3 files changed, 379 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch
new file mode 100644
index 0000000000..7101fcfe35
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch
@@ -0,0 +1,61 @@
+From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 30 Jul 2024 10:05:17 +0200
+Subject: [PATCH] x509asn1: clean up GTime2str
+Co-authored-by: Stefan Eissing
+Reported-by: Dov Murik
+Closes #14307
+CVE: CVE-2024-7264
+Upstream-Status: Backport [https://github.com/curl/curl/commit/3c914bc680155b32178f1f15ca8d47c7f4640afe.patch]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vtls/x509asn1.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
+index 1bc4243ddae343..e3a9fe4232a4ea 100644
+--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
+@@ -488,7 +488,7 @@ static CURLcode GTime2str(struct dynbuf *store,
+   /* Convert an ASN.1 Generalized time to a printable string.
+      Return the dynamically allocated string, or NULL if an error occurs. */
+ 
+-  for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++)
+  for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++)
+     ;
+ 
+   /* Get seconds digits. */
+@@ -507,17 +507,22 @@ static CURLcode GTime2str(struct dynbuf *store,
+     return CURLE_BAD_FUNCTION_ARGUMENT;
+   }
+ 
+-  /* Scan for timezone, measure fractional seconds. */
+  /* timezone follows optional fractional seconds. */
+   tzp = fracp;
+-  fracl = 0;
+  fracl = 0; /* no fractional seconds detected so far */
+   if(fracp < end && (*fracp == '.' || *fracp == ',')) {
+-    fracp++;
+-    do
+    /* Have fractional seconds, e.g. "[.,]\d+". How many? */
+    tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
+    while(tzp < end && ISDIGIT(*tzp))
+       tzp++;
+-    while(tzp < end && *tzp >= '0' && *tzp <= '9');
+-    /* Strip leading zeroes in fractional seconds. */
+-    for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--)
+-      ;
+    if(tzp == fracp) /* never looped, no digit after [.,] */
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    fracl = tzp - fracp - 1; /* number of fractional sec digits */
+    DEBUGASSERT(fracl > 0);
+    /* Strip trailing zeroes in fractional seconds.
+     * May reduce fracl to 0 if only '0's are present. */
+    while(fracl && fracp[fracl - 1] == '0')
+      fracl--;
+   }
+ 
+   /* Process timezone. */
diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch
new file mode 100644
index 0000000000..ab24911712
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch
@@ -0,0 +1,316 @@
+From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Tue, 30 Jul 2024 16:40:48 +0200
+Subject: [PATCH] x509asn1: unittests and fixes for gtime2str
+Fix issues in GTime2str() and add unit test cases to verify correct
+behaviour.
+Follow-up to 3c914bc6801
+Closes #14316
+CVE: CVE-2024-7264
+Upstream-Status: Backport [https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519.patch]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vtls/x509asn1.c     |  32 +++++++---
+ lib/vtls/x509asn1.h     |  11 ++++
+ tests/data/Makefile.inc |   2 +-
+ tests/data/test1656     |  22 +++++++
+ tests/unit/Makefile.inc |   4 +-
+ tests/unit/unit1656.c   | 133 ++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 194 insertions(+), 10 deletions(-)
+ create mode 100644 tests/data/test1656
+ create mode 100644 tests/unit/unit1656.c
+diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
+index e3a9fe4232a4ea..7f04af3b9778c5 100644
+--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
+@@ -512,12 +512,13 @@ static CURLcode GTime2str(struct dynbuf *store,
+   fracl = 0; /* no fractional seconds detected so far */
+   if(fracp < end && (*fracp == '.' || *fracp == ',')) {
+     /* Have fractional seconds, e.g. "[.,]\d+". How many? */
+-    tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
+    fracp++; /* should be a digit char or BAD ARGUMENT */
+    tzp = fracp;
+     while(tzp < end && ISDIGIT(*tzp))
+       tzp++;
+     if(tzp == fracp) /* never looped, no digit after [.,] */
+       return CURLE_BAD_FUNCTION_ARGUMENT;
+-    fracl = tzp - fracp - 1; /* number of fractional sec digits */
+    fracl = tzp - fracp; /* number of fractional sec digits */
+     DEBUGASSERT(fracl > 0);
+     /* Strip trailing zeroes in fractional seconds.
+      * May reduce fracl to 0 if only '0's are present. */
+@@ -526,18 +527,24 @@ static CURLcode GTime2str(struct dynbuf *store,
+   }
+ 
+   /* Process timezone. */
+-  if(tzp >= end)
+-    ;           /* Nothing to do. */
+  if(tzp >= end) {
+    tzp = "";
+    tzl = 0;
+  }
+   else if(*tzp == 'Z') {
+-    tzp = " GMT";
+-    end = tzp + 4;
+    sep = " ";
+    tzp = "GMT";
+    tzl = 3;
+  }
+  else if((*tzp == '+') || (*tzp == '-')) {
+    sep = " UTC";
+    tzl = end - tzp;
+   }
+   else {
+     sep = " ";
+-    tzp++;
+    tzl = end - tzp;
+   }
+ 
+-  tzl = end - tzp;
+   return Curl_dyn_addf(store,
+                        "%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
+                        beg, beg + 4, beg + 6,
+@@ -546,6 +553,15 @@ static CURLcode GTime2str(struct dynbuf *store,
+                        sep, (int)tzl, tzp);
+ }
+ 
+#ifdef UNITTESTS
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+                             const char *beg, const char *end)
+{
+  return GTime2str(store, beg, end);
+}
+#endif
+
+ /*
+  * Convert an ASN.1 UTC time to a printable string.
+  *
+diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h
+index 5844460467ccef..5b48596c75910a 100644
+--- a/lib/vtls/x509asn1.h
+++ b/lib/vtls/x509asn1.h
+@@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum,
+                                const char *beg, const char *end);
+ CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data,
+                          const char *beg, const char *end);
+
+#ifdef UNITTESTS
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+  defined(USE_MBEDTLS)
+
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+                             const char *beg, const char *end);
+#endif
+#endif
+
+ #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
+ #endif /* HEADER_CURL_X509ASN1_H */
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index d0e20df4b900c8..792cb16eef20ad 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -210,7 +210,7 @@ test1620 test1621 \
+ \
+ test1630 test1631 test1632 test1633 test1634 test1635 \
+ \
+-test1650 test1651 test1652 test1653 test1654 test1655 \
+test1650 test1651 test1652 test1653 test1654 test1655 test1656 \
+ test1660 test1661 test1662 \
+ \
+ test1670 test1671 \
+diff --git a/tests/data/test1656 b/tests/data/test1656
+new file mode 100644
+index 00000000000000..2fab21be63d7e3
+--- /dev/null
+++ b/tests/data/test1656
+@@ -0,0 +1,22 @@
+<testcase>
+<info>
+<keywords>
+unittest
+Curl_x509_GTime2str
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+<name>
+Curl_x509_GTime2str unit tests
+</name>
+</client>
+</testcase>
+diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
+index c402f803509c8a..5b23c2559280f0 100644
+--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
+@@ -36,7 +36,7 @@ UNITPROGS = unit1300          unit1302 unit1303 unit1304 unit1305 unit1307 \
+  unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \
+  unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 unit1615 \
+  unit1620 unit1621 \
+- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \
+ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \
+  unit1660 unit1661 \
+  unit2600 unit2601 unit2602 unit2603 \
+  unit3200
+@@ -119,6 +119,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES)
+ 
+ unit1655_SOURCES = unit1655.c $(UNITFILES)
+ 
+unit1656_SOURCES = unit1656.c $(UNITFILES)
+
+ unit1660_SOURCES = unit1660.c $(UNITFILES)
+ 
+ unit1661_SOURCES = unit1661.c $(UNITFILES)
+diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c
+new file mode 100644
+index 00000000000000..644e72fc7d6577
+--- /dev/null
+++ b/tests/unit/unit1656.c
+@@ -0,0 +1,133 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "vtls/x509asn1.h"
+
+static CURLcode unit_setup(void)
+{
+  return CURLE_OK;
+}
+
+static void unit_stop(void)
+{
+
+}
+
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+  defined(USE_MBEDTLS)
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+struct test_spec {
+  const char *input;
+  const char *exp_output;
+  CURLcode exp_result;
+};
+
+static struct test_spec test_specs[] = {
+  { "190321134340", "1903-21-13 43:40:00", CURLE_OK },
+  { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK },
+  { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK },
+  { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK },
+  { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK },
+  { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK },
+  { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK },
+  { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK },
+  { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK },
+  { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK },
+  { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK },
+  { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK },
+  { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK },
+  { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK },
+  { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK },
+  { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK },
+  { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK },
+  { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK },
+  { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK },
+  { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK },
+};
+
+static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf)
+{
+  CURLcode result;
+  const char *in = spec->input;
+
+  Curl_dyn_reset(dbuf);
+  result = Curl_x509_GTime2str(dbuf, in, in + strlen(in));
+  if(result != spec->exp_result) {
+    fprintf(stderr, "test %zu: expect result %d, got %d\n",
+            i, spec->exp_result, result);
+    return FALSE;
+  }
+  else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) {
+    fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n",
+            i, in, spec->exp_output, Curl_dyn_ptr(dbuf));
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+UNITTEST_START
+{
+  size_t i;
+  struct dynbuf dbuf;
+  bool all_ok = TRUE;
+
+  Curl_dyn_init(&dbuf, 32*1024);
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  for(i = 0; i < ARRAYSIZE(test_specs); ++i) {
+    if(!do_test(&test_specs[i], i, &dbuf))
+      all_ok = FALSE;
+  }
+  fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails");
+
+  Curl_dyn_free(&dbuf);
+  curl_global_cleanup();
+}
+UNITTEST_STOP
+
+#else
+
+UNITTEST_START
+{
+  puts("not tested since Curl_x509_GTime2str() is not built-in");
+}
+UNITTEST_STOP
+
+#endif
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 6d2886f70c..a2cee8ba23 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -16,6 +16,8 @@ SRC_URI = " \
    file://disable-tests \
    file://no-test-timeout.patch \
    file://CVE-2024-6197.patch \
+    file://CVE-2024-7264-1.patch \
+    file://CVE-2024-7264-2.patch \
 "
 SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"

diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch new file mode 100644 index 0000000000..7101fcfe35 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch
@@ -0,0 +1,61 @@
		1	From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Tue, 30 Jul 2024 10:05:17 +0200
		4	Subject: [PATCH] x509asn1: clean up GTime2str
		5
		6	Co-authored-by: Stefan Eissing
		7	Reported-by: Dov Murik
		8
		9	Closes #14307
		10
		11	CVE: CVE-2024-7264
		12	Upstream-Status: Backport [https://github.com/curl/curl/commit/3c914bc680155b32178f1f15ca8d47c7f4640afe.patch]
		13	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		14	---
		15	lib/vtls/x509asn1.c \| 23 ++++++++++++++---------
		16	1 file changed, 14 insertions(+), 9 deletions(-)
		17
		18	diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
		19	index 1bc4243ddae343..e3a9fe4232a4ea 100644
		20	--- a/lib/vtls/x509asn1.c
		21	+++ b/lib/vtls/x509asn1.c
		22	@@ -488,7 +488,7 @@ static CURLcode GTime2str(struct dynbuf *store,
		23	/* Convert an ASN.1 Generalized time to a printable string.
		24	Return the dynamically allocated string, or NULL if an error occurs. */
		25
		26	- for(fracp = beg; fracp < end && fracp >= '0' && fracp <= '9'; fracp++)
		27	+ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++)
		28	;
		29
		30	/* Get seconds digits. */
		31	@@ -507,17 +507,22 @@ static CURLcode GTime2str(struct dynbuf *store,
		32	return CURLE_BAD_FUNCTION_ARGUMENT;
		33	}
		34
		35	- /* Scan for timezone, measure fractional seconds. */
		36	+ /* timezone follows optional fractional seconds. */
		37	tzp = fracp;
		38	- fracl = 0;
		39	+ fracl = 0; /* no fractional seconds detected so far */
		40	if(fracp < end && (fracp == '.' \|\| fracp == ',')) {
		41	- fracp++;
		42	- do
		43	+ /* Have fractional seconds, e.g. "[.,]\d+". How many? */
		44	+ tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
		45	+ while(tzp < end && ISDIGIT(*tzp))
		46	tzp++;
		47	- while(tzp < end && tzp >= '0' && tzp <= '9');
		48	- /* Strip leading zeroes in fractional seconds. */
		49	- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--)
		50	- ;
		51	+ if(tzp == fracp) /* never looped, no digit after [.,] */
		52	+ return CURLE_BAD_FUNCTION_ARGUMENT;
		53	+ fracl = tzp - fracp - 1; /* number of fractional sec digits */
		54	+ DEBUGASSERT(fracl > 0);
		55	+ /* Strip trailing zeroes in fractional seconds.
		56	+ * May reduce fracl to 0 if only '0's are present. */
		57	+ while(fracl && fracp[fracl - 1] == '0')
		58	+ fracl--;
		59	}
		60
		61	/* Process timezone. */


diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch new file mode 100644 index 0000000000..ab24911712 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch
@@ -0,0 +1,316 @@
		1	From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001
		2	From: Stefan Eissing <stefan@eissing.org>
		3	Date: Tue, 30 Jul 2024 16:40:48 +0200
		4	Subject: [PATCH] x509asn1: unittests and fixes for gtime2str
		5
		6	Fix issues in GTime2str() and add unit test cases to verify correct
		7	behaviour.
		8
		9	Follow-up to 3c914bc6801
		10
		11	Closes #14316
		12
		13	CVE: CVE-2024-7264
		14	Upstream-Status: Backport [https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519.patch]
		15	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		16	---
		17	lib/vtls/x509asn1.c \| 32 +++++++---
		18	lib/vtls/x509asn1.h \| 11 ++++
		19	tests/data/Makefile.inc \| 2 +-
		20	tests/data/test1656 \| 22 +++++++
		21	tests/unit/Makefile.inc \| 4 +-
		22	tests/unit/unit1656.c \| 133 ++++++++++++++++++++++++++++++++++++++++
		23	6 files changed, 194 insertions(+), 10 deletions(-)
		24	create mode 100644 tests/data/test1656
		25	create mode 100644 tests/unit/unit1656.c
		26
		27	diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
		28	index e3a9fe4232a4ea..7f04af3b9778c5 100644
		29	--- a/lib/vtls/x509asn1.c
		30	+++ b/lib/vtls/x509asn1.c
		31	@@ -512,12 +512,13 @@ static CURLcode GTime2str(struct dynbuf *store,
		32	fracl = 0; /* no fractional seconds detected so far */
		33	if(fracp < end && (fracp == '.' \|\| fracp == ',')) {
		34	/* Have fractional seconds, e.g. "[.,]\d+". How many? */
		35	- tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
		36	+ fracp++; /* should be a digit char or BAD ARGUMENT */
		37	+ tzp = fracp;
		38	while(tzp < end && ISDIGIT(*tzp))
		39	tzp++;
		40	if(tzp == fracp) /* never looped, no digit after [.,] */
		41	return CURLE_BAD_FUNCTION_ARGUMENT;
		42	- fracl = tzp - fracp - 1; /* number of fractional sec digits */
		43	+ fracl = tzp - fracp; /* number of fractional sec digits */
		44	DEBUGASSERT(fracl > 0);
		45	/* Strip trailing zeroes in fractional seconds.
		46	* May reduce fracl to 0 if only '0's are present. */
		47	@@ -526,18 +527,24 @@ static CURLcode GTime2str(struct dynbuf *store,
		48	}
		49
		50	/* Process timezone. */
		51	- if(tzp >= end)
		52	- ; /* Nothing to do. */
		53	+ if(tzp >= end) {
		54	+ tzp = "";
		55	+ tzl = 0;
		56	+ }
		57	else if(*tzp == 'Z') {
		58	- tzp = " GMT";
		59	- end = tzp + 4;
		60	+ sep = " ";
		61	+ tzp = "GMT";
		62	+ tzl = 3;
		63	+ }
		64	+ else if((tzp == '+') \|\| (tzp == '-')) {
		65	+ sep = " UTC";
		66	+ tzl = end - tzp;
		67	}
		68	else {
		69	sep = " ";
		70	- tzp++;
		71	+ tzl = end - tzp;
		72	}
		73
		74	- tzl = end - tzp;
		75	return Curl_dyn_addf(store,
		76	"%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.s%s%.s",
		77	beg, beg + 4, beg + 6,
		78	@@ -546,6 +553,15 @@ static CURLcode GTime2str(struct dynbuf *store,
		79	sep, (int)tzl, tzp);
		80	}
		81
		82	+#ifdef UNITTESTS
		83	+/* used by unit1656.c */
		84	+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
		85	+ const char beg, const char end)
		86	+{
		87	+ return GTime2str(store, beg, end);
		88	+}
		89	+#endif
		90	+
		91	/*
		92	* Convert an ASN.1 UTC time to a printable string.
		93	*
		94	diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h
		95	index 5844460467ccef..5b48596c75910a 100644
		96	--- a/lib/vtls/x509asn1.h
		97	+++ b/lib/vtls/x509asn1.h
		98	@@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum,
		99	const char beg, const char end);
		100	CURLcode Curl_verifyhost(struct Curl_cfilter cf, struct Curl_easy data,
		101	const char beg, const char end);
		102	+
		103	+#ifdef UNITTESTS
		104	+#if defined(USE_GNUTLS) \|\| defined(USE_SCHANNEL) \|\| defined(USE_SECTRANSP) \|\| \
		105	+ defined(USE_MBEDTLS)
		106	+
		107	+/* used by unit1656.c */
		108	+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
		109	+ const char beg, const char end);
		110	+#endif
		111	+#endif
		112	+
		113	#endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
		114	#endif /* HEADER_CURL_X509ASN1_H */
		115	diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
		116	index d0e20df4b900c8..792cb16eef20ad 100644
		117	--- a/tests/data/Makefile.inc
		118	+++ b/tests/data/Makefile.inc
		119	@@ -210,7 +210,7 @@ test1620 test1621 \
		120	\
		121	test1630 test1631 test1632 test1633 test1634 test1635 \
		122	\
		123	-test1650 test1651 test1652 test1653 test1654 test1655 \
		124	+test1650 test1651 test1652 test1653 test1654 test1655 test1656 \
		125	test1660 test1661 test1662 \
		126	\
		127	test1670 test1671 \
		128	diff --git a/tests/data/test1656 b/tests/data/test1656
		129	new file mode 100644
		130	index 00000000000000..2fab21be63d7e3
		131	--- /dev/null
		132	+++ b/tests/data/test1656
		133	@@ -0,0 +1,22 @@
		134	+<testcase>
		135	+<info>
		136	+<keywords>
		137	+unittest
		138	+Curl_x509_GTime2str
		139	+</keywords>
		140	+</info>
		141	+
		142	+#
		143	+# Client-side
		144	+<client>
		145	+<server>
		146	+none
		147	+</server>
		148	+<features>
		149	+unittest
		150	+</features>
		151	+<name>
		152	+Curl_x509_GTime2str unit tests
		153	+</name>
		154	+</client>
		155	+</testcase>
		156	diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
		157	index c402f803509c8a..5b23c2559280f0 100644
		158	--- a/tests/unit/Makefile.inc
		159	+++ b/tests/unit/Makefile.inc
		160	@@ -36,7 +36,7 @@ UNITPROGS = unit1300 unit1302 unit1303 unit1304 unit1305 unit1307 \
		161	unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \
		162	unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 unit1615 \
		163	unit1620 unit1621 \
		164	- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \
		165	+ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \
		166	unit1660 unit1661 \
		167	unit2600 unit2601 unit2602 unit2603 \
		168	unit3200
		169	@@ -119,6 +119,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES)
		170
		171	unit1655_SOURCES = unit1655.c $(UNITFILES)
		172
		173	+unit1656_SOURCES = unit1656.c $(UNITFILES)
		174	+
		175	unit1660_SOURCES = unit1660.c $(UNITFILES)
		176
		177	unit1661_SOURCES = unit1661.c $(UNITFILES)
		178	diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c
		179	new file mode 100644
		180	index 00000000000000..644e72fc7d6577
		181	--- /dev/null
		182	+++ b/tests/unit/unit1656.c
		183	@@ -0,0 +1,133 @@
		184	+/***************************************************************************
		185	+ * _ _ ____ _
		186	+ * Project ___\| \| \| \| _ \\| \|
		187	+ * / __\| \| \| \| \|_) \| \|
		188	+ * \| (__\| \|_\| \| _ <\| \|___
		189	+ * \___\|\___/\|_\| \_\_____\|
		190	+ *
		191	+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
		192	+ *
		193	+ * This software is licensed as described in the file COPYING, which
		194	+ * you should have received as part of this distribution. The terms
		195	+ * are also available at https://curl.se/docs/copyright.html.
		196	+ *
		197	+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
		198	+ * copies of the Software, and permit persons to whom the Software is
		199	+ * furnished to do so, under the terms of the COPYING file.
		200	+ *
		201	+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
		202	+ * KIND, either express or implied.
		203	+ *
		204	+ * SPDX-License-Identifier: curl
		205	+ *
		206	+ ***************************************************************************/
		207	+#include "curlcheck.h"
		208	+
		209	+#include "vtls/x509asn1.h"
		210	+
		211	+static CURLcode unit_setup(void)
		212	+{
		213	+ return CURLE_OK;
		214	+}
		215	+
		216	+static void unit_stop(void)
		217	+{
		218	+
		219	+}
		220	+
		221	+#if defined(USE_GNUTLS) \|\| defined(USE_SCHANNEL) \|\| defined(USE_SECTRANSP) \|\| \
		222	+ defined(USE_MBEDTLS)
		223	+
		224	+#ifndef ARRAYSIZE
		225	+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
		226	+#endif
		227	+
		228	+struct test_spec {
		229	+ const char *input;
		230	+ const char *exp_output;
		231	+ CURLcode exp_result;
		232	+};
		233	+
		234	+static struct test_spec test_specs[] = {
		235	+ { "190321134340", "1903-21-13 43:40:00", CURLE_OK },
		236	+ { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		237	+ { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		238	+ { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		239	+ { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		240	+ { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		241	+ { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
		242	+ { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK },
		243	+ { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK },
		244	+ { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK },
		245	+ { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK },
		246	+ { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK },
		247	+ { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK },
		248	+ { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK },
		249	+ { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK },
		250	+ { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK },
		251	+ { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK },
		252	+ { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK },
		253	+ { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK },
		254	+ { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK },
		255	+ { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK },
		256	+ { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK },
		257	+ { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK },
		258	+ { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK },
		259	+ { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK },
		260	+ { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK },
		261	+};
		262	+
		263	+static bool do_test(struct test_spec spec, size_t i, struct dynbuf dbuf)
		264	+{
		265	+ CURLcode result;
		266	+ const char *in = spec->input;
		267	+
		268	+ Curl_dyn_reset(dbuf);
		269	+ result = Curl_x509_GTime2str(dbuf, in, in + strlen(in));
		270	+ if(result != spec->exp_result) {
		271	+ fprintf(stderr, "test %zu: expect result %d, got %d\n",
		272	+ i, spec->exp_result, result);
		273	+ return FALSE;
		274	+ }
		275	+ else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) {
		276	+ fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n",
		277	+ i, in, spec->exp_output, Curl_dyn_ptr(dbuf));
		278	+ return FALSE;
		279	+ }
		280	+
		281	+ return TRUE;
		282	+}
		283	+
		284	+UNITTEST_START
		285	+{
		286	+ size_t i;
		287	+ struct dynbuf dbuf;
		288	+ bool all_ok = TRUE;
		289	+
		290	+ Curl_dyn_init(&dbuf, 32*1024);
		291	+
		292	+ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
		293	+ fprintf(stderr, "curl_global_init() failed\n");
		294	+ return TEST_ERR_MAJOR_BAD;
		295	+ }
		296	+
		297	+ for(i = 0; i < ARRAYSIZE(test_specs); ++i) {
		298	+ if(!do_test(&test_specs[i], i, &dbuf))
		299	+ all_ok = FALSE;
		300	+ }
		301	+ fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails");
		302	+
		303	+ Curl_dyn_free(&dbuf);
		304	+ curl_global_cleanup();
		305	+}
		306	+UNITTEST_STOP
		307	+
		308	+#else
		309	+
		310	+UNITTEST_START
		311	+{
		312	+ puts("not tested since Curl_x509_GTime2str() is not built-in");
		313	+}
		314	+UNITTEST_STOP
		315	+
		316	+#endif


diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index 6d2886f70c..a2cee8ba23 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -16,6 +16,8 @@ SRC_URI = " \
16	file://disable-tests \	16	file://disable-tests \
17	file://no-test-timeout.patch \	17	file://no-test-timeout.patch \
18	file://CVE-2024-6197.patch \	18	file://CVE-2024-6197.patch \
		19	file://CVE-2024-7264-1.patch \
		20	file://CVE-2024-7264-2.patch \
19	"	21	"
20	SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"	22	SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
21		23