!123 [sync] PR-122: fix CVE-2022-32207 better

From: @openeuler-sync-bot Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
2022-07-07 02:43:46 +00:00 · 2022-07-07 02:43:46 +00:00 · 667d03d7d8
commit 667d03d7d8
parent dd9d9500a5 5cad30e263
2 changed files with 9 additions and 4 deletions
--- a/backport-CVE-2022-32207.patch
+++ b/backport-CVE-2022-32207.patch
@ -140,7 +140,7 @@ new file mode 100644
 index 0000000..92dc31d
 --- /dev/null
 +++ b/lib/fopen.c
-@@ -0,0 +1,106 @@
+@@ -0,0 +1,105 @@
 +/***************************************************************************
 + *                                  _   _ ____  _
 + *  Project                     ___| | | |  _ \| |
@ -165,8 +165,7 @@ index 0000000..92dc31d
 +
 +#include "curl_setup.h"
 +
-+#if !defined(CURL_DISABLE_COOKIES) && !defined(CURL_DISABLE_ALTSVC) &&  \
-+  !defined(CURL_DISABLE_HSTS)
+#if !defined(CURL_DISABLE_COOKIES) || defined(USE_ALTSVC)
 +
 +#ifdef HAVE_FCNTL_H
 +#include <fcntl.h>
--- a/curl.spec
+++ b/curl.spec
@ -6,7 +6,7 @@

 Name:           curl
 Version:        7.71.1
-Release:        15
+Release:        16
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@ -187,6 +187,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*

 %changelog
+* Tue Jul 05 2022 gaihuiying <eaglegai@163.com> - 7.71.1-16
+- Type:cves
+- CVE:CVE-2022-32207
+- SUG:NA
+- DESC:fix CVE-2022-32207 better
+
 * Wed Jun 29 2022 gaihuiying <eaglegai@163.com> - 7.71.1-15
 - Type:cves
 - CVE:CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208