new upstream release - 7.67.0
This commit is contained in:
parent
e0bf66ef6c
commit
c667b141d6
@ -1,71 +0,0 @@
|
|||||||
From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
Date: Wed, 11 Sep 2019 16:32:11 +0200
|
|
||||||
Subject: [PATCH] curl: fix memory leaked by parse_metalink()
|
|
||||||
|
|
||||||
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
|
|
||||||
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
|
|
||||||
and libmetalink enabled.
|
|
||||||
|
|
||||||
Closes #4326
|
|
||||||
|
|
||||||
Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732
|
|
||||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
||||||
---
|
|
||||||
src/tool_metalink.c | 2 +-
|
|
||||||
src/tool_metalink.h | 3 +++
|
|
||||||
src/tool_operate.c | 4 ++++
|
|
||||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
|
|
||||||
index 0740407f9..cd5a7d650 100644
|
|
||||||
--- a/src/tool_metalink.c
|
|
||||||
+++ b/src/tool_metalink.c
|
|
||||||
@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res)
|
|
||||||
Curl_safefree(res);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void delete_metalinkfile(metalinkfile *mlfile)
|
|
||||||
+void delete_metalinkfile(metalinkfile *mlfile)
|
|
||||||
{
|
|
||||||
metalink_resource *res;
|
|
||||||
if(mlfile == NULL) {
|
|
||||||
diff --git a/src/tool_metalink.h b/src/tool_metalink.h
|
|
||||||
index 1e367033c..f5ec306f7 100644
|
|
||||||
--- a/src/tool_metalink.h
|
|
||||||
+++ b/src/tool_metalink.h
|
|
||||||
@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1];
|
|
||||||
* Counts the resource in the metalinkfile.
|
|
||||||
*/
|
|
||||||
int count_next_metalink_resource(metalinkfile *mlfile);
|
|
||||||
+
|
|
||||||
+void delete_metalinkfile(metalinkfile *mlfile);
|
|
||||||
void clean_metalink(struct OperationConfig *config);
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -158,6 +160,7 @@ void metalink_cleanup(void);
|
|
||||||
#else /* USE_METALINK */
|
|
||||||
|
|
||||||
#define count_next_metalink_resource(x) 0
|
|
||||||
+#define delete_metalinkfile(x) (void)x
|
|
||||||
#define clean_metalink(x) (void)x
|
|
||||||
|
|
||||||
/* metalink_cleanup() takes no arguments */
|
|
||||||
diff --git a/src/tool_operate.c b/src/tool_operate.c
|
|
||||||
index d2ad9642d..09dfc0c84 100644
|
|
||||||
--- a/src/tool_operate.c
|
|
||||||
+++ b/src/tool_operate.c
|
|
||||||
@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
|
|
||||||
result = post_transfer(global, share, per, result, &retry);
|
|
||||||
if(retry)
|
|
||||||
continue;
|
|
||||||
+
|
|
||||||
+ /* Release metalink related resources here */
|
|
||||||
+ delete_metalinkfile(per->mlfile);
|
|
||||||
+
|
|
||||||
per = del_transfer(per);
|
|
||||||
|
|
||||||
/* Bail out upon critical errors or --fail-early */
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
|||||||
index 8f079a3..53b4774 100755
|
index 8f079a3..53b4774 100755
|
||||||
--- a/configure
|
--- a/configure
|
||||||
+++ b/configure
|
+++ b/configure
|
||||||
@@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; }
|
@@ -16331,18 +16331,11 @@ $as_echo "yes" >&6; }
|
||||||
gccvhi=`echo $gccver | cut -d . -f1`
|
gccvhi=`echo $gccver | cut -d . -f1`
|
||||||
gccvlo=`echo $gccver | cut -d . -f2`
|
gccvlo=`echo $gccver | cut -d . -f2`
|
||||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||||
|
@ -9,8 +9,7 @@ there is no 'impacket' module available for Python 3:
|
|||||||
https://github.com/CoreSecurity/impacket/issues/61
|
https://github.com/CoreSecurity/impacket/issues/61
|
||||||
---
|
---
|
||||||
tests/negtelnetserver.py | 4 ++--
|
tests/negtelnetserver.py | 4 ++--
|
||||||
tests/smbserver.py | 4 ++--
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
|
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
|
||||||
index 8cfd409..72ee771 100755
|
index 8cfd409..72ee771 100755
|
||||||
@ -30,28 +29,6 @@ index 8cfd409..72ee771 100755
|
|||||||
|
|
||||||
except IOError:
|
except IOError:
|
||||||
log.exception("IOError hit during request")
|
log.exception("IOError hit during request")
|
||||||
diff --git a/tests/smbserver.py b/tests/smbserver.py
|
|
||||||
index 195ae39..b09cd44 100755
|
|
||||||
--- a/tests/smbserver.py
|
|
||||||
+++ b/tests/smbserver.py
|
|
||||||
@@ -24,7 +24,7 @@
|
|
||||||
from __future__ import (absolute_import, division, print_function)
|
|
||||||
# unicode_literals)
|
|
||||||
import argparse
|
|
||||||
-import ConfigParser
|
|
||||||
+import configparser
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
import logging
|
|
||||||
@@ -58,7 +58,7 @@ def smbserver(options):
|
|
||||||
f.write("{0}".format(pid))
|
|
||||||
|
|
||||||
# Here we write a mini config for the server
|
|
||||||
- smb_config = ConfigParser.ConfigParser()
|
|
||||||
+ smb_config = configparser.ConfigParser()
|
|
||||||
smb_config.add_section("global")
|
|
||||||
smb_config.set("global", "server_name", "SERVICE")
|
|
||||||
smb_config.set("global", "server_os", "UNIX")
|
|
||||||
--
|
--
|
||||||
2.14.3
|
2.14.3
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
|
|||||||
index 080421b..ea3b806 100644
|
index 080421b..ea3b806 100644
|
||||||
--- a/tests/libtest/Makefile.inc
|
--- a/tests/libtest/Makefile.inc
|
||||||
+++ b/tests/libtest/Makefile.inc
|
+++ b/tests/libtest/Makefile.inc
|
||||||
@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
@@ -534,6 +534,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
lib1559_LDADD = $(TESTUTIL_LIBS)
|
lib1559_LDADD = $(TESTUTIL_LIBS)
|
||||||
|
|
||||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl14i4AACgkQXMkI/bce
|
|
||||||
EsJwgwf/WauX31s687pdOgpPE4ymPuxIrdVl+NovWdOBdQQfIA0c/4lu4onJYPAT
|
|
||||||
K6wq86me5y8fj/Q3ymqQ3H1EcJE2vTHPx/w+zEHNsEILtBMFHdm84CJzhdLlI1GC
|
|
||||||
9iBkjVKk/2s0tBOdC3HuskYLY2y02dHACvTvDJjx42nK4IbsdjoamVdMa7vep1TG
|
|
||||||
abmLRNHkOHKjioYWi0N04c5H5YDpdWOOjFY+EPO+m+YQuJlYkgw90nlmOaqiLcHL
|
|
||||||
3zGCMNXb209wxuNEVKenlhPQ/3FQZ9+8a4b6mMqBX7PDwhDiZLhqIJgVseWdw1r0
|
|
||||||
Qm2suW4eUtlC2DTqTMtusG7EMN8pag==
|
|
||||||
=pFLb
|
|
||||||
-----END PGP SIGNATURE-----
|
|
11
curl-7.67.0.tar.xz.asc
Normal file
11
curl-7.67.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl3CauAACgkQXMkI/bce
|
||||||
|
EsKe7Qf+Py/Wufz3AqqpJ1Xr0oigaV1Sa5AAyRD+KX8jwSJTRaRahaECGMhmR9vh
|
||||||
|
kBaMFtycctCKcK1masI9GSeTX5nCtmaWzELLsBXynm/l2W+hrW1AD2R++YuM384t
|
||||||
|
O078GxgsgRH0m8MacSKoV5yPOv/h9URnVMTavkAIfnW50vw17akDZ9MW2NhJzKpP
|
||||||
|
s6GgWTMB5gomTHlnlHjTjtNoVbKKrV4v9YyRwqzI3XHXYtYOA7iufP4wnT+dpSm5
|
||||||
|
ZLdbg5Nq+1pCTEiMg3KZKYNriypoLJuWuSF+bKc54CGN63eoUxXgU6js9ViHS5JS
|
||||||
|
3dPfzzRA8wgROem58QhHnrR9c2CmdQ==
|
||||||
|
=5gov
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,13 +1,10 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.66.0
|
Version: 7.67.0
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
# fix memory leaked by parse_metalink()
|
|
||||||
Patch1: 0001-curl-7.66.0-metalink-memleak.patch
|
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -174,7 +171,6 @@ be installed.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -350,6 +346,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.67.1-1
|
||||||
|
- new upstream release
|
||||||
|
|
||||||
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
|
* Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.66.0-1
|
||||||
- new upstream release, which fixes the following vulnerabilities
|
- new upstream release, which fixes the following vulnerabilities
|
||||||
CVE-2019-5481 - double free due to subsequent call of realloc()
|
CVE-2019-5481 - double free due to subsequent call of realloc()
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (curl-7.66.0.tar.xz) = 81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35
|
SHA512 (curl-7.67.0.tar.xz) = 1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29
|
||||||
|
Loading…
Reference in New Issue
Block a user