Resolves: CVE-2021-22901 - fix TLS session caching disaster

2021-05-26 10:22:51 +02:00 · 2021-05-26 10:22:51 +02:00 · bc006791a4
parent aa689a0f22
commit bc006791a4
2 changed files with 1017 additions and 0 deletions
--- a/0003-curl-7.76.1-CVE-2021-22901.patch
+++ b/0003-curl-7.76.1-CVE-2021-22901.patch
--- a/curl.spec
+++ b/curl.spec
@ -11,6 +11,9 @@ Patch1:   0001-curl-7.76.1-resource-leaks.patch
 # fix TELNET stack contents disclosure (CVE-2021-22898)
 Patch2:   0002-curl-7.76.1-CVE-2021-22898.patch

+# fix TLS session caching disaster (CVE-2021-22901)
+Patch3:   0003-curl-7.76.1-CVE-2021-22901.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -188,6 +191,7 @@ be installed.
 # upstream patches
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 # Fedora patches
 %patch101 -p1
@ -369,6 +373,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la

 %changelog
 * Wed May 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-3
+- fix TLS session caching disaster (CVE-2021-22901)
 - fix TELNET stack contents disclosure (CVE-2021-22898)

 * Mon May 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-2