diff --git a/0001-curl-7.64.0-zsh-completion.patch b/0001-curl-7.64.0-zsh-completion.patch new file mode 100644 index 0000000..770a15b --- /dev/null +++ b/0001-curl-7.64.0-zsh-completion.patch @@ -0,0 +1,76 @@ +From 082034e2334b2d0795b2b324ff3e0635bb7d2b86 Mon Sep 17 00:00:00 2001 +From: Alessandro Ghedini +Date: Tue, 5 Feb 2019 20:44:14 +0000 +Subject: [PATCH 1/2] zsh.pl: update regex to better match curl -h output + +The current regex fails to match '<...>' arguments properly (e.g. those +with spaces in them), which causes an completion script with wrong +descriptions for some options. + +The problem can be reproduced as follows: + +% curl --reso + +Upstream-commit: dbd32f3241b297b96ee11a51da1a661f528ca026 +Signed-off-by: Kamil Dudka +--- + scripts/zsh.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/zsh.pl b/scripts/zsh.pl +index 1257190..941b322 100755 +--- a/scripts/zsh.pl ++++ b/scripts/zsh.pl +@@ -7,7 +7,7 @@ use warnings; + + my $curl = $ARGV[0] || 'curl'; + +-my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s([^\s.]+)?\s+(.*)'; ++my $regex = '\s+(?:(-[^\s]+),\s)?(--[^\s]+)\s*(\<.+?\>)?\s+(.*)'; + my @opts = parse_main_opts('--help', $regex); + + my $opts_str; +-- +2.17.2 + + +From 45abc785e101346f19599aa5f9fa1617e525ec4d Mon Sep 17 00:00:00 2001 +From: Alessandro Ghedini +Date: Tue, 5 Feb 2019 21:06:26 +0000 +Subject: [PATCH 2/2] zsh.pl: escape ':' character + +':' is interpreted as separator by zsh, so if used as part of the argument +or option's description it needs to be escaped. + +The problem can be reproduced as follows: + +% curl -E + +Bug: https://bugs.debian.org/921452 + +Upstream-commit: b3cc8017b7364f588365be2b2629c49c142efdb7 +Signed-off-by: Kamil Dudka +--- + scripts/zsh.pl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/zsh.pl b/scripts/zsh.pl +index 941b322..0f9cbec 100755 +--- a/scripts/zsh.pl ++++ b/scripts/zsh.pl +@@ -45,9 +45,12 @@ sub parse_main_opts { + + my $option = ''; + ++ $arg =~ s/\:/\\\:/g if defined $arg; ++ + $desc =~ s/'/'\\''/g if defined $desc; + $desc =~ s/\[/\\\[/g if defined $desc; + $desc =~ s/\]/\\\]/g if defined $desc; ++ $desc =~ s/\:/\\\:/g if defined $desc; + + $option .= '{' . trim($short) . ',' if defined $short; + $option .= trim($long) if defined $long; +-- +2.17.2 + diff --git a/curl.spec b/curl.spec index 1a410f0..3c8279d 100644 --- a/curl.spec +++ b/curl.spec @@ -1,10 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.64.0 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz +# make zsh completion work again +Patch1: 0001-curl-7.64.0-zsh-completion.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -166,6 +169,7 @@ be installed. %setup -q # upstream patches +%patch1 -p1 # Fedora patches %patch101 -p1 @@ -333,6 +337,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon Feb 11 2019 Kamil Dudka - 7.64.0-2 +- make zsh completion work again + * Wed Feb 06 2019 Kamil Dudka - 7.64.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2019-3823 - SMTP end-of-response out-of-bounds read