From cb17cbc66ada184c1016dc88d4573a91f9ce3481 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 11 Oct 2023 15:36:19 +0200
Subject: [PATCH] new upstream release - 8.4.0

Resolves: CVE-2023-38545 - SOCKS5 heap buffer overflow
Resolves: CVE-2023-38546 - cookie injection with none file
---
 curl.spec | 7 ++++++-
 sources   | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/curl.spec b/curl.spec
index 5c0854e..f3a402c 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,6 +1,6 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 8.3.0
+Version: 8.4.0
 Release: 1%{?dist}
 License: curl
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@@ -410,6 +410,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Oct 11 2023 Jan Macku <jamacku@redhat.com> - 8.4.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2023-38545 - SOCKS5 heap buffer overflow
+    CVE-2023-38546 - cookie injection with none file
+
 * Wed Sep 13 2023 Jan Macku <jamacku@redhat.com> - 8.3.0-1
 - new upstream release, which fixes the following vulnerabilities
     CVE-2023-38039 - HTTP headers eat all memory
diff --git a/sources b/sources
index e2b2e44..9205220 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (curl-8.3.0.tar.xz) = 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51
-SHA512 (curl-8.3.0.tar.xz.asc) = b7d45722640ac50181b20a6d663168ec6eec6691c5604ddfe9c7177f07da598cb2de688c631043dc428c311774d781ccd16bd1e2fb4f038be651e3bee383aec4
+SHA512 (curl-8.4.0.tar.xz) = 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b
+SHA512 (curl-8.4.0.tar.xz.asc) = b8b7a5b76be816e7b1552354f267f335fdc608cdadbd2c40ab44faf6450c6bbd2853b6de5c2746a1292aad33a8ee1c367380d32bb1a8282540b38c3b985a320e