Resolves: #2005874 - disable more protocols and features in libcurl-minimal

... to limit vulnerability exposure in case there is a CVE in curl in some of the rarer protocols
2021-09-20 14:54:20 +02:00 · 2021-09-20 14:54:20 +02:00 · 91252b5be5
commit 91252b5be5
parent 6f12b4a106
1 changed files with 32 additions and 1 deletions
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz

@ -277,9 +277,23 @@ export common_configure_opts="          \
 (
    cd build-minimal
    %configure $common_configure_opts   \
+        --disable-dict                  \
+        --disable-gopher                \
+        --disable-hsts                  \
+        --disable-imap                  \
        --disable-ldap                  \
        --disable-ldaps                 \
        --disable-manual                \
+        --disable-mqtt                  \
+        --disable-ntlm                  \
+        --disable-ntlm-wb               \
+        --disable-pop3                  \
+        --disable-rtsp                  \
+        --disable-smb                   \
+        --disable-smtp                  \
+        --disable-telnet                \
+        --disable-tftp                  \
+        --disable-tls-srp               \
        --without-brotli                \
        --without-libidn2               \
        --without-libpsl                \
@ -290,9 +304,23 @@ export common_configure_opts="          \
 (
    cd build-full
    %configure $common_configure_opts   \
+        --enable-dict                   \
+        --enable-gopher                 \
+        --enable-hsts                   \
+        --enable-imap                   \
        --enable-ldap                   \
        --enable-ldaps                  \
        --enable-manual                 \
+        --enable-mqtt                   \
+        --enable-ntlm                   \
+        --enable-ntlm-wb                \
+        --enable-pop3                   \
+        --enable-rtsp                   \
+        --enable-smb                    \
+        --enable-smtp                   \
+        --enable-telnet                 \
+        --enable-tftp                   \
+        --enable-tls-srp                \
        --with-brotli                   \
        --with-libidn2                  \
        --with-libpsl                   \
@ -396,6 +424,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-13
+- disable more protocols and features in libcurl-minimal (#2005874)
+
 * Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
 - fix STARTTLS protocol injection via MITM (CVE-2021-22947)
 - fix protocol downgrade required TLS bypass (CVE-2021-22946)