Commit Graph

75 Commits

Author SHA1 Message Date
Jacek Migacz
5b07a8b039 Eliminate use of obsolete %patchN syntax
Resolves: RHEL-65791
2024-12-17 22:31:35 +01:00
Jacek Migacz
c2418f1822 Make up incomplete patch for host name wildcard checking
Resolves: RHEL-5675
2024-12-17 20:29:09 +01:00
Frantisek Sumsal
e0200bae40 Migrate to TMT-style gating in C9S
This is required for RHIVOS, see VROOM-23635.
2024-11-25 12:54:21 +01:00
Jacek Migacz
36c10becf4 http2: push headers better cleanup
Resolves: RHEL-29809
2024-08-22 12:48:23 +02:00
Renaud Métrich
474e312022 Unconditionally set OpenSSL option SSL_OP_IGNORE_UNEXPECTED_EOF
This is needed to avoid an error when server doesn't close correctly, e.g.:

curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0

Resolves: RHEL-39995
2024-07-02 22:01:27 +02:00
Jacek Migacz
d26c8eeebb Temporarily disable several tests related to openssl and failing in valgrind
Related: RHEL-39995
2024-07-02 22:01:24 +02:00
Jacek Migacz
909db667c8 Rebuild for 9.4 GA
Related: RHEL-17600
2024-03-06 23:45:46 +01:00
Jacek Migacz
dd1ed1db23 Lowercase the domain names before PSL checks
Resolves: RHEL-17600
2023-12-09 18:06:41 +01:00
Jacek Migacz
1582dc453e Cap SFTP packet size sent
Resolves: RHEL-14697
2023-11-28 11:17:05 +01:00
Jacek Migacz
06c4d34bb1 Fix cookie injection with none file
Resolves: RHEL-12692
2023-11-24 10:28:40 +01:00
Jacek Migacz
0783247f07 Return error if hostname too long for remote resolve
Resolves: RHEL-11467
2023-10-10 18:35:37 +02:00
Jacek Migacz
c20fcd3e87 When keyboard-interactive auth fails; try password
Resolves: RHEL-3625
2023-09-14 21:27:58 +02:00
Jacek Migacz
bb4d7d8d9f Resolves: CVE-2023-28321 - fix host name wildcard checking 2023-06-27 19:42:23 +02:00
Jacek Migacz
d0d9c1f19b Resolves: CVE-2023-28322 - unify the upload/method handling 2023-06-12 00:07:07 +02:00
Kamil Dudka
40387c061f Resolves: CVE-2023-27535 - adapt the fix for RHEL 9 curl
... where USE_SSH is not defined.  The problem with the backport was
detected by OpenScanHub:

https://cov01.lab.eng.brq2.redhat.com/covscanhub/task/279249//log/added.html
2023-04-12 16:52:10 +02:00
Kamil Dudka
d35c512f12 Resolves: CVE-2023-27538 - fix SSH connection too eager reuse still 2023-03-24 15:47:56 +01:00
Kamil Dudka
9d1931d0ec Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use 2023-03-24 15:44:26 +01:00
Kamil Dudka
bd2517cc9b Resolves: CVE-2023-27535 - fix FTP too eager connection reuse 2023-03-24 15:40:12 +01:00
Kamil Dudka
2a890c9910 Resolves: CVE-2023-27534 - fix SFTP path ~ resolving discrepancy 2023-03-24 15:34:12 +01:00
Kamil Dudka
798eff6a99 Resolves: CVE-2023-27533 - fix TELNET option IAC injection 2023-03-24 15:26:51 +01:00
Kamil Dudka
27cd064020 Resolves: CVE-2023-23916 - fix HTTP multi-header compression denial of service 2023-02-16 13:38:22 +01:00
Kamil Dudka
eab48830b3 Resolves: CVE-2022-43552 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel 2022-12-21 16:11:04 +01:00
Kamil Dudka
09780ef69d Related: CVE-2022-32221 - temporarily disable tests 2034 2037 2041 on aarch64
They consistently fail on CentOS Koji for no apparent reason.  All the
tests first succeed while testing libcurl-minimal but they subsequently
fail while testing libcurl-full.  I suspect some failed cleanup issue
in the upstream test-suite which manifests on CentOS aarch64 builders
only.
2022-10-27 16:29:43 +02:00
Kamil Dudka
f618f2c219 Resolves: CVE-2022-32221 - fix POST following PUT confusion 2022-10-27 10:14:52 +02:00
Kamil Dudka
641c248102 Resolves: CVE-2022-35252 - control code in cookie denial of service 2022-09-20 13:56:11 +02:00
Lukáš Zaoral
83bad6fdd1
tests: migrate to tmt tests from Fedora upstream
Related: CVE-2022-32207
2022-08-10 14:39:48 +02:00
Kamil Dudka
c72bd06c40 Related: CVE-2022-32207 - rpminspect.yaml: attempt to silence rpminspect
No one is interested to read through reports like this upon each update:
```
rpminspect version: 1.11-0.1.202206281908gitc4b3399.el9 (with data package: 1.7-0.1.202206211435git4072215.el9)
rpminspect profile: none
new build: curl-7.76.1-14.el9_0.5
old build: curl-7.76.1-14.el9_0.4 (found in rhel-9.0.0-z brew tag)

Test description:
Check for correct RPM dependency metadata.  Report incorrect or
conflicting findings as well as expected changes when comparing a new
build to an older build.  Changes are only reported when comparing
builds, but this inspection will check for correct RPM dependency
metadata when inspecting a single build and report findings.

======================================== Test Output ========================================

rpmdeps:
--------

Result: VERIFY
1) Subpackage curl on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
2) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
3) Subpackage curl-minimal on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
4) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
5) Subpackage libcurl-devel on aarch64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
6) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
7) Subpackage curl on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
8) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
9) Subpackage curl-minimal on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
10) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
11) Subpackage libcurl-devel on ppc64le carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
12) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
13) Subpackage libcurl-devel on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
14) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
15) Subpackage curl on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
16) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
17) Subpackage curl-minimal on i686 carries 'Requires: libcurl.so.4' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
18) Multiple subpackages provide 'Requires: libcurl.so.4': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
19) Subpackage curl on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
20) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
21) Subpackage curl-minimal on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
22) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
23) Subpackage libcurl-devel on x86_64 carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
24) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
25) Subpackage libcurl-devel on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
26) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
27) Subpackage curl on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
28) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.

Result: VERIFY
29) Subpackage curl-minimal on s390x carries 'Requires: libcurl.so.4()(64bit)' which comes from subpackage libcurl-minimal but does not carry an explicit package version requirement.  Please add 'Requires: libcurl-minimal = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages.

Waiver Authorization: Anyone

Suggested Remedy:
Add the indicated explicit Requires to the spec file for the named subpackage.  Subpackages depending on shared libraries in another subpackage must carry an explicit 'Requires: SUBPACKAGE_NAME = %{version}-%{release}' in the spec file.

Result: VERIFY
30) Multiple subpackages provide 'Requires: libcurl.so.4()(64bit)': libcurl, libcurl-minimal

Waiver Authorization: Anyone

Suggested Remedy:
Check subpackage %files sections and explicit Provides statements.  Only one subpackage should provide a given shared library.  Shared library names are automatically added as Provides, so there is no need to specify them in the spec file but you do need to make sure only one subpackage is packaging up the shared library in question.
```
2022-07-01 17:51:15 +02:00
Kamil Dudka
6333bbf495 Related: CVE-2022-32207 - fix build failure caused by openldap rebase
[...]
make[2]: Leaving directory '/builddir/build/BUILD/curl-7.76.1/build-full/lib'
../../lib/openldap.c:83:17: error: conflicting types for 'ldap_connect'; have 'CURLcode(struct Curl_easy *, _Bool *)'
   83 | static CURLcode ldap_connect(struct Curl_easy *data, bool *done);
      |                 ^~~~~~~~~~~~
In file included from ../../lib/openldap.c:39:
/usr/include/ldap.h:1555:1: note: previous declaration of 'ldap_connect' with type 'int(LDAP *)' {aka 'int(struct ldap *)'}
 1555 | ldap_connect( LDAP *ld );
      | ^~~~~~~~~~~~
2022-06-29 17:44:35 +02:00
Kamil Dudka
22475de7fb Resolves: CVE-2022-32207 - fix unpreserved file permissions 2022-06-29 15:47:31 +02:00
Kamil Dudka
2e18ec1da4 Resolves: CVE-2022-32206 - fix HTTP compression denial of service 2022-06-29 14:53:47 +02:00
Kamil Dudka
0d71fe9a40 Resolves: CVE-2022-32208 - fix FTP-KRB bad message verification 2022-06-29 14:53:14 +02:00
Kamil Dudka
d613827bea Related: CVE-2022-27782 - make upstream tests work with openssh-8.7p1 2022-05-11 15:06:48 +02:00
Kamil Dudka
8c425de1b3 Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections 2022-05-11 14:13:31 +02:00
Kamil Dudka
36d4ce9e14 Resolves: CVE-2022-27774 - fix leak of SRP credentials in redirects 2022-05-02 10:34:03 +02:00
Kamil Dudka
858e381746 Related: CVE-2022-27774 - add missing tests to Makefile 2022-04-29 14:47:02 +02:00
Kamil Dudka
fa64a61826 Related: CVE-2022-27774 - update gating.yaml for RHEL-9 2022-04-28 13:36:24 +02:00
Kamil Dudka
8929aa4b81 Resolves: CVE-2022-27774 - fix credential leak on redirect 2022-04-28 13:35:41 +02:00
Kamil Dudka
0a149a1ed9 Resolves: CVE-2022-27776 - fix auth/cookie leak on redirect 2022-04-28 13:35:30 +02:00
Kamil Dudka
ebff9aa2cc Resolves: CVE-2022-27775 - fix bad local IPv6 connection reuse 2022-04-28 13:35:10 +02:00
Kamil Dudka
7c695ff325 Resolves: CVE-2022-22576 - fix OAUTH2 bearer bypass in connection re-use 2022-04-28 13:34:45 +02:00
Kamil Dudka
a3da9b9ac3 Related: #2005874 - re-disable HSTS in libcurl
... as an experimental feature
2021-10-26 17:35:49 +02:00
Kamil Dudka
64fed6be02 Related: #2005874 - run upstream tests for both curl-minimal and curl-full
As we made libcurl-minimal more minimal, it differs more from
libcurl-full and it should be tested separately.  On the other
hand, the test-suite for libcurl-minimal runs faster now because
more tests are skipped.
2021-10-06 13:44:09 +02:00
Kamil Dudka
91252b5be5 Resolves: #2005874 - disable more protocols and features in libcurl-minimal
... to limit vulnerability exposure in case there is a CVE in curl
in some of the rarer protocols
2021-10-06 13:42:01 +02:00
Kamil Dudka
6f12b4a106 Related: #2005874 - explicitly disable zstd while configuring curl
... in order to make local builds closer to what we get from Koji
2021-10-06 13:41:57 +02:00
Kamil Dudka
b4895633ac Related: #2005874 - curl.spec: align the lists of configure options
... to make it easier to extend the lists
2021-10-06 13:41:44 +02:00
Kamil Dudka
18dc6a0508 Resolves: CVE-2021-22947 - fix STARTTLS protocol injection via MITM 2021-09-17 10:35:40 +02:00
Kamil Dudka
29681cbdd7 Resolves: CVE-2021-22946 - fix protocol downgrade required TLS bypass 2021-09-17 10:35:38 +02:00
Kamil Dudka
f58185cd40 Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending 2021-09-17 10:35:29 +02:00
Mohan Boddu
e32e427920 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 19:44:44 +00:00
Florian Weimer
f2c10b31eb Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
2021-07-28 11:50:14 +02:00