From a89a46eca8e5466c18dc70a0e5f7b54eb60071af Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Jul 2018 14:16:32 +0200
Subject: [PATCH] new upstream release - 7.61.0

Resolves: CVE-2018-0500 - SMTP send heap buffer overflow
---
 0102-curl-7.36.0-debug.patch |  2 +-
 curl-7.60.0.tar.xz.asc       | 11 -----------
 curl-7.61.0.tar.xz.asc       | 11 +++++++++++
 curl.spec                    |  8 ++++++--
 sources                      |  2 +-
 5 files changed, 19 insertions(+), 15 deletions(-)
 delete mode 100644 curl-7.60.0.tar.xz.asc
 create mode 100644 curl-7.61.0.tar.xz.asc

diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch
index 95670f0..5fb54b6 100644
--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16537,18 +16537,11 @@ $as_echo "yes" >&6; }
+@@ -16409,18 +16409,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
diff --git a/curl-7.60.0.tar.xz.asc b/curl-7.60.0.tar.xz.asc
deleted file mode 100644
index 53ca282..0000000
--- a/curl-7.60.0.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlr7zUoACgkQXMkI/bce
-EsK3jgf7Bvnswxxgq4wQWmqRKQvkN/zkuA2GjSm98M7mizVHl/7/imeqDl7S1vp0
-A6KCI99Epf+2EYgxrEbvZqlSQ6H30eBxOvV2yNwPhrS3UnXwNSJsbFr5bDRE4o8S
-upyP/tSgEIGJcpq0bstrD7T/DRZ1yFCLB5rOOJx4lQnPuB3C7GAmuOj1ZtIxWIn+
-D/G+X1+/oZlils2TMI7ryjRuFvOSPHdUNldwtvfaRg0i3tNYnPbWq54lhouSn31H
-ft8wNd3nnUpueWCWaKKXo+GBVDemDAMEcDbna+woW5SFLI6ZG/c822ljtld05Dk1
-KmwikC7MREQxkODmC10yrgy9I9akNg==
-=f++X
------END PGP SIGNATURE-----
diff --git a/curl-7.61.0.tar.xz.asc b/curl-7.61.0.tar.xz.asc
new file mode 100644
index 0000000..024ef39
--- /dev/null
+++ b/curl-7.61.0.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAltFnUIACgkQXMkI/bce
+EsJSSggAo2pO9DacErY/wVqYm2KA76s8HDMyGkvb7HXPWe3w1Nj6nwCY8Knbp2C6
+s6LZ73gqKfe3K+kFsFE6bFy9l2MKNs64cBG19dNUGcoYek6zt1BBXC6LT8/eOWc4
+l6HKift+CBh6ErtInB2CzmoG7dvNoZA00sERJbj9w+QZK4CTBZPWjz9BRHo7V31q
+VnciTRgJ39HjL0kupdDIZgpCL741aWlkbOZu5wsRfe7nxWeiCdyOVluXluDi9t2i
+s1mTPMpkMWDIEh723QL5jOlct9/hTLXAS2yZeR6qJafcicyIboXh0ZwGQGonHADi
+aBs922AWx3v8x18thsCMQZwJSHiYEw==
+=7p0n
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index 4072953..813d18b 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.60.0
-Release: 3%{?dist}
+Version: 7.61.0
+Release: 1%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -307,6 +307,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Jul 11 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-1
+- new upstream release, which fixes the following vulnerability
+    CVE-2018-0500 - SMTP send heap buffer overflow
+
 * Tue Jul 10 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-3
 - enable support for brotli compression in libcurl-full
 
diff --git a/sources b/sources
index 4a1cecd..4248e66 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (curl-7.60.0.tar.xz) = 96a0c32ca846a76bba75e9e560ad4c15df79540992ed1a83713095be94ddba039f289bda9678762fd79fb9691fe810735178fb9dc970c37012dff96b8ce08abf
+SHA512 (curl-7.61.0.tar.xz) = 1b450bbd794460fea12374a49739a49a43c3651038dc092c277769bab09a62627f8eedfa94b5c1610503bf20eeaf60643a1e32fdcf1bcf8d4085090c4a598b13