microsoft
diff --git a/‎SPECS/curl/CVE-2025-0167.patch
Lines changed: 38 additions & 0 deletions b/‎SPECS/curl/CVE-2025-0167.patch
Lines changed: 38 additions & 0 deletions
diff --git a/‎SPECS/curl/CVE-2025-0665.patch
Lines changed: 33 additions & 0 deletions b/‎SPECS/curl/CVE-2025-0665.patch
Lines changed: 33 additions & 0 deletions
@@ -0,0 +1,38 @@
+From eb239c24ea6ab8d2f1f3190572cdc6b646341cb0 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <[email protected]>
+Date: Thu, 13 Feb 2025 19:53:56 +0000
+Subject: [PATCH] CVE-2025-0167
+Upstream source: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e
+---
+ lib/netrc.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/lib/netrc.c b/lib/netrc.c
+index d5ee3c0..b5002fb 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -309,11 +309,16 @@ static int parsenetrc(struct store_netrc *store,
+ 
+ out:
+   Curl_dyn_free(&token);
+-  if(!retcode && !password && our_login) {
+-    /* success without a password, set a blank one */
+-    password = strdup("");
+-    if(!password)
+-      retcode = 1; /* out of memory */
++  if(!retcode) {
++    if(!password && our_login) {
++      /* success without a password, set a blank one */
++      password = strdup("");
++      if(!password)
++        retcode = 1; /* out of memory */
++    }
++    else if(!login && !password)
++      /* a default with no credentials */
++      retcode = NETRC_FILE_MISSING;
+   }
+   if(!retcode) {
+     /* success */
+-- 
+2.45.2
+
@@ -0,0 +1,33 @@
+From ff5091aa9f73802e894b1cbdf24ab84e103200e2 Mon Sep 17 00:00:00 2001
+From: Andy Pan <[email protected]>
+Date: Thu, 12 Dec 2024 12:48:56 +0000
+Subject: [PATCH] async-thread: avoid closing eventfd twice
+
+When employing eventfd for socketpair, there is only one file
+descriptor. Closing that fd twice might result in fd corruption.
+Thus, we should avoid closing the eventfd twice, following the
+pattern in lib/multi.c.
+
+Fixes #15725
+Closes #15727
+Reported-by: Christian Heusel
+---
+ lib/asyn-thread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
+index a58e4b790494..32d496b107cb 100644
+--- a/lib/asyn-thread.c
++++ b/lib/asyn-thread.c
+@@ -195,9 +195,11 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd)
+    * close one end of the socket pair (may be done in resolver thread);
+    * the other end (for reading) is always closed in the parent thread.
+    */
++#ifndef USE_EVENTFD
+   if(tsd->sock_pair[1] != CURL_SOCKET_BAD) {
+     wakeup_close(tsd->sock_pair[1]);
+   }
++#endif
+ #endif
+   memset(tsd, 0, sizeof(*tsd));
+ }