Commit Graph

40 Commits

Author SHA1 Message Date
Kamil Dudka
fa64a61826 Related: CVE-2022-27774 - update gating.yaml for RHEL-9 2022-04-28 13:36:24 +02:00
Kamil Dudka
8929aa4b81 Resolves: CVE-2022-27774 - fix credential leak on redirect 2022-04-28 13:35:41 +02:00
Kamil Dudka
0a149a1ed9 Resolves: CVE-2022-27776 - fix auth/cookie leak on redirect 2022-04-28 13:35:30 +02:00
Kamil Dudka
ebff9aa2cc Resolves: CVE-2022-27775 - fix bad local IPv6 connection reuse 2022-04-28 13:35:10 +02:00
Kamil Dudka
7c695ff325 Resolves: CVE-2022-22576 - fix OAUTH2 bearer bypass in connection re-use 2022-04-28 13:34:45 +02:00
Kamil Dudka
a3da9b9ac3 Related: #2005874 - re-disable HSTS in libcurl
... as an experimental feature
2021-10-26 17:35:49 +02:00
Kamil Dudka
64fed6be02 Related: #2005874 - run upstream tests for both curl-minimal and curl-full
As we made libcurl-minimal more minimal, it differs more from
libcurl-full and it should be tested separately.  On the other
hand, the test-suite for libcurl-minimal runs faster now because
more tests are skipped.
2021-10-06 13:44:09 +02:00
Kamil Dudka
91252b5be5 Resolves: #2005874 - disable more protocols and features in libcurl-minimal
... to limit vulnerability exposure in case there is a CVE in curl
in some of the rarer protocols
2021-10-06 13:42:01 +02:00
Kamil Dudka
6f12b4a106 Related: #2005874 - explicitly disable zstd while configuring curl
... in order to make local builds closer to what we get from Koji
2021-10-06 13:41:57 +02:00
Kamil Dudka
b4895633ac Related: #2005874 - curl.spec: align the lists of configure options
... to make it easier to extend the lists
2021-10-06 13:41:44 +02:00
Kamil Dudka
18dc6a0508 Resolves: CVE-2021-22947 - fix STARTTLS protocol injection via MITM 2021-09-17 10:35:40 +02:00
Kamil Dudka
29681cbdd7 Resolves: CVE-2021-22946 - fix protocol downgrade required TLS bypass 2021-09-17 10:35:38 +02:00
Kamil Dudka
f58185cd40 Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending 2021-09-17 10:35:29 +02:00
Mohan Boddu
e32e427920 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 19:44:44 +00:00
Florian Weimer
f2c10b31eb Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
2021-07-28 11:50:14 +02:00
Kamil Dudka
a1aeccc458 Related: CVE-2021-22924 - make explicit dependency on openssl work
... with alpha/beta builds of openssl

Reported-by: Daniel Rusek
2021-07-23 17:37:28 +02:00
Kamil Dudka
ad77edcfa4 Related: CVE-2021-22924 - bump release to pick gating.yaml
Ideally such commits and builds should not be needed.  The following
ticket asks for an extension of OSCI to avoid them in the future:

https://issues.redhat.com/browse/OSCI-2320 - unable to apply a new test configuration on an existing brew build
2021-07-23 15:56:43 +02:00
Kamil Dudka
0f0e1c9fb4 Resolves: #1681019 - gating.yaml: use BaseOS CI for gating 2021-07-23 14:53:38 +02:00
Kamil Dudka
62ea6c3a17 Resolves: CVE-2021-22925 - fix TELNET stack contents disclosure again 2021-07-22 09:30:56 +02:00
Kamil Dudka
422b232978 Resolves: CVE-2021-22924 - fix bad connection reuse due to flawed path name checks 2021-07-22 09:30:43 +02:00
Mohan Boddu
d580cec333 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-15 20:29:00 +00:00
Kamil Dudka
05f59553df Resolves: #1967213 - build the curl tool without metalink support
Today curl upstream announced that they are going to completely remove
support for metalink from curl already in the next release of curl due
to a number of difficult to fix security issues:

    https://curl.se/mail/archive-2021-06/0006.html
    https://github.com/curl/curl/pull/7176
2021-06-03 08:18:46 +02:00
Kamil Dudka
469a44d0c1 Resolves: #1941925 - fix SIGSEGV upon disconnect of a ldaps:// transfer 2021-06-02 15:49:30 +02:00
Kamil Dudka
bc006791a4 Resolves: CVE-2021-22901 - fix TLS session caching disaster 2021-05-26 13:10:45 +02:00
Kamil Dudka
aa689a0f22 Resolves: CVE-2021-22898 - fix TELNET stack contents disclosure 2021-05-26 13:10:43 +02:00
Kamil Dudka
2461a58681 Resolves: #1938699 - http2: fix resource leaks detected by Coverity 2021-05-03 20:49:06 +02:00
Kamil Dudka
d7e1d3c8be new upstream release - 7.76.1
Resolves: #1950111
2021-04-23 17:08:53 +02:00
Kamil Dudka
3872cc4434 new upstream release - 7.76.0
Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
2021-04-23 17:08:06 +02:00
Kamil Dudka
3addcd310b replace 0104-curl-7.73.0-localhost6.patch by sed invocation
... to avoid conflict resolution on new upstream releases

Related: #1950111
2021-04-23 16:41:07 +02:00
Mohan Boddu
9fbfeb4898 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-15 23:00:41 +00:00
Kamil Dudka
548eee58a5 Related: #1941925 - temporarily disable an unreliable test-case 2021-03-24 13:52:09 +01:00
Kamil Dudka
41dba95570 Resolves: #1941925 - fix SIGSEGV upon disconnect of a ldaps:// transfer 2021-03-24 11:21:28 +01:00
Kamil Dudka
996e51f2d6 %check: use unstripped library from the build dir
It results in more detailed backtraces in valgrind's output.
2021-03-24 11:21:28 +01:00
Kamil Dudka
6ace03bc47 Resolves: #1932082 - build-require python3-impacket only on Fedora
It might not be available in RHEL or CentOS Stream build repos.
2021-03-04 18:09:40 +01:00
DistroBaker
263115e94c Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/curl.git#7dada590f21a6aa8ea6033f636f03e334d91a026
2021-02-06 15:23:58 +00:00
DistroBaker
2174528c27 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/curl.git#1cfc0aeb3b0803992927a289aec9140acc107853
2021-01-26 15:41:57 +00:00
DistroBaker
a16bb47a53 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/curl.git#182c2a8bbbeee42a6e4d16817c764f624390d87d
2020-12-15 10:57:47 +00:00
DistroBaker
359180b2e6 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/curl.git#182c2a8bbbeee42a6e4d16817c764f624390d87d
2020-12-10 01:12:41 +01:00
Petr Šabata
c3f9b577a5 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/curl#3c950d55416b900db1a4bd1720769de977c56ac1
2020-10-14 23:25:29 +02:00
Release Configuration Management
ac5e667c8a New branch setup 2020-10-08 11:34:11 +00:00