diff --git a/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch b/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch new file mode 100644 index 0000000..eda14f8 --- /dev/null +++ b/SOURCES/0062-curl-7.61.1-socketpair-to-wait-on.patch @@ -0,0 +1,146 @@ +From eb9a604f8d7db859555adc0ddacdabd1ed986106 Mon Sep 17 00:00:00 2001 +From: amkatyal +Date: Fri, 26 Jul 2019 21:28:41 +0530 +Subject: [PATCH] asyn-thread: create a socketpair to wait on + +Closes #4157 +--- + lib/asyn-thread.c | 76 ++++++++++++++++++++++++++++++++++++++++------- + lib/multi.c | 0 + 2 files changed, 65 insertions(+), 11 deletions(-) + mode change 100644 => 100755 lib/asyn-thread.c + mode change 100644 => 100755 lib/multi.c + +diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c +old mode 100644 +new mode 100755 +index 5f33c9affd0f27..f17638e44e6b18 +--- a/lib/asyn-thread.c ++++ b/lib/asyn-thread.c +@@ -163,6 +163,9 @@ struct thread_sync_data { + char *hostname; /* hostname to resolve, Curl_async.hostname + duplicate */ + int port; ++#ifdef HAVE_SOCKETPAIR ++ curl_socket_t sock_pair[2]; /* socket pair */ ++#endif + int sock_error; + Curl_addrinfo *res; + #ifdef HAVE_GETADDRINFO +@@ -197,6 +200,16 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd) + if(tsd->res) + Curl_freeaddrinfo(tsd->res); + ++#ifdef HAVE_SOCKETPAIR ++ /* close socket pair */ ++ if(tsd->sock_pair[0] != CURL_SOCKET_BAD) { ++ sclose(tsd->sock_pair[0]); ++ } ++ ++ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { ++ sclose(tsd->sock_pair[1]); ++ } ++#endif + memset(tsd, 0, sizeof(*tsd)); + } + +@@ -230,6 +243,14 @@ int init_thread_sync_data(struct thread_data * td, + + Curl_mutex_init(tsd->mtx); + ++#ifdef HAVE_SOCKETPAIR ++ /* create socket pair */ ++ if(socketpair(AF_LOCAL, SOCK_STREAM, 0, &tsd->sock_pair[0]) < 0) { ++ tsd->sock_pair[0] = CURL_SOCKET_BAD; ++ tsd->sock_pair[1] = CURL_SOCKET_BAD; ++ goto err_exit; ++ } ++#endif + tsd->sock_error = CURL_ASYNC_SUCCESS; + + /* Copying hostname string because original can be destroyed by parent +@@ -297,6 +318,9 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) + struct thread_data *td = tsd->td; + char service[12]; + int rc; ++#ifdef HAVE_SOCKETPAIR ++ char buf[1]; ++#endif + + snprintf(service, sizeof(service), "%d", tsd->port); + +@@ -298,6 +322,16 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) + free(td); + } + else { ++#ifdef HAVE_SOCKETPAIR ++ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { ++ /* DNS has been resolved, signal client task */ ++ buf[0] = 1; ++ if(write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { ++ /* update sock_erro to errno */ ++ tsd->sock_error = SOCKERRNO; ++ } ++ } ++#endif + tsd->done = 1; + Curl_mutex_release(tsd->mtx); + } +@@ -595,23 +629,43 @@ int Curl_resolver_getsock(struct connectdata *conn, + curl_socket_t *socks, + int numsocks) + { ++ int ret_val = 0; + time_t milli; + timediff_t ms; + struct Curl_easy *data = conn->data; + struct resdata *reslv = (struct resdata *)data->state.resolver; ++#ifdef HAVE_SOCKETPAIR ++ struct thread_data *td = (struct thread_data*)conn->async.os_specific; ++ int loop_idx; ++#else + (void)socks; + (void)numsocks; +- ms = Curl_timediff(Curl_now(), reslv->start); +- if(ms < 3) +- milli = 0; +- else if(ms <= 50) +- milli = ms/3; +- else if(ms <= 250) +- milli = 50; +- else +- milli = 200; +- Curl_expire(data, milli, EXPIRE_ASYNC_NAME); +- return 0; ++#endif ++ ++#ifdef HAVE_SOCKETPAIR ++ if(td) { ++ /* return read fd to client for polling the DNS resolution status */ ++ socks[0] = td->tsd.sock_pair[0]; ++ ret_val = GETSOCK_READSOCK(0); ++ } ++ else { ++#endif ++ ms = Curl_timediff(Curl_now(), reslv->start); ++ if(ms < 3) ++ milli = 0; ++ else if(ms <= 50) ++ milli = ms/3; ++ else if(ms <= 250) ++ milli = 50; ++ else ++ milli = 200; ++ Curl_expire(data, milli, EXPIRE_ASYNC_NAME); ++#ifdef HAVE_SOCKETPAIR ++ } ++#endif ++ ++ ++ return ret_val; + } + + #ifndef HAVE_GETADDRINFO +diff --git a/lib/multi.c b/lib/multi.c +old mode 100644 +new mode 100755 diff --git a/SOURCES/0063-curl-7.61.1-native-md5.patch b/SOURCES/0063-curl-7.61.1-native-md5.patch new file mode 100644 index 0000000..97fd5a2 --- /dev/null +++ b/SOURCES/0063-curl-7.61.1-native-md5.patch @@ -0,0 +1,279 @@ +diff -up curl-7.61.1/lib/curl_md5.h.RHEL-32335 curl-7.61.1/lib/curl_md5.h +--- curl-7.61.1/lib/curl_md5.h.RHEL-32335 2024-04-10 10:09:36.758098940 +0200 ++++ curl-7.61.1/lib/curl_md5.h 2024-04-10 10:10:22.426370509 +0200 +@@ -49,8 +49,8 @@ typedef struct { + extern const MD5_params Curl_DIGEST_MD5[1]; + extern const HMAC_params Curl_HMAC_MD5[1]; + +-void Curl_md5it(unsigned char *output, +- const unsigned char *input); ++void Curl_md5it(unsigned char *output, const unsigned char *input, ++ const size_t len); + + MD5_context * Curl_MD5_init(const MD5_params *md5params); + int Curl_MD5_update(MD5_context *context, +diff -up curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335 curl-7.61.1/lib/curl_ntlm_core.h +--- curl-7.61.1/lib/curl_ntlm_core.h.RHEL-32335 2024-04-10 09:52:39.872042425 +0200 ++++ curl-7.61.1/lib/curl_ntlm_core.h 2024-04-10 09:54:46.230795176 +0200 +@@ -48,9 +48,9 @@ + #endif + + /* Define USE_NTLM2SESSION in order to make the type-3 message include the +- NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a +- Crypto engine that we have curl_ssl_md5sum() for. */ +-#if defined(USE_NTRESPONSES) && !defined(USE_WIN32_CRYPTO) ++ NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and ++ MD5 support */ ++#if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH) + #define USE_NTLM2SESSION + #endif + +diff -up curl-7.61.1/lib/curl_sha256.h.RHEL-32335 curl-7.61.1/lib/curl_sha256.h +--- curl-7.61.1/lib/curl_sha256.h.RHEL-32335 2024-04-10 10:13:40.975551190 +0200 ++++ curl-7.61.1/lib/curl_sha256.h 2024-04-10 10:14:00.251665815 +0200 +@@ -24,8 +24,8 @@ + + #ifndef CURL_DISABLE_CRYPTO_AUTH + +-void Curl_sha256it(unsigned char *outbuffer, +- const unsigned char *input); ++void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, ++ const size_t len); + + #endif + +diff -up curl-7.61.1/lib/md5.c.RHEL-32335 curl-7.61.1/lib/md5.c +--- curl-7.61.1/lib/md5.c.RHEL-32335 2024-04-10 10:10:39.831474009 +0200 ++++ curl-7.61.1/lib/md5.c 2024-04-10 10:13:29.963485706 +0200 +@@ -519,12 +519,13 @@ const MD5_params Curl_DIGEST_MD5[] = { + /* + * @unittest: 1601 + */ +-void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */ +- const unsigned char *input) ++void Curl_md5it(unsigned char *outbuffer, const unsigned char *input, ++ const size_t len) + { + MD5_CTX ctx; ++ + MD5_Init(&ctx); +- MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); ++ MD5_Update(&ctx, input, curlx_uztoui(len)); + MD5_Final(outbuffer, &ctx); + } + +diff -up curl-7.61.1/lib/sha256.c.RHEL-32335 curl-7.61.1/lib/sha256.c +--- curl-7.61.1/lib/sha256.c.RHEL-32335 2024-04-10 10:14:32.047854892 +0200 ++++ curl-7.61.1/lib/sha256.c 2024-04-10 10:15:23.010157942 +0200 +@@ -255,12 +255,13 @@ static int SHA256_Final(unsigned char *o + + #endif + +-void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */ +- const unsigned char *input) ++void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, ++ const size_t len) + { + SHA256_CTX ctx; ++ + SHA256_Init(&ctx); +- SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input))); ++ SHA256_Update(&ctx, input, curlx_uztoui(len)); + SHA256_Final(outbuffer, &ctx); + } + +diff -up curl-7.61.1/lib/vauth/digest.c.RHEL-32335 curl-7.61.1/lib/vauth/digest.c +--- curl-7.61.1/lib/vauth/digest.c.RHEL-32335 2024-04-10 10:15:31.737209838 +0200 ++++ curl-7.61.1/lib/vauth/digest.c 2024-04-10 10:20:11.293872233 +0200 +@@ -62,7 +62,7 @@ + what ultimately goes over the network. + */ + #define CURL_OUTPUT_DIGEST_CONV(a, b) \ +- result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \ ++ result = Curl_convert_to_network(a, b, strlen(b)); \ + if(result) { \ + free(b); \ + return result; \ +@@ -687,12 +687,12 @@ static CURLcode _Curl_auth_create_digest + struct digestdata *digest, + char **outptr, size_t *outlen, + void (*convert_to_ascii)(unsigned char *, unsigned char *), +- void (*hash)(unsigned char *, const unsigned char *)) ++ void (*hash)(unsigned char *, const unsigned char *, ++ const size_t)) + { + CURLcode result; + unsigned char hashbuf[32]; /* 32 bytes/256 bits */ + unsigned char request_digest[65]; +- unsigned char *hashthis; + unsigned char ha1[65]; /* 64 digits and 1 zero byte */ + unsigned char ha2[65]; /* 64 digits and 1 zero byte */ + char userh[65]; +@@ -700,6 +700,7 @@ static CURLcode _Curl_auth_create_digest + size_t cnonce_sz = 0; + char *userp_quoted; + char *response = NULL; ++ char *hashthis = NULL; + char *tmp = NULL; + + if(!digest->nc) +@@ -721,12 +722,12 @@ static CURLcode _Curl_auth_create_digest + } + + if(digest->userhash) { +- hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm); ++ hashthis = aprintf("%s:%s", userp, digest->realm); + if(!hashthis) + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, hashthis); +- hash(hashbuf, hashthis); ++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + free(hashthis); + convert_to_ascii(hashbuf, (unsigned char *)userh); + } +@@ -742,14 +743,13 @@ static CURLcode _Curl_auth_create_digest + unq(nonce-value) ":" unq(cnonce-value) + */ + +- hashthis = (unsigned char *) +- aprintf("%s:%s:%s", digest->userhash ? userh : userp, +- digest->realm, passwdp); ++ hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp, ++ digest->realm, passwdp); + if(!hashthis) + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ +- hash(hashbuf, hashthis); ++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + free(hashthis); + convert_to_ascii(hashbuf, ha1); + +@@ -762,7 +762,7 @@ static CURLcode _Curl_auth_create_digest + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ +- hash(hashbuf, (unsigned char *) tmp); ++ hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); + free(tmp); + convert_to_ascii(hashbuf, ha1); + } +@@ -780,18 +780,18 @@ static CURLcode _Curl_auth_create_digest + 5.1.1 of RFC 2616) + */ + +- hashthis = (unsigned char *) aprintf("%s:%s", request, uripath); ++ hashthis = aprintf("%s:%s", request, uripath); + + if(digest->qop && strcasecompare(digest->qop, "auth-int")) { + /* We don't support auth-int for PUT or POST at the moment. + TODO: replace hash of empty string with entity-body for PUT/POST */ + char hashed[65]; +- unsigned char *hashthis2; ++ char *hashthis2; + +- hash(hashbuf, (const unsigned char *)""); ++ hash(hashbuf, (const unsigned char *)"", 0); + convert_to_ascii(hashbuf, (unsigned char *)hashed); + +- hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed); ++ hashthis2 = aprintf("%s:%s", hashthis, hashed); + free(hashthis); + hashthis = hashthis2; + } +@@ -800,31 +800,23 @@ static CURLcode _Curl_auth_create_digest + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ +- hash(hashbuf, hashthis); ++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + free(hashthis); + convert_to_ascii(hashbuf, ha2); + + if(digest->qop) { +- hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s", +- ha1, +- digest->nonce, +- digest->nc, +- digest->cnonce, +- digest->qop, +- ha2); ++ hashthis = aprintf("%s:%s:%08x:%s:%s:%s", ha1, digest->nonce, digest->nc, ++ digest->cnonce, digest->qop, ha2); + } + else { +- hashthis = (unsigned char *) aprintf("%s:%s:%s", +- ha1, +- digest->nonce, +- ha2); ++ hashthis = aprintf("%s:%s:%s", ha1, digest->nonce, ha2); + } + + if(!hashthis) + return CURLE_OUT_OF_MEMORY; + + CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ +- hash(hashbuf, hashthis); ++ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); + free(hashthis); + convert_to_ascii(hashbuf, request_digest); + +diff -up curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335 curl-7.61.1/lib/vauth/ntlm.c +--- curl-7.61.1/lib/vauth/ntlm.c.RHEL-32335 2024-04-10 09:51:15.114537483 +0200 ++++ curl-7.61.1/lib/vauth/ntlm.c 2024-04-10 09:52:26.411962237 +0200 +@@ -40,6 +40,7 @@ + #include "curl_ntlm_core.h" + #include "curl_gethostname.h" + #include "curl_multibyte.h" ++#include "curl_md5.h" + #include "warnless.h" + #include "rand.h" + #include "vtls/vtls.h" +@@ -621,11 +622,10 @@ CURLcode Curl_auth_create_ntlm_type3_mes + memcpy(tmp, &ntlm->nonce[0], 8); + memcpy(tmp + 8, entropy, 8); + +- result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH); +- if(!result) +- /* We shall only use the first 8 bytes of md5sum, but the des code in +- Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ +- result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); ++ Curl_md5it(md5sum, tmp, 16); ++ /* We shall only use the first 8 bytes of md5sum, but the des code in ++ Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ ++ result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + if(result) + return result; + +diff -up curl-7.61.1/tests/unit/unit1601.c.RHEL-32335 curl-7.61.1/tests/unit/unit1601.c +--- curl-7.61.1/tests/unit/unit1601.c.RHEL-32335 2024-04-10 10:20:19.347920127 +0200 ++++ curl-7.61.1/tests/unit/unit1601.c 2024-04-10 10:21:53.606480641 +0200 +@@ -36,18 +36,19 @@ static void unit_stop(void) + UNITTEST_START + + #ifndef CURL_DISABLE_CRYPTO_AUTH +- unsigned char output[16]; ++ const char string1[] = "1"; ++ const char string2[] = "hello-you-fool"; ++ unsigned char output[MD5_DIGEST_LEN]; + unsigned char *testp = output; +- Curl_md5it(output, (const unsigned char *)"1"); + +-/* !checksrc! disable LONGLINE 2 */ +- verify_memory(testp, +- "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f\x75\x84\x9b", 16); ++ Curl_md5it(output, (const unsigned char *) string1, strlen(string1)); ++ verify_memory(testp, "\xc4\xca\x42\x38\xa0\xb9\x23\x82\x0d\xcc\x50\x9a\x6f" ++ "\x75\x84\x9b", MD5_DIGEST_LEN); + +- Curl_md5it(output, (const unsigned char *)"hello-you-fool"); ++ Curl_md5it(output, (const unsigned char *) string2, strlen(string2)); + +- verify_memory(testp, +- "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82\x87\x5f\x22", 16); ++ verify_memory(testp, "\x88\x67\x0b\x6d\x5d\x74\x2f\xad\xa5\xcd\xf9\xb6\x82" ++ "\x87\x5f\x22", MD5_DIGEST_LEN); + #endif + + diff --git a/SPECS/curl.spec b/SPECS/curl.spec index 6a05e4d..8054b4c 100644 --- a/SPECS/curl.spec +++ b/SPECS/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.61.1 -Release: 34%{?dist}.2 +Release: 34%{?dist}.3 License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz @@ -178,6 +178,12 @@ Patch60: 0060-curl-7.61.1-lowercase-headernames.patch # provide common cleanup method for push headers (CVE-2024-2398) Patch61: 0061-curl-7.61.1-CVE-2024-2398.patch +# asyn-thread: create a socketpair to wait on +Patch62: 0062-curl-7.61.1-socketpair-to-wait-on.patch + +# fix crash, when talking to a NTLM proxy in FIPS mode +Patch63: 0063-curl-7.61.1-native-md5.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -338,80 +344,82 @@ be installed. %setup -q # upstream patches -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 git init git apply %{PATCH4} -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch14 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 +%patch -P 9 -p1 +%patch -P 10 -p1 +%patch -P 11 -p1 +%patch -P 14 -p1 # Fedora patches -%patch101 -p1 -%patch102 -p1 -%patch103 -p1 -%patch104 -p1 +%patch -P 101 -p1 +%patch -P 102 -p1 +%patch -P 103 -p1 +%patch -P 104 -p1 # use different port range for 32bit and 64bit builds, thus make it possible # to run both the builds in parallel on the same machine -%patch105 -p1 +%patch -P 105 -p1 sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448 # upstream patches -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 -%patch37 -p1 +%patch -P 17 -p1 +%patch -P 18 -p1 +%patch -P 19 -p1 +%patch -P 20 -p1 +%patch -P 21 -p1 +%patch -P 22 -p1 +%patch -P 23 -p1 +%patch -P 24 -p1 +%patch -P 25 -p1 +%patch -P 26 -p1 +%patch -P 27 -p1 +%patch -P 28 -p1 +%patch -P 29 -p1 +%patch -P 30 -p1 +%patch -P 31 -p1 +%patch -P 32 -p1 +%patch -P 33 -p1 +%patch -P 34 -p1 +%patch -P 35 -p1 +%patch -P 36 -p1 +%patch -P 37 -p1 -%patch38 -p1 +%patch -P 38 -p1 sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6} -%patch39 -p1 -%patch40 -p1 -%patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 -%patch47 -p1 -%patch48 -p1 -%patch49 -p1 -%patch50 -p1 -%patch51 -p1 +%patch -P 39 -p1 +%patch -P 40 -p1 +%patch -P 41 -p1 +%patch -P 42 -p1 +%patch -P 43 -p1 +%patch -P 44 -p1 +%patch -P 45 -p1 +%patch -P 46 -p1 +%patch -P 47 -p1 +%patch -P 48 -p1 +%patch -P 49 -p1 +%patch -P 50 -p1 +%patch -P 51 -p1 git apply %{PATCH52} -%patch53 -p1 -%patch54 -p1 -%patch55 -p1 -%patch56 -p1 -%patch57 -p1 -%patch58 -p1 -%patch59 -p1 -%patch60 -p1 -%patch61 -p1 +%patch -P 53 -p1 +%patch -P 54 -p1 +%patch -P 55 -p1 +%patch -P 56 -p1 +%patch -P 57 -p1 +%patch -P 58 -p1 +%patch -P 59 -p1 +%patch -P 60 -p1 +%patch -P 61 -p1 +%patch -P 62 -p1 +%patch -P 63 -p1 # make tests/*.py use Python 3 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py @@ -574,6 +582,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Oct 30 2024 Jacek Migacz - 7.61.1-34.el8_10.3 +- asyn-thread: create a socketpair to wait on (RHEL-34906) +- fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641) + * Wed Aug 14 2024 Jacek Migacz - 7.61.1-34.el8_10.2 - provide common cleanup method for push headers (CVE-2024-2398)