new upstream release - 7.58.0
Resolves: CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read Resolves: CVE-2018-1000007 - curl: HTTP authentication leak in redirects
This commit is contained in:
parent
ed352e927e
commit
93c55561d3
@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
|
|||||||
index 150004d..95d0759 100644
|
index 150004d..95d0759 100644
|
||||||
--- a/curl-config.in
|
--- a/curl-config.in
|
||||||
+++ b/curl-config.in
|
+++ b/curl-config.in
|
||||||
@@ -75,7 +75,7 @@ while test $# -gt 0; do
|
@@ -76,7 +76,7 @@ while test $# -gt 0; do
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--cc)
|
--cc)
|
||||||
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
--prefix)
|
--prefix)
|
||||||
@@ -142,29 +142,14 @@ while test $# -gt 0; do
|
@@ -143,32 +143,17 @@ while test $# -gt 0; do
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--libs)
|
--libs)
|
||||||
@ -38,6 +38,9 @@ index 150004d..95d0759 100644
|
|||||||
- fi
|
- fi
|
||||||
+ echo -lcurl
|
+ echo -lcurl
|
||||||
;;
|
;;
|
||||||
|
--ssl-backends)
|
||||||
|
echo "@SSL_BACKENDS@"
|
||||||
|
;;
|
||||||
|
|
||||||
--static-libs)
|
--static-libs)
|
||||||
- if test "X@ENABLE_STATIC@" != "Xno" ; then
|
- if test "X@ENABLE_STATIC@" != "Xno" ; then
|
||||||
@ -58,8 +61,8 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
|
|||||||
index 14a9d2b..ffcc004 100644
|
index 14a9d2b..ffcc004 100644
|
||||||
--- a/docs/curl-config.1
|
--- a/docs/curl-config.1
|
||||||
+++ b/docs/curl-config.1
|
+++ b/docs/curl-config.1
|
||||||
@@ -66,7 +66,9 @@ be listed using uppercase and are separated by newlines. There may be none,
|
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
|
||||||
one, or several protocols in the list. (Added in 7.13.0)
|
comma-separated. (Added in 7.58.0)
|
||||||
.IP "--static-libs"
|
.IP "--static-libs"
|
||||||
Shows the complete set of libs and other linker options you will need in order
|
Shows the complete set of libs and other linker options you will need in order
|
||||||
-to link your application with libcurl statically. (Added in 7.17.1)
|
-to link your application with libcurl statically. (Added in 7.17.1)
|
||||||
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
|||||||
index 8f079a3..53b4774 100755
|
index 8f079a3..53b4774 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -16508,18 +16508,11 @@ $as_echo "yes" >&6; }
|
@@ -16523,18 +16523,11 @@ $as_echo "yes" >&6; }
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAloefhsACgkQXMkI/bce
|
|
||||||
EsJ5Wwf/W2iMekYTk+zF2iCvCSlTT93gRl1RXIi5v3lMO3H13Xv66304ny5/XEI8
|
|
||||||
Mf0dfif/+ADV4Cm9Gsfs5Gx3d6IDtzRW66gpoNnEt/u6xLKlJWPAKHBEAOW7bDZU
|
|
||||||
78qgEAmH1CVbzD+yc1vkSTZWc3ilfezjMfwUa5E5RkTtcoD6mTWzeMLm5doFxc3s
|
|
||||||
NvPu40IlJ2Ss3jqRoKgvkGeUuOiQYUb7DDDCaSF6jZjB88J1HFYWU+i7zjVoAdD3
|
|
||||||
jRVan6R5RJbJqvo9yKT0YWxbR2RKoQIydg8Xa7ocKTM6205vc94AXSHLSkjHMr+H
|
|
||||||
5UgyAJvkk2FaoJIwLJUSTYE3RDlqog==
|
|
||||||
=Kzqh
|
|
||||||
-----END PGP SIGNATURE-----
|
|
11
curl-7.58.0.tar.xz.asc
Normal file
11
curl-7.58.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlpoMGsACgkQXMkI/bce
|
||||||
|
EsIxtwgAnazhBf4KjF3bw1XNxgjkWVUwqLlLwEElg4tD6g/uYw9VeZQyy2wQGmgc
|
||||||
|
yKx2WrfqLDmE1gAqKgvGLdS6qvMtv0x/3gNjOy4/LVYBlVqP+k5p0XZhV3jcg929
|
||||||
|
Hkv/Fgp1yvtks98CGEIp6xJSjlnL3x5VEsMslXO7dpfq+6gvnbBVBP7QUOb/CYDg
|
||||||
|
LHHAIZFSQuTeLKAvvl1koZAZnZ5zD3dtwL8rK4CVD0ugwJplJvGbvoIMNu9uagUZ
|
||||||
|
CpBV0Pyv0AUsMTohszyOovi/RizHWl8xTynreJh+sx++NZEX2KjsnISpZAxmD6r5
|
||||||
|
dtt21mdhrRSsAXmHD8q5LnbrKosbvQ==
|
||||||
|
=ZqfQ
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,6 +1,6 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.57.0
|
Version: 7.58.0
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
@ -298,6 +298,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 24 2018 Kamil Dudka <kdudka@redhat.com> - 7.58.0-1
|
||||||
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
|
CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
|
||||||
|
CVE-2018-1000007 - curl: HTTP authentication leak in redirects
|
||||||
|
|
||||||
* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
|
* Wed Nov 29 2017 Kamil Dudka <kdudka@redhat.com> - 7.57.0-1
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
|
CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (curl-7.57.0.tar.xz) = 200076753e3d7b9f3edd381937cb72710f4051b2f041102b49626e4e82c3f50d2bf4917b9ddb957fde37753e9457c81087c792528077916ae5c04875944a6b8d
|
SHA512 (curl-7.58.0.tar.xz) = 965affc74ab8f8c94d1b79ebb8012ca4c1a482c7a3282f2661f6382163e47e3ea657398c1a4202008d0c683a3d2266a05a64a26bd514a64a08e4fe83929dcae5
|
||||||
|
Loading…
Reference in New Issue
Block a user