diff --git a/0001-curl-7.61.0-pkcs11.patch b/0001-curl-7.61.0-pkcs11.patch deleted file mode 100644 index d92b3e9..0000000 --- a/0001-curl-7.61.0-pkcs11.patch +++ /dev/null @@ -1,272 +0,0 @@ -From a9a65ae9f6516faf042b36eca2450db7d34bff47 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Mon, 19 Feb 2018 14:31:06 +0100 -Subject: [PATCH 1/2] ssl: set engine implicitly when a PKCS#11 URI is provided - -This allows the use of PKCS#11 URI for certificates and keys without -setting the corresponding type as "ENG" and the engine as "pkcs11" -explicitly. If a PKCS#11 URI is provided for certificate, key, -proxy_certificate or proxy_key, the corresponding type is set as "ENG" -if not provided and the engine is set to "pkcs11" if not provided. - -Acked-by: Nikos Mavrogiannopoulos -Closes #2333 - -Upstream-commit: 298d2565e2a2f06a859b7f5a1cc24ba7c87a8ce2 -Signed-off-by: Kamil Dudka ---- - docs/cmdline-opts/cert.d | 7 ++++++ - docs/cmdline-opts/key.d | 7 ++++++ - lib/vtls/openssl.c | 38 ++++++++++++++++++++++++++++ - src/tool_getparam.c | 2 +- - src/tool_operate.c | 53 ++++++++++++++++++++++++++++++++++++++++ - tests/unit/unit1394.c | 3 +++ - 6 files changed, 109 insertions(+), 1 deletion(-) - -diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d -index adf62fc..510b833 100644 ---- a/docs/cmdline-opts/cert.d -+++ b/docs/cmdline-opts/cert.d -@@ -23,6 +23,13 @@ nickname contains ":", it needs to be preceded by "\\" so that it is not - recognized as password delimiter. If the nickname contains "\\", it needs to - be escaped as "\\\\" so that it is not recognized as an escape character. - -+If curl is built against OpenSSL library, and the engine pkcs11 is available, -+then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in -+a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -+as "pkcs11" if none was provided and the --cert-type option will be set as -+"ENG" if none was provided. -+ - (iOS and macOS only) If curl is built against Secure Transport, then the - certificate string can either be the name of a certificate/private key in the - system or user keychain, or the path to a PKCS#12-encoded certificate and -diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d -index fbf583a..4877b42 100644 ---- a/docs/cmdline-opts/key.d -+++ b/docs/cmdline-opts/key.d -@@ -7,4 +7,11 @@ Private key file name. Allows you to provide your private key in this separate - file. For SSH, if not specified, curl tries the following candidates in order: - '~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. - -+If curl is built against OpenSSL library, and the engine pkcs11 is available, -+then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a -+PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -+as "pkcs11" if none was provided and the --key-type option will be set as -+"ENG" if none was provided. -+ - If this option is used several times, the last one will be used. -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 0b1929b..bc46eca 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -558,8 +558,25 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis) - } - return (UI_method_get_writer(UI_OpenSSL()))(ui, uis); - } -+ -+/* -+ * Check if a given string is a PKCS#11 URI -+ */ -+static bool is_pkcs11_uri(const char *string) -+{ -+ if(strncasecompare(string, "pkcs11:", 7)) { -+ return TRUE; -+ } -+ else { -+ return FALSE; -+ } -+} -+ - #endif - -+static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, -+ const char *engine); -+ - static - int cert_stuff(struct connectdata *conn, - SSL_CTX* ctx, -@@ -622,6 +639,16 @@ int cert_stuff(struct connectdata *conn, - case SSL_FILETYPE_ENGINE: - #if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) - { -+ /* Implicitly use pkcs11 engine if none was provided and the -+ * cert_file is a PKCS#11 URI */ -+ if(!data->state.engine) { -+ if(is_pkcs11_uri(cert_file)) { -+ if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) { -+ return 0; -+ } -+ } -+ } -+ - if(data->state.engine) { - const char *cmd_name = "LOAD_CERT_CTRL"; - struct { -@@ -798,6 +825,17 @@ int cert_stuff(struct connectdata *conn, - #ifdef USE_OPENSSL_ENGINE - { /* XXXX still needs some work */ - EVP_PKEY *priv_key = NULL; -+ -+ /* Implicitly use pkcs11 engine if none was provided and the -+ * key_file is a PKCS#11 URI */ -+ if(!data->state.engine) { -+ if(is_pkcs11_uri(key_file)) { -+ if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) { -+ return 0; -+ } -+ } -+ } -+ - if(data->state.engine) { - UI_METHOD *ui_method = - UI_create_method((char *)"curl user interface"); -diff --git a/src/tool_getparam.c b/src/tool_getparam.c -index cc3fcf3..a7bb7f9 100644 ---- a/src/tool_getparam.c -+++ b/src/tool_getparam.c -@@ -342,7 +342,7 @@ void parse_cert_parameter(const char *cert_parameter, - * looks like a RFC7512 PKCS#11 URI which can be used as-is. - * Also if cert_parameter contains no colon nor backslash, this - * means no passphrase was given and no characters escaped */ -- if(!strncmp(cert_parameter, "pkcs11:", 7) || -+ if(curl_strnequal(cert_parameter, "pkcs11:", 7) || - !strpbrk(cert_parameter, ":\\")) { - *certname = strdup(cert_parameter); - return; -diff --git a/src/tool_operate.c b/src/tool_operate.c -index 26fc251..25d450c 100644 ---- a/src/tool_operate.c -+++ b/src/tool_operate.c -@@ -113,6 +113,19 @@ static bool is_fatal_error(CURLcode code) - return FALSE; - } - -+/* -+ * Check if a given string is a PKCS#11 URI -+ */ -+static bool is_pkcs11_uri(const char *string) -+{ -+ if(curl_strnequal(string, "pkcs11:", 7)) { -+ return TRUE; -+ } -+ else { -+ return FALSE; -+ } -+} -+ - #ifdef __VMS - /* - * get_vms_file_size does what it takes to get the real size of the file -@@ -1073,6 +1086,46 @@ static CURLcode operate_do(struct GlobalConfig *global, - my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY, config->pinnedpubkey); - - if(curlinfo->features & CURL_VERSION_SSL) { -+ /* Check if config->cert is a PKCS#11 URI and set the -+ * config->cert_type if necessary */ -+ if(config->cert) { -+ if(!config->cert_type) { -+ if(is_pkcs11_uri(config->cert)) { -+ config->cert_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->key is a PKCS#11 URI and set the -+ * config->key_type if necessary */ -+ if(config->key) { -+ if(!config->key_type) { -+ if(is_pkcs11_uri(config->key)) { -+ config->key_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->proxy_cert is a PKCS#11 URI and set the -+ * config->proxy_type if necessary */ -+ if(config->proxy_cert) { -+ if(!config->proxy_cert_type) { -+ if(is_pkcs11_uri(config->proxy_cert)) { -+ config->proxy_cert_type = strdup("ENG"); -+ } -+ } -+ } -+ -+ /* Check if config->proxy_key is a PKCS#11 URI and set the -+ * config->proxy_key_type if necessary */ -+ if(config->proxy_key) { -+ if(!config->proxy_key_type) { -+ if(is_pkcs11_uri(config->proxy_key)) { -+ config->proxy_key_type = strdup("ENG"); -+ } -+ } -+ } -+ - my_setopt_str(curl, CURLOPT_SSLCERT, config->cert); - my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert); - my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type); -diff --git a/tests/unit/unit1394.c b/tests/unit/unit1394.c -index 667991d..010f052 100644 ---- a/tests/unit/unit1394.c -+++ b/tests/unit/unit1394.c -@@ -56,6 +56,9 @@ UNITTEST_START - "foo:bar\\\\", "foo", "bar\\\\", - "foo:bar:", "foo", "bar:", - "foo\\::bar\\:", "foo:", "bar\\:", -+ "pkcs11:foobar", "pkcs11:foobar", NULL, -+ "PKCS11:foobar", "PKCS11:foobar", NULL, -+ "PkCs11:foobar", "PkCs11:foobar", NULL, - #ifdef WIN32 - "c:\\foo:bar:baz", "c:\\foo", "bar:baz", - "c:\\foo\\:bar:baz", "c:\\foo:bar", "baz", --- -2.17.1 - - -From 2be42ac65f4c345ed3ddc97917c8ef54e13fcbfd Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Thu, 9 Aug 2018 15:34:22 +0200 -Subject: [PATCH 2/2] docs: add files needed to regenerate curl.1 man page - -Bug: https://github.com/curl/curl/pull/2856 ---- - docs/cmdline-opts/disallow-username-in-url.d | 7 +++++++ - docs/cmdline-opts/haproxy-protocol.d | 11 +++++++++++ - 2 files changed, 18 insertions(+) - create mode 100644 docs/cmdline-opts/disallow-username-in-url.d - create mode 100644 docs/cmdline-opts/haproxy-protocol.d - -diff --git a/docs/cmdline-opts/disallow-username-in-url.d b/docs/cmdline-opts/disallow-username-in-url.d -new file mode 100644 -index 0000000..a7f46ea ---- /dev/null -+++ b/docs/cmdline-opts/disallow-username-in-url.d -@@ -0,0 +1,7 @@ -+Long: disallow-username-in-url -+Help: Disallow username in url -+Protocols: HTTP -+Added: 7.61.0 -+See-also: proto -+--- -+This tells curl to exit if passed a url containing a username. -diff --git a/docs/cmdline-opts/haproxy-protocol.d b/docs/cmdline-opts/haproxy-protocol.d -new file mode 100644 -index 0000000..cc41c9c ---- /dev/null -+++ b/docs/cmdline-opts/haproxy-protocol.d -@@ -0,0 +1,11 @@ -+Long: haproxy-protocol -+Help: Send HAProxy PROXY protocol v1 header -+Protocols: HTTP -+Added: 7.60.0 -+--- -+Send a HAProxy PROXY protocol v1 header at the beginning of the connection. This -+is used by some load balancers and reverse proxies to indicate the client's -+true IP address and port. -+ -+This option is primarily useful when sending test requests to a service that -+expects this header. --- -2.17.1 - diff --git a/0002-curl-7.61.0-libssh.patch b/0002-curl-7.61.0-libssh.patch deleted file mode 100644 index 75966b4..0000000 --- a/0002-curl-7.61.0-libssh.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 155d4ffb7d40daf2afa0102f91f810675220ab6e Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 14 Aug 2018 13:14:49 +0200 -Subject: [PATCH] ssh-libssh: reduce excessive verbose output about pubkey auth - -The verbose message "Authentication using SSH public key file" was -printed each time the ssh_userauth_publickey_auto() was called, which -meant each time a packet was transferred over network because the API -operates in non-blocking mode. - -This patch makes sure that the verbose message is printed just once -(when the authentication state is entered by the SSH state machine). - -Upstream-commit: 1e843a31a49484aeddf8f358e71392205f5fd6b1 -Signed-off-by: Kamil Dudka ---- - lib/ssh-libssh.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c -index cecf477ac..f40f074b9 100644 ---- a/lib/ssh-libssh.c -+++ b/lib/ssh-libssh.c -@@ -618,6 +618,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); - if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { - state(conn, SSH_AUTH_PKEY_INIT); -+ infof(data, "Authentication using SSH public key file\n"); - } - else if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) { - state(conn, SSH_AUTH_GSSAPI); -@@ -670,8 +671,6 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - - } - else { -- infof(data, "Authentication using SSH public key file\n"); -- - rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL, - data->set.ssl.key_passwd); - if(rc == SSH_AUTH_AGAIN) { --- -2.17.1 - -From 4b445519694ab620bd6376066844a7076e8ce4ab Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Tue, 14 Aug 2018 12:47:18 +0200 -Subject: [PATCH] ssh-libssh: fix infinite connect loop on invalid private key - -Added test 656 (based on test 604) to verify the fix. - -Bug: https://bugzilla.redhat.com/1595135 - -Closes #2879 - -Upstream-commit: a4c7911a48dadb4f68ba6b38bb1bf3f061b747f6 -Signed-off-by: Kamil Dudka ---- - lib/ssh-libssh.c | 1 + - tests/data/Makefile.inc | 2 +- - tests/data/test656 | 33 +++++++++++++++++++++++++++++++++ - 3 files changed, 35 insertions(+), 1 deletion(-) - create mode 100644 tests/data/test656 - -diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c -index f40f074b9..12d618cfe 100644 ---- a/lib/ssh-libssh.c -+++ b/lib/ssh-libssh.c -@@ -663,6 +663,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block) - if(rc != SSH_OK) { - failf(data, "Could not load private key file %s", - data->set.str[STRING_SSH_PRIVATE_KEY]); -+ MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); - break; - } - -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 20274b37c..518a5a543 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -83,7 +83,7 @@ test617 test618 test619 test620 test621 test622 test623 test624 test625 \ - test626 test627 test628 test629 test630 test631 test632 test633 test634 \ - test635 test636 test637 test638 test639 test640 test641 test642 \ - test643 test644 test645 test646 test647 test648 test649 test650 test651 \ --test652 test653 test654 test655 \ -+test652 test653 test654 test655 test656 \ - \ - test700 test701 test702 test703 test704 test705 test706 test707 test708 \ - test709 test710 test711 test712 test713 test714 test715 \ -diff --git a/tests/data/test656 b/tests/data/test656 -new file mode 100644 -index 000000000..4107d3d17 ---- /dev/null -+++ b/tests/data/test656 -@@ -0,0 +1,33 @@ -+ -+ -+ -+SFTP -+FAILURE -+ -+ -+ -+# -+# Client-side -+ -+ -+sftp -+ -+ -+SFTP retrieval with nonexistent private key file -+ -+ -+--key DOES_NOT_EXIST --pubkey curl_client_key.pub -u %USER: sftp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure --connect-timeout 8 -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+disable -+ -+ -+67 -+ -+ -+ --- -2.17.1 - diff --git a/0003-curl-7.61.0-tls13-ciphers.patch b/0003-curl-7.61.0-tls13-ciphers.patch deleted file mode 100644 index a55ca64..0000000 --- a/0003-curl-7.61.0-tls13-ciphers.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 426b00d0587797d79806f9682b058d5c90a0ab79 Mon Sep 17 00:00:00 2001 -From: Jay Satiro -Date: Fri, 31 Aug 2018 19:46:29 -0400 -Subject: [PATCH 1/2] openssl: Fix setting TLS 1.3 cipher suites - -The flag indicating TLS 1.3 cipher support in the OpenSSL backend was -missing. - -Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187 -Reported-by: Kamil Dudka - -Closes #2926 - -Upstream-commit: 978574b502294ae06eb97d4f590b54ed5d24cd7f -Signed-off-by: Kamil Dudka ---- - lib/vtls/openssl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index bc46eca..fad4287 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -3804,6 +3804,9 @@ const struct Curl_ssl Curl_ssl_openssl = { - SSLSUPP_CERTINFO | - SSLSUPP_PINNEDPUBKEY | - SSLSUPP_SSL_CTX | -+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES -+ SSLSUPP_TLS13_CIPHERSUITES | -+#endif - SSLSUPP_HTTPS_PROXY, - - sizeof(struct ssl_backend_data), --- -2.17.1 - - -From 081afa4e2eb5e853833bd87ca43f48ab550fe657 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 3 Sep 2018 13:04:00 +0200 -Subject: [PATCH 2/2] url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work - -This is a follow-up to PR #2607 and PR #2926. - -Closes #2936 - -Upstream-commit: 52c13d6328ff56b2d2e8313e88cfdfc78acda365 -Signed-off-by: Kamil Dudka ---- - lib/url.c | 4 ++++ - lib/vtls/vtls.c | 5 ++++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index 27b2c1e..46898c4 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4356,6 +4356,10 @@ static CURLcode create_conn(struct Curl_easy *data, - data->set.str[STRING_SSL_CIPHER_LIST_ORIG]; - data->set.proxy_ssl.primary.cipher_list = - data->set.str[STRING_SSL_CIPHER_LIST_PROXY]; -+ data->set.ssl.primary.cipher_list13 = -+ data->set.str[STRING_SSL_CIPHER13_LIST_ORIG]; -+ data->set.proxy_ssl.primary.cipher_list13 = -+ data->set.str[STRING_SSL_CIPHER13_LIST_PROXY]; - - data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG]; - data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index bf96518..b61c640 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -96,7 +96,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data, - Curl_safe_strcasecompare(data->clientcert, needle->clientcert) && - Curl_safe_strcasecompare(data->random_file, needle->random_file) && - Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && -- Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list)) -+ Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && -+ Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13)) - return TRUE; - - return FALSE; -@@ -119,6 +120,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, - CLONE_STRING(random_file); - CLONE_STRING(egdsocket); - CLONE_STRING(cipher_list); -+ CLONE_STRING(cipher_list13); - - return TRUE; - } -@@ -131,6 +133,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc) - Curl_safefree(sslc->random_file); - Curl_safefree(sslc->egdsocket); - Curl_safefree(sslc->cipher_list); -+ Curl_safefree(sslc->cipher_list13); - } - - #ifdef USE_SSL --- -2.17.1 - diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch index 5fb54b6..bbb253f 100644 --- a/0102-curl-7.36.0-debug.patch +++ b/0102-curl-7.36.0-debug.patch @@ -12,7 +12,7 @@ diff --git a/configure b/configure index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -16409,18 +16409,11 @@ $as_echo "yes" >&6; } +@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/0103-curl-7.59.0-python3.patch b/0103-curl-7.59.0-python3.patch index dd10986..f66b6c0 100644 --- a/0103-curl-7.59.0-python3.patch +++ b/0103-curl-7.59.0-python3.patch @@ -32,7 +32,7 @@ diff --git a/tests/runtests.pl b/tests/runtests.pl index d6aa5ca..4d395ef 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl -@@ -1438,7 +1438,7 @@ sub runhttpserver { +@@ -1439,7 +1439,7 @@ sub runhttpserver { elsif($alt eq "pipe") { # basically the same, but another ID $idnum = 3; diff --git a/curl-7.61.0.tar.xz.asc b/curl-7.61.0.tar.xz.asc deleted file mode 100644 index 024ef39..0000000 --- a/curl-7.61.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAltFnUIACgkQXMkI/bce -EsJSSggAo2pO9DacErY/wVqYm2KA76s8HDMyGkvb7HXPWe3w1Nj6nwCY8Knbp2C6 -s6LZ73gqKfe3K+kFsFE6bFy9l2MKNs64cBG19dNUGcoYek6zt1BBXC6LT8/eOWc4 -l6HKift+CBh6ErtInB2CzmoG7dvNoZA00sERJbj9w+QZK4CTBZPWjz9BRHo7V31q -VnciTRgJ39HjL0kupdDIZgpCL741aWlkbOZu5wsRfe7nxWeiCdyOVluXluDi9t2i -s1mTPMpkMWDIEh723QL5jOlct9/hTLXAS2yZeR6qJafcicyIboXh0ZwGQGonHADi -aBs922AWx3v8x18thsCMQZwJSHiYEw== -=7p0n ------END PGP SIGNATURE----- diff --git a/curl-7.61.1.tar.xz.asc b/curl-7.61.1.tar.xz.asc new file mode 100644 index 0000000..6a1e664 --- /dev/null +++ b/curl-7.61.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAluPblgACgkQXMkI/bce +EsJynAgArST/gB9eVYIQTTAdXxCOSnArBK/Ne/UNW83QIgOawj0HvEpj9+1SNfTi +EwC5YSwymyMuKGTDLNswTnJ0MripRKylekfu1QGGzmIOkqovTiHz60xiFuWYI3vy +fYuAAse5MJz64GCVFwOM4me8SgEjtb/hIbhiCLqilOyXnqtocDm4FPCMAYQ1mTFy +RJBbwgDLwtktfBDCQyMXTeETGuk3bTrtvSwRv8+Rq8qehOt5s58Fqeztv8EVNi+B +Qzsi5NXMulgl3C0P3dN/cC81+OL75ehuE91AFXUmbNOnlYNTOxHR2dioaXaEyhKb +51KLH2D0G75wlfMbgMhX/rguuXT2rg== +=vM6i +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index dbd4d40..d4edfd9 100644 --- a/curl.spec +++ b/curl.spec @@ -1,19 +1,10 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.61.0 -Release: 8%{?dist} +Version: 7.61.1 +Release: 1%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz -# ssl: set engine implicitly when a PKCS#11 URI is provided (#1219544) -Patch1: 0001-curl-7.61.0-pkcs11.patch - -# scp/sftp: fix infinite connect loop on invalid private key (#1595135) -Patch2: 0002-curl-7.61.0-libssh.patch - -# make the --tls13-ciphers option work -Patch3: 0003-curl-7.61.0-tls13-ciphers.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -167,9 +158,6 @@ be installed. %setup -q # upstream patches -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 # Fedora patches %patch101 -p1 @@ -337,6 +325,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 05 2018 Kamil Dudka - 7.61.1-1 +- new upstream release, which fixes the following vulnerability + CVE-2018-14618 - NTLM password overflow via integer overflow + * Tue Sep 04 2018 Kamil Dudka - 7.61.0-8 - make the --tls13-ciphers option work diff --git a/sources b/sources index 4248e66..717a22e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (curl-7.61.0.tar.xz) = 1b450bbd794460fea12374a49739a49a43c3651038dc092c277769bab09a62627f8eedfa94b5c1610503bf20eeaf60643a1e32fdcf1bcf8d4085090c4a598b13 +SHA512 (curl-7.61.1.tar.xz) = e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a