new upstream release - 7.78.0
Resolves: CVE-2021-22925 - TELNET stack contents disclosure again Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks Resolves: CVE-2021-22923 - metalink download sends credentials Resolves: CVE-2021-22922 - wrong content via metalink not discarded
This commit is contained in:
parent
ece67bdd2f
commit
64bcb4bcc1
@ -1,61 +0,0 @@
|
|||||||
From 3602ee9dcc74683f91fe4f9ca228aa17a6474403 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 31 Oct 2012 11:38:30 +0100
|
|
||||||
Subject: [PATCH] prevent configure script from discarding -g in CFLAGS
|
|
||||||
(#496778)
|
|
||||||
|
|
||||||
---
|
|
||||||
m4/curl-compilers.m4 | 26 ++++++--------------------
|
|
||||||
1 file changed, 6 insertions(+), 20 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
|
|
||||||
index c64db4bc6..d115a4aed 100644
|
|
||||||
--- a/m4/curl-compilers.m4
|
|
||||||
+++ b/m4/curl-compilers.m4
|
|
||||||
@@ -106,18 +106,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_CLANG], [
|
|
||||||
clangvhi=`echo $clangver | cut -d . -f1`
|
|
||||||
clangvlo=`echo $clangver | cut -d . -f2`
|
|
||||||
compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null`
|
|
||||||
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -ggdb"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gstabs"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gstabs+"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gcoff"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gxcoff"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gvms"
|
|
||||||
+ flags_dbg_all=""
|
|
||||||
flags_dbg_yes="-g"
|
|
||||||
flags_dbg_off=""
|
|
||||||
- flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4"
|
|
||||||
- flags_opt_yes="-Os"
|
|
||||||
+ flags_opt_all=""
|
|
||||||
+ flags_opt_yes=""
|
|
||||||
flags_opt_off="-O0"
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
@@ -175,18 +168,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
|
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
|
||||||
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -ggdb"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gstabs"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gstabs+"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gcoff"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gxcoff"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
|
|
||||||
- flags_dbg_all="$flags_dbg_all -gvms"
|
|
||||||
+ flags_dbg_all=""
|
|
||||||
flags_dbg_yes="-g"
|
|
||||||
flags_dbg_off=""
|
|
||||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
|
|
||||||
- flags_opt_yes="-O2"
|
|
||||||
+ flags_opt_all=""
|
|
||||||
+ flags_opt_yes=""
|
|
||||||
flags_opt_off="-O0"
|
|
||||||
CURL_CHECK_DEF([_WIN32], [], [silent])
|
|
||||||
else
|
|
||||||
--
|
|
||||||
1.7.1
|
|
||||||
|
|
@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
|||||||
index 080421b..ea3b806 100644
|
index 080421b..ea3b806 100644
|
||||||
--- a/tests/libtest/Makefile.inc
|
--- a/tests/libtest/Makefile.inc
|
||||||
+++ b/tests/libtest/Makefile.inc
|
+++ b/tests/libtest/Makefile.inc
|
||||||
@@ -600,6 +600,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
@@ -601,6 +601,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
lib1559_LDADD = $(TESTUTIL_LIBS)
|
lib1559_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
|
||||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmCt6IwACgkQXMkI/bce
|
|
||||||
EsJd+Af/YCvzoV76IFh2aJpoi74XOglG327GQWnJRAt6VooIXvBPddundYOSepAw
|
|
||||||
OQbReLSQgzmWIICjp4GnV/+gkNodpqJPB1uFHo8AHEBsiVJBTNO7c/mGirQlp5TM
|
|
||||||
f5xGP8cf1OxwDJ6PBAHAYl4s71t6CWm0C2nf8x24ROlDsO85lz+yFCg1665IbZvp
|
|
||||||
PFSfeIGHwyUoZesBmBFznm5KI5yc+Yn9gxsq3ujPYMvjMH7KFdw7zQu3SzYjT1+w
|
|
||||||
bHqVul6+SC8laHuIqZfKnvrjLJMcIhe0vADoyV0/P64ZJ/4X2tGBrpxtXUJJ9S9C
|
|
||||||
Cif/PNjYIGKg9Mk8odMjXzo8EcVFGA==
|
|
||||||
=+IKy
|
|
||||||
-----END PGP SIGNATURE-----
|
|
11
curl-7.78.0.tar.xz.asc
Normal file
11
curl-7.78.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmD3wwYACgkQXMkI/bce
|
||||||
|
EsIFMggAt5xxRun4gxld2xZB0shI8fDhjGwMK+uQNpDnnt509j/UZ9+yfDra3Stl
|
||||||
|
BHeQXSnTE6y4dKfXIkq4q3sSX2XZUuFRLHMhzH99FsY6bxgOSnZi/iIZv/RLLXTX
|
||||||
|
NGlDR93OfsYg9UNkZVeZlFo9262f6rz7P5EsHa4HlCS0xpvLCU7q2dtkDu8SQSW1
|
||||||
|
sQiEZOhsyXoiqqrLAgTIP9psHt6dE7qoYh1hS6b+7S9d87MSkL5MEnHukFkemlzC
|
||||||
|
7d9cYD9Bah1LfAaYunvzPuC9FoF6gonGPrw3tLECdl2P9PpnrGeV1Z/Nhmu0d5mN
|
||||||
|
E2A1BXBqLs8UVo4vUbiNLk0gB3TmHg==
|
||||||
|
=yVDK
|
||||||
|
-----END PGP SIGNATURE-----
|
16
curl.spec
16
curl.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.77.0
|
Version: 7.78.0
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||||
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
||||||
@ -13,9 +13,6 @@ Source2: mykey.asc
|
|||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
# prevent configure script from discarding -g in CFLAGS (#496778)
|
|
||||||
Patch102: 0102-curl-7.36.0-debug.patch
|
|
||||||
|
|
||||||
# prevent valgrind from reporting false positives on x86_64
|
# prevent valgrind from reporting false positives on x86_64
|
||||||
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
||||||
|
|
||||||
@ -191,7 +188,6 @@ be installed.
|
|||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
%patch102 -p1
|
|
||||||
%patch105 -p1
|
%patch105 -p1
|
||||||
|
|
||||||
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
|
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
|
||||||
@ -237,7 +233,6 @@ export common_configure_opts=" \
|
|||||||
--enable-symbol-hiding \
|
--enable-symbol-hiding \
|
||||||
--enable-ipv6 \
|
--enable-ipv6 \
|
||||||
--enable-threaded-resolver \
|
--enable-threaded-resolver \
|
||||||
--without-libmetalink \
|
|
||||||
--with-gssapi \
|
--with-gssapi \
|
||||||
--with-nghttp2 \
|
--with-nghttp2 \
|
||||||
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
|
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
|
||||||
@ -367,6 +362,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-1
|
||||||
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
|
CVE-2021-22925 - TELNET stack contents disclosure again
|
||||||
|
CVE-2021-22924 - bad connection reuse due to flawed path name checks
|
||||||
|
CVE-2021-22923 - metalink download sends credentials
|
||||||
|
CVE-2021-22922 - wrong content via metalink not discarded
|
||||||
|
|
||||||
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2
|
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2
|
||||||
- build the curl tool without metalink support (#1967213)
|
- build the curl tool without metalink support (#1967213)
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (curl-7.77.0.tar.xz) = aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76
|
SHA512 (curl-7.78.0.tar.xz) = f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a
|
||||||
|
Loading…
Reference in New Issue
Block a user