new upstream release (fixes CVE-2012-0036)

This commit is contained in:
Kamil Dudka 2012-01-24 12:10:59 +01:00
parent 37907ea2de
commit f28824c4c6
10 changed files with 17 additions and 625 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
/curl-7.21.7.tar.lzma /curl-7.21.7.tar.lzma
/curl-7.22.0.tar.lzma /curl-7.22.0.tar.lzma
/curl-7.23.0.tar.lzma /curl-7.23.0.tar.lzma
/curl-7.24.0.tar.lzma

View File

@ -1,227 +0,0 @@
From c532604b137cae2e2814280778f914e4cd0460d1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 20 Nov 2011 23:33:46 +0100
Subject: [PATCH] -J -O: use -O name if no Content-Disposition header comes!
A regression between 7.22.0 and 7.23.0 -- downloading a file with the
flags -O and -J results in the content being written to stdout if and
only if there was no Content-Disposition header in the http response. If
there is a C-D header with a filename attribute, the output is correctly
written.
Reported by: Dave Reisner
Bug: http://curl.haxx.se/mail/archive-2011-11/0030.html
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/tool_cb_hdr.c | 3 +-
src/tool_operate.c | 59 ++++++++++++++++++++++----------------------
src/tool_operhlp.c | 18 +++++++++++++
tests/data/Makefile.am | 2 +-
tests/data/test1210 | 63 ++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 112 insertions(+), 33 deletions(-)
create mode 100644 tests/data/test1210
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index fb24b45..dea7338 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -66,8 +66,7 @@ size_t tool_header_cb(void *ptr, size_t size, size_t nmemb, void *userdata)
}
#endif
- if(!outs->filename && (cb > 20) &&
- checkprefix("Content-disposition:", str)) {
+ if((cb > 20) && checkprefix("Content-disposition:", str)) {
const char *p = str + 20;
/* look for the 'filename=' parameter
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 7ab815f..1e88120 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -576,41 +576,40 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
if((urlnode->flags & GETOUT_USEREMOTE)
&& config->content_disposition) {
- /* Our header callback sets the filename */
+ /* Our header callback MIGHT set the filename */
DEBUGASSERT(!outs.filename);
}
- else {
- if(config->resume_from_current) {
- /* We're told to continue from where we are now. Get the size
- of the file as it is now and open it for append instead */
- struct_stat fileinfo;
- /* VMS -- Danger, the filesize is only valid for stream files */
- if(0 == stat(outfile, &fileinfo))
- /* set offset to current file size: */
- config->resume_from = fileinfo.st_size;
- else
- /* let offset be 0 */
- config->resume_from = 0;
- }
- if(config->resume_from) {
- /* open file for output: */
- FILE *file = fopen(outfile, config->resume_from?"ab":"wb");
- if(!file) {
- helpf(config->errors, "Can't open '%s'!\n", outfile);
- res = CURLE_WRITE_ERROR;
- goto quit_urls;
- }
- outs.fopened = TRUE;
- outs.stream = file;
- outs.init = config->resume_from;
- }
- else {
- outs.stream = NULL; /* open when needed */
+ if(config->resume_from_current) {
+ /* We're told to continue from where we are now. Get the size
+ of the file as it is now and open it for append instead */
+ struct_stat fileinfo;
+ /* VMS -- Danger, the filesize is only valid for stream files */
+ if(0 == stat(outfile, &fileinfo))
+ /* set offset to current file size: */
+ config->resume_from = fileinfo.st_size;
+ else
+ /* let offset be 0 */
+ config->resume_from = 0;
+ }
+
+ if(config->resume_from) {
+ /* open file for output: */
+ FILE *file = fopen(outfile, config->resume_from?"ab":"wb");
+ if(!file) {
+ helpf(config->errors, "Can't open '%s'!\n", outfile);
+ res = CURLE_WRITE_ERROR;
+ goto quit_urls;
}
- outs.filename = outfile;
- outs.s_isreg = TRUE;
+ outs.fopened = TRUE;
+ outs.stream = file;
+ outs.init = config->resume_from;
+ }
+ else {
+ outs.stream = NULL; /* open when needed */
}
+ outs.filename = outfile;
+ outs.s_isreg = TRUE;
}
if(uploadfile && !stdin_upload(uploadfile)) {
diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index 808d2d5..4c1697b 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -178,6 +178,24 @@ CURLcode get_url_file_name(char **filename, const char *url)
return CURLE_OUT_OF_MEMORY;
}
}
+
+ /* in case we built debug enabled, we allow an environment variable
+ * named CURL_TESTDIR to prefix the given file name to put it into a
+ * specific directory
+ */
+#ifdef DEBUGBUILD
+ {
+ char *tdir = curlx_getenv("CURL_TESTDIR");
+ if(tdir) {
+ char buffer[512]; /* suitably large */
+ snprintf(buffer, sizeof(buffer), "%s/%s", tdir, *filename);
+ Curl_safefree(*filename);
+ *filename = strdup(buffer); /* clone the buffer */
+ curl_free(tdir);
+ }
+ }
+#endif
+
return CURLE_OK;
}
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 581d46b..c52ef24 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -76,7 +76,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \
test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \
test1126 test1127 test1128 test1129 test1130 test1131 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
-test1208 test1209 \
+test1208 test1209 test1210 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
test1314 \
diff --git a/tests/data/test1210 b/tests/data/test1210
new file mode 100644
index 0000000..df93198
--- /dev/null
+++ b/tests/data/test1210
@@ -0,0 +1,63 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+-J
+</keywords>
+</info>
+
+#
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+
+12345
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+# this relies on the debug feature to allow us to set directory to store the
+# -O output in, using the CURL_TESTDIR variable
+<features>
+debug
+</features>
+<server>
+http
+</server>
+<name>
+HTTP GET with -J without Content-Disposition
+</name>
+<setenv>
+CURL_TESTDIR=%PWD/log
+</setenv>
+<command option="no-output,no-include">
+http://%HOSTIP:%HTTPPORT/1210 -J -O
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1210 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<file name="log/1210">
+12345
+</file>
+
+</verify>
+</testcase>
--
1.7.1

View File

@ -1,32 +0,0 @@
From a8063d1e74cd86d0bbabee87aa57e660a08aca62 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Sun, 25 Dec 2011 22:37:24 +0100
Subject: [PATCH] transfer: avoid unnecessary timeout event when waiting for 100-continue
The commit 9dd85bc unintentionally changed the way we compute the time
spent waiting for 100-continue. In particular, when using a SSL client
certificate, the time spent by SSL handshake was included and could
cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up.
Bug: https://bugzilla.redhat.com/767490
Reported by: Mamoru Tasaka
---
lib/transfer.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index e56fffd..3d82571 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -2364,7 +2364,7 @@ Curl_setup_transfer(
(data->state.proto.http->sending == HTTPSEND_BODY)) {
/* wait with write until we either got 100-continue or a timeout */
k->exp100 = EXP100_AWAITING_CONTINUE;
- k->start100 = k->start;
+ k->start100 = Curl_tvnow();
/* set a timeout for the multi interface */
Curl_expire(data, CURL_TIMEOUT_EXPECT_100);
--
1.7.1

View File

@ -1,339 +0,0 @@
From 4da66a40bc4c29bb8b1bc325c45525826a6db531 Mon Sep 17 00:00:00 2001
From: Yang Tse <yangsita@gmail.com>
Date: Wed, 28 Dec 2011 23:04:23 +0100
Subject: [PATCH 1/2] ftpserver.pl: arbitrary application data splitting among
TCP packets [I]
Initial step in order to allow our pingpong server to better support arbitrary
application data splitting among TCP packets. This first commit only addresses
reasembly of data that sockfilter processes reads from soockets and pingpong
server later reads from sockfilters stdout.
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
tests/ftpserver.pl | 165 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 151 insertions(+), 14 deletions(-)
diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index 99722bb..cdd2916 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -116,6 +116,8 @@ local *SFWRITE; # used to write to primary connection
local *DREAD; # used to read from secondary connection
local *DWRITE; # used to write to secondary connection
+my $sockfilt_timeout = 5; # default timeout for sockfilter eXsysreads
+
#**********************************************************************
# global vars which depend on server protocol selection
#
@@ -220,6 +222,141 @@ sub ftpmsg {
# better on windows/cygwin
}
+#**********************************************************************
+# eXsysread is a wrapper around perl's sysread() function. This will
+# repeat the call to sysread() until it has actually read the complete
+# number of requested bytes or an unrecoverable condition occurs.
+# On success returns a positive value, the number of bytes requested.
+# On failure or timeout returns zero.
+#
+sub eXsysread {
+ my $FH = shift;
+ my $scalar = shift;
+ my $nbytes = shift;
+ my $timeout = shift; # A zero timeout disables eXsysread() time limit
+ #
+ my $time_limited = 0;
+ my $timeout_rest = 0;
+ my $start_time = 0;
+ my $nread = 0;
+ my $rc;
+
+ $$scalar = "";
+
+ if((not defined $nbytes) || ($nbytes < 1)) {
+ logmsg "Error: eXsysread() failure: " .
+ "length argument must be positive\n";
+ return 0;
+ }
+ if((not defined $timeout) || ($timeout < 0)) {
+ logmsg "Error: eXsysread() failure: " .
+ "timeout argument must be zero or positive\n";
+ return 0;
+ }
+ if($timeout > 0) {
+ # caller sets eXsysread() time limit
+ $time_limited = 1;
+ $timeout_rest = $timeout;
+ $start_time = int(time());
+ }
+
+ while($nread < $nbytes) {
+ if($time_limited) {
+ eval {
+ local $SIG{ALRM} = sub { die "alarm\n"; };
+ alarm $timeout_rest;
+ $rc = sysread($FH, $$scalar, $nbytes - $nread, $nread);
+ alarm 0;
+ };
+ $timeout_rest = $timeout - (int(time()) - $start_time);
+ if($timeout_rest < 1) {
+ logmsg "Error: eXsysread() failure: timed out\n";
+ return 0;
+ }
+ }
+ else {
+ $rc = sysread($FH, $$scalar, $nbytes - $nread, $nread);
+ }
+ if($got_exit_signal) {
+ logmsg "Error: eXsysread() failure: signalled to die\n";
+ return 0;
+ }
+ if(not defined $rc) {
+ if($!{EINTR}) {
+ logmsg "Warning: retrying sysread() interrupted system call\n";
+ next;
+ }
+ if($!{EAGAIN}) {
+ logmsg "Warning: retrying sysread() due to EAGAIN\n";
+ next;
+ }
+ if($!{EWOULDBLOCK}) {
+ logmsg "Warning: retrying sysread() due to EWOULDBLOCK\n";
+ next;
+ }
+ logmsg "Error: sysread() failure: $!\n";
+ return 0;
+ }
+ if($rc < 0) {
+ logmsg "Error: sysread() failure: returned negative value $rc\n";
+ return 0;
+ }
+ if($rc == 0) {
+ logmsg "Error: sysread() failure: read zero bytes\n";
+ return 0;
+ }
+ $nread += $rc;
+ }
+ return $nread;
+}
+
+#**********************************************************************
+# read_mainsockf attempts to read the given amount of output from the
+# sockfilter which is in use for the main or primary connection. This
+# reads untranslated sockfilt lingo which may hold data read from the
+# main or primary socket. On success returns 1, otherwise zero.
+#
+sub read_mainsockf {
+ my $scalar = shift;
+ my $nbytes = shift;
+ my $timeout = shift; # Optional argument, if zero blocks indefinitively
+ my $FH = \*SFREAD;
+
+ if(not defined $timeout) {
+ $timeout = $sockfilt_timeout + ($nbytes >> 12);
+ }
+ if(eXsysread($FH, $scalar, $nbytes, $timeout) != $nbytes) {
+ my ($fcaller, $lcaller) = (caller)[1,2];
+ logmsg "Error: read_mainsockf() failure at $fcaller " .
+ "line $lcaller. Due to eXsysread() failure\n";
+ return 0;
+ }
+ return 1;
+}
+
+#**********************************************************************
+# read_datasockf attempts to read the given amount of output from the
+# sockfilter which is in use for the data or secondary connection. This
+# reads untranslated sockfilt lingo which may hold data read from the
+# data or secondary socket. On success returns 1, otherwise zero.
+#
+sub read_datasockf {
+ my $scalar = shift;
+ my $nbytes = shift;
+ my $timeout = shift; # Optional argument, if zero blocks indefinitively
+ my $FH = \*DREAD;
+
+ if(not defined $timeout) {
+ $timeout = $sockfilt_timeout + ($nbytes >> 12);
+ }
+ if(eXsysread($FH, $scalar, $nbytes, $timeout) != $nbytes) {
+ my ($fcaller, $lcaller) = (caller)[1,2];
+ logmsg "Error: read_datasockf() failure at $fcaller " .
+ "line $lcaller. Due to eXsysread() failure\n";
+ return 0;
+ }
+ return 1;
+}
sub sysread_or_die {
my $FH = shift;
@@ -565,7 +702,7 @@ sub DATA_smtp {
$size = hex($1);
}
- sysread \*SFREAD, $line, $size;
+ read_mainsockf(\$line, $size);
$ulsize += $size;
print FILE $line if(!$nosave);
@@ -1140,7 +1277,7 @@ sub STOR_ftp {
$size = hex($1);
}
- sysread DREAD, $line, $size;
+ read_datasockf(\$line, $size);
#print STDERR " GOT: $size bytes\n";
@@ -1241,7 +1378,7 @@ sub PASV_ftp {
}
# READ the response data
- sysread_or_die(\*DREAD, \$i, $size);
+ read_datasockf(\$i, $size);
# The data is in the format
# IPvX/NNN
@@ -1815,38 +1952,38 @@ while(1) {
}
# data
- sysread SFREAD, $_, $size;
+ read_mainsockf(\$input, $size);
- ftpmsg $_;
+ ftpmsg $input;
# Remove trailing CRLF.
- s/[\n\r]+$//;
+ $input =~ s/[\n\r]+$//;
my $FTPCMD;
my $FTPARG;
- my $full=$_;
+ my $full = $input;
if($proto eq "imap") {
# IMAP is different with its identifier first on the command line
- unless (m/^([^ ]+) ([^ ]+) (.*)/ ||
- m/^([^ ]+) ([^ ]+)/) {
- sendcontrol "$1 '$_': command not understood.\r\n";
+ unless(($input =~ /^([^ ]+) ([^ ]+) (.*)/) ||
+ ($input =~ /^([^ ]+) ([^ ]+)/)) {
+ sendcontrol "$1 '$input': command not understood.\r\n";
last;
}
$cmdid=$1; # set the global variable
$FTPCMD=$2;
$FTPARG=$3;
}
- elsif (m/^([A-Z]{3,4})(\s(.*))?$/i) {
+ elsif($input =~ /^([A-Z]{3,4})(\s(.*))?$/i) {
$FTPCMD=$1;
$FTPARG=$3;
}
- elsif($proto eq "smtp" && m/^[A-Z0-9+\/]{0,512}={0,2}$/i) {
+ elsif(($proto eq "smtp") && ($input =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) {
# SMTP long "commands" are base64 authentication data.
- $FTPCMD=$_;
+ $FTPCMD=$input;
$FTPARG="";
}
else {
- sendcontrol "500 '$_': command not understood.\r\n";
+ sendcontrol "500 '$input': command not understood.\r\n";
last;
}
--
1.7.8.1
From 17ef4b9449f434eb105c652a57fea61572c78b5a Mon Sep 17 00:00:00 2001
From: Yang Tse <yangsita@gmail.com>
Date: Thu, 29 Dec 2011 23:40:06 +0100
Subject: [PATCH 2/2] ftpserver.pl: arbitrary application data splitting among
TCP packets [II]
Take in account that 'pingpong' server commands may arrive splitted among
several sockfilt 'DATA' PDU's.
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
tests/ftpserver.pl | 26 +++++++++++++++++---------
1 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index cdd2916..85476a2 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -1925,6 +1925,8 @@ while(1) {
}
}
+ my $full = "";
+
while(1) {
my $i;
@@ -1956,34 +1958,38 @@ while(1) {
ftpmsg $input;
+ $full .= $input;
+
+ # Loop until command completion
+ next unless($full =~ /\r\n$/);
+
# Remove trailing CRLF.
- $input =~ s/[\n\r]+$//;
+ $full =~ s/[\n\r]+$//;
my $FTPCMD;
my $FTPARG;
- my $full = $input;
if($proto eq "imap") {
# IMAP is different with its identifier first on the command line
- unless(($input =~ /^([^ ]+) ([^ ]+) (.*)/) ||
- ($input =~ /^([^ ]+) ([^ ]+)/)) {
- sendcontrol "$1 '$input': command not understood.\r\n";
+ unless(($full =~ /^([^ ]+) ([^ ]+) (.*)/) ||
+ ($full =~ /^([^ ]+) ([^ ]+)/)) {
+ sendcontrol "$1 '$full': command not understood.\r\n";
last;
}
$cmdid=$1; # set the global variable
$FTPCMD=$2;
$FTPARG=$3;
}
- elsif($input =~ /^([A-Z]{3,4})(\s(.*))?$/i) {
+ elsif($full =~ /^([A-Z]{3,4})(\s(.*))?$/i) {
$FTPCMD=$1;
$FTPARG=$3;
}
- elsif(($proto eq "smtp") && ($input =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) {
+ elsif(($proto eq "smtp") && ($full =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) {
# SMTP long "commands" are base64 authentication data.
- $FTPCMD=$input;
+ $FTPCMD=$full;
$FTPARG="";
}
else {
- sendcontrol "500 '$input': command not understood.\r\n";
+ sendcontrol "500 '$full': command not understood.\r\n";
last;
}
@@ -1993,6 +1999,8 @@ while(1) {
print STDERR "IN: $full\n";
}
+ $full = "";
+
my $delay = $delayreply{$FTPCMD};
if($delay) {
# just go sleep this many seconds!
--
1.7.8.1

View File

@ -6,7 +6,7 @@ diff --git a/configure b/configure
index d3ecf69..6d8f085 100755 index d3ecf69..6d8f085 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -15030,18 +15030,11 @@ $as_echo "yes" >&6; } @@ -15040,18 +15040,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1` gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2` gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -6,7 +6,7 @@ diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 9370974..b553f54 100644 index 9370974..b553f54 100644
--- a/tests/data/Makefile.am --- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am +++ b/tests/data/Makefile.am
@@ -72,7 +72,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ @@ -73,7 +73,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \
test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \
test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \
test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \
@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
index 435b126..1d71c4e 100644 index 435b126..1d71c4e 100644
--- a/tests/data/Makefile.in --- a/tests/data/Makefile.in
+++ b/tests/data/Makefile.in +++ b/tests/data/Makefile.in
@@ -320,7 +320,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ @@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \
test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \
test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \
test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAk7CvskACgkQeOEcayedXJE+1wCfSGPiMFNxfrb4a27raX8CcBgV
gP4AoOJ8ye2MRiYw5aMILv9xFm14kygU
=E5o2
-----END PGP SIGNATURE-----

7
curl-7.24.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS
ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+
=SL4u
-----END PGP SIGNATURE-----

View File

@ -1,22 +1,13 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.23.0 Version: 7.24.0
Release: 6%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h Source2: curlbuild.h
Source3: hide_selinux.c Source3: hide_selinux.c
# -J -O: use -O name if no Content-Disposition header comes!
Patch1: 0001-curl-7.23.0-c532604.patch
# transfer: avoid unnecessary timeout event when waiting for 100-continue
Patch2: 0002-curl-7.23.0-9f7f6a6.patch
# do not skip FTPS tests with nss-3.13
Patch3: 0003-curl-7.23.0-e99128a.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.21.1-multilib.patch Patch101: 0101-curl-7.21.1-multilib.patch
@ -115,11 +106,6 @@ for f in CHANGES README; do
mv -f ${f}.utf8 ${f} mv -f ${f}.utf8 ${f}
done done
# upstream patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
@ -232,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%changelog %changelog
* Wed Jan 24 2012 Kamil Dudka <kdudka@redhat.com> 7.24.0-1
- new upstream release (fixes CVE-2012-0036)
* Thu Jan 05 2012 Paul Howarth <paul@city-fan.org> 7.23.0-6 * Thu Jan 05 2012 Paul Howarth <paul@city-fan.org> 7.23.0-6
- rebuild for gcc 4.7 - rebuild for gcc 4.7

View File

@ -1 +1 @@
af901db5f3d21609cc6fe960a6c293fb curl-7.23.0.tar.lzma 713d7d7cbc5cfaabd785a2ff905096f2 curl-7.24.0.tar.lzma