new upstream release - 7.50.0

This commit is contained in:
Kamil Dudka 2016-07-21 11:31:27 +02:00
parent 83e65ab057
commit bed70046cf
5 changed files with 17 additions and 53 deletions

View File

@ -1,35 +0,0 @@
From 5a3eddc9c327dcc20620d8ae47b27f5085811c7e Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 3 Jun 2016 11:26:20 +0200
Subject: [PATCH] tool_urlglob: fix off-by-one error in glob_parse()
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:
$ curl $(for i in $(seq 101); do printf '{a}'; done)
Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
Upstream-commit: 584d0121c353ed855115c39f6cbc009854018029
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/tool_urlglob.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index 70d17fe..a357b8b 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -401,7 +401,7 @@ static CURLcode glob_parse(URLGlob *glob, char *pattern,
}
}
- if(++glob->size > GLOB_PATTERN_NUM)
+ if(++glob->size >= GLOB_PATTERN_NUM)
return GLOBERROR("too many globs", pos, CURLE_URL_MALFORMAT);
}
return res;
--
2.5.5

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCgAGBQJXS9rrAAoJEFzJCP23HhLCQ4MIAIKNa1jj9CcGbnuFDi/buyAW
k0YEQZOOohvX0Kx/oYbga8gSKiy0NBYqS6u+MK3b8k5yDdRS6yD2eHZRdcFF/w4N
kKRS77fkYm+OdZ9KrTcK4X9VJs0T9YYBkAEJFSTmvDmM6mtoage/Kf44q+jbyB4O
QqtoZhRui2cZ+w4Eaj4R40sWpFSWKYwpzMqfrsfWlcoIUk9TZRePT60FfDXYXvVV
GeybgTlYHlFJ+imQd0jwL8+YmO4/Q48FrRoVYMX/oqiC/f4tRVeIJML2BS+W2J65
iCPw3CPb6INCrSd4/yRAajXUxco66EQX/FO5aeCvdDDvoWdp5UD6zDTemC1gUyw=
=4/tM
-----END PGP SIGNATURE-----

11
curl-7.50.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCgAGBQJXkI6pAAoJEFzJCP23HhLC6F4H/2M0xB4iDTUy14+6ilY6hhvF
jZw6VPkN5upjN660koECvycRtTDry94ZoGcTcifHba3NjixkpfpY1Xa3qixoyqos
IlyyqG77NcrMGs3us6dEpqxUlQ+I2F+LXGLm9Uz/A7c6NN1dh2esXeJD911Dhmbs
Ko4qbB1+m1FYxTjv9X2m99+93QtfKVnFGfjfF7mR6ZUKLsq+Ix8djzlmQ3p/d0XK
LhmkO3kfvHiE83ENRVTj/oplqLFTd7MOAkzc22OQ267GwqntlM0K2YsdGR2DEEiZ
ReI4KGzNwkG/VIeEBRHV38NpcGjNzm3lUcJPXSQ5xON5rGvsjsLvyWN4yS+MbT8=
=NWkR
-----END PGP SIGNATURE-----

View File

@ -1,14 +1,11 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.49.1 Version: 7.50.0
Release: 3%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
Patch7: 0007-curl-7.49.1-urlglob.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -121,7 +118,6 @@ documentation of the library, too.
%setup -q %setup -q
# upstream patches # upstream patches
%patch7 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -225,6 +221,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%changelog %changelog
* Wed Jul 21 2016 Kamil Dudka <kdudka@redhat.com> 7.50.0-1
- new upstream release
* Fri Jun 17 2016 Kamil Dudka <kdudka@redhat.com> 7.49.1-3 * Fri Jun 17 2016 Kamil Dudka <kdudka@redhat.com> 7.49.1-3
- use multilib-rpm-config to install arch-dependent header files - use multilib-rpm-config to install arch-dependent header files

View File

@ -1 +1 @@
ae5e5e395da413d1fa0864e1d0a3fa57 curl-7.49.1.tar.lzma ecb8d3699c7087146b2953fee1bdaa41 curl-7.50.0.tar.lzma