From f28824c4c657c041155cfe631de4fd2b0ca0e8d1 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Jan 24 2012 11:10:59 +0000 Subject: new upstream release (fixes CVE-2012-0036) --- diff --git a/.gitignore b/.gitignore index 54cee0c..afacc38 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /curl-7.21.7.tar.lzma /curl-7.22.0.tar.lzma /curl-7.23.0.tar.lzma +/curl-7.24.0.tar.lzma diff --git a/0001-curl-7.23.0-c532604.patch b/0001-curl-7.23.0-c532604.patch deleted file mode 100644 index 1b37290..0000000 --- a/0001-curl-7.23.0-c532604.patch +++ /dev/null @@ -1,227 +0,0 @@ -From c532604b137cae2e2814280778f914e4cd0460d1 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 20 Nov 2011 23:33:46 +0100 -Subject: [PATCH] -J -O: use -O name if no Content-Disposition header comes! - -A regression between 7.22.0 and 7.23.0 -- downloading a file with the -flags -O and -J results in the content being written to stdout if and -only if there was no Content-Disposition header in the http response. If -there is a C-D header with a filename attribute, the output is correctly -written. - -Reported by: Dave Reisner -Bug: http://curl.haxx.se/mail/archive-2011-11/0030.html - -Signed-off-by: Kamil Dudka ---- - src/tool_cb_hdr.c | 3 +- - src/tool_operate.c | 59 ++++++++++++++++++++++---------------------- - src/tool_operhlp.c | 18 +++++++++++++ - tests/data/Makefile.am | 2 +- - tests/data/test1210 | 63 ++++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 112 insertions(+), 33 deletions(-) - create mode 100644 tests/data/test1210 - -diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c -index fb24b45..dea7338 100644 ---- a/src/tool_cb_hdr.c -+++ b/src/tool_cb_hdr.c -@@ -66,8 +66,7 @@ size_t tool_header_cb(void *ptr, size_t size, size_t nmemb, void *userdata) - } - #endif - -- if(!outs->filename && (cb > 20) && -- checkprefix("Content-disposition:", str)) { -+ if((cb > 20) && checkprefix("Content-disposition:", str)) { - const char *p = str + 20; - - /* look for the 'filename=' parameter -diff --git a/src/tool_operate.c b/src/tool_operate.c -index 7ab815f..1e88120 100644 ---- a/src/tool_operate.c -+++ b/src/tool_operate.c -@@ -576,41 +576,40 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[]) - - if((urlnode->flags & GETOUT_USEREMOTE) - && config->content_disposition) { -- /* Our header callback sets the filename */ -+ /* Our header callback MIGHT set the filename */ - DEBUGASSERT(!outs.filename); - } -- else { -- if(config->resume_from_current) { -- /* We're told to continue from where we are now. Get the size -- of the file as it is now and open it for append instead */ -- struct_stat fileinfo; -- /* VMS -- Danger, the filesize is only valid for stream files */ -- if(0 == stat(outfile, &fileinfo)) -- /* set offset to current file size: */ -- config->resume_from = fileinfo.st_size; -- else -- /* let offset be 0 */ -- config->resume_from = 0; -- } - -- if(config->resume_from) { -- /* open file for output: */ -- FILE *file = fopen(outfile, config->resume_from?"ab":"wb"); -- if(!file) { -- helpf(config->errors, "Can't open '%s'!\n", outfile); -- res = CURLE_WRITE_ERROR; -- goto quit_urls; -- } -- outs.fopened = TRUE; -- outs.stream = file; -- outs.init = config->resume_from; -- } -- else { -- outs.stream = NULL; /* open when needed */ -+ if(config->resume_from_current) { -+ /* We're told to continue from where we are now. Get the size -+ of the file as it is now and open it for append instead */ -+ struct_stat fileinfo; -+ /* VMS -- Danger, the filesize is only valid for stream files */ -+ if(0 == stat(outfile, &fileinfo)) -+ /* set offset to current file size: */ -+ config->resume_from = fileinfo.st_size; -+ else -+ /* let offset be 0 */ -+ config->resume_from = 0; -+ } -+ -+ if(config->resume_from) { -+ /* open file for output: */ -+ FILE *file = fopen(outfile, config->resume_from?"ab":"wb"); -+ if(!file) { -+ helpf(config->errors, "Can't open '%s'!\n", outfile); -+ res = CURLE_WRITE_ERROR; -+ goto quit_urls; - } -- outs.filename = outfile; -- outs.s_isreg = TRUE; -+ outs.fopened = TRUE; -+ outs.stream = file; -+ outs.init = config->resume_from; -+ } -+ else { -+ outs.stream = NULL; /* open when needed */ - } -+ outs.filename = outfile; -+ outs.s_isreg = TRUE; - } - - if(uploadfile && !stdin_upload(uploadfile)) { -diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c -index 808d2d5..4c1697b 100644 ---- a/src/tool_operhlp.c -+++ b/src/tool_operhlp.c -@@ -178,6 +178,24 @@ CURLcode get_url_file_name(char **filename, const char *url) - return CURLE_OUT_OF_MEMORY; - } - } -+ -+ /* in case we built debug enabled, we allow an environment variable -+ * named CURL_TESTDIR to prefix the given file name to put it into a -+ * specific directory -+ */ -+#ifdef DEBUGBUILD -+ { -+ char *tdir = curlx_getenv("CURL_TESTDIR"); -+ if(tdir) { -+ char buffer[512]; /* suitably large */ -+ snprintf(buffer, sizeof(buffer), "%s/%s", tdir, *filename); -+ Curl_safefree(*filename); -+ *filename = strdup(buffer); /* clone the buffer */ -+ curl_free(tdir); -+ } -+ } -+#endif -+ - return CURLE_OK; - } - -diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am -index 581d46b..c52ef24 100644 ---- a/tests/data/Makefile.am -+++ b/tests/data/Makefile.am -@@ -76,7 +76,7 @@ test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 \ - test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \ - test1126 test1127 test1128 test1129 test1130 test1131 \ - test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ --test1208 test1209 \ -+test1208 test1209 test1210 \ - test1300 test1301 test1302 test1303 test1304 test1305 \ - test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \ - test1314 \ -diff --git a/tests/data/test1210 b/tests/data/test1210 -new file mode 100644 -index 0000000..df93198 ---- /dev/null -+++ b/tests/data/test1210 -@@ -0,0 +1,63 @@ -+ -+ -+ -+HTTP -+HTTP GET -+-J -+ -+ -+ -+# -+ -+ -+HTTP/1.1 200 OK -+Date: Thu, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+ -+12345 -+ -+ -+ -+# -+# Client-side -+ -+# this relies on the debug feature to allow us to set directory to store the -+# -O output in, using the CURL_TESTDIR variable -+ -+debug -+ -+ -+http -+ -+ -+HTTP GET with -J without Content-Disposition -+ -+ -+CURL_TESTDIR=%PWD/log -+ -+ -+http://%HOSTIP:%HTTPPORT/1210 -J -O -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+^User-Agent:.* -+ -+ -+GET /1210 HTTP/1.1 -+Host: %HOSTIP:%HTTPPORT -+Accept: */* -+ -+ -+ -+12345 -+ -+ -+ -+ --- -1.7.1 - diff --git a/0002-curl-7.23.0-9f7f6a6.patch b/0002-curl-7.23.0-9f7f6a6.patch deleted file mode 100644 index f653d72..0000000 --- a/0002-curl-7.23.0-9f7f6a6.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a8063d1e74cd86d0bbabee87aa57e660a08aca62 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Sun, 25 Dec 2011 22:37:24 +0100 -Subject: [PATCH] transfer: avoid unnecessary timeout event when waiting for 100-continue - -The commit 9dd85bc unintentionally changed the way we compute the time -spent waiting for 100-continue. In particular, when using a SSL client -certificate, the time spent by SSL handshake was included and could -cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up. - -Bug: https://bugzilla.redhat.com/767490 -Reported by: Mamoru Tasaka ---- - lib/transfer.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/lib/transfer.c b/lib/transfer.c -index e56fffd..3d82571 100644 ---- a/lib/transfer.c -+++ b/lib/transfer.c -@@ -2364,7 +2364,7 @@ Curl_setup_transfer( - (data->state.proto.http->sending == HTTPSEND_BODY)) { - /* wait with write until we either got 100-continue or a timeout */ - k->exp100 = EXP100_AWAITING_CONTINUE; -- k->start100 = k->start; -+ k->start100 = Curl_tvnow(); - - /* set a timeout for the multi interface */ - Curl_expire(data, CURL_TIMEOUT_EXPECT_100); --- -1.7.1 - diff --git a/0003-curl-7.23.0-e99128a.patch b/0003-curl-7.23.0-e99128a.patch deleted file mode 100644 index 25c6e5d..0000000 --- a/0003-curl-7.23.0-e99128a.patch +++ /dev/null @@ -1,339 +0,0 @@ -From 4da66a40bc4c29bb8b1bc325c45525826a6db531 Mon Sep 17 00:00:00 2001 -From: Yang Tse -Date: Wed, 28 Dec 2011 23:04:23 +0100 -Subject: [PATCH 1/2] ftpserver.pl: arbitrary application data splitting among - TCP packets [I] - -Initial step in order to allow our pingpong server to better support arbitrary -application data splitting among TCP packets. This first commit only addresses -reasembly of data that sockfilter processes reads from soockets and pingpong -server later reads from sockfilters stdout. - -Signed-off-by: Kamil Dudka ---- - tests/ftpserver.pl | 165 +++++++++++++++++++++++++++++++++++++++++++++++----- - 1 files changed, 151 insertions(+), 14 deletions(-) - -diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl -index 99722bb..cdd2916 100755 ---- a/tests/ftpserver.pl -+++ b/tests/ftpserver.pl -@@ -116,6 +116,8 @@ local *SFWRITE; # used to write to primary connection - local *DREAD; # used to read from secondary connection - local *DWRITE; # used to write to secondary connection - -+my $sockfilt_timeout = 5; # default timeout for sockfilter eXsysreads -+ - #********************************************************************** - # global vars which depend on server protocol selection - # -@@ -220,6 +222,141 @@ sub ftpmsg { - # better on windows/cygwin - } - -+#********************************************************************** -+# eXsysread is a wrapper around perl's sysread() function. This will -+# repeat the call to sysread() until it has actually read the complete -+# number of requested bytes or an unrecoverable condition occurs. -+# On success returns a positive value, the number of bytes requested. -+# On failure or timeout returns zero. -+# -+sub eXsysread { -+ my $FH = shift; -+ my $scalar = shift; -+ my $nbytes = shift; -+ my $timeout = shift; # A zero timeout disables eXsysread() time limit -+ # -+ my $time_limited = 0; -+ my $timeout_rest = 0; -+ my $start_time = 0; -+ my $nread = 0; -+ my $rc; -+ -+ $$scalar = ""; -+ -+ if((not defined $nbytes) || ($nbytes < 1)) { -+ logmsg "Error: eXsysread() failure: " . -+ "length argument must be positive\n"; -+ return 0; -+ } -+ if((not defined $timeout) || ($timeout < 0)) { -+ logmsg "Error: eXsysread() failure: " . -+ "timeout argument must be zero or positive\n"; -+ return 0; -+ } -+ if($timeout > 0) { -+ # caller sets eXsysread() time limit -+ $time_limited = 1; -+ $timeout_rest = $timeout; -+ $start_time = int(time()); -+ } -+ -+ while($nread < $nbytes) { -+ if($time_limited) { -+ eval { -+ local $SIG{ALRM} = sub { die "alarm\n"; }; -+ alarm $timeout_rest; -+ $rc = sysread($FH, $$scalar, $nbytes - $nread, $nread); -+ alarm 0; -+ }; -+ $timeout_rest = $timeout - (int(time()) - $start_time); -+ if($timeout_rest < 1) { -+ logmsg "Error: eXsysread() failure: timed out\n"; -+ return 0; -+ } -+ } -+ else { -+ $rc = sysread($FH, $$scalar, $nbytes - $nread, $nread); -+ } -+ if($got_exit_signal) { -+ logmsg "Error: eXsysread() failure: signalled to die\n"; -+ return 0; -+ } -+ if(not defined $rc) { -+ if($!{EINTR}) { -+ logmsg "Warning: retrying sysread() interrupted system call\n"; -+ next; -+ } -+ if($!{EAGAIN}) { -+ logmsg "Warning: retrying sysread() due to EAGAIN\n"; -+ next; -+ } -+ if($!{EWOULDBLOCK}) { -+ logmsg "Warning: retrying sysread() due to EWOULDBLOCK\n"; -+ next; -+ } -+ logmsg "Error: sysread() failure: $!\n"; -+ return 0; -+ } -+ if($rc < 0) { -+ logmsg "Error: sysread() failure: returned negative value $rc\n"; -+ return 0; -+ } -+ if($rc == 0) { -+ logmsg "Error: sysread() failure: read zero bytes\n"; -+ return 0; -+ } -+ $nread += $rc; -+ } -+ return $nread; -+} -+ -+#********************************************************************** -+# read_mainsockf attempts to read the given amount of output from the -+# sockfilter which is in use for the main or primary connection. This -+# reads untranslated sockfilt lingo which may hold data read from the -+# main or primary socket. On success returns 1, otherwise zero. -+# -+sub read_mainsockf { -+ my $scalar = shift; -+ my $nbytes = shift; -+ my $timeout = shift; # Optional argument, if zero blocks indefinitively -+ my $FH = \*SFREAD; -+ -+ if(not defined $timeout) { -+ $timeout = $sockfilt_timeout + ($nbytes >> 12); -+ } -+ if(eXsysread($FH, $scalar, $nbytes, $timeout) != $nbytes) { -+ my ($fcaller, $lcaller) = (caller)[1,2]; -+ logmsg "Error: read_mainsockf() failure at $fcaller " . -+ "line $lcaller. Due to eXsysread() failure\n"; -+ return 0; -+ } -+ return 1; -+} -+ -+#********************************************************************** -+# read_datasockf attempts to read the given amount of output from the -+# sockfilter which is in use for the data or secondary connection. This -+# reads untranslated sockfilt lingo which may hold data read from the -+# data or secondary socket. On success returns 1, otherwise zero. -+# -+sub read_datasockf { -+ my $scalar = shift; -+ my $nbytes = shift; -+ my $timeout = shift; # Optional argument, if zero blocks indefinitively -+ my $FH = \*DREAD; -+ -+ if(not defined $timeout) { -+ $timeout = $sockfilt_timeout + ($nbytes >> 12); -+ } -+ if(eXsysread($FH, $scalar, $nbytes, $timeout) != $nbytes) { -+ my ($fcaller, $lcaller) = (caller)[1,2]; -+ logmsg "Error: read_datasockf() failure at $fcaller " . -+ "line $lcaller. Due to eXsysread() failure\n"; -+ return 0; -+ } -+ return 1; -+} - - sub sysread_or_die { - my $FH = shift; -@@ -565,7 +702,7 @@ sub DATA_smtp { - $size = hex($1); - } - -- sysread \*SFREAD, $line, $size; -+ read_mainsockf(\$line, $size); - - $ulsize += $size; - print FILE $line if(!$nosave); -@@ -1140,7 +1277,7 @@ sub STOR_ftp { - $size = hex($1); - } - -- sysread DREAD, $line, $size; -+ read_datasockf(\$line, $size); - - #print STDERR " GOT: $size bytes\n"; - -@@ -1241,7 +1378,7 @@ sub PASV_ftp { - } - - # READ the response data -- sysread_or_die(\*DREAD, \$i, $size); -+ read_datasockf(\$i, $size); - - # The data is in the format - # IPvX/NNN -@@ -1815,38 +1952,38 @@ while(1) { - } - - # data -- sysread SFREAD, $_, $size; -+ read_mainsockf(\$input, $size); - -- ftpmsg $_; -+ ftpmsg $input; - - # Remove trailing CRLF. -- s/[\n\r]+$//; -+ $input =~ s/[\n\r]+$//; - - my $FTPCMD; - my $FTPARG; -- my $full=$_; -+ my $full = $input; - if($proto eq "imap") { - # IMAP is different with its identifier first on the command line -- unless (m/^([^ ]+) ([^ ]+) (.*)/ || -- m/^([^ ]+) ([^ ]+)/) { -- sendcontrol "$1 '$_': command not understood.\r\n"; -+ unless(($input =~ /^([^ ]+) ([^ ]+) (.*)/) || -+ ($input =~ /^([^ ]+) ([^ ]+)/)) { -+ sendcontrol "$1 '$input': command not understood.\r\n"; - last; - } - $cmdid=$1; # set the global variable - $FTPCMD=$2; - $FTPARG=$3; - } -- elsif (m/^([A-Z]{3,4})(\s(.*))?$/i) { -+ elsif($input =~ /^([A-Z]{3,4})(\s(.*))?$/i) { - $FTPCMD=$1; - $FTPARG=$3; - } -- elsif($proto eq "smtp" && m/^[A-Z0-9+\/]{0,512}={0,2}$/i) { -+ elsif(($proto eq "smtp") && ($input =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) { - # SMTP long "commands" are base64 authentication data. -- $FTPCMD=$_; -+ $FTPCMD=$input; - $FTPARG=""; - } - else { -- sendcontrol "500 '$_': command not understood.\r\n"; -+ sendcontrol "500 '$input': command not understood.\r\n"; - last; - } - --- -1.7.8.1 - - -From 17ef4b9449f434eb105c652a57fea61572c78b5a Mon Sep 17 00:00:00 2001 -From: Yang Tse -Date: Thu, 29 Dec 2011 23:40:06 +0100 -Subject: [PATCH 2/2] ftpserver.pl: arbitrary application data splitting among - TCP packets [II] - -Take in account that 'pingpong' server commands may arrive splitted among -several sockfilt 'DATA' PDU's. - -Signed-off-by: Kamil Dudka ---- - tests/ftpserver.pl | 26 +++++++++++++++++--------- - 1 files changed, 17 insertions(+), 9 deletions(-) - -diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl -index cdd2916..85476a2 100755 ---- a/tests/ftpserver.pl -+++ b/tests/ftpserver.pl -@@ -1925,6 +1925,8 @@ while(1) { - } - } - -+ my $full = ""; -+ - while(1) { - my $i; - -@@ -1956,34 +1958,38 @@ while(1) { - - ftpmsg $input; - -+ $full .= $input; -+ -+ # Loop until command completion -+ next unless($full =~ /\r\n$/); -+ - # Remove trailing CRLF. -- $input =~ s/[\n\r]+$//; -+ $full =~ s/[\n\r]+$//; - - my $FTPCMD; - my $FTPARG; -- my $full = $input; - if($proto eq "imap") { - # IMAP is different with its identifier first on the command line -- unless(($input =~ /^([^ ]+) ([^ ]+) (.*)/) || -- ($input =~ /^([^ ]+) ([^ ]+)/)) { -- sendcontrol "$1 '$input': command not understood.\r\n"; -+ unless(($full =~ /^([^ ]+) ([^ ]+) (.*)/) || -+ ($full =~ /^([^ ]+) ([^ ]+)/)) { -+ sendcontrol "$1 '$full': command not understood.\r\n"; - last; - } - $cmdid=$1; # set the global variable - $FTPCMD=$2; - $FTPARG=$3; - } -- elsif($input =~ /^([A-Z]{3,4})(\s(.*))?$/i) { -+ elsif($full =~ /^([A-Z]{3,4})(\s(.*))?$/i) { - $FTPCMD=$1; - $FTPARG=$3; - } -- elsif(($proto eq "smtp") && ($input =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) { -+ elsif(($proto eq "smtp") && ($full =~ /^[A-Z0-9+\/]{0,512}={0,2}$/i)) { - # SMTP long "commands" are base64 authentication data. -- $FTPCMD=$input; -+ $FTPCMD=$full; - $FTPARG=""; - } - else { -- sendcontrol "500 '$input': command not understood.\r\n"; -+ sendcontrol "500 '$full': command not understood.\r\n"; - last; - } - -@@ -1993,6 +1999,8 @@ while(1) { - print STDERR "IN: $full\n"; - } - -+ $full = ""; -+ - my $delay = $delayreply{$FTPCMD}; - if($delay) { - # just go sleep this many seconds! --- -1.7.8.1 - diff --git a/0102-curl-7.21.2-debug.patch b/0102-curl-7.21.2-debug.patch index 792d753..7691826 100644 --- a/0102-curl-7.21.2-debug.patch +++ b/0102-curl-7.21.2-debug.patch @@ -6,7 +6,7 @@ diff --git a/configure b/configure index d3ecf69..6d8f085 100755 --- a/configure +++ b/configure -@@ -15030,18 +15030,11 @@ $as_echo "yes" >&6; } +@@ -15040,18 +15040,11 @@ $as_echo "yes" >&6; } gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` diff --git a/0105-curl-7.21.3-disable-test1112.patch b/0105-curl-7.21.3-disable-test1112.patch index 515968e..d2367a9 100644 --- a/0105-curl-7.21.3-disable-test1112.patch +++ b/0105-curl-7.21.3-disable-test1112.patch @@ -6,7 +6,7 @@ diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 9370974..b553f54 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am -@@ -72,7 +72,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ +@@ -73,7 +73,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ @@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in index 435b126..1d71c4e 100644 --- a/tests/data/Makefile.in +++ b/tests/data/Makefile.in -@@ -320,7 +320,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ +@@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085 \ test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093 \ test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101 \ test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 \ diff --git a/curl-7.23.0.tar.lzma.asc b/curl-7.23.0.tar.lzma.asc deleted file mode 100644 index 27f86e4..0000000 --- a/curl-7.23.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAk7CvskACgkQeOEcayedXJE+1wCfSGPiMFNxfrb4a27raX8CcBgV -gP4AoOJ8ye2MRiYw5aMILv9xFm14kygU -=E5o2 ------END PGP SIGNATURE----- diff --git a/curl-7.24.0.tar.lzma.asc b/curl-7.24.0.tar.lzma.asc new file mode 100644 index 0000000..720b4df --- /dev/null +++ b/curl-7.24.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS +ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+ +=SL4u +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index de2d880..4aa3a94 100644 --- a/curl.spec +++ b/curl.spec @@ -1,22 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.23.0 -Release: 6%{?dist} +Version: 7.24.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h Source3: hide_selinux.c -# -J -O: use -O name if no Content-Disposition header comes! -Patch1: 0001-curl-7.23.0-c532604.patch - -# transfer: avoid unnecessary timeout event when waiting for 100-continue -Patch2: 0002-curl-7.23.0-9f7f6a6.patch - -# do not skip FTPS tests with nss-3.13 -Patch3: 0003-curl-7.23.0-e99128a.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.21.1-multilib.patch @@ -115,11 +106,6 @@ for f in CHANGES README; do mv -f ${f}.utf8 ${f} done -# upstream patches -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - # Fedora patches %patch101 -p1 %patch102 -p1 @@ -232,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Jan 24 2012 Kamil Dudka 7.24.0-1 +- new upstream release (fixes CVE-2012-0036) + * Thu Jan 05 2012 Paul Howarth 7.23.0-6 - rebuild for gcc 4.7 diff --git a/sources b/sources index b417d66..1a65fc7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -af901db5f3d21609cc6fe960a6c293fb curl-7.23.0.tar.lzma +713d7d7cbc5cfaabd785a2ff905096f2 curl-7.24.0.tar.lzma