From 9216fd97409c6b6cf6a674001553bb5c9f87e16c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sat, 15 Oct 2022 04:13:16 +0000
Subject: [PATCH] Auto sync2gitlab import of curl-7.61.1-26.el8.src.rpm

---
 .gitignore | 1 +
 curl.spec  | 9 ++++++++-
 sources    | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index ad0772f..f24252b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /curl-7.61.1.tar.xz
+/0043-curl-7.61.1-CVE-2022-35252.patch
diff --git a/curl.spec b/curl.spec
index 29634bd..35018ca 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -121,6 +121,9 @@ Patch41:  0041-curl-7.61.1-CVE-2022-32206.patch
 # setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
 Patch42:  0042-curl-7.61.1-ssh-known-hosts.patch
 
+# control code in cookie denial of service (CVE-2022-35252)
+Patch43:  0043-curl-7.61.1-CVE-2022-35252.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -336,6 +339,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
 %patch40 -p1
 %patch41 -p1
 %patch42 -p1
+%patch43 -p1
 
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -498,6 +502,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26
+- control code in cookie denial of service (CVE-2022-35252)
+
 * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
 - setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
 - fix HTTP compression denial of service (CVE-2022-32206)
diff --git a/sources b/sources
index 717a22e..4ab4d4c 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
+SHA512 (0043-curl-7.61.1-CVE-2022-35252.patch) = 0273e8535324802bd2a44259030a40d0378f3403f32084f2b9ae473a4e6f96947c51b53e78efc3f3e6b108e24fdf19c7fdf87a798ce2683844c9ffe1bbc23e0a
 SHA512 (curl-7.61.1.tar.xz) = e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a