new upstream release - 7.21.7 (fixes CVE-2011-2192)

2011-06-23 15:27:47 +02:00 · 2011-06-23 15:27:47 +02:00 · 11b552f8cf
commit 11b552f8cf
parent a80b6c3aa4
8 changed files with 34 additions and 65 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /curl-7.21.6.tar.lzma
+/curl-7.21.7.tar.lzma
--- a/0001-curl-7.21.6-f551aa5.patch
+++ b/0001-curl-7.21.6-f551aa5.patch
@ -1,29 +0,0 @@
-From ef22ddf278431ab39924ac468ab4b31ee6e5af95 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 7 Jun 2011 15:57:13 +0200
-Subject: [PATCH] disconnect: wipe out the keeps_speed time stamp
-
-When closing a connection, the speedchecker's timestamp is now deleted
-so that it cannot accidentally be used by a fresh connection on the same
-handle when examining the transfer speed.
-
-Bug: https://bugzilla.redhat.com/679709
---
- lib/url.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/lib/url.c b/lib/url.c
-index 3bc8db0..9f8c2c4 100644
--- a/lib/url.c
-+++ b/lib/url.c
-@@ -2671,6 +2671,7 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
- 
-   conn_free(conn);
-   data->state.current_conn = NULL;
-+  Curl_speedinit(data);
- 
-   return CURLE_OK;
- }
-- 
-1.7.4.4
-
--- a/0102-curl-7.21.2-debug.patch
+++ b/0102-curl-7.21.2-debug.patch
@ -6,7 +6,7 @@ diff --git a/configure b/configure
 index d3ecf69..6d8f085 100755
 --- a/configure
 +++ b/configure
-@@ -15001,18 +15001,11 @@ $as_echo "yes" >&6; }
+@@ -15006,18 +15006,11 @@ $as_echo "yes" >&6; }
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -33,7 +33,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
 index 1ea4d17..868d65a 100644
 --- a/m4/curl-compilers.m4
 +++ b/m4/curl-compilers.m4
-@@ -146,18 +146,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
+@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
--- a/0105-curl-7.21.3-disable-test1112.patch
+++ b/0105-curl-7.21.3-disable-test1112.patch
@ -6,25 +6,25 @@ diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
 index 9370974..b553f54 100644
 --- a/tests/data/Makefile.am
 +++ b/tests/data/Makefile.am
-@@ -65,7 +65,7 @@ EXTRA_DIST = test1 test108 test117 test1
-  test561 test1098 test1099 test562 test563 test1100 test564 test1101	   \
-  test1102 test1103 test1104 test299 test310 test311 test312 test1105	   \
-  test565 test800 test1106 test801 test566 test802 test803 test1107	   \
- test1108 test1109 test1110 test1111 test1112 test129 test567 test568	   \
-+ test1108 test1109 test1110 test1111 test129 test567 test568	   \
-  test569 test570 test571 test572 test804 test805 test806 test807 test573   \
-  test313 test1115 test578 test579 test1116 test1200 test1201 test1202	   \
-  test1203 test1117 test1118 test1119 test1120 test1300 test1301 test1302 \
+@@ -69,7 +69,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
+ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093	\
+ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101	\
+ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109	\
+-test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117	\
+test1110 test1111          test1113 test1114 test1115 test1116 test1117	\
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300	\
+ test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308	\
 diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
 index 435b126..1d71c4e 100644
 --- a/tests/data/Makefile.in
 +++ b/tests/data/Makefile.in
-@@ -308,7 +308,7 @@ EXTRA_DIST = test1 test108 test117 test1
-  test561 test1098 test1099 test562 test563 test1100 test564 test1101	   \
-  test1102 test1103 test1104 test299 test310 test311 test312 test1105	   \
-  test565 test800 test1106 test801 test566 test802 test803 test1107	   \
- test1108 test1109 test1110 test1111 test1112 test129 test567 test568	   \
-+ test1108 test1109 test1110 test1111 test129 test567 test568	   \
-  test569 test570 test571 test572 test804 test805 test806 test807 test573   \
-  test313 test1115 test578 test579 test1116 test1200 test1201 test1202	   \
-  test1203 test1117 test1118 test1119 test1120 test1300 test1301 test1302 \
+@@ -317,7 +317,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
+ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093	\
+ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101	\
+ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109	\
+-test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117	\
+test1110 test1111          test1113 test1114 test1115 test1116 test1117	\
+ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300	\
+ test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308	\
--- a/curl-7.21.5.tar.lzma.asc
+++ b/curl-7.21.5.tar.lzma.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAk2rWlwACgkQeOEcayedXJGj9QCgwoc5sTOksar5Kp6ubovsI7Rg
-/hwAnRgipolUHWrR4J0QhxDX3FzuAib3
-=AjpZ
-----END PGP SIGNATURE-----
--- a/curl-7.21.7.tar.lzma.asc
+++ b/curl-7.21.7.tar.lzma.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAk4C+RkACgkQeOEcayedXJE+zgCgpoA3RZSH/V7Pt2r+V4vw6XzE
+l4gAoI6vUkMdpsA0HZb3qVU7xj+UeZAC
+=XD6y
+-----END PGP SIGNATURE-----
--- a/curl.spec
+++ b/curl.spec
@ -1,16 +1,13 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.21.6
-Release: 2%{?dist}
+Version: 7.21.7
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Source3: hide_selinux.c

-# avoid an invalid timeout event on a reused handle (#679709)
-Patch1: 0001-curl-7.21.6-f551aa5.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch

@ -109,9 +106,6 @@ for f in CHANGES README; do
    mv -f ${f}.utf8 ${f}
 done

-# upstream patches (already applied)
-%patch1 -p1
-
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
@ -224,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.21.7-1
+- new upstream release (fixes CVE-2011-2192)
+
 * Wed Jun 08 2011 Kamil Dudka <kdudka@redhat.com> 7.21.6-2
 - avoid an invalid timeout event on a reused handle (#679709)

--- a/2
+++ b/2
@ -1 +1 @@
-c90b24164c0662f2c16777d40a625557  curl-7.21.6.tar.lzma
+5dbcbabe8fd577763106c4f655e31b66  curl-7.21.7.tar.lzma