import UBI curl-7.61.1-30.el8_8.3
This commit is contained in:
parent
bf79456532
commit
ad7840c8f2
51
SOURCES/0051-curl-7.61.1-CVE-2023-27536.patch
Normal file
51
SOURCES/0051-curl-7.61.1-CVE-2023-27536.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
||||||
|
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Closes #10731
|
||||||
|
---
|
||||||
|
lib/url.c | 6 ++++++
|
||||||
|
lib/urldata.h | 1 +
|
||||||
|
2 files changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index df6ef1213..cc2f427dc 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* GSS delegation differences do not actually affect every connection
|
||||||
|
+ and auth method, but this check takes precaution before efficiency */
|
||||||
|
+ if(needle->gssapi_delegation != check->gssapi_delegation)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
|
||||||
|
if(!ssh_config_matches(needle, check))
|
||||||
|
continue;
|
||||||
|
@@ -1950,5 +1950,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||||
|
conn->fclosesocket = data->set.fclosesocket;
|
||||||
|
conn->closesocket_client = data->set.closesocket_client;
|
||||||
|
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
||||||
|
|
||||||
|
return conn;
|
||||||
|
error:
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index bf5daaf50..da5de5ba9 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -1061,6 +1061,8 @@ struct connectdata {
|
||||||
|
char *unix_domain_socket;
|
||||||
|
bool abstract_unix_socket;
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
||||||
|
};
|
||||||
|
|
||||||
|
/* The end of connectdata. */
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
2768
SOURCES/0052-curl-7.61.1-rebuilt-certs.patch
Normal file
2768
SOURCES/0052-curl-7.61.1-rebuilt-certs.patch
Normal file
File diff suppressed because it is too large
Load Diff
305
SOURCES/0053-curl-7.61.1-CVE-2023-28321.patch
Normal file
305
SOURCES/0053-curl-7.61.1-CVE-2023-28321.patch
Normal file
@ -0,0 +1,305 @@
|
|||||||
|
From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 24 Apr 2023 21:07:02 +0200
|
||||||
|
Subject: [PATCH] hostcheck: fix host name wildcard checking
|
||||||
|
|
||||||
|
The leftmost "label" of the host name can now only match against single
|
||||||
|
'*'. Like the browsers have worked for a long time.
|
||||||
|
|
||||||
|
- extended unit test 1397 for this
|
||||||
|
- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
|
||||||
|
|
||||||
|
Reported-by: Hiroki Kurosawa
|
||||||
|
Closes #11018
|
||||||
|
---
|
||||||
|
lib/hostcheck.c | 50 +++++++--------
|
||||||
|
tests/data/test1397 | 10 ++-
|
||||||
|
tests/unit/Makefile.am | 94 ----------------------------
|
||||||
|
tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++
|
||||||
|
tests/unit/unit1397.c | 134 ++++++++++++++++++++++++----------------
|
||||||
|
5 files changed, 202 insertions(+), 180 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/hostcheck.c b/lib/hostcheck.c
|
||||||
|
index e827dc58f378c..d061c6356f97f 100644
|
||||||
|
--- a/lib/hostcheck.c
|
||||||
|
+++ b/lib/hostcheck.c
|
||||||
|
@@ -43,6 +43,17 @@
|
||||||
|
/* The last #include file should be: */
|
||||||
|
#include "memdebug.h"
|
||||||
|
|
||||||
|
+/* check the two input strings with given length, but do not
|
||||||
|
+ assume they end in nul-bytes */
|
||||||
|
+static int pmatch(const char *hostname, size_t hostlen,
|
||||||
|
+ const char *pattern, size_t patternlen)
|
||||||
|
+{
|
||||||
|
+ if(hostlen != patternlen)
|
||||||
|
+ return CURL_HOST_NOMATCH;
|
||||||
|
+ return strncasecompare(hostname, pattern, hostlen) ?
|
||||||
|
+ CURL_HOST_MATCH : CURL_HOST_NOMATCH;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Match a hostname against a wildcard pattern.
|
||||||
|
* E.g.
|
||||||
|
@@ -65,26 +76,27 @@
|
||||||
|
|
||||||
|
static int hostmatch(char *hostname, char *pattern)
|
||||||
|
{
|
||||||
|
- const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
|
||||||
|
- int wildcard_enabled;
|
||||||
|
- size_t prefixlen, suffixlen;
|
||||||
|
+ size_t hostlen, patternlen;
|
||||||
|
+ const char *pattern_label_end;
|
||||||
|
struct in_addr ignored;
|
||||||
|
#ifdef ENABLE_IPV6
|
||||||
|
struct sockaddr_in6 si6;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ DEBUGASSERT(pattern);
|
||||||
|
+ DEBUGASSERT(hostname);
|
||||||
|
+
|
||||||
|
+ hostlen = strlen(hostname);
|
||||||
|
+ patternlen = strlen(pattern);
|
||||||
|
+
|
||||||
|
/* normalize pattern and hostname by stripping off trailing dots */
|
||||||
|
- size_t len = strlen(hostname);
|
||||||
|
- if(hostname[len-1]=='.')
|
||||||
|
- hostname[len-1] = 0;
|
||||||
|
- len = strlen(pattern);
|
||||||
|
- if(pattern[len-1]=='.')
|
||||||
|
- pattern[len-1] = 0;
|
||||||
|
-
|
||||||
|
- pattern_wildcard = strchr(pattern, '*');
|
||||||
|
- if(pattern_wildcard == NULL)
|
||||||
|
- return strcasecompare(pattern, hostname) ?
|
||||||
|
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
|
||||||
|
+ if(hostname[hostlen-1]=='.')
|
||||||
|
+ hostname[hostlen-1] = 0;
|
||||||
|
+ if(pattern[patternlen-1]=='.')
|
||||||
|
+ pattern[patternlen-1] = 0;
|
||||||
|
+
|
||||||
|
+ if(strncmp(pattern, "*.", 2))
|
||||||
|
+ return pmatch(hostname, hostlen, pattern, patternlen);
|
||||||
|
|
||||||
|
/* detect IP address as hostname and fail the match if so */
|
||||||
|
if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0)
|
||||||
|
@@ -96,34 +108,20 @@ static int hostmatch(char *hostname, char *pattern)
|
||||||
|
|
||||||
|
/* We require at least 2 dots in pattern to avoid too wide wildcard
|
||||||
|
match. */
|
||||||
|
- wildcard_enabled = 1;
|
||||||
|
pattern_label_end = strchr(pattern, '.');
|
||||||
|
- if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL ||
|
||||||
|
- pattern_wildcard > pattern_label_end ||
|
||||||
|
- strncasecompare(pattern, "xn--", 4)) {
|
||||||
|
- wildcard_enabled = 0;
|
||||||
|
+ if(pattern_label_end == NULL ||
|
||||||
|
+ (strrchr(pattern, '.') == pattern_label_end))
|
||||||
|
+ return pmatch(pattern, patternlen, hostname, hostlen);
|
||||||
|
+
|
||||||
|
+ const char *hostname_label_end = strchr(hostname, '.');
|
||||||
|
+ if(hostname_label_end != NULL) {
|
||||||
|
+ size_t skiphost = hostname_label_end - hostname;
|
||||||
|
+ size_t skiplen = pattern_label_end - pattern;
|
||||||
|
+ return pmatch(hostname_label_end, hostlen - skiphost,
|
||||||
|
+ pattern_label_end, patternlen - skiplen);
|
||||||
|
}
|
||||||
|
- if(!wildcard_enabled)
|
||||||
|
- return strcasecompare(pattern, hostname) ?
|
||||||
|
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
|
||||||
|
-
|
||||||
|
- hostname_label_end = strchr(hostname, '.');
|
||||||
|
- if(hostname_label_end == NULL ||
|
||||||
|
- !strcasecompare(pattern_label_end, hostname_label_end))
|
||||||
|
- return CURL_HOST_NOMATCH;
|
||||||
|
|
||||||
|
- /* The wildcard must match at least one character, so the left-most
|
||||||
|
- label of the hostname is at least as large as the left-most label
|
||||||
|
- of the pattern. */
|
||||||
|
- if(hostname_label_end - hostname < pattern_label_end - pattern)
|
||||||
|
- return CURL_HOST_NOMATCH;
|
||||||
|
-
|
||||||
|
- prefixlen = pattern_wildcard - pattern;
|
||||||
|
- suffixlen = pattern_label_end - (pattern_wildcard + 1);
|
||||||
|
- return strncasecompare(pattern, hostname, prefixlen) &&
|
||||||
|
- strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen,
|
||||||
|
- suffixlen) ?
|
||||||
|
- CURL_HOST_MATCH : CURL_HOST_NOMATCH;
|
||||||
|
+ return CURL_HOST_NOMATCH;
|
||||||
|
}
|
||||||
|
|
||||||
|
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
|
||||||
|
diff --git a/tests/data/test1397 b/tests/data/test1397
|
||||||
|
index 84f962abebee3..f31b2c2a3f330 100644
|
||||||
|
--- a/tests/data/test1397
|
||||||
|
+++ b/tests/data/test1397
|
||||||
|
@@ -2,8 +2,7 @@
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
unittest
|
||||||
|
-ssl
|
||||||
|
-wildcard
|
||||||
|
+Curl_cert_hostcheck
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
@@ -15,10 +14,10 @@ none
|
||||||
|
<features>
|
||||||
|
unittest
|
||||||
|
</features>
|
||||||
|
- <name>
|
||||||
|
-Check wildcard certificate matching function Curl_cert_hostcheck
|
||||||
|
- </name>
|
||||||
|
+<name>
|
||||||
|
+Curl_cert_hostcheck unit tests
|
||||||
|
+</name>
|
||||||
|
<tool>
|
||||||
|
unit1397
|
||||||
|
</tool>
|
||||||
|
</client>
|
||||||
|
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
|
||||||
|
index 2f3d3aa4d09e1..3ae75618d5d10 100644
|
||||||
|
--- a/tests/unit/unit1397.c
|
||||||
|
+++ b/tests/unit/unit1397.c
|
||||||
|
@@ -21,8 +21,6 @@
|
||||||
|
***************************************************************************/
|
||||||
|
#include "curlcheck.h"
|
||||||
|
|
||||||
|
-#include "hostcheck.h" /* from the lib dir */
|
||||||
|
-
|
||||||
|
static CURLcode unit_setup(void)
|
||||||
|
{
|
||||||
|
return CURLE_OK;
|
||||||
|
@@ -30,50 +28,93 @@ static CURLcode unit_setup(void)
|
||||||
|
|
||||||
|
static void unit_stop(void)
|
||||||
|
{
|
||||||
|
- /* done before shutting down and exiting */
|
||||||
|
}
|
||||||
|
|
||||||
|
-UNITTEST_START
|
||||||
|
-
|
||||||
|
/* only these backends define the tested functions */
|
||||||
|
-#if defined(USE_OPENSSL) || defined(USE_AXTLS) || defined(USE_GSKIT)
|
||||||
|
-
|
||||||
|
- /* here you start doing things and checking that the results are good */
|
||||||
|
+#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
|
||||||
|
+#include "hostcheck.h"
|
||||||
|
+struct testcase {
|
||||||
|
+ const char *host;
|
||||||
|
+ const char *pattern;
|
||||||
|
+ bool match;
|
||||||
|
+};
|
||||||
|
|
||||||
|
-fail_unless(Curl_cert_hostcheck("www.example.com", "www.example.com"),
|
||||||
|
- "good 1");
|
||||||
|
-fail_unless(Curl_cert_hostcheck("*.example.com", "www.example.com"),
|
||||||
|
- "good 2");
|
||||||
|
-fail_unless(Curl_cert_hostcheck("xxx*.example.com", "xxxwww.example.com"),
|
||||||
|
- "good 3");
|
||||||
|
-fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"),
|
||||||
|
- "good 4");
|
||||||
|
-fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"),
|
||||||
|
- "good 5");
|
||||||
|
-
|
||||||
|
-fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad 4");
|
||||||
|
-fail_if(Curl_cert_hostcheck("f*.example.com", "baa.example.com"), "bad 5");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.com", "example.com"), "bad 6");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*fail.com", "example.com"), "bad 7");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.example.", "www.example."), "bad 8");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.example.", "www.example"), "bad 9");
|
||||||
|
-fail_if(Curl_cert_hostcheck("", "www"), "bad 10");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*", "www"), "bad 11");
|
||||||
|
-fail_if(Curl_cert_hostcheck("*.168.0.0", "192.168.0.0"), "bad 12");
|
||||||
|
-fail_if(Curl_cert_hostcheck("www.example.com", "192.168.0.0"), "bad 13");
|
||||||
|
-
|
||||||
|
-#ifdef ENABLE_IPV6
|
||||||
|
-fail_if(Curl_cert_hostcheck("*::3285:a9ff:fe46:b619",
|
||||||
|
- "fe80::3285:a9ff:fe46:b619"), "bad 14");
|
||||||
|
-fail_unless(Curl_cert_hostcheck("fe80::3285:a9ff:fe46:b619",
|
||||||
|
- "fe80::3285:a9ff:fe46:b619"), "good 6");
|
||||||
|
-#endif
|
||||||
|
+static struct testcase tests[] = {
|
||||||
|
+ {"", "", FALSE},
|
||||||
|
+ {"a", "", FALSE},
|
||||||
|
+ {"", "b", FALSE},
|
||||||
|
+ {"a", "b", FALSE},
|
||||||
|
+ {"aa", "bb", FALSE},
|
||||||
|
+ {"\xff", "\xff", TRUE},
|
||||||
|
+ {"aa.aa.aa", "aa.aa.bb", FALSE},
|
||||||
|
+ {"aa.aa.aa", "aa.aa.aa", TRUE},
|
||||||
|
+ {"aa.aa.aa", "*.aa.bb", FALSE},
|
||||||
|
+ {"aa.aa.aa", "*.aa.aa", TRUE},
|
||||||
|
+ {"192.168.0.1", "192.168.0.1", TRUE},
|
||||||
|
+ {"192.168.0.1", "*.168.0.1", FALSE},
|
||||||
|
+ {"192.168.0.1", "*.0.1", FALSE},
|
||||||
|
+ {"h.ello", "*.ello", FALSE},
|
||||||
|
+ {"h.ello.", "*.ello", FALSE},
|
||||||
|
+ {"h.ello", "*.ello.", FALSE},
|
||||||
|
+ {"h.e.llo", "*.e.llo", TRUE},
|
||||||
|
+ {"h.e.llo", " *.e.llo", FALSE},
|
||||||
|
+ {" h.e.llo", "*.e.llo", TRUE},
|
||||||
|
+ {"h.e.llo.", "*.e.llo", TRUE},
|
||||||
|
+ {"*.e.llo.", "*.e.llo", TRUE},
|
||||||
|
+ {"************.e.llo.", "*.e.llo", TRUE},
|
||||||
|
+ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
||||||
|
+ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
|
||||||
|
+ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
|
||||||
|
+ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
|
||||||
|
+ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
|
||||||
|
+ ".e.llo.", "*.e.llo", TRUE},
|
||||||
|
+ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
|
||||||
|
+ {"h.e.llo.", "*.e.llo.", TRUE},
|
||||||
|
+ {"h.e.llo", "*.e.llo.", TRUE},
|
||||||
|
+ {".h.e.llo", "*.e.llo.", FALSE},
|
||||||
|
+ {"h.e.llo", "*.*.llo.", FALSE},
|
||||||
|
+ {"h.e.llo", "h.*.llo", FALSE},
|
||||||
|
+ {"h.e.llo", "h.e.*", FALSE},
|
||||||
|
+ {"hello", "*.ello", FALSE},
|
||||||
|
+ {"hello", "**llo", FALSE},
|
||||||
|
+ {"bar.foo.example.com", "*.example.com", FALSE},
|
||||||
|
+ {"foo.example.com", "*.example.com", TRUE},
|
||||||
|
+ {"baz.example.net", "b*z.example.net", FALSE},
|
||||||
|
+ {"foobaz.example.net", "*baz.example.net", FALSE},
|
||||||
|
+ {"xn--l8j.example.local", "x*.example.local", FALSE},
|
||||||
|
+ {"xn--l8j.example.net", "*.example.net", TRUE},
|
||||||
|
+ {"xn--l8j.example.net", "*j.example.net", FALSE},
|
||||||
|
+ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
|
||||||
|
+ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
|
||||||
|
+ {"xl8j.example.net", "*.example.net", TRUE},
|
||||||
|
+ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
|
||||||
|
+ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
|
||||||
|
+ {NULL, NULL, FALSE}
|
||||||
|
+};
|
||||||
|
|
||||||
|
-#endif
|
||||||
|
+UNITTEST_START
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+ for(i = 0; tests[i].host; i++) {
|
||||||
|
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
|
||||||
|
+ strlen(tests[i].pattern),
|
||||||
|
+ tests[i].host,
|
||||||
|
+ strlen(tests[i].host))) {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "HOST: %s\n"
|
||||||
|
+ "PTRN: %s\n"
|
||||||
|
+ "did %sMATCH\n",
|
||||||
|
+ tests[i].host,
|
||||||
|
+ tests[i].pattern,
|
||||||
|
+ tests[i].match ? "NOT ": "");
|
||||||
|
+ unitfail++;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+UNITTEST_STOP
|
||||||
|
+#else
|
||||||
|
|
||||||
|
- /* you end the test code like this: */
|
||||||
|
+UNITTEST_START
|
||||||
|
|
||||||
|
UNITTEST_STOP
|
||||||
|
+#endif
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.1
|
Version: 7.61.1
|
||||||
Release: 30%{?dist}.2
|
Release: 30%{?dist}.3
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -142,6 +142,15 @@ Patch48: 0048-curl-7.61.1-CVE-2023-27535.patch
|
|||||||
# sftp: do not specify O_APPEND when not in append mode (#2187717)
|
# sftp: do not specify O_APPEND when not in append mode (#2187717)
|
||||||
Patch50: 0050-curl-7.61.1-sftp-upload-flags.patch
|
Patch50: 0050-curl-7.61.1-sftp-upload-flags.patch
|
||||||
|
|
||||||
|
# fix GSS delegation too eager connection re-use
|
||||||
|
Patch51: 0051-curl-7.61.1-CVE-2023-27536.patch
|
||||||
|
|
||||||
|
# rebuild certs with 2048-bit RSA keys
|
||||||
|
Patch52: 0052-curl-7.61.1-rebuilt-certs.patch
|
||||||
|
|
||||||
|
# fix host name wildcard checking
|
||||||
|
Patch53: 0053-curl-7.61.1-CVE-2023-28321.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -364,6 +373,9 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
|||||||
%patch47 -p1
|
%patch47 -p1
|
||||||
%patch48 -p1
|
%patch48 -p1
|
||||||
%patch50 -p1
|
%patch50 -p1
|
||||||
|
%patch51 -p1
|
||||||
|
git apply %{PATCH52}
|
||||||
|
%patch53 -p1
|
||||||
|
|
||||||
# make tests/*.py use Python 3
|
# make tests/*.py use Python 3
|
||||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||||
@ -526,6 +538,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 13 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-30.el8_8.3
|
||||||
|
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||||
|
- rebuild certs with 2048-bit RSA keys
|
||||||
|
- fix host name wildcard checking (CVE-2023-28321)
|
||||||
|
|
||||||
* Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.2
|
* Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.2
|
||||||
- sftp: do not specify O_APPEND when not in append mode (#2187717)
|
- sftp: do not specify O_APPEND when not in append mode (#2187717)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user