new upstream release - 7.58.0

Resolves: CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
Resolves: CVE-2018-1000007 - curl: HTTP authentication leak in redirects
This commit is contained in:
Kamil Dudka 2018-01-24 11:36:50 +01:00
parent ed352e927e
commit 93c55561d3
6 changed files with 26 additions and 18 deletions

View File

@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
index 150004d..95d0759 100644 index 150004d..95d0759 100644
--- a/curl-config.in --- a/curl-config.in
+++ b/curl-config.in +++ b/curl-config.in
@@ -75,7 +75,7 @@ while test $# -gt 0; do @@ -76,7 +76,7 @@ while test $# -gt 0; do
;; ;;
--cc) --cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;; ;;
--prefix) --prefix)
@@ -142,29 +142,14 @@ while test $# -gt 0; do @@ -143,32 +143,17 @@ while test $# -gt 0; do
;; ;;
--libs) --libs)
@ -38,6 +38,9 @@ index 150004d..95d0759 100644
- fi - fi
+ echo -lcurl + echo -lcurl
;; ;;
--ssl-backends)
echo "@SSL_BACKENDS@"
;;
--static-libs) --static-libs)
- if test "X@ENABLE_STATIC@" != "Xno" ; then - if test "X@ENABLE_STATIC@" != "Xno" ; then
@ -58,8 +61,8 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
index 14a9d2b..ffcc004 100644 index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1 --- a/docs/curl-config.1
+++ b/docs/curl-config.1 +++ b/docs/curl-config.1
@@ -66,7 +66,9 @@ be listed using uppercase and are separated by newlines. There may be none, @@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
one, or several protocols in the list. (Added in 7.13.0) comma-separated. (Added in 7.58.0)
.IP "--static-libs" .IP "--static-libs"
Shows the complete set of libs and other linker options you will need in order Shows the complete set of libs and other linker options you will need in order
-to link your application with libcurl statically. (Added in 7.17.1) -to link your application with libcurl statically. (Added in 7.17.1)

View File

@ -12,7 +12,7 @@ diff --git a/configure b/configure
index 8f079a3..53b4774 100755 index 8f079a3..53b4774 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -16508,18 +16508,11 @@ $as_echo "yes" >&6; } @@ -16523,18 +16523,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1` gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2` gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAloefhsACgkQXMkI/bce
EsJ5Wwf/W2iMekYTk+zF2iCvCSlTT93gRl1RXIi5v3lMO3H13Xv66304ny5/XEI8
Mf0dfif/+ADV4Cm9Gsfs5Gx3d6IDtzRW66gpoNnEt/u6xLKlJWPAKHBEAOW7bDZU
78qgEAmH1CVbzD+yc1vkSTZWc3ilfezjMfwUa5E5RkTtcoD6mTWzeMLm5doFxc3s
NvPu40IlJ2Ss3jqRoKgvkGeUuOiQYUb7DDDCaSF6jZjB88J1HFYWU+i7zjVoAdD3
jRVan6R5RJbJqvo9yKT0YWxbR2RKoQIydg8Xa7ocKTM6205vc94AXSHLSkjHMr+H
5UgyAJvkk2FaoJIwLJUSTYE3RDlqog==
=Kzqh
-----END PGP SIGNATURE-----

11
curl-7.58.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlpoMGsACgkQXMkI/bce
EsIxtwgAnazhBf4KjF3bw1XNxgjkWVUwqLlLwEElg4tD6g/uYw9VeZQyy2wQGmgc
yKx2WrfqLDmE1gAqKgvGLdS6qvMtv0x/3gNjOy4/LVYBlVqP+k5p0XZhV3jcg929
Hkv/Fgp1yvtks98CGEIp6xJSjlnL3x5VEsMslXO7dpfq+6gvnbBVBP7QUOb/CYDg
LHHAIZFSQuTeLKAvvl1koZAZnZ5zD3dtwL8rK4CVD0ugwJplJvGbvoIMNu9uagUZ
CpBV0Pyv0AUsMTohszyOovi/RizHWl8xTynreJh+sx++NZEX2KjsnISpZAxmD6r5
dtt21mdhrRSsAXmHD8q5LnbrKosbvQ==
=ZqfQ
-----END PGP SIGNATURE-----

View File

@ -1,6 +1,6 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.57.0 Version: 7.58.0
Release: 1%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
@ -298,6 +298,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal %{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
%changelog %changelog
* Wed Jan 24 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007 - curl: HTTP authentication leak in redirects
* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1 * Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
- new upstream release, which fixes the following vulnerabilities - new upstream release, which fixes the following vulnerabilities
CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow

View File

@ -1 +1 @@
SHA512 (curl-7.57.0.tar.xz) = 200076753e3d7b9f3edd381937cb72710f4051b2f041102b49626e4e82c3f50d2bf4917b9ddb957fde37753e9457c81087c792528077916ae5c04875944a6b8d SHA512 (curl-7.58.0.tar.xz) = 965affc74ab8f8c94d1b79ebb8012ca4c1a482c7a3282f2661f6382163e47e3ea657398c1a4202008d0c683a3d2266a05a64a26bd514a64a08e4fe83929dcae5