From 6896522e350821032ab998a5dd4e2c0980c8600b Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 6 Feb 2013 13:57:26 +0100 Subject: [PATCH] new upstream release (fixes CVE-2013-0249) --- ...b.patch => 0101-curl-7.29.0-multilib.patch | 6 ++--- ...ebug.patch => 0102-curl-7.29.0-debug.patch | 2 +- ...-utf8.patch => 0108-curl-7.29.0-utf8.patch | 24 +++--------------- curl-7.28.1.tar.lzma.asc | 7 ------ curl-7.29.0.tar.lzma.asc | 7 ++++++ curl.spec | 25 ++++++------------- sources | 2 +- 7 files changed, 23 insertions(+), 50 deletions(-) rename 0101-curl-7.27.0-multilib.patch => 0101-curl-7.29.0-multilib.patch (92%) rename 0102-curl-7.28.1-debug.patch => 0102-curl-7.29.0-debug.patch (97%) rename 0108-curl-7.28.1-utf8.patch => 0108-curl-7.29.0-utf8.patch (51%) delete mode 100644 curl-7.28.1.tar.lzma.asc create mode 100644 curl-7.29.0.tar.lzma.asc diff --git a/0101-curl-7.27.0-multilib.patch b/0101-curl-7.29.0-multilib.patch similarity index 92% rename from 0101-curl-7.27.0-multilib.patch rename to 0101-curl-7.29.0-multilib.patch index 09acf78..38aa86c 100644 --- a/0101-curl-7.27.0-multilib.patch +++ b/0101-curl-7.29.0-multilib.patch @@ -26,15 +26,15 @@ index 150004d..95d0759 100644 - CURLLIBDIR="" - fi - if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then -- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@ +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ - else -- echo ${CURLLIBDIR}-lcurl @LIBS@ +- echo ${CURLLIBDIR}-lcurl - fi + pkg-config libcurl --libs ;; --static-libs) -- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@ +- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ ;; --configure) diff --git a/0102-curl-7.28.1-debug.patch b/0102-curl-7.29.0-debug.patch similarity index 97% rename from 0102-curl-7.28.1-debug.patch rename to 0102-curl-7.29.0-debug.patch index c8c9df5..7f70530 100644 --- a/0102-curl-7.28.1-debug.patch +++ b/0102-curl-7.29.0-debug.patch @@ -12,7 +12,7 @@ diff --git a/configure b/configure index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; } +@@ -15759,18 +15759,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/0108-curl-7.28.1-utf8.patch b/0108-curl-7.29.0-utf8.patch similarity index 51% rename from 0108-curl-7.28.1-utf8.patch rename to 0108-curl-7.29.0-utf8.patch index c11ca4e..4829d1f 100644 --- a/0108-curl-7.28.1-utf8.patch +++ b/0108-curl-7.29.0-utf8.patch @@ -6,15 +6,15 @@ Subject: [PATCH] Fix character encoding of docs ..., which are of mixed encoding originally so a simple iconv can't fix them. --- - CHANGES | 22 +++++++++++----------- + CHANGES | 2 +- README | 2 +- - 2 files changed, 12 insertions(+), 12 deletions(-) + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 4568408..5fc1652 100644 --- a/CHANGES +++ b/CHANGES -@@ -198,7 +198,7 @@ Daniel Stenberg (12 Nov 2012) +@@ -1910,7 +1910,7 @@ Daniel Stenberg (12 Nov 2012) - [Gabriel Sjoberg brought this change] @@ -23,24 +23,6 @@ index 4568408..5fc1652 100644 When using only 1 second precision, curl doesn't create new cnonce values quickly enough for all uses. -@@ -209,7 +209,7 @@ Daniel Stenberg (12 Nov 2012) - curl --digest -utest:test http://tomcat.test.com:8080/manager/list - - This is because curl uses the same cnonce for several seconds, but -- doesn't increment the nonce counter.  Tomcat correctly interprets -+ doesn't increment the nonce counter.  Tomcat correctly interprets - this as a replay attack and rejects the request. - - When microsecond-precision is available, this commit causes curl to -@@ -5460,7 +5460,7 @@ Daniel Stenberg (12 Dec 2011) - linking with a static openssl requires a set of more libs to be linked - on Windows. - -- Thanks also to Steve Holme and Martin Storsjö for additional feedback. -+ Thanks also to Steve Holme and Martin Storsjö for additional feedback. - - Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html - Reported by: Ward Willats diff --git a/README b/README index 2ffacc3..cfd6760 100644 --- a/README diff --git a/curl-7.28.1.tar.lzma.asc b/curl-7.28.1.tar.lzma.asc deleted file mode 100644 index 4da00da..0000000 --- a/curl-7.28.1.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iEYEABECAAYFAlCrLdwACgkQeOEcayedXJEWfACgwzpFlCeVscTbj9lVpcDstIeH -Jy4AnjMtLsxo3wBfcLQg2vS/RqGVvLyq -=NHEU ------END PGP SIGNATURE----- diff --git a/curl-7.29.0.tar.lzma.asc b/curl-7.29.0.tar.lzma.asc new file mode 100644 index 0000000..aff6701 --- /dev/null +++ b/curl-7.29.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iEYEABECAAYFAlESLQcACgkQeOEcayedXJEj8ACgrkSpZGzKYB1YW0E5x8YQA80z +188An0r1HNF+LSiTz5Gez17XMpliVGNS +=DH6L +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index e0f7936..b9ba69a 100644 --- a/curl.spec +++ b/curl.spec @@ -1,27 +1,18 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.28.1 -Release: 3%{?dist} +Version: 7.29.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Source3: hide_selinux.c -# prevent NSS from crashing on client auth hook failure -Patch1: 0001-curl-7.28.1-68d2830e.patch - -# clear session cache if a client cert from file is used -Patch2: 0002-curl-7.28.1-b36f1d26.patch - -# fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE -Patch3: 0003-curl-7.28.1-26613d78.patch - # patch making libcurl multilib ready -Patch101: 0101-curl-7.27.0-multilib.patch +Patch101: 0101-curl-7.29.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.28.1-debug.patch +Patch102: 0102-curl-7.29.0-debug.patch # use localhost6 instead of ip6-localhost in the curl test-suite Patch104: 0104-curl-7.19.7-localhost6.patch @@ -34,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch # Fix character encoding of docs, which are of mixed encoding originally so # a simple iconv can't fix them -Patch108: 0108-curl-7.28.1-utf8.patch +Patch108: 0108-curl-7.29.0-utf8.patch Provides: webclient URL: http://curl.haxx.se/ @@ -110,9 +101,6 @@ documentation of the library, too. %setup -q # upstream patches -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 # Fedora patches %patch101 -p1 @@ -236,6 +224,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Feb 06 2013 Kamil Dudka 7.29.0-1 +- new upstream release (fixes CVE-2013-0249) + * Tue Jan 15 2013 Kamil Dudka 7.28.1-3 - require valgrind for build only on i386 and x86_64 (#886891) diff --git a/sources b/sources index 11efee8..ab1771e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b716ab1103fd4bef99b98f5ff2c7b638 curl-7.28.1.tar.lzma +48eab66844553c37433fb861cf8ab5c9 curl-7.29.0.tar.lzma