new upstream release - 7.55.0
Resolves: CVE-2017-1000099 - FILE buffer read out of bounds Resolves: CVE-2017-1000100 - TFTP sends more than buffer size Resolves: CVE-2017-1000101 - URL globbing out of bounds read
This commit is contained in:
parent
0aa4c628e2
commit
46042daf78
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
/curl-[0-9.]*.tar.lzma
|
/curl-[0-9.]*.tar.lzma
|
||||||
|
/curl-[0-9.]*.tar.xz
|
||||||
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
|||||||
index 8f079a3..53b4774 100755
|
index 8f079a3..53b4774 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -17044,18 +17044,11 @@ $as_echo "yes" >&6; }
|
@@ -17079,18 +17079,11 @@ $as_echo "yes" >&6; }
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
|||||||
index 0cbba7a..9175b5b 100644
|
index 0cbba7a..9175b5b 100644
|
||||||
--- a/m4/curl-compilers.m4
|
--- a/m4/curl-compilers.m4
|
||||||
+++ b/m4/curl-compilers.m4
|
+++ b/m4/curl-compilers.m4
|
||||||
@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAllA1CcACgkQXMkI/bce
|
|
||||||
EsIvtQf8CSC7sFHaJzQY0JqrGQwbtO6DT5OShv1lEHlzg/2KC8/yp94n/U9eBkdt
|
|
||||||
7/EPnFJ6hY+CVCMSv+LvpEyNTbkqBjwtshlDQTgDiPkSt265Z3qxayITN8fdDZnJ
|
|
||||||
ylnDb9c1InprXuqLlhbtWILC25ZcC39dQFWIJcsmfd3ylml4VK7Z9tEhEN8W71MR
|
|
||||||
OaQyqSu9jjO5nTof7dVu2aAhG50EoqjuCKUuYfWIJcEM2Lo4RDnicZNrZaOyxuu2
|
|
||||||
EKeE9lmnNejgUzPN1WZ2ySocDdZzdA5CTjAbaRwAXBT840OZSUEqktrR4C2ECrTq
|
|
||||||
rbhBlEwUKuPNvGpkGymaHf6vQFAqGQ==
|
|
||||||
=gmuC
|
|
||||||
-----END PGP SIGNATURE-----
|
|
11
curl-7.55.0.tar.xz.asc
Normal file
11
curl-7.55.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlmKoywACgkQXMkI/bce
|
||||||
|
EsJGywgAtxvIgaAeeyGK2LRZnNoY/UQyiPixlSc+3ziOtEGniCOxHvDJ/86DSRAN
|
||||||
|
u64Yy7ECNgLiZk50/Dglm90OfvwTjtF/XdXCQKAUfvYyr6YDCneC01NsUdgsO/w1
|
||||||
|
eO7zxxxQScNDDLdIHEvaD5LqJ99pACBOEV8cpcF4iX4iC4p6zQp5/rG9Z4X9JWZj
|
||||||
|
Ycto4FFTniTw+uV0B6dUPPU2omSTeO0pRMmDMgD+I0FaEaEU0uEgQ28DOMT6YL+x
|
||||||
|
EtM33aCjkASS1ZKf5e2Kh7FwWvdRopE83o0OihckaboX9AmOj7WkKCsfu2v7k9PA
|
||||||
|
8wR3kMvA4Q6youUpirjFTWzXPrEZ9A==
|
||||||
|
=1ymt
|
||||||
|
-----END PGP SIGNATURE-----
|
12
curl.spec
12
curl.spec
@ -1,10 +1,10 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.54.1
|
Version: 7.55.0
|
||||||
Release: 8%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
@ -302,6 +302,12 @@ install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal
|
|||||||
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 09 2017 Kamil Dudka <kdudka@redhat.com> 7.55.0-1
|
||||||
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
|
CVE-2017-1000099 - FILE buffer read out of bounds
|
||||||
|
CVE-2017-1000100 - TFTP sends more than buffer size
|
||||||
|
CVE-2017-1000101 - URL globbing out of bounds read
|
||||||
|
|
||||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-8
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.54.1-8
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (curl-7.54.1.tar.lzma) = 69fe5c78564c3662b6922fad93623b6263af608aa5acdaf5148823ab05278eb3e0e8f1cf87e24345272bfe684aa774d650ceb3f977474a4a1071ab114f4be12a
|
SHA512 (curl-7.55.0.tar.xz) = f597fb0f011889b6843e9d4dfe59dda043c9562774be9d882a7e7ae5905c9c23ffc5c008b499162163b1bba2571e0c23138ac2a34cd209c237d8d9366cfeaa6b
|
||||||
|
Loading…
Reference in New Issue
Block a user