microsoft · jykanase · Jan 23, 2025 · Jan 24, 2025
@@ -0,0 +1,63 @@
+From 35badf22978cf2ead330d9cce3c2ddb825184b48 Mon Sep 17 00:00:00 2001
+From: jykanase <v-jykanase@microsoft.com>
+Date: Wed, 22 Jan 2025 10:42:04 +0000
+Subject: [PATCH] CVE-2024-9681.patch
+
+Backported form: https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316
+---
+ Utilities/cmcurl/lib/hsts.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/Utilities/cmcurl/lib/hsts.c b/Utilities/cmcurl/lib/hsts.c
+index 97a07ec4..bd2b3ce7 100644
+--- a/Utilities/cmcurl/lib/hsts.c
++++ b/Utilities/cmcurl/lib/hsts.c
+@@ -232,11 +232,13 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                            bool subdomain)
+ {
++  struct stsentry *bestsub = NULL;
+   if(h) {
+     time_t now = time(NULL);
+     size_t hlen = strlen(hostname);
+     struct Curl_llist_element *e;
+     struct Curl_llist_element *n;
++    size_t blen = 0;
+     for(e = h->list.head; e; e = n) {
+       struct stsentry *sts = e->ptr;
+       n = e->next;
+@@ -251,15 +253,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+         if(ntail < hlen) {
+           size_t offs = hlen - ntail;
+           if((hostname[offs-1] == '.') &&
+-             Curl_strncasecompare(&hostname[offs], sts->host, ntail))
+-            return sts;
++	     Curl_strncasecompare(&hostname[offs], sts->host, ntail) &&
++             (ntail > blen)) {
++            /* save the tail match with the longest tail */
++            bestsub = sts;
++            blen = ntail;
++          }
+         }
+       }
+       if(Curl_strcasecompare(hostname, sts->host))
+         return sts;
+     }
+   }
+-  return NULL; /* no match */
++  return bestsub;
+ }
+
+ /*
+@@ -412,7 +418,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
+     e = Curl_hsts(h, p, subdomain);
+     if(!e)
+       result = hsts_create(h, p, subdomain, expires);
+-    else {
++    else if(strcasecompare(p, e->host)) {
+       /* the same host name, use the largest expire time */
+       if(expires > e->expires)
+         e->expires = expires;
+--
+2.45.2
+
@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.21.4
-Release:        15%{?dist}
+Release:        16%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -33,6 +33,7 @@ Patch18:        CVE-2024-2398.patch
 Patch19:        CVE-2024-28182.patch
 Patch20:        CVE-2024-7264.patch
 Patch21:        CVE-2024-11053.patch
+Patch22:        CVE-2024-9681.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@@ -98,6 +99,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_prefix}/doc/%{name}-*/*
 
 %changelog
+* Thu Jan 23 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 3.21.4-16
+- Fix CVE-2024-9681
+
 * Tue Jan 14 2025 Henry Beberman <henry.beberman@microsoft.com> - 3.21.4-15
 - Patch vendored curl for CVE-2024-11053
 

@@ -30,8 +30,8 @@ check-debuginfo-0.15.2-1.cm2.aarch64.rpm
 chkconfig-1.20-4.cm2.aarch64.rpm
 chkconfig-debuginfo-1.20-4.cm2.aarch64.rpm
 chkconfig-lang-1.20-4.cm2.aarch64.rpm
-cmake-3.21.4-15.cm2.aarch64.rpm
-cmake-debuginfo-3.21.4-15.cm2.aarch64.rpm
+cmake-3.21.4-16.cm2.aarch64.rpm
+cmake-debuginfo-3.21.4-16.cm2.aarch64.rpm
 coreutils-8.32-7.cm2.aarch64.rpm
 coreutils-debuginfo-8.32-7.cm2.aarch64.rpm
 coreutils-lang-8.32-7.cm2.aarch64.rpm

@@ -31,8 +31,8 @@ check-debuginfo-0.15.2-1.cm2.x86_64.rpm
 chkconfig-1.20-4.cm2.x86_64.rpm
 chkconfig-debuginfo-1.20-4.cm2.x86_64.rpm
 chkconfig-lang-1.20-4.cm2.x86_64.rpm
-cmake-3.21.4-15.cm2.x86_64.rpm
-cmake-debuginfo-3.21.4-15.cm2.x86_64.rpm
+cmake-3.21.4-16.cm2.x86_64.rpm
+cmake-debuginfo-3.21.4-16.cm2.x86_64.rpm
 coreutils-8.32-7.cm2.x86_64.rpm
 coreutils-debuginfo-8.32-7.cm2.x86_64.rpm
 coreutils-lang-8.32-7.cm2.x86_64.rpm