From a4ed273b19474e930e1fa605c7ef05a663b9e841 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 27 Jun 2022 12:57:53 +0200 Subject: [PATCH] new upstream release - 7.84.0 Resolves: CVE-2022-32207 - Unpreserved file permissions Resolves: CVE-2022-32205 - Set-Cookie denial of service Resolves: CVE-2022-32206 - HTTP compression denial of service Resolves: CVE-2022-32208 - FTP-KRB bad message verification --- 0101-curl-7.32.0-multilib.patch | 8 ++++---- curl.spec | 9 ++++++++- sources | 4 ++-- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 46c8986..63701c1 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in index 150004d..95d0759 100644 --- a/curl-config.in +++ b/curl-config.in -@@ -76,7 +76,7 @@ while test $# -gt 0; do +@@ -78,7 +78,7 @@ while test $# -gt 0; do ;; --cc) @@ -22,7 +22,7 @@ index 150004d..95d0759 100644 ;; --prefix) -@@ -155,32 +155,19 @@ while test $# -gt 0; do +@@ -157,32 +157,19 @@ while test $# -gt 0; do ;; --libs) @@ -63,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1 index 14a9d2b..ffcc004 100644 --- a/docs/curl-config.1 +++ b/docs/curl-config.1 -@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear +@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear comma-separated. (Added in 7.58.0) .IP "--static-libs" Shows the complete set of libs and other linker options you will need in order @@ -78,7 +78,7 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in index 2ba9c39..f8f8b00 100644 --- a/libcurl.pc.in +++ b/libcurl.pc.in -@@ -29,6 +29,7 @@ libdir=@libdir@ +@@ -31,6 +31,7 @@ libdir=@libdir@ includedir=@includedir@ supported_protocols="@SUPPORT_PROTOCOLS@" supported_features="@SUPPORT_FEATURES@" diff --git a/curl.spec b/curl.spec index 22bac0a..ec7925b 100644 --- a/curl.spec +++ b/curl.spec @@ -1,6 +1,6 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.83.1 +Version: 7.84.0 Release: 1%{?dist} License: MIT Source0: https://curl.se/download/%{name}-%{version}.tar.xz @@ -411,6 +411,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Jun 27 2022 Kamil Dudka - 7.84.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2022-32207 - Unpreserved file permissions + CVE-2022-32205 - Set-Cookie denial of service + CVE-2022-32206 - HTTP compression denial of service + CVE-2022-32208 - FTP-KRB bad message verification + * Wed May 11 2022 Kamil Dudka - 7.83.1-1 - new upstream release, which fixes the following vulnerabilities CVE-2022-27782 - fix too eager reuse of TLS and SSH connections diff --git a/sources b/sources index 7de7a70..2bfcb46 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-7.83.1.tar.xz) = 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee -SHA512 (curl-7.83.1.tar.xz.asc) = f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 +SHA512 (curl-7.84.0.tar.xz) = 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce +SHA512 (curl-7.84.0.tar.xz.asc) = 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702