1
0
forked from rpms/curl

Related: CVE-2021-22924 - make explicit dependency on openssl work

... with alpha/beta builds of openssl

Reported-by: Daniel Rusek
This commit is contained in:
Kamil Dudka 2021-07-23 17:14:53 +02:00
parent ad77edcfa4
commit a1aeccc458

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.76.1 Version: 7.76.1
Release: 8%{?dist} Release: 9%{?dist}
License: MIT License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -123,7 +123,8 @@ Requires: libcurl%{?_isa} >= %{version}-%{release}
# require at least the version of openssl-libs that we were built against, # require at least the version of openssl-libs that we were built against,
# to ensure that we have the necessary symbols available (#1462184, #1462211) # to ensure that we have the necessary symbols available (#1462184, #1462211)
%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) # (we need to translate 3.0.0-alpha16 -> 3.0.0-0.alpha16 and 3.0.0-beta1 -> 3.0.0-0.beta1 though)
%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|')
%description %description
curl is a command line tool for transferring data with URL syntax, supporting curl is a command line tool for transferring data with URL syntax, supporting
@ -382,6 +383,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-9
- make explicit dependency on openssl work with alpha/beta builds of openssl
* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-8 * Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-8
- fix TELNET stack contents disclosure again (CVE-2021-22925) - fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924) - fix bad connection reuse due to flawed path name checks (CVE-2021-22924)