Auto sync2gitlab import of curl-7.61.1-26.el8.src.rpm

.gitignore

@@ -1 +1,2 @@
 /curl-7.61.1.tar.xz
+/0043-curl-7.61.1-CVE-2022-35252.patch

curl.spec

@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -121,6 +121,9 @@ Patch41:  0041-curl-7.61.1-CVE-2022-32206.patch
 # setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
 Patch42:  0042-curl-7.61.1-ssh-known-hosts.patch
 
+# control code in cookie denial of service (CVE-2022-35252)
+Patch43:  0043-curl-7.61.1-CVE-2022-35252.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -336,6 +339,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
 %patch40 -p1
 %patch41 -p1
 %patch42 -p1
+%patch43 -p1
 
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -498,6 +502,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26
+- control code in cookie denial of service (CVE-2022-35252)
+
 * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
 - setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
 - fix HTTP compression denial of service (CVE-2022-32206)

sources

@@ -1 +1,2 @@
+SHA512 (0043-curl-7.61.1-CVE-2022-35252.patch) = 0273e8535324802bd2a44259030a40d0378f3403f32084f2b9ae473a4e6f96947c51b53e78efc3f3e6b108e24fdf19c7fdf87a798ce2683844c9ffe1bbc23e0a
 SHA512 (curl-7.61.1.tar.xz) = e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a