Kamil Dudka
a12eed4ad5
avoid int overflow on arches with 32bit long
...
Bug: https://github.com/curl/curl/pull/1748
2017-08-09 14:34:27 +02:00
Kamil Dudka
46ef14b039
add BR for gnutls-utils to increase test coverage
2017-08-09 13:48:21 +02:00
Kamil Dudka
8e0d8e3815
add tests/{dictserver,negtelnetserver}.py
...
... not included in EXTRA_DIST: https://github.com/curl/curl/pull/1744
2017-08-09 12:36:41 +02:00
Kamil Dudka
ffdd721180
explicitly install libcurl man pages
2017-08-09 11:47:30 +02:00
Kamil Dudka
574639b8f6
drop multilib fix for libcurl header files no longer needed
2017-08-09 11:34:32 +02:00
Kamil Dudka
46042daf78
new upstream release - 7.55.0
...
Resolves: CVE-2017-1000099 - FILE buffer read out of bounds
Resolves: CVE-2017-1000100 - TFTP sends more than buffer size
Resolves: CVE-2017-1000101 - URL globbing out of bounds read
2017-08-09 10:52:10 +02:00
Fedora Release Engineering
0aa4c628e2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-02 19:22:27 +00:00
Florian Weimer
4af228aa7a
Rebuild with fixed binutils ( #1475636 )
2017-07-28 21:15:25 +02:00
Igor Gnatenko
6ec12398a3
Enable separate debuginfo back
...
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2017-07-28 19:43:57 +02:00
Kamil Dudka
a042788c8a
rebuild to fix broken linkage of cmake on ppc64le
2017-07-27 10:02:53 +02:00
Kamil Dudka
03b8614ff6
avoid build failure caused broken RPM code
...
... that produces debuginfo packages
Bug: https://github.com/rpm-software-management/rpm/issues/280
2017-07-26 16:48:08 +02:00
Fedora Release Engineering
44f7d8692a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 05:48:14 +00:00
Kamil Dudka
18e7a55066
Resolves : #1462184 - enforce versioned openssl-libs dependency for libcurl
2017-06-19 14:28:19 +02:00
Kamil Dudka
0aa20e6c92
new upstream release - 7.54.1
2017-06-14 10:50:24 +02:00
Kamil Dudka
e4d662f774
add *-full provides for curl and libcurl
...
... to make them explicitly installable
2017-05-16 13:28:03 +02:00
Kamil Dudka
f7041f17bf
make curl-minimal require a new enough version of libcurl
...
At the same time relax the dependency of curl on libcurl to support
running old curl on top of new libcurl but not vice versa.
2017-05-04 12:42:41 +02:00
Kamil Dudka
3be7c46fde
Resolves : #1445153 - switch the TLS backend back to OpenSSL
2017-04-27 10:42:34 +02:00
Kamil Dudka
9549974a4c
nss: use libnssckbi.so as the default source of trust
...
See https://github.com/curl/curl/pull/1414 for details.
2017-04-25 18:47:15 +02:00
Kamil Dudka
1e77c47734
Resolves : #1444860 - nss: do not leak PKCS #11 slot while loading a key
2017-04-25 18:37:35 +02:00
Kamil Dudka
0f99fceebe
new upstream release - 7.54.0 (fixes CVE-2017-7468)
2017-04-20 09:09:40 +02:00
Paul Howarth
db1a758364
add %post and %postun scriptlets for libcurl-minimal
...
also:
- libcurl-minimal provides both libcurl and libcurl%{?_isa}
- remove some legacy spec file cruft
2017-04-13 11:59:46 +01:00
Kamil Dudka
9b62c3eaeb
provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
...
Discussed at:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/CBIGRS63BCULMZBU7O4KBIKDWZZKA7OV/
2017-04-13 08:15:22 +02:00
Kamil Dudka
0d44d984ff
bump release number
2017-04-10 13:55:52 +02:00
Kamil Dudka
a5dd610a20
disable upstream test 2033 (flaky test for HTTP/1 pipelining)
2017-04-10 13:32:42 +02:00
Kamil Dudka
d469b84593
Resolves: CVE-2017-7407 - fix out of bounds read in curl --write-out
2017-04-07 12:13:07 +02:00
Kamil Dudka
4832a02ce4
Resolves : #1428550 - make the dependency on nss-pem arch-specific
2017-03-06 10:30:12 +01:00
Kamil Dudka
c870f5feb8
Related: #1428286 - re-enable valgrind on ix86 because sqlite is fixed
2017-03-02 16:54:10 +01:00
Kamil Dudka
c1fbf35cce
new upstream release - 7.53.1
2017-02-24 10:51:31 +01:00
Kamil Dudka
efea9223f3
do not use valgrind on i686 until sqlite is rebuilt
...
... by patched GCC (#1423434 )
2017-02-22 12:17:41 +01:00
Kamil Dudka
8afeb9390f
new upstream release - 7.53.0 (fixes CVE-2017-2629)
2017-02-22 10:32:55 +01:00
Fedora Release Engineering
9ec0774d38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 08:05:00 +00:00
Kamil Dudka
00369df034
new upstream release - 7.52.1 (fixes CVE-2016-9586)
2016-12-23 10:06:25 +01:00
Kamil Dudka
c38149da81
Resolves : #1396719 - map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3
2016-11-21 09:54:16 +01:00
Kamil Dudka
40b1d9916f
stricter host name checking for file:// URLs
2016-11-15 18:40:23 +01:00
Kamil Dudka
2856bdf841
ssh: check md5 fingerprints case insensitively
2016-11-15 18:34:21 +01:00
Kamil Dudka
c8e1922952
temporarily disable failing libidn2 test-cases
2016-11-02 11:14:11 +01:00
Kamil Dudka
5169cd3899
new upstream release - 7.51.0
...
Resolves: CVE-2016-8615 - Cookie injection for other servers
Resolves: CVE-2016-8616 - Case insensitive password comparison
Resolves: CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
Resolves: CVE-2016-8618 - Double-free in curl_maprintf
Resolves: CVE-2016-8619 - Double-free in krb5 code
Resolves: CVE-2016-8620 - Glob parser write/read out of bounds
Resolves: CVE-2016-8621 - curl_getdate out-of-bounds read
Resolves: CVE-2016-8622 - URL unescape heap overflow via integer truncation
Resolves: CVE-2016-8623 - Use-after-free via shared cookies
Resolves: CVE-2016-8624 - Invalid URL parsing with '#'
Resolves: CVE-2016-8625 - IDNA 2003 makes curl use wrong host
2016-11-02 11:12:40 +01:00
Kamil Dudka
837f1f0f4e
drop 0103-curl-7.50.0-stunnel.patch no longer needed
...
It paralyzes the test-suite on systems with ancient versions of stunnel.
2016-10-20 13:39:29 +02:00
Kamil Dudka
6aadc8e2a0
use the just built version of libcurl while generating zsh completion
2016-10-07 12:23:18 +02:00
Kamil Dudka
b552e5528d
new upstream release - 7.50.3 (fixes CVE-2016-7167)
2016-09-14 10:50:47 +02:00
Kamil Dudka
1db8ad8d42
new upstream release - 7.50.2
2016-09-07 10:33:38 +02:00
Kamil Dudka
165cb33f0a
work around race condition in PK11_FindSlotByName()
...
Bug: https://bugzilla.mozilla.org/1297397
2016-08-26 15:48:18 +02:00
Kamil Dudka
0f6a97db34
Related: CVE-2016-5420 - fix incorrect use of a previously loaded certificate from file
2016-08-26 15:48:07 +02:00
Kamil Dudka
2fd0a39aee
new upstream release - 7.50.1
...
Resolves: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421
2016-08-03 10:10:39 +02:00
Kamil Dudka
1b9369d1bf
run HTTP/2 tests on all arches ( #1360319 worked around in nghttp2)
...
Revert "run HTTP/2 tests only on Intel for now"
This reverts commit 99b64f5ec2
.
2016-07-26 17:12:54 +02:00
Kamil Dudka
99b64f5ec2
run HTTP/2 tests only on Intel for now
...
... to work around #1358845
2016-07-21 17:21:41 +02:00
Kamil Dudka
9b1375c118
require nss-pem no longer included in the nss package ( #1347336 )
2016-07-21 16:36:33 +02:00
Kamil Dudka
518559f4a0
fix HTTPS and FTPS tests (work around stunnel bug #1358810 )
2016-07-21 16:33:22 +02:00
Kamil Dudka
f4e76c10cd
add BR for nghttp2 used by the upstream test-suite
2016-07-21 14:09:11 +02:00
Kamil Dudka
90cc80745a
import needed files missing in the upstream tarball
2016-07-21 14:08:30 +02:00