backport some patches from community

backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch

@@ -0,0 +1,34 @@
+From b9f832edcce9db2de31070e76c3cbe59ca9ef512 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 12 Oct 2023 16:00:38 +0200
+Subject: [PATCH] openssl: avoid BN_num_bits() NULL pointer derefs
+
+Reported-by: icy17 on github
+Fixes #12099
+Closes #12100
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/b9f832edcce9db2de31070e76c3cbe59ca9ef512
+---
+ lib/vtls/openssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 9f9c8d136..6be86f871 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -538,9 +538,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
+ #else
+           RSA_get0_key(rsa, &n, &e, NULL);
+ #endif /* HAVE_EVP_PKEY_GET_PARAMS */
+-          BIO_printf(mem, "%d", BN_num_bits(n));
++          BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
+ #else
+-          BIO_printf(mem, "%d", BN_num_bits(rsa->n));
++          BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
+ #endif /* HAVE_OPAQUE_RSA_DSA_DH */
+           push_certinfo("RSA Public Key", i);
+           print_pubkey_BN(rsa, n, i);
+-- 
+2.33.0
+

backport-transfer-also-stop-the-sending-on-closed-connection.patch

@@ -0,0 +1,46 @@
+From 95a865b462195d9d847f7f2676f0c789179e2073 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 4 Sep 2023 14:14:32 +0200
+Subject: [PATCH] transfer: also stop the sending on closed connection
+
+Previously this cleared the receiving bit only but in some cases it is
+also still sending (like a request-body) when disconnected and neither
+direction can continue then.
+
+Fixes #11769
+Reported-by: Oleg Jukovec
+Closes #11795
+
+Conflict: NA
+Reference: https://github.com/curl/curl/commit/95a865b462195d9d847f7f2676f0c789179e2073
+---
+ lib/transfer.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index fb0a6a45d..d0602b875 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -492,15 +492,16 @@ static CURLcode readwrite_data(struct Curl_easy *data,
+     if(0 < nread || is_empty_data) {
+       buf[nread] = 0;
+     }
+-    else {
++    if(!nread) {
+       /* if we receive 0 or less here, either the data transfer is done or the
+          server closed the connection and we bail out from this! */
+       if(data_eof_handled)
+         DEBUGF(infof(data, "nread == 0, stream closed, bailing"));
+       else
+         DEBUGF(infof(data, "nread <= 0, server closed connection, bailing"));
+-      k->keepon &= ~KEEP_RECV;
+-      break;
++      k->keepon = 0; /* stop sending as well */
++      if(!is_empty_data)
++        break;
+     }
+ 
+     /* Default buffer to use when we write the buffer, it may be changed
+-- 
+2.33.0
+

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        8.1.2
-Release:        6
+Release:        7
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        curl
 URL:            https://curl.se/
@@ -24,6 +24,8 @@ Patch10:        backport-CVE-2023-38546.patch
 Patch11:        backport-CVE-2023-46218.patch
 Patch12:        backport-0001-CVE-2023-46219.patch
 Patch13:        backport-0002-CVE-2023-46219.patch
+Patch14:        backport-transfer-also-stop-the-sending-on-closed-connection.patch
+Patch15:        backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -208,6 +210,13 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Thu Dec 28 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-7
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:transfer: also stop the sending on closed connection
+       openssl: avoid BN_num_bits() NULL pointer derefs
+
 * Fri Dec 08 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-6
 - Type:CVE
 - CVE:CVE-2023-46218 CVE-2023-46219