Kamil Dudka
182c2a8bbb
do not rewrite shebangs in test-suite to use python3 explicitly
2020-12-09 18:51:40 +01:00
Kamil Dudka
c829072f9f
new upstream release - 7.74.0
...
Resolves: CVE-2020-8286 - curl: Inferior OCSP verification
Resolves: CVE-2020-8285 - libcurl: FTP wildcard stack overflow
Resolves: CVE-2020-8284 - curl: trusting FTP PASV responses
2020-12-09 11:13:15 +01:00
Paul Howarth
9ef73a22d0
Upstream moved from curl.haxx.se to curl.se
2020-11-09 12:31:52 +00:00
Kamil Dudka
3c950d5541
prevent upstream test 1451 from being skipped
2020-10-14 11:54:54 +02:00
Kamil Dudka
a15dd89aaa
new upstream release - 7.73.0
2020-10-14 10:31:57 +02:00
Paul Howarth
89714e3b24
Fix bug reference in changelog
2020-09-20 11:49:49 +01:00
Jinoh Kang
4226c316c7
Resolves: #1877671O - fix multiarch conflicts in libcurl-minimal
2020-09-10 09:45:17 +02:00
Kamil Dudka
e7a12a6b7b
new upstream release - 7.72.0
...
Resolves: CVE-2020-8231 - libcurl: wrong connect-only connection
2020-08-19 12:29:51 +02:00
Kamil Dudka
b740a1ecc6
setopt: unset NOBODY switches to GET if still HEAD
...
Reported-by: Vít Ondruch
2020-08-06 11:04:30 +02:00
Fedora Release Engineering
407d32e00a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 14:52:54 +00:00
Tom Stellard
df63713984
Use make macros
...
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-13 19:00:01 +00:00
Kamil Dudka
87d774717a
Resolves : #1833193 - curl: make the --krb option work again
2020-07-03 12:47:48 +02:00
Kamil Dudka
6071e0dd16
new upstream release - 7.71.1
2020-07-01 09:26:44 +02:00
Kamil Dudka
8c661bb9d7
new upstream release - 7.71.0
...
Resolves: CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
Resolves: CVE-2020-8177 - curl: overwrite local file with -J
2020-06-24 10:03:56 +02:00
Kamil Dudka
c74a58b095
Related: #1829180 - add BuildRequires for hostname
...
It is used by the test-suite but it is missing in armv7hl buildroot.
2020-05-02 10:08:32 +02:00
Kamil Dudka
ce4949188b
Related: #1829180 - temporarily disable tests 702 703 716 on armv7hl
2020-05-02 09:52:39 +02:00
Kamil Dudka
c88a6aff30
new upstream release - 7.70.0
2020-04-29 14:59:25 +02:00
Kamil Dudka
6a752013d0
Resolves : #1824926 - SSH: use new ECDSA key types to check known hosts
2020-04-20 11:34:56 +02:00
Tom Stellard
53c8c93125
Prevent discarding of -g when compiling with clang
2020-04-17 16:06:52 +00:00
Kamil Dudka
ac5c236f18
new upstream release - 7.69.1
2020-03-11 10:23:53 +01:00
Kamil Dudka
fbcad9a3a0
Resolves : #1810989 - make Flatpak work again
2020-03-09 09:54:27 +01:00
Kamil Dudka
249d0aea51
new upstream release - 7.69.0
2020-03-04 11:41:43 +01:00
Fedora Release Engineering
83181bd6d3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 15:11:40 +00:00
Kamil Dudka
dfb411a0a2
new upstream release - 7.68.0
2020-01-08 09:52:29 +01:00
Kamil Dudka
13f70ceee2
fix upstream release number in last two change log items
2020-01-08 09:47:26 +01:00
Kamil Dudka
d1233ad4cd
do not run test-suite through valgrind on i686 brew builds
...
The architecture is being decommissioned in Fedora, which makes it
difficult to debug valgrind failures (usually not related to curl
anyway).
2019-11-15 10:37:39 +01:00
Kamil Dudka
eeb37e29bd
Related: #1771025 - fix date in the last change log entry
2019-11-14 16:25:25 +01:00
Kamil Dudka
2298078d54
Resolves : #1771025 - fix infinite loop on upload using a glob
2019-11-14 13:57:39 +01:00
Kamil Dudka
c667b141d6
new upstream release - 7.67.0
2019-11-06 09:26:57 +01:00
Kamil Dudka
e0bf66ef6c
fix memory leaked by parse_metalink()
2019-09-13 10:18:24 +02:00
Kamil Dudka
da9af16256
new upstream release - 7.66.0
...
Resolves: CVE-2019-5481 - double free due to subsequent call of realloc()
Resolves: CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
2019-09-12 15:20:21 +02:00
Kamil Dudka
91c50ee6d4
Resolves : #1690971 - avoid reporting spurious error in the HTTP2 framing layer
2019-08-27 18:11:29 +02:00
Kamil Dudka
8559ecc1d9
changelog: fix copy/paste error in the last entry
2019-08-01 16:41:42 +02:00
Kamil Dudka
863394fd95
improve handling of gss_init_sec_context() failures
2019-08-01 16:37:57 +02:00
Fedora Release Engineering
22186831fb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 21:21:56 +00:00
Paul Howarth
a5c984a590
new upstream release - 7.65.3
2019-07-20 12:02:57 +01:00
Kamil Dudka
6e794d5beb
new upstream release - 7.65.2
2019-07-17 10:34:24 +02:00
Kamil Dudka
901da63160
new upstream release - 7.65.1
2019-06-05 09:33:30 +02:00
Kamil Dudka
b6ccff47ac
Resolves : #1714893 - fix spurious timeout events with speed-limit
2019-05-30 15:27:58 +02:00
Kamil Dudka
3c7950da77
new upstream release - 7.65.0
...
Resolves: CVE-2019-5436 - TFTP receive buffer overflow
Resolves: CVE-2019-5435 - integer overflows in curl_url_set()
2019-05-22 10:42:26 +02:00
Kamil Dudka
9dd5d73f3b
do not treat failure of gss_init_sec_context() with --negotiate as fatal
...
This commit fixes a major incompatibility introduced in curl-7.64.1.
Bug: https://github.com/curl/curl/issues/3726
2019-05-09 10:08:03 +02:00
Paul Howarth
8fd906c559
generation of shell completions now needs more perl stuff
2019-04-05 13:38:27 +01:00
Kamil Dudka
bbad3e0a62
new upstream release - 7.64.1
2019-03-27 12:45:46 +01:00
Kamil Dudka
0ed971f14f
fix last but one change log entry
2019-03-25 12:39:00 +01:00
Kamil Dudka
7594f15bce
Related: #1690971 - remove verbose "Expire in" ... messages
2019-03-25 12:35:52 +01:00
Kamil Dudka
902ddefeb5
avoid spurious "Could not resolve host: [host name]" error messages
2019-03-21 09:39:30 +01:00
Kamil Dudka
95008127cf
Resolves : #1683676 - fix NULL dereference if flushing cookies with no CookieInfo set
2019-02-27 18:02:05 +01:00
Kamil Dudka
e97fdf9b7f
Resolves : #1680198 - prevent NetworkManager from leaking file descriptors
2019-02-25 14:24:32 +01:00
Kamil Dudka
9ace613273
make zsh completion work again
2019-02-11 13:22:07 +01:00
Kamil Dudka
2bdb624139
new upstream release - 7.64.0
...
Resolves: CVE-2019-3823 - SMTP end-of-response out-of-bounds read
Resolves: CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
Resolves: CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
2019-02-06 09:56:05 +01:00
Kamil Dudka
3c5dec6602
prevent valgrind from reporting false positives on x86_64
2019-02-04 17:45:12 +01:00
Fedora Release Engineering
9221f774a1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 16:37:02 +00:00
Kamil Dudka
1a6a3b20a6
Resolves: CVE-2018-20483 - xattr: strip credentials from any URL that is stored
2019-01-21 10:13:55 +01:00
Kamil Dudka
da8449decd
replace 0001-curl-7.62.0-http-post-negotiate.patch by upstream patch
2019-01-07 12:42:06 +01:00
Kamil Dudka
32b0144f20
replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch
2019-01-04 14:18:53 +01:00
Kamil Dudka
49f5a42f96
Resolves : #1658574 - curl -J: do not append to the destination file
2018-12-19 13:43:28 +01:00
Kamil Dudka
c30a9c7fdb
Resolves : #1659329 - revert an upstream commit that broke fedpkg new-sources
2018-12-14 11:21:54 +01:00
Kamil Dudka
c91c27bce9
libtest: avoid symbol lookup error in libstubgss.so
2018-12-12 14:39:00 +01:00
Kamil Dudka
a94ce82de0
new upstream release - 7.63.0
2018-12-12 09:51:10 +01:00
Kamil Dudka
34a4d8f848
new upstream release - 7.62.0
...
Resolves: CVE-2018-16839 - SASL password overflow via integer overflow
Resolves: CVE-2018-16840 - use-after-free in handle close
Resolves: CVE-2018-16842 - warning message out-of-buffer read
2018-10-31 12:47:56 +01:00
Kamil Dudka
9be316eea1
enable TLS 1.3 post-handshake auth in OpenSSL
...
Bug: https://github.com/curl/curl/pull/3027
2018-10-11 16:16:32 +02:00
Kamil Dudka
2346b66a23
update the documentation of --tlsv1.0 in curl(1) man page
2018-10-11 16:16:18 +02:00
Kamil Dudka
800bb58ef3
Resolves : #1631804 - enforce versioned libpsl dependency for libcurl
2018-10-05 13:59:35 +02:00
Kamil Dudka
84125cbefe
test320: update expected output for gnutls-3.6.4
2018-10-05 13:41:48 +02:00
Kamil Dudka
ece57c4aa4
Related: #1622594 - drop 0105-curl-7.61.0-tests-ssh-keygen.patch no longer needed
2018-10-04 15:37:53 +02:00
Kamil Dudka
20b63790e4
new upstream release - 7.61.1
...
Resolves: CVE-2018-14618 - NTLM password overflow via integer overflow
2018-09-05 10:03:29 +02:00
Kamil Dudka
e7b6b91818
make the --tls13-ciphers option work
2018-09-04 15:48:11 +02:00
Kamil Dudka
8bff7e0d6b
Related: #1622594 - tests: make ssh-keygen always produce PEM format
...
The default format produced by openssh-7.8p1 cannot be consumed
by currently available versions of libssh and libssh2.
2018-08-27 16:55:32 +02:00
Kamil Dudka
023b327acc
Resolves : #1595135 - scp/sftp: fix infinite connect loop on invalid private key
2018-08-15 13:57:06 +02:00
Kamil Dudka
178b0fc823
Resolves : #1219544 - ssl: set engine implicitly when a PKCS#11 URI is provided
2018-08-09 15:35:59 +02:00
Kamil Dudka
35134a4aee
Related: #1610888 - relax crypto policy for the test-suite to make it pass again
2018-08-07 16:56:26 +02:00
Kamil Dudka
3fb6e23557
disable flaky test 1900, which covers deprecated HTTP pipelining
...
See https://github.com/curl/curl/pull/2705 for details.
2018-07-31 10:42:03 +02:00
Kamil Dudka
85286dc2b3
adapt test 323 for updated OpenSSL
2018-07-31 10:33:53 +02:00
Kamil Dudka
bcdea58703
temporarily disable test 582 on s390x (client times out)
2018-07-13 13:47:08 +02:00
Fedora Release Engineering
072eac2fb6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 22:28:24 +00:00
Kamil Dudka
a89a46eca8
new upstream release - 7.61.0
...
Resolves: CVE-2018-0500 - SMTP send heap buffer overflow
2018-07-11 14:19:28 +02:00
Kamil Dudka
d41d215108
disable test 1455, which occasionally fails in Koji
...
... with 'bind failed with errno 98: Address already in use'
2018-07-10 15:16:40 +02:00
Kamil Dudka
9f5f0d1189
enable support for brotli compression in libcurl-full
2018-07-10 13:51:08 +02:00
Kamil Dudka
befa5428f0
do not hard-wire path of the Python 3 interpreter
2018-07-04 15:20:51 +02:00
Kamil Dudka
4f55f71cfe
Related: #1570246 - enable vlagrind again
...
This reverts commit e51a34d6cc
.
2018-07-04 15:15:24 +02:00
Kamil Dudka
e51a34d6cc
Related: #1570246 - temporarily disable valgrind completely
...
... and revert the previous workaround, which does not work on Koji
2018-05-16 15:58:58 +02:00
Kamil Dudka
09c874db53
require glibc-debuginfo for valgrind-enabled build
...
... as suggested by valgrind itself:
valgrind: Fatal error at startup: a function redirection
valgrind: which is mandatory for this platform-tool combination
valgrind: cannot be set up. Details of the redirection are:
valgrind:
valgrind: A must-be-redirected function
valgrind: whose name matches the pattern: strlen
valgrind: in an object with soname matching: ld-linux-x86-64.so.2
valgrind: was not found whilst processing
valgrind: symbols from the object with soname: ld-linux-x86-64.so.2
valgrind:
valgrind: Possible fixes: (1, short term): install glibc's debuginfo
valgrind: package on this machine. (2, longer term): ask the packagers
valgrind: for your Linux distribution to please in future ship a non-
valgrind: stripped ld.so (or whatever the dynamic linker .so is called)
valgrind: that exports the above-named function using the standard
valgrind: calling conventions for this platform. The package you need
valgrind: to install for fix (1) is called
valgrind:
valgrind: On Debian, Ubuntu: libc6-dbg
valgrind: On SuSE, openSuSE, Fedora, RHEL: glibc-debuginfo
valgrind:
valgrind: Note that if you are debugging a 32 bit process on a
valgrind: 64 bit system, you will need a corresponding 32 bit debuginfo
valgrind: package (e.g. libc6-dbg:i386).
valgrind:
valgrind: Cannot continue -- exiting now. Sorry.
2018-05-16 15:23:55 +02:00
Kamil Dudka
5a0fa9250b
new upstream release, which fixes the following vulnerabilities
...
Resolves: CVE-2018-1000300 - FTP shutdown response buffer overflow
Resolves: CVE-2018-1000301 - RTSP bad headers buffer over-read
2018-05-16 15:02:28 +02:00
Kamil Dudka
a1b38730ce
make the test-suite use Python 3
...
Unfortunately, smbserver.py does not work with Python 3 because
there is no 'impacket' module available for Python 3:
https://github.com/CoreSecurity/impacket/issues/61
2018-03-15 15:43:07 +01:00
Kamil Dudka
6402b496fc
ftp: fix typo in recursive callback detection for seeking
2018-03-14 14:43:54 +01:00
Kamil Dudka
bdef0a1bf6
new upstream release - 7.59.0
...
Resolves: CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
Resolves: CVE-2018-1000121 - LDAP NULL pointer dereference
Resolves: CVE-2018-1000122 - RTSP RTP buffer over-read
2018-03-14 10:28:05 +01:00
Kamil Dudka
43b81665b0
http2: mark the connection for close on GOAWAY
2018-03-12 10:28:21 +01:00
Paul Howarth
bdc6ab544b
Robustness improvements to spec file
...
- Add explicity-used build requirements
- Fix libcurl soname version number in %files list to avoid accidental soname
bumps
2018-02-19 10:10:12 +00:00
Paul Howarth
a16f4de7a2
Update scriptlets, enforce versioned libssh dependency
...
- switch to %ldconfig_scriptlets
- drop legacy BuildRoot: and Group: tags
- enforce versioned libssh dependency for libcurl
2018-02-15 09:57:54 +00:00
Igor Gnatenko
5012445aca
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:11:49 +01:00
Kamil Dudka
960515d8a1
Related: #1540549 - drop temporary workaround for the GCC bug
2018-02-13 10:33:16 +01:00
Fedora Release Engineering
1bbb30f4f6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 06:08:47 +00:00
Kamil Dudka
b76e2f2c65
Related: #1540549 - use the workaround for f28 only
...
... so that it does not break the build with old versions of GCC
2018-02-01 14:05:00 +01:00
Kamil Dudka
bf966a954e
Related: #1540549 - temporarily work around internal compiler error on x86_64
2018-02-01 12:55:07 +01:00
Kamil Dudka
3ad2894efb
disable brp-ldconfig to make RemovePathPostfixes work
...
... with shared libraries again
Suggested at:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/54Y4DZXHYSDXJDHJTBTBYLXC7OJ73JDU/
2018-01-31 14:44:06 +01:00
Andreas Schneider
cbbefe6fb9
Resolves : #1531483 - use libssh (instead of libssh2)
...
... to implement SCP/SFTP in libcurl
2018-01-24 18:06:50 +01:00
Kamil Dudka
93c55561d3
new upstream release - 7.58.0
...
Resolves: CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
Resolves: CVE-2018-1000007 - curl: HTTP authentication leak in redirects
2018-01-24 11:55:14 +01:00
Kamil Dudka
ed352e927e
new upstream release - 7.57.0
...
Resolves: CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
Resolves: CVE-2017-8817 - curl: FTP wildcard out of bounds read
Resolves: CVE-2017-8818 - curl: SSL out of buffer access
2017-11-29 14:03:21 +01:00
Kamil Dudka
5d4a9257c3
new upstream release - 7.56.1 (fixes CVE-2017-1000257)
2017-10-23 10:13:16 +02:00
Kamil Dudka
c4a2596b22
re-enable temporarily disabled IDN2 test-cases
...
test2033 is now marked flaky by upstream, so it does not need
to explicitly disabled any more
2017-10-04 10:00:50 +02:00
Kamil Dudka
46c8abb050
new upstream release - 7.56.0 (fixes CVE-2017-1000254)
2017-10-04 09:36:05 +02:00
Kamil Dudka
b2dab7f315
Resolves : #1485702 - apply the patch for the previous commit and fix its name
2017-08-28 13:40:42 +02:00
Bastien Nocera
57a73689a9
+ curl-7.55.1-4
...
Fix NetworkManager connectivity check not working (#1485702 )
2017-08-28 13:26:23 +02:00
Kamil Dudka
0480ac07c5
Resolves : #1483972 - utilize system wide crypto policies for TLS
2017-08-22 17:39:58 +02:00
Kamil Dudka
8eae4647c3
make zsh completion work again
2017-08-15 12:34:08 +02:00
Kamil Dudka
019e1c424c
new upstream release - 7.55.1
2017-08-14 09:39:22 +02:00
Kamil Dudka
a12eed4ad5
avoid int overflow on arches with 32bit long
...
Bug: https://github.com/curl/curl/pull/1748
2017-08-09 14:34:27 +02:00
Kamil Dudka
46ef14b039
add BR for gnutls-utils to increase test coverage
2017-08-09 13:48:21 +02:00
Kamil Dudka
8e0d8e3815
add tests/{dictserver,negtelnetserver}.py
...
... not included in EXTRA_DIST: https://github.com/curl/curl/pull/1744
2017-08-09 12:36:41 +02:00
Kamil Dudka
ffdd721180
explicitly install libcurl man pages
2017-08-09 11:47:30 +02:00
Kamil Dudka
574639b8f6
drop multilib fix for libcurl header files no longer needed
2017-08-09 11:34:32 +02:00
Kamil Dudka
46042daf78
new upstream release - 7.55.0
...
Resolves: CVE-2017-1000099 - FILE buffer read out of bounds
Resolves: CVE-2017-1000100 - TFTP sends more than buffer size
Resolves: CVE-2017-1000101 - URL globbing out of bounds read
2017-08-09 10:52:10 +02:00
Fedora Release Engineering
0aa4c628e2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-02 19:22:27 +00:00
Florian Weimer
4af228aa7a
Rebuild with fixed binutils ( #1475636 )
2017-07-28 21:15:25 +02:00
Igor Gnatenko
6ec12398a3
Enable separate debuginfo back
...
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2017-07-28 19:43:57 +02:00
Kamil Dudka
a042788c8a
rebuild to fix broken linkage of cmake on ppc64le
2017-07-27 10:02:53 +02:00
Kamil Dudka
03b8614ff6
avoid build failure caused broken RPM code
...
... that produces debuginfo packages
Bug: https://github.com/rpm-software-management/rpm/issues/280
2017-07-26 16:48:08 +02:00
Fedora Release Engineering
44f7d8692a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 05:48:14 +00:00
Kamil Dudka
18e7a55066
Resolves : #1462184 - enforce versioned openssl-libs dependency for libcurl
2017-06-19 14:28:19 +02:00
Kamil Dudka
0aa20e6c92
new upstream release - 7.54.1
2017-06-14 10:50:24 +02:00
Kamil Dudka
e4d662f774
add *-full provides for curl and libcurl
...
... to make them explicitly installable
2017-05-16 13:28:03 +02:00
Kamil Dudka
f7041f17bf
make curl-minimal require a new enough version of libcurl
...
At the same time relax the dependency of curl on libcurl to support
running old curl on top of new libcurl but not vice versa.
2017-05-04 12:42:41 +02:00
Kamil Dudka
3be7c46fde
Resolves : #1445153 - switch the TLS backend back to OpenSSL
2017-04-27 10:42:34 +02:00
Kamil Dudka
9549974a4c
nss: use libnssckbi.so as the default source of trust
...
See https://github.com/curl/curl/pull/1414 for details.
2017-04-25 18:47:15 +02:00
Kamil Dudka
1e77c47734
Resolves : #1444860 - nss: do not leak PKCS #11 slot while loading a key
2017-04-25 18:37:35 +02:00
Kamil Dudka
0f99fceebe
new upstream release - 7.54.0 (fixes CVE-2017-7468)
2017-04-20 09:09:40 +02:00
Paul Howarth
db1a758364
add %post and %postun scriptlets for libcurl-minimal
...
also:
- libcurl-minimal provides both libcurl and libcurl%{?_isa}
- remove some legacy spec file cruft
2017-04-13 11:59:46 +01:00
Kamil Dudka
9b62c3eaeb
provide (lib)curl-minimal subpackages with lightweight build of (lib)curl
...
Discussed at:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/CBIGRS63BCULMZBU7O4KBIKDWZZKA7OV/
2017-04-13 08:15:22 +02:00
Kamil Dudka
0d44d984ff
bump release number
2017-04-10 13:55:52 +02:00
Kamil Dudka
a5dd610a20
disable upstream test 2033 (flaky test for HTTP/1 pipelining)
2017-04-10 13:32:42 +02:00
Kamil Dudka
d469b84593
Resolves: CVE-2017-7407 - fix out of bounds read in curl --write-out
2017-04-07 12:13:07 +02:00
Kamil Dudka
4832a02ce4
Resolves : #1428550 - make the dependency on nss-pem arch-specific
2017-03-06 10:30:12 +01:00
Kamil Dudka
c870f5feb8
Related: #1428286 - re-enable valgrind on ix86 because sqlite is fixed
2017-03-02 16:54:10 +01:00
Kamil Dudka
c1fbf35cce
new upstream release - 7.53.1
2017-02-24 10:51:31 +01:00
Kamil Dudka
efea9223f3
do not use valgrind on i686 until sqlite is rebuilt
...
... by patched GCC (#1423434 )
2017-02-22 12:17:41 +01:00
Kamil Dudka
8afeb9390f
new upstream release - 7.53.0 (fixes CVE-2017-2629)
2017-02-22 10:32:55 +01:00
Fedora Release Engineering
9ec0774d38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 08:05:00 +00:00
Kamil Dudka
00369df034
new upstream release - 7.52.1 (fixes CVE-2016-9586)
2016-12-23 10:06:25 +01:00
Kamil Dudka
c38149da81
Resolves : #1396719 - map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3
2016-11-21 09:54:16 +01:00
Kamil Dudka
40b1d9916f
stricter host name checking for file:// URLs
2016-11-15 18:40:23 +01:00
Kamil Dudka
2856bdf841
ssh: check md5 fingerprints case insensitively
2016-11-15 18:34:21 +01:00
Kamil Dudka
c8e1922952
temporarily disable failing libidn2 test-cases
2016-11-02 11:14:11 +01:00
Kamil Dudka
5169cd3899
new upstream release - 7.51.0
...
Resolves: CVE-2016-8615 - Cookie injection for other servers
Resolves: CVE-2016-8616 - Case insensitive password comparison
Resolves: CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
Resolves: CVE-2016-8618 - Double-free in curl_maprintf
Resolves: CVE-2016-8619 - Double-free in krb5 code
Resolves: CVE-2016-8620 - Glob parser write/read out of bounds
Resolves: CVE-2016-8621 - curl_getdate out-of-bounds read
Resolves: CVE-2016-8622 - URL unescape heap overflow via integer truncation
Resolves: CVE-2016-8623 - Use-after-free via shared cookies
Resolves: CVE-2016-8624 - Invalid URL parsing with '#'
Resolves: CVE-2016-8625 - IDNA 2003 makes curl use wrong host
2016-11-02 11:12:40 +01:00
Kamil Dudka
837f1f0f4e
drop 0103-curl-7.50.0-stunnel.patch no longer needed
...
It paralyzes the test-suite on systems with ancient versions of stunnel.
2016-10-20 13:39:29 +02:00
Kamil Dudka
6aadc8e2a0
use the just built version of libcurl while generating zsh completion
2016-10-07 12:23:18 +02:00
Kamil Dudka
b552e5528d
new upstream release - 7.50.3 (fixes CVE-2016-7167)
2016-09-14 10:50:47 +02:00
Kamil Dudka
1db8ad8d42
new upstream release - 7.50.2
2016-09-07 10:33:38 +02:00
Kamil Dudka
165cb33f0a
work around race condition in PK11_FindSlotByName()
...
Bug: https://bugzilla.mozilla.org/1297397
2016-08-26 15:48:18 +02:00
Kamil Dudka
0f6a97db34
Related: CVE-2016-5420 - fix incorrect use of a previously loaded certificate from file
2016-08-26 15:48:07 +02:00
Kamil Dudka
2fd0a39aee
new upstream release - 7.50.1
...
Resolves: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421
2016-08-03 10:10:39 +02:00