diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch index 12f9eb8..c8dbaa2 100644 --- a/0102-curl-7.36.0-debug.patch +++ b/0102-curl-7.36.0-debug.patch @@ -12,7 +12,7 @@ diff --git a/configure b/configure index 8f079a3..53b4774 100755 --- a/configure +++ b/configure -@@ -16501,18 +16501,11 @@ $as_echo "yes" >&6; } +@@ -16508,18 +16508,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/curl-7.56.1.tar.xz.asc b/curl-7.56.1.tar.xz.asc deleted file mode 100644 index 5222a00..0000000 --- a/curl-7.56.1.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlnthGcACgkQXMkI/bce -EsL8iQf+KpTYayGV9X+fg4owYmGfQdDrWiV5YFbTlTOBTYSNQQBUuWX+VE5kMNhd -xsE27/JGgQWRKqM1UXACN18FYviAoWq7yb/4cGW3Ws3V4+GxmpGuaBsxaULobxDQ -uco2CAsi0PtIizMa2di+vWhAznDDKHfiw69F18hTD+k9B9xIHnEX3EGQDVi8Gksk -TtQ62A06HInIJw/hk6tEbFMzyI4J4iJh/NBPwxqUefsr2E6gG443FB61qjltrzPb -17OU/DZDpRf4MIQjwz1rgxdLWPagF3EcmpL0mgIEUg70dshzG6rrP1jSzsMwou6J -sQoV0oUXSY5zdUnIjiS5TOoJa3eyLw== -=0ZNH ------END PGP SIGNATURE----- diff --git a/curl-7.57.0.tar.xz.asc b/curl-7.57.0.tar.xz.asc new file mode 100644 index 0000000..5362dcc --- /dev/null +++ b/curl-7.57.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAloefhsACgkQXMkI/bce +EsJ5Wwf/W2iMekYTk+zF2iCvCSlTT93gRl1RXIi5v3lMO3H13Xv66304ny5/XEI8 +Mf0dfif/+ADV4Cm9Gsfs5Gx3d6IDtzRW66gpoNnEt/u6xLKlJWPAKHBEAOW7bDZU +78qgEAmH1CVbzD+yc1vkSTZWc3ilfezjMfwUa5E5RkTtcoD6mTWzeMLm5doFxc3s +NvPu40IlJ2Ss3jqRoKgvkGeUuOiQYUb7DDDCaSF6jZjB88J1HFYWU+i7zjVoAdD3 +jRVan6R5RJbJqvo9yKT0YWxbR2RKoQIydg8Xa7ocKTM6205vc94AXSHLSkjHMr+H +5UgyAJvkk2FaoJIwLJUSTYE3RDlqog== +=Kzqh +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 01b7df9..a00237e 100644 --- a/curl.spec +++ b/curl.spec @@ -1,6 +1,6 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.56.1 +Version: 7.57.0 Release: 1%{?dist} License: MIT Group: Applications/Internet @@ -298,6 +298,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal %changelog +* Wed Nov 29 2017 Kamil Dudka - 7.57.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow + CVE-2017-8817 - curl: FTP wildcard out of bounds read + CVE-2017-8818 - curl: SSL out of buffer access + * Mon Oct 23 2017 Kamil Dudka - 7.56.1-1 - new upstream release (fixes CVE-2017-1000257) diff --git a/sources b/sources index ecf6692..cd5eae2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (curl-7.56.1.tar.xz) = 5cd86257c4bd39f971d854b966ace05fc18c39962589525c4090a7b243f7e2739dccae2ac1a634578f86ead6bba290d862f3a835e4856b0549386e319ebb588d +SHA512 (curl-7.57.0.tar.xz) = 200076753e3d7b9f3edd381937cb72710f4051b2f041102b49626e4e82c3f50d2bf4917b9ddb957fde37753e9457c81087c792528077916ae5c04875944a6b8d