new upstream release - 7.67.0

This commit is contained in:
Kamil Dudka 2019-11-06 09:21:14 +01:00
parent e0bf66ef6c
commit c667b141d6
8 changed files with 19 additions and 114 deletions

View File

@ -1,71 +0,0 @@
From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Sep 2019 16:32:11 +0200
Subject: [PATCH] curl: fix memory leaked by parse_metalink()
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.
Closes #4326
Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/tool_metalink.c | 2 +-
src/tool_metalink.h | 3 +++
src/tool_operate.c | 4 ++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index 0740407f9..cd5a7d650 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res)
Curl_safefree(res);
}
-static void delete_metalinkfile(metalinkfile *mlfile)
+void delete_metalinkfile(metalinkfile *mlfile)
{
metalink_resource *res;
if(mlfile == NULL) {
diff --git a/src/tool_metalink.h b/src/tool_metalink.h
index 1e367033c..f5ec306f7 100644
--- a/src/tool_metalink.h
+++ b/src/tool_metalink.h
@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1];
* Counts the resource in the metalinkfile.
*/
int count_next_metalink_resource(metalinkfile *mlfile);
+
+void delete_metalinkfile(metalinkfile *mlfile);
void clean_metalink(struct OperationConfig *config);
/*
@@ -158,6 +160,7 @@ void metalink_cleanup(void);
#else /* USE_METALINK */
#define count_next_metalink_resource(x) 0
+#define delete_metalinkfile(x) (void)x
#define clean_metalink(x) (void)x
/* metalink_cleanup() takes no arguments */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index d2ad9642d..09dfc0c84 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
result = post_transfer(global, share, per, result, &retry);
if(retry)
continue;
+
+ /* Release metalink related resources here */
+ delete_metalinkfile(per->mlfile);
+
per = del_transfer(per);
/* Bail out upon critical errors or --fail-early */
--
2.20.1

View File

@ -12,7 +12,7 @@ diff --git a/configure b/configure
index 8f079a3..53b4774 100755 index 8f079a3..53b4774 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; } @@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1` gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2` gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -9,8 +9,7 @@ there is no 'impacket' module available for Python 3:
https://github.com/CoreSecurity/impacket/issues/61 https://github.com/CoreSecurity/impacket/issues/61
--- ---
tests/negtelnetserver.py | 4 ++-- tests/negtelnetserver.py | 4 ++--
tests/smbserver.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
index 8cfd409..72ee771 100755 index 8cfd409..72ee771 100755
@ -30,28 +29,6 @@ index 8cfd409..72ee771 100755
except IOError: except IOError:
log.exception("IOError hit during request") log.exception("IOError hit during request")
diff --git a/tests/smbserver.py b/tests/smbserver.py
index 195ae39..b09cd44 100755
--- a/tests/smbserver.py
+++ b/tests/smbserver.py
@@ -24,7 +24,7 @@
from __future__ import (absolute_import, division, print_function)
# unicode_literals)
import argparse
-import ConfigParser
+import configparser
import os
import sys
import logging
@@ -58,7 +58,7 @@ def smbserver(options):
f.write("{0}".format(pid))
# Here we write a mini config for the server
- smb_config = ConfigParser.ConfigParser()
+ smb_config = configparser.ConfigParser()
smb_config.add_section("global")
smb_config.set("global", "server_name", "SERVICE")
smb_config.set("global", "server_os", "UNIX")
-- --
2.14.3 2.14.3

View File

@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 080421b..ea3b806 100644 index 080421b..ea3b806 100644
--- a/tests/libtest/Makefile.inc --- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc
@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) @@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1559_LDADD = $(TESTUTIL_LIBS) lib1559_LDADD = $(TESTUTIL_LIBS)
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl14i4AACgkQXMkI/bce
EsJwgwf/WauX31s687pdOgpPE4ymPuxIrdVl+NovWdOBdQQfIA0c/4lu4onJYPAT
K6wq86me5y8fj/Q3ymqQ3H1EcJE2vTHPx/w+zEHNsEILtBMFHdm84CJzhdLlI1GC
9iBkjVKk/2s0tBOdC3HuskYLY2y02dHACvTvDJjx42nK4IbsdjoamVdMa7vep1TG
abmLRNHkOHKjioYWi0N04c5H5YDpdWOOjFY+EPO+m+YQuJlYkgw90nlmOaqiLcHL
3zGCMNXb209wxuNEVKenlhPQ/3FQZ9+8a4b6mMqBX7PDwhDiZLhqIJgVseWdw1r0
Qm2suW4eUtlC2DTqTMtusG7EMN8pag==
=pFLb
-----END PGP SIGNATURE-----

11
curl-7.67.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
=5gov
-----END PGP SIGNATURE-----

View File

@ -1,13 +1,10 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.66.0 Version: 7.67.0
Release: 1%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
# fix memory leaked by parse_metalink()
Patch1: 0001-curl-7.66.0-metalink-memleak.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -174,7 +171,6 @@ be installed.
%setup -q %setup -q
# upstream patches # upstream patches
%patch1 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -350,6 +346,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
- new upstream release
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1 * Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
- new upstream release, which fixes the following vulnerabilities - new upstream release, which fixes the following vulnerabilities
CVE-2019-5481 - double free due to subsequent call of realloc() CVE-2019-5481 - double free due to subsequent call of realloc()

View File

@ -1 +1 @@
SHA512 (curl-7.66.0.tar.xz) = 81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35 SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29