From 63f76c49f3bf618ece234af98af0cf10477d4d44 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Thu, 12 Mar 2026 12:26:03 +0000 Subject: [PATCH 1/2] Patch curl for CVE-2026-3784, CVE-2026-3783, CVE-2026-1965 --- SPECS/curl/CVE-2026-1965.patch | 139 +++++++++++++++ SPECS/curl/CVE-2026-3783.patch | 150 ++++++++++++++++ SPECS/curl/CVE-2026-3784.patch | 166 ++++++++++++++++++ SPECS/curl/curl.spec | 8 +- .../manifests/package/pkggen_core_aarch64.txt | 6 +- .../manifests/package/pkggen_core_x86_64.txt | 6 +- .../manifests/package/toolchain_aarch64.txt | 8 +- .../manifests/package/toolchain_x86_64.txt | 8 +- 8 files changed, 476 insertions(+), 15 deletions(-) create mode 100644 SPECS/curl/CVE-2026-1965.patch create mode 100644 SPECS/curl/CVE-2026-3783.patch create mode 100644 SPECS/curl/CVE-2026-3784.patch diff --git a/SPECS/curl/CVE-2026-1965.patch b/SPECS/curl/CVE-2026-1965.patch new file mode 100644 index 00000000000..80b794851ec --- /dev/null +++ b/SPECS/curl/CVE-2026-1965.patch @@ -0,0 +1,139 @@ +From 441e8ee4df3e576bf23c30eb31b9fef8c55f5663 Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Thu, 12 Mar 2026 11:59:23 +0000 +Subject: [PATCH] url: fix reuse of connections using HTTP Negotiate; + Follow-up: fix copy+paste mistake in url_match_auth_nego + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/curl/curl/commit/34fa034d9a390c4bd65e2d05262755ec8646ac12.patch https://github.com/curl/curl/commit/f1a39f221d57354990e3eeeddc3404aede2aff70.patch +--- + lib/url.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 85 insertions(+), 5 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index 436edd8..d62eefa 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -853,6 +853,8 @@ struct url_conn_match { + BIT(may_multiplex); + BIT(want_ntlm_http); + BIT(want_proxy_ntlm_http); ++ BIT(want_nego_http); ++ BIT(want_proxy_nego_http); + + BIT(wait_pipe); + BIT(force_reuse); +@@ -861,6 +863,64 @@ struct url_conn_match { + BIT(seen_multiplex_conn); + }; + ++#if defined(USE_SPNEGO) ++static bool url_match_auth_nego(struct connectdata *conn, ++ struct url_conn_match *m) ++{ ++ /* If we are looking for an HTTP+Negotiate connection, check if this is ++ already authenticating with the right credentials. If not, keep looking ++ so that we can reuse Negotiate connections if possible. */ ++ if(m->want_nego_http) { ++ if(Curl_timestrcmp(m->needle->user, conn->user) || ++ Curl_timestrcmp(m->needle->passwd, conn->passwd)) ++ return FALSE; ++ } ++ else if(conn->http_negotiate_state != GSS_AUTHNONE) { ++ /* Connection is using Negotiate auth but we do not want Negotiate */ ++ return FALSE; ++ } ++ ++#ifndef CURL_DISABLE_PROXY ++ /* Same for Proxy Negotiate authentication */ ++ if(m->want_proxy_nego_http) { ++ /* Both conn->http_proxy.user and conn->http_proxy.passwd can be ++ * NULL */ ++ if(!conn->http_proxy.user || !conn->http_proxy.passwd) ++ return FALSE; ++ ++ if(Curl_timestrcmp(m->needle->http_proxy.user, ++ conn->http_proxy.user) || ++ Curl_timestrcmp(m->needle->http_proxy.passwd, ++ conn->http_proxy.passwd)) ++ return FALSE; ++ } ++ else if(conn->proxy_negotiate_state != GSS_AUTHNONE) { ++ /* Proxy connection is using Negotiate auth but we do not want Negotiate */ ++ return FALSE; ++ } ++#endif ++ if(m->want_nego_http || m->want_proxy_nego_http) { ++ /* Credentials are already checked, we may use this connection. We MUST ++ * use a connection where it has already been fully negotiated. If it has ++ * not, we keep on looking for a better one. */ ++ m->found = conn; ++ if((m->want_nego_http && ++ (conn->http_negotiate_state != GSS_AUTHNONE)) || ++ (m->want_proxy_nego_http && ++ (conn->proxy_negotiate_state != GSS_AUTHNONE))) { ++ /* We must use this connection, no other */ ++ m->force_reuse = TRUE; ++ return TRUE; ++ } ++ return FALSE; /* get another */ ++ } ++ return TRUE; ++} ++#else ++#define url_match_auth_nego(c, m) ((void)c, (void)m, TRUE) ++#endif ++ ++ + static bool url_match_conn(struct connectdata *conn, void *userdata) + { + struct url_conn_match *match = userdata; +@@ -1156,6 +1216,13 @@ static bool url_match_conn(struct connectdata *conn, void *userdata) + * If it has not, we keep on looking for a better one. */ + match->found = conn; + ++ ++ if(!url_match_auth_nego(conn, match)) ++ return FALSE; ++ else if(match->force_reuse) ++ return TRUE; ++ ++ + if((match->want_ntlm_http && + (conn->http_ntlm_state != NTLMSTATE_NONE)) || + (match->want_proxy_ntlm_http && +@@ -1251,13 +1318,26 @@ ConnectionExists(struct Curl_easy *data, + match.may_multiplex = xfer_may_multiplex(data, needle); + + #ifdef USE_NTLM +- match.want_ntlm_http = ((data->state.authhost.want & CURLAUTH_NTLM) && +- (needle->handler->protocol & PROTO_FAMILY_HTTP)); ++ match.want_ntlm_http = ++ (data->state.authhost.want & CURLAUTH_NTLM) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); + #ifndef CURL_DISABLE_PROXY + match.want_proxy_ntlm_http = +- (needle->bits.proxy_user_passwd && +- (data->state.authproxy.want & CURLAUTH_NTLM) && +- (needle->handler->protocol & PROTO_FAMILY_HTTP)); ++ needle->bits.proxy_user_passwd && ++ (data->state.authproxy.want & CURLAUTH_NTLM) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#endif ++#endif ++ ++#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ match.want_nego_http = ++ (data->state.authhost.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#ifndef CURL_DISABLE_PROXY ++ match.want_proxy_nego_http = ++ needle->bits.proxy_user_passwd && ++ (data->state.authproxy.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); + #endif + #endif + +-- +2.45.4 + diff --git a/SPECS/curl/CVE-2026-3783.patch b/SPECS/curl/CVE-2026-3783.patch new file mode 100644 index 00000000000..cca1ab9fc11 --- /dev/null +++ b/SPECS/curl/CVE-2026-3783.patch @@ -0,0 +1,150 @@ +From a4741123081a520f95087015c8b607398b87842c Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Thu, 12 Mar 2026 11:56:59 +0000 +Subject: [PATCH] http: only send bearer if auth is allowed + +Verify with test 2006 + +Closes #20843 + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc.patch +--- + lib/http.c | 1 + + tests/data/Makefile.am | 2 +- + tests/data/test2006 | 98 ++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 100 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test2006 + +diff --git a/lib/http.c b/lib/http.c +index 35e7085..4de1667 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -650,6 +650,7 @@ output_auth_headers(struct Curl_easy *data, + if(authstatus->picked == CURLAUTH_BEARER) { + /* Bearer */ + if((!proxy && data->set.str[STRING_BEARER] && ++ Curl_auth_allowed_to_host(data) && + !Curl_checkheaders(data, STRCONST("Authorization")))) { + auth = "Bearer"; + result = http_output_bearer(data); +diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am +index 776b593..26e015f 100644 +--- a/tests/data/Makefile.am ++++ b/tests/data/Makefile.am +@@ -238,7 +238,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \ + test1955 test1956 test1957 test1958 test1959 test1960 test1964 \ + test1970 test1971 test1972 test1973 test1974 test1975 test1976 \ + \ +-test2000 test2001 test2002 test2003 test2004 \ ++test2000 test2001 test2002 test2003 test2004 test2006 \ + \ + test2023 \ + test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ +diff --git a/tests/data/test2006 b/tests/data/test2006 +new file mode 100644 +index 0000000..200d30a +--- /dev/null ++++ b/tests/data/test2006 +@@ -0,0 +1,98 @@ ++ ++ ++ ++ ++netrc ++HTTP ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++-foo- ++ ++ ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++proxy ++ ++ ++.netrc default with redirect plus oauth2-bearer ++ ++ ++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/ ++ ++ ++default login testuser password testpass ++ ++ ++ ++ ++ ++GET http://a.com/ HTTP/1.1 ++Host: a.com ++Authorization: Bearer SECRET_TOKEN ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://b.com/%TESTNUMBER0002 HTTP/1.1 ++Host: b.com ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++ ++ ++ +-- +2.45.4 + diff --git a/SPECS/curl/CVE-2026-3784.patch b/SPECS/curl/CVE-2026-3784.patch new file mode 100644 index 00000000000..1beb78b5fc7 --- /dev/null +++ b/SPECS/curl/CVE-2026-3784.patch @@ -0,0 +1,166 @@ +From 184dadb0109bf038832b9f5d4d49aa757e52d41a Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Thu, 12 Mar 2026 12:18:02 +0000 +Subject: [PATCH] proxy-auth: additional tests + +Also eliminate the special handling for socks proxy match. + +Closes #20837 + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/curl/curl/commit/5f13a7645e565c5c1a06f3ef86e97afb856fb364.patch +--- + lib/url.c | 30 ++++++++---------------------- + tests/http/test_13_proxy_auth.py | 20 ++++++++++++++++++++ + tests/http/testenv/curl.py | 18 +++++++++++++++--- + 3 files changed, 43 insertions(+), 25 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index d62eefa..88f559a 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -678,30 +678,16 @@ proxy_info_matches(const struct proxy_info *data, + { + if((data->proxytype == needle->proxytype) && + (data->port == needle->port) && +- strcasecompare(data->host.name, needle->host.name)) +- return TRUE; ++ strcasecompare(data->host.name, needle->host.name)) { + ++ if(Curl_timestrcmp(data->user, needle->user) || ++ Curl_timestrcmp(data->passwd, needle->passwd)) ++ return FALSE; ++ return TRUE; ++ } + return FALSE; + } + +-static bool +-socks_proxy_info_matches(const struct proxy_info *data, +- const struct proxy_info *needle) +-{ +- if(!proxy_info_matches(data, needle)) +- return FALSE; +- +- /* the user information is case-sensitive +- or at least it is not defined as case-insensitive +- see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ +- +- /* curl_strequal does a case insensitive comparison, +- so do not use it here! */ +- if(Curl_timestrcmp(data->user, needle->user) || +- Curl_timestrcmp(data->passwd, needle->passwd)) +- return FALSE; +- return TRUE; +-} + #else + /* disabled, will not get called */ + #define proxy_info_matches(x,y) FALSE +@@ -1032,8 +1018,8 @@ static bool url_match_conn(struct connectdata *conn, void *userdata) + return FALSE; + + if(needle->bits.socksproxy && +- !socks_proxy_info_matches(&needle->socks_proxy, +- &conn->socks_proxy)) ++ !proxy_info_matches(&needle->socks_proxy, ++ &conn->socks_proxy)) + return FALSE; + + if(needle->bits.httpproxy) { +diff --git a/tests/http/test_13_proxy_auth.py b/tests/http/test_13_proxy_auth.py +index 0979fbb..f2cda54 100644 +--- a/tests/http/test_13_proxy_auth.py ++++ b/tests/http/test_13_proxy_auth.py +@@ -152,3 +152,23 @@ class TestProxyAuth: + protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1') + assert self.get_tunnel_proto_used(r) == 'HTTP/2' \ + if tunnel == 'h2' else 'HTTP/1.1' ++ ++ def test_13_10_tunnels_mixed_auth(self, env: Env, httpd, configures_httpd): ++ self.httpd_configure(env, httpd) ++ curl = CurlClient(env=env) ++ url1 = f'http://localhost:{env.http_port}/data.json?1' ++ url2 = f'http://localhost:{env.http_port}/data.json?2' ++ url3 = f'http://localhost:{env.http_port}/data.json?3' ++ xargs1 = curl.get_proxy_args(proxys=False, tunnel=True) ++ xargs1.extend(['--proxy-user', 'proxy:proxy']) # good auth ++ xargs2 = curl.get_proxy_args(proxys=False, tunnel=True) ++ xargs2.extend(['--proxy-user', 'ungood:ungood']) # bad auth ++ xargs3 = curl.get_proxy_args(proxys=False, tunnel=True) ++ # no auth ++ r = curl.http_download(urls=[url1, url2, url3], alpn_proto='http/1.1', with_stats=True, ++ url_options={url1: xargs1, url2: xargs2, url3: xargs3}) ++ # only url1 succeeds, others fail, no connection reuse ++ assert r.stats[0]['http_code'] == 200, f'{r.dump_logs()}' ++ assert r.stats[1]['http_code'] == 0, f'{r.dump_logs()}' ++ assert r.stats[2]['http_code'] == 0, f'{r.dump_logs()}' ++ assert r.total_connects == 3, f'{r.dump_logs()}' +diff --git a/tests/http/testenv/curl.py b/tests/http/testenv/curl.py +index ee224d9..d4c3874 100644 +--- a/tests/http/testenv/curl.py ++++ b/tests/http/testenv/curl.py +@@ -539,7 +539,8 @@ class CurlClient: + with_profile: bool = False, + with_tcpdump: bool = False, + no_save: bool = False, +- extra_args: Optional[List[str]] = None): ++ extra_args: Optional[List[str]] = None, ++ url_options: Optional[Dict[str,List[str]]] = None): + if extra_args is None: + extra_args = [] + if no_save: +@@ -559,6 +560,7 @@ class CurlClient: + ]) + return self._raw(urls, alpn_proto=alpn_proto, options=extra_args, + with_stats=with_stats, ++ url_options=url_options, + with_headers=with_headers, + with_profile=with_profile, + with_tcpdump=with_tcpdump) +@@ -820,6 +822,7 @@ class CurlClient: + + def _raw(self, urls, intext='', timeout=None, options=None, insecure=False, + alpn_proto: Optional[str] = None, ++ url_options=None, + force_resolve=True, + with_stats=False, + with_headers=True, +@@ -829,7 +832,8 @@ class CurlClient: + args = self._complete_args( + urls=urls, timeout=timeout, options=options, insecure=insecure, + alpn_proto=alpn_proto, force_resolve=force_resolve, +- with_headers=with_headers, def_tracing=def_tracing) ++ with_headers=with_headers, def_tracing=def_tracing, ++ url_options=url_options) + r = self._run(args, intext=intext, with_stats=with_stats, + with_profile=with_profile, with_tcpdump=with_tcpdump) + if r.exit_code == 0 and with_headers: +@@ -839,8 +843,10 @@ class CurlClient: + def _complete_args(self, urls, timeout=None, options=None, + insecure=False, force_resolve=True, + alpn_proto: Optional[str] = None, ++ url_options=None, + with_headers: bool = True, + def_tracing: bool = True): ++ url_sep = [] + if not isinstance(urls, list): + urls = [urls] + +@@ -860,7 +866,13 @@ class CurlClient: + active_options = options[options.index('--next') + 1:] + + for url in urls: +- u = urlparse(urls[0]) ++ args.extend(url_sep) ++ if url_options is not None: ++ url_sep = ['--next'] ++ ++ u = urlparse(url) ++ if url_options is not None and url in url_options: ++ args.extend(url_options[url]) + if options: + args.extend(options) + if alpn_proto is not None: +-- +2.45.4 + diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index 1bcef69a899..382a32f9fda 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -1,7 +1,7 @@ Summary: An URL retrieval utility and library Name: curl Version: 8.11.1 -Release: 5%{?dist} +Release: 6%{?dist} License: curl Vendor: Microsoft Corporation Distribution: Azure Linux @@ -13,6 +13,9 @@ Patch1: CVE-2025-0167.patch Patch2: CVE-2025-0725.patch Patch3: CVE-2025-10148.patch Patch4: CVE-2025-14017.patch +Patch5: CVE-2026-1965.patch +Patch6: CVE-2026-3783.patch +Patch7: CVE-2026-3784.patch BuildRequires: cmake BuildRequires: krb5-devel BuildRequires: libnghttp2-devel @@ -103,6 +106,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libcurl.so.* %changelog +* Thu Mar 12 2026 Azure Linux Security Servicing Account - 8.11.1-6 +- Patch for CVE-2026-3784, CVE-2026-3783, CVE-2026-1965 + * Fri Jan 09 2026 Azure Linux Security Servicing Account - 8.11.1-5 - Patch for CVE-2025-14017 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 0aa976dbcea..be9b79557ca 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -199,9 +199,9 @@ krb5-1.21.3-3.azl3.aarch64.rpm krb5-devel-1.21.3-3.azl3.aarch64.rpm nghttp2-1.61.0-2.azl3.aarch64.rpm nghttp2-devel-1.61.0-2.azl3.aarch64.rpm -curl-8.11.1-5.azl3.aarch64.rpm -curl-devel-8.11.1-5.azl3.aarch64.rpm -curl-libs-8.11.1-5.azl3.aarch64.rpm +curl-8.11.1-6.azl3.aarch64.rpm +curl-devel-8.11.1-6.azl3.aarch64.rpm +curl-libs-8.11.1-6.azl3.aarch64.rpm createrepo_c-1.0.3-1.azl3.aarch64.rpm libxml2-2.11.5-9.azl3.aarch64.rpm libxml2-devel-2.11.5-9.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 0337a6c7966..781c169843d 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -199,9 +199,9 @@ krb5-1.21.3-3.azl3.x86_64.rpm krb5-devel-1.21.3-3.azl3.x86_64.rpm nghttp2-1.61.0-2.azl3.x86_64.rpm nghttp2-devel-1.61.0-2.azl3.x86_64.rpm -curl-8.11.1-5.azl3.x86_64.rpm -curl-devel-8.11.1-5.azl3.x86_64.rpm -curl-libs-8.11.1-5.azl3.x86_64.rpm +curl-8.11.1-6.azl3.x86_64.rpm +curl-devel-8.11.1-6.azl3.x86_64.rpm +curl-libs-8.11.1-6.azl3.x86_64.rpm createrepo_c-1.0.3-1.azl3.x86_64.rpm libxml2-2.11.5-9.azl3.x86_64.rpm libxml2-devel-2.11.5-9.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index cd1fb23b3f8..518a9579e60 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -67,10 +67,10 @@ cracklib-lang-2.9.11-1.azl3.aarch64.rpm createrepo_c-1.0.3-1.azl3.aarch64.rpm createrepo_c-debuginfo-1.0.3-1.azl3.aarch64.rpm createrepo_c-devel-1.0.3-1.azl3.aarch64.rpm -curl-8.11.1-5.azl3.aarch64.rpm -curl-debuginfo-8.11.1-5.azl3.aarch64.rpm -curl-devel-8.11.1-5.azl3.aarch64.rpm -curl-libs-8.11.1-5.azl3.aarch64.rpm +curl-8.11.1-6.azl3.aarch64.rpm +curl-debuginfo-8.11.1-6.azl3.aarch64.rpm +curl-devel-8.11.1-6.azl3.aarch64.rpm +curl-libs-8.11.1-6.azl3.aarch64.rpm Cython-debuginfo-3.0.5-2.azl3.aarch64.rpm debugedit-5.0-2.azl3.aarch64.rpm debugedit-debuginfo-5.0-2.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 31ec6ab2ceb..b5eae7c039f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -72,10 +72,10 @@ createrepo_c-debuginfo-1.0.3-1.azl3.x86_64.rpm createrepo_c-devel-1.0.3-1.azl3.x86_64.rpm cross-binutils-common-2.41-10.azl3.noarch.rpm cross-gcc-common-13.2.0-7.azl3.noarch.rpm -curl-8.11.1-5.azl3.x86_64.rpm -curl-debuginfo-8.11.1-5.azl3.x86_64.rpm -curl-devel-8.11.1-5.azl3.x86_64.rpm -curl-libs-8.11.1-5.azl3.x86_64.rpm +curl-8.11.1-6.azl3.x86_64.rpm +curl-debuginfo-8.11.1-6.azl3.x86_64.rpm +curl-devel-8.11.1-6.azl3.x86_64.rpm +curl-libs-8.11.1-6.azl3.x86_64.rpm Cython-debuginfo-3.0.5-2.azl3.x86_64.rpm debugedit-5.0-2.azl3.x86_64.rpm debugedit-debuginfo-5.0-2.azl3.x86_64.rpm From 442f2bfd5db31bc008a70b5589a389aea279398b Mon Sep 17 00:00:00 2001 From: akhila-guruju Date: Mon, 16 Mar 2026 06:29:47 +0000 Subject: [PATCH 2/2] refactor test2006 to fix build --- SPECS/curl/CVE-2026-3783.patch | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/SPECS/curl/CVE-2026-3783.patch b/SPECS/curl/CVE-2026-3783.patch index cca1ab9fc11..2b532a1c318 100644 --- a/SPECS/curl/CVE-2026-3783.patch +++ b/SPECS/curl/CVE-2026-3783.patch @@ -1,14 +1,13 @@ -From a4741123081a520f95087015c8b607398b87842c Mon Sep 17 00:00:00 2001 -From: AllSpark -Date: Thu, 12 Mar 2026 11:56:59 +0000 +From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 6 Mar 2026 23:13:07 +0100 Subject: [PATCH] http: only send bearer if auth is allowed Verify with test 2006 Closes #20843 -Signed-off-by: Azure Linux Security Servicing Account -Upstream-reference: AI Backport of https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc.patch +Upstream Patch reference: https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc.patch --- lib/http.c | 1 + tests/data/Makefile.am | 2 +- @@ -43,7 +42,7 @@ index 776b593..26e015f 100644 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ diff --git a/tests/data/test2006 b/tests/data/test2006 new file mode 100644 -index 0000000..200d30a +index 0000000..4b8b269 --- /dev/null +++ b/tests/data/test2006 @@ -0,0 +1,98 @@ @@ -57,7 +56,7 @@ index 0000000..200d30a + +# Server-side + -+ ++ +HTTP/1.1 301 Follow this you fool +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake @@ -71,7 +70,7 @@ index 0000000..200d30a +-foo- + + -+ ++ +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake @@ -84,7 +83,7 @@ index 0000000..200d30a +target + + -+ ++ +HTTP/1.1 301 Follow this you fool +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake @@ -128,7 +127,7 @@ index 0000000..200d30a + + + -+ ++ +GET http://a.com/ HTTP/1.1 +Host: a.com +Authorization: Bearer SECRET_TOKEN @@ -146,5 +145,5 @@ index 0000000..200d30a + + -- -2.45.4 +2.43.0