == '/') || ((x) == '\\'))
+#elif defined(MSDOS) || defined(__EMX__) || defined(OS2)
+#define PATHSEP "\\"
+#define IS_SEP(x) ((x) == '\\')
+#else
+#define PATHSEP "/"
+#define IS_SEP(x) ((x) == '/')
+#endif
+
+static char *dirslash(const char *path)
+{
+  size_t n;
+  struct dynbuf out;
+  DEBUGASSERT(path);
+  Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH);
+  n = strlen(path);
+  if(n) {
+    /* find the rightmost path separator, if any */
+    while(n && !IS_SEP(path[n-1]))
+      --n;
+    /* skip over all the path separators, if any */
+    while(n && IS_SEP(path[n-1]))
+      --n;
+  }
+  if(Curl_dyn_addn(&out, path, n))
+    return NULL;
+  /* if there was a directory, append a single trailing slash */
+  if(n && Curl_dyn_addn(&out, PATHSEP, 1))
+    return NULL;
+  return Curl_dyn_ptr(&out);
+}
+
+ /*
+  * Curl_fopen() opens a file for writing with a temp name, to be renamed
+  * to the final name when completed. If there is an existing file using this
+@@ -50,25 +94,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+                     FILE **fh, char **tempname)
+ {
+   CURLcode result = CURLE_WRITE_ERROR;
+-  unsigned char randsuffix[9];
+  unsigned char randbuf[41];
+   char *tempstore = NULL;
+   struct_stat sb;
+   int fd = -1;
+  char *dir;
+   *tempname = NULL;
+  dir = dirslash(filename);
+  if(!dir)
+    goto fail;
+
+   *fh = fopen(filename, FOPEN_WRITETEXT);
+   if(!*fh)
+     goto fail;
+-  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)){
+    free(dir);
+     return CURLE_OK;
+  }
+   fclose(*fh);
+   *fh = NULL;
+-  result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+  result = Curl_rand_hex(data, randbuf, sizeof(randbuf));
+   if(result)
+     goto fail;
+-  tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
+  /* The temp file name should not end up too long for the target file
+     system */
+  tempstore = aprintf("%s%s.tmp", dir, randbuf);
+   if(!tempstore) {
+     result = CURLE_OUT_OF_MEMORY;
+     goto fail;
+@@ -95,6 +148,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(!*fh)
+     goto fail;
+  free(dir);
+   *tempname = tempstore;
+   return CURLE_OK;
+@@ -107,6 +161,7 @@ fail:
+   free(tempstore);
+   *tempname = NULL;
+  free(dir);
+   return result;
+ }
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch
new file mode 100644
index 0000000000..3b6f756549
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch
@@ -0,0 +1,81 @@
+From f27b8dba73295cb5296a50f2c19c0739b502eb94 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 24 Nov 2023 09:46:32 +0100
+Subject: [PATCH] fopen: allocate the dir after fopen
+Move the allocation of the directory name down to after the fopen() call
+to allow that shortcut code path to avoid a superfluous malloc+free
+cycle.
+Follow-up to 73b65e94f35311
+Closes #12398
+CVE: CVE-2023-46219
+Upstream-Status: Backport [https://github.com/curl/curl/commit/f27b8dba73295cb529]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/fopen.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 1670e32..b663f8b 100644
+--- a/lib/fopen.c
+++ b/lib/fopen.c
+@@ -98,18 +98,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   char *tempstore = NULL;
+   struct_stat sb;
+   int fd = -1;
+-  char *dir;
+  char *dir = NULL;
+   *tempname = NULL;
+-  dir = dirslash(filename);
+-  if(!dir)
+-    goto fail;
+-
+   *fh = fopen(filename, FOPEN_WRITETEXT);
+   if(!*fh)
+     goto fail;
+   if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)){
+-    free(dir);
+     return CURLE_OK;
+   }
+   fclose(*fh);
+@@ -119,9 +114,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(result)
+     goto fail;
+-  /* The temp file name should not end up too long for the target file
+-     system */
+-  tempstore = aprintf("%s%s.tmp", dir, randbuf);
+  dir = dirslash(filename);
+  if(dir) {
+    /* The temp file name should not end up too long for the target file
+       system */
+    tempstore = aprintf("%s%s.tmp", dir, randbuf);
+    free(dir);
+  }
+   if(!tempstore) {
+     result = CURLE_OUT_OF_MEMORY;
+     goto fail;
+@@ -148,7 +147,6 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(!*fh)
+     goto fail;
+-  free(dir);
+   *tempname = tempstore;
+   return CURLE_OK;
+@@ -161,7 +159,6 @@ fail:
+   free(tempstore);
+   *tempname = NULL;
+-  free(dir);
+   return result;
+ }
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 965f05bc98..de69d3d53b 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -54,6 +54,9 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
           file://CVE-2023-38545.patch \
           file://CVE-2023-38546.patch \
           file://CVE-2023-46218.patch \
+           file://CVE-2023-46219-0001.patch \
+           file://CVE-2023-46219-0002.patch \
+           file://CVE-2023-46219-0003.patch \
           "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
author	Archana Polampalli <archana.polampalli@windriver.com>	2024-02-08 10:45:00 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-02-15 03:51:56 -1000
commit	51e62bcbaf160a217e30f9221051144edce7e4c4 (patch)
tree	312b03240b20378d2709e1542991e43b78c860cb
parent	74f2c36c4df18e874422387f2e805a0c13e8448e (diff)
download	poky-51e62bcbaf160a217e30f9221051144edce7e4c4.tar.gz

diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch new file mode 100644 index 0000000000..55e8f6fac9 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch
@@ -0,0 +1,42 @@
		1	From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
		2	From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
		3	Date: Mon, 10 Jul 2023 21:43:28 +0200
		4	Subject: [PATCH] fopen: optimize
		5
		6	Closes #11419
		7
		8	CVE: CVE-2023-46219
		9
		10	Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6]
		11
		12	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		13	---
		14	lib/fopen.c \| 12 ++++++------
		15	1 file changed, 6 insertions(+), 6 deletions(-)
		16
		17	diff --git a/lib/fopen.c b/lib/fopen.c
		18	index ad3691b..92f39cf 100644
		19	--- a/lib/fopen.c
		20	+++ b/lib/fopen.c
		21	@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		22	int fd = -1;
		23	*tempname = NULL;
		24
		25	- if(stat(filename, &sb) == -1 \|\| !S_ISREG(sb.st_mode)) {
		26	- /* a non-regular file, fallback to direct fopen() */
		27	- *fh = fopen(filename, FOPEN_WRITETEXT);
		28	- if(*fh)
		29	- return CURLE_OK;
		30	+ *fh = fopen(filename, FOPEN_WRITETEXT);
		31	+ if(!*fh)
		32	goto fail;
		33	- }
		34	+ if(fstat(fileno(*fh), &sb) == -1 \|\| !S_ISREG(sb.st_mode))
		35	+ return CURLE_OK;
		36	+ fclose(*fh);
		37	+ *fh = NULL;
		38
		39	result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
		40	if(result)
		41	--
		42	2.40.0


diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch new file mode 100644 index 0000000000..f432fabbb1 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch
@@ -0,0 +1,133 @@
		1	From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Thu, 23 Nov 2023 08:23:17 +0100
		4	Subject: [PATCH] fopen: create short(er) temporary file name
		5
		6	Only using random letters in the name plus a ".tmp" extension. Not by
		7	appending characters to the final file name.
		8
		9	Reported-by: Maksymilian Arciemowicz
		10
		11	Closes #12388
		12
		13	CVE: CVE-2023-46219
		14
		15	Upstream-Status: Backport [https://github.com/curl/curl/commit/73b65e94f3531179]
		16
		17	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		18	---
		19	lib/fopen.c \| 63 +++++++++++++++++++++++++++++++++++++++++++++++++----
		20	1 file changed, 59 insertions(+), 4 deletions(-)
		21
		22	diff --git a/lib/fopen.c b/lib/fopen.c
		23	index 92f39cf..1670e32 100644
		24	--- a/lib/fopen.c
		25	+++ b/lib/fopen.c
		26	@@ -39,6 +39,50 @@
		27	#include "curl_memory.h"
		28	#include "memdebug.h"
		29
		30	+
		31	+/*
		32	+ The dirslash() function breaks a null-terminated pathname string into
		33	+ directory and filename components then returns the directory component up
		34	+ to, AND INCLUDING, a final '/'. If there is no directory in the path,
		35	+ this instead returns a "" string.
		36	+ This function returns a pointer to malloc'ed memory.
		37	+ The input path to this function is expected to have a file name part.
		38	+*/
		39	+
		40	+#ifdef _WIN32
		41	+#define PATHSEP "\\"
		42	+#define IS_SEP(x) (((x) == '/') \|\| ((x) == '\\'))
		43	+#elif defined(MSDOS) \|\| defined(__EMX__) \|\| defined(OS2)
		44	+#define PATHSEP "\\"
		45	+#define IS_SEP(x) ((x) == '\\')
		46	+#else
		47	+#define PATHSEP "/"
		48	+#define IS_SEP(x) ((x) == '/')
		49	+#endif
		50	+
		51	+static char dirslash(const char path)
		52	+{
		53	+ size_t n;
		54	+ struct dynbuf out;
		55	+ DEBUGASSERT(path);
		56	+ Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH);
		57	+ n = strlen(path);
		58	+ if(n) {
		59	+ /* find the rightmost path separator, if any */
		60	+ while(n && !IS_SEP(path[n-1]))
		61	+ --n;
		62	+ /* skip over all the path separators, if any */
		63	+ while(n && IS_SEP(path[n-1]))
		64	+ --n;
		65	+ }
		66	+ if(Curl_dyn_addn(&out, path, n))
		67	+ return NULL;
		68	+ /* if there was a directory, append a single trailing slash */
		69	+ if(n && Curl_dyn_addn(&out, PATHSEP, 1))
		70	+ return NULL;
		71	+ return Curl_dyn_ptr(&out);
		72	+}
		73	+
		74	/*
		75	* Curl_fopen() opens a file for writing with a temp name, to be renamed
		76	* to the final name when completed. If there is an existing file using this
		77	@@ -50,25 +94,34 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		78	FILE fh, char tempname)
		79	{
		80	CURLcode result = CURLE_WRITE_ERROR;
		81	- unsigned char randsuffix[9];
		82	+ unsigned char randbuf[41];
		83	char *tempstore = NULL;
		84	struct_stat sb;
		85	int fd = -1;
		86	+ char *dir;
		87	*tempname = NULL;
		88
		89	+ dir = dirslash(filename);
		90	+ if(!dir)
		91	+ goto fail;
		92	+
		93	*fh = fopen(filename, FOPEN_WRITETEXT);
		94	if(!*fh)
		95	goto fail;
		96	- if(fstat(fileno(*fh), &sb) == -1 \|\| !S_ISREG(sb.st_mode))
		97	+ if(fstat(fileno(*fh), &sb) == -1 \|\| !S_ISREG(sb.st_mode)){
		98	+ free(dir);
		99	return CURLE_OK;
		100	+ }
		101	fclose(*fh);
		102	*fh = NULL;
		103
		104	- result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
		105	+ result = Curl_rand_hex(data, randbuf, sizeof(randbuf));
		106	if(result)
		107	goto fail;
		108
		109	- tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
		110	+ /* The temp file name should not end up too long for the target file
		111	+ system */
		112	+ tempstore = aprintf("%s%s.tmp", dir, randbuf);
		113	if(!tempstore) {
		114	result = CURLE_OUT_OF_MEMORY;
		115	goto fail;
		116	@@ -95,6 +148,7 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		117	if(!*fh)
		118	goto fail;
		119
		120	+ free(dir);
		121	*tempname = tempstore;
		122	return CURLE_OK;
		123
		124	@@ -107,6 +161,7 @@ fail:
		125	free(tempstore);
		126
		127	*tempname = NULL;
		128	+ free(dir);
		129	return result;
		130	}
		131
		132	--
		133	2.40.0


diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch b/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch new file mode 100644 index 0000000000..3b6f756549 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch
@@ -0,0 +1,81 @@
		1	From f27b8dba73295cb5296a50f2c19c0739b502eb94 Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Fri, 24 Nov 2023 09:46:32 +0100
		4	Subject: [PATCH] fopen: allocate the dir after fopen
		5
		6	Move the allocation of the directory name down to after the fopen() call
		7	to allow that shortcut code path to avoid a superfluous malloc+free
		8	cycle.
		9
		10	Follow-up to 73b65e94f35311
		11
		12	Closes #12398
		13
		14	CVE: CVE-2023-46219
		15
		16	Upstream-Status: Backport [https://github.com/curl/curl/commit/f27b8dba73295cb529]
		17
		18	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		19	---
		20	lib/fopen.c \| 19 ++++++++-----------
		21	1 file changed, 8 insertions(+), 11 deletions(-)
		22
		23	diff --git a/lib/fopen.c b/lib/fopen.c
		24	index 1670e32..b663f8b 100644
		25	--- a/lib/fopen.c
		26	+++ b/lib/fopen.c
		27	@@ -98,18 +98,13 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		28	char *tempstore = NULL;
		29	struct_stat sb;
		30	int fd = -1;
		31	- char *dir;
		32	+ char *dir = NULL;
		33	*tempname = NULL;
		34
		35	- dir = dirslash(filename);
		36	- if(!dir)
		37	- goto fail;
		38	-
		39	*fh = fopen(filename, FOPEN_WRITETEXT);
		40	if(!*fh)
		41	goto fail;
		42	if(fstat(fileno(*fh), &sb) == -1 \|\| !S_ISREG(sb.st_mode)){
		43	- free(dir);
		44	return CURLE_OK;
		45	}
		46	fclose(*fh);
		47	@@ -119,9 +114,13 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		48	if(result)
		49	goto fail;
		50
		51	- /* The temp file name should not end up too long for the target file
		52	- system */
		53	- tempstore = aprintf("%s%s.tmp", dir, randbuf);
		54	+ dir = dirslash(filename);
		55	+ if(dir) {
		56	+ /* The temp file name should not end up too long for the target file
		57	+ system */
		58	+ tempstore = aprintf("%s%s.tmp", dir, randbuf);
		59	+ free(dir);
		60	+ }
		61	if(!tempstore) {
		62	result = CURLE_OUT_OF_MEMORY;
		63	goto fail;
		64	@@ -148,7 +147,6 @@ CURLcode Curl_fopen(struct Curl_easy data, const char filename,
		65	if(!*fh)
		66	goto fail;
		67
		68	- free(dir);
		69	*tempname = tempstore;
		70	return CURLE_OK;
		71
		72	@@ -161,7 +159,6 @@ fail:
		73	free(tempstore);
		74
		75	*tempname = NULL;
		76	- free(dir);
		77	return result;
		78	}
		79
		80	--
		81	2.40.0


diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 965f05bc98..de69d3d53b 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -54,6 +54,9 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
54	file://CVE-2023-38545.patch \	54	file://CVE-2023-38545.patch \
55	file://CVE-2023-38546.patch \	55	file://CVE-2023-38546.patch \
56	file://CVE-2023-46218.patch \	56	file://CVE-2023-46218.patch \
		57	file://CVE-2023-46219-0001.patch \
		58	file://CVE-2023-46219-0002.patch \
		59	file://CVE-2023-46219-0003.patch \
57	"	60	"
58	SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"	61	SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
59		62