From 11b552f8cf5396669b011a5c7e73065138a930a8 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 23 Jun 2011 15:27:47 +0200 Subject: [PATCH] new upstream release - 7.21.7 (fixes CVE-2011-2192) --- .gitignore | 1 + 0001-curl-7.21.6-f551aa5.patch | 29 -------------------- 0102-curl-7.21.2-debug.patch | 4 +-- 0105-curl-7.21.3-disable-test1112.patch | 36 ++++++++++++------------- curl-7.21.5.tar.lzma.asc | 7 ----- curl-7.21.7.tar.lzma.asc | 7 +++++ curl.spec | 13 ++++----- sources | 2 +- 8 files changed, 34 insertions(+), 65 deletions(-) delete mode 100644 0001-curl-7.21.6-f551aa5.patch delete mode 100644 curl-7.21.5.tar.lzma.asc create mode 100644 curl-7.21.7.tar.lzma.asc diff --git a/.gitignore b/.gitignore index a4496df..b67450b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /curl-7.21.6.tar.lzma +/curl-7.21.7.tar.lzma diff --git a/0001-curl-7.21.6-f551aa5.patch b/0001-curl-7.21.6-f551aa5.patch deleted file mode 100644 index c00e5f5..0000000 --- a/0001-curl-7.21.6-f551aa5.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ef22ddf278431ab39924ac468ab4b31ee6e5af95 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 7 Jun 2011 15:57:13 +0200 -Subject: [PATCH] disconnect: wipe out the keeps_speed time stamp - -When closing a connection, the speedchecker's timestamp is now deleted -so that it cannot accidentally be used by a fresh connection on the same -handle when examining the transfer speed. - -Bug: https://bugzilla.redhat.com/679709 ---- - lib/url.c | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 3bc8db0..9f8c2c4 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -2671,6 +2671,7 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection) - - conn_free(conn); - data->state.current_conn = NULL; -+ Curl_speedinit(data); - - return CURLE_OK; - } --- -1.7.4.4 - diff --git a/0102-curl-7.21.2-debug.patch b/0102-curl-7.21.2-debug.patch index e6e58c6..0c1fdc1 100644 --- a/0102-curl-7.21.2-debug.patch +++ b/0102-curl-7.21.2-debug.patch @@ -6,7 +6,7 @@ diff --git a/configure b/configure index d3ecf69..6d8f085 100755 --- a/configure +++ b/configure -@@ -15001,18 +15001,11 @@ $as_echo "yes" >&6; } +@@ -15006,18 +15006,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` @@ -33,7 +33,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 index 1ea4d17..868d65a 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 -@@ -146,18 +146,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ +@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/0105-curl-7.21.3-disable-test1112.patch b/0105-curl-7.21.3-disable-test1112.patch index 8da7226..d1c0292 100644 --- a/0105-curl-7.21.3-disable-test1112.patch +++ b/0105-curl-7.21.3-disable-test1112.patch @@ -6,25 +6,25 @@ diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 9370974..b553f54 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am -@@ -65,7 +65,7 @@ EXTRA_DIST = test1 test108 test117 test1 - test561 test1098 test1099 test562 test563 test1100 test564 test1101 \ - test1102 test1103 test1104 test299 test310 test311 test312 test1105 \ - test565 test800 test1106 test801 test566 test802 test803 test1107 \ -- test1108 test1109 test1110 test1111 test1112 test129 test567 test568 \ -+ test1108 test1109 test1110 test1111 test129 test567 test568 \ - test569 test570 test571 test572 test804 test805 test806 test807 test573 \ - test313 test1115 test578 test579 test1116 test1200 test1201 test1202 \ - test1203 test1117 test1118 test1119 test1120 test1300 test1301 test1302 \ +@@ -69,7 +69,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ + test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ + test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ + test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ +-test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \ ++test1110 test1111 test1113 test1114 test1115 test1116 test1117 \ + test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \ + test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300 \ + test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 \ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in index 435b126..1d71c4e 100644 --- a/tests/data/Makefile.in +++ b/tests/data/Makefile.in -@@ -308,7 +308,7 @@ EXTRA_DIST = test1 test108 test117 test1 - test561 test1098 test1099 test562 test563 test1100 test564 test1101 \ - test1102 test1103 test1104 test299 test310 test311 test312 test1105 \ - test565 test800 test1106 test801 test566 test802 test803 test1107 \ -- test1108 test1109 test1110 test1111 test1112 test129 test567 test568 \ -+ test1108 test1109 test1110 test1111 test129 test567 test568 \ - test569 test570 test571 test572 test804 test805 test806 test807 test573 \ - test313 test1115 test578 test579 test1116 test1200 test1201 test1202 \ - test1203 test1117 test1118 test1119 test1120 test1300 test1301 test1302 \ +@@ -317,7 +317,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ + test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ + test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ + test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ +-test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \ ++test1110 test1111 test1113 test1114 test1115 test1116 test1117 \ + test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \ + test1126 test1127 test1128 test1200 test1201 test1202 test1203 test1300 \ + test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 \ diff --git a/curl-7.21.5.tar.lzma.asc b/curl-7.21.5.tar.lzma.asc deleted file mode 100644 index ff85e5e..0000000 --- a/curl-7.21.5.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAk2rWlwACgkQeOEcayedXJGj9QCgwoc5sTOksar5Kp6ubovsI7Rg -/hwAnRgipolUHWrR4J0QhxDX3FzuAib3 -=AjpZ ------END PGP SIGNATURE----- diff --git a/curl-7.21.7.tar.lzma.asc b/curl-7.21.7.tar.lzma.asc new file mode 100644 index 0000000..eaa2a04 --- /dev/null +++ b/curl-7.21.7.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAk4C+RkACgkQeOEcayedXJE+zgCgpoA3RZSH/V7Pt2r+V4vw6XzE +l4gAoI6vUkMdpsA0HZb3qVU7xj+UeZAC +=XD6y +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 4203c74..031deda 100644 --- a/curl.spec +++ b/curl.spec @@ -1,16 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.21.6 -Release: 2%{?dist} +Version: 7.21.7 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Source3: hide_selinux.c -# avoid an invalid timeout event on a reused handle (#679709) -Patch1: 0001-curl-7.21.6-f551aa5.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.21.1-multilib.patch @@ -109,9 +106,6 @@ for f in CHANGES README; do mv -f ${f}.utf8 ${f} done -# upstream patches (already applied) -%patch1 -p1 - # Fedora patches %patch101 -p1 %patch102 -p1 @@ -224,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Thu Jun 23 2011 Kamil Dudka 7.21.7-1 +- new upstream release (fixes CVE-2011-2192) + * Wed Jun 08 2011 Kamil Dudka 7.21.6-2 - avoid an invalid timeout event on a reused handle (#679709) diff --git a/sources b/sources index b1c6b62..5366a1d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c90b24164c0662f2c16777d40a625557 curl-7.21.6.tar.lzma +5dbcbabe8fd577763106c4f655e31b66 curl-7.21.7.tar.lzma