Related: CVE-2021-22924 - make explicit dependency on openssl work

... with alpha/beta builds of openssl Reported-by: Daniel Rusek
2021-07-23 17:14:53 +02:00 · 2021-07-23 17:14:53 +02:00 · a1aeccc458
commit a1aeccc458
parent ad77edcfa4
1 changed files with 6 additions and 2 deletions
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz

@ -123,7 +123,8 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}

 # require at least the version of openssl-libs that we were built against,
 # to ensure that we have the necessary symbols available (#1462184, #1462211)
-%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
+# (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
+%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|')

 %description
 curl is a command line tool for transferring data with URL syntax, supporting
@ -382,6 +383,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-9
+- make explicit dependency on openssl work with alpha/beta builds of openssl
+
 * Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-8
 - fix TELNET stack contents disclosure again (CVE-2021-22925)
 - fix bad connection reuse due to flawed path name checks (CVE-2021-22924)