new upstream release - 7.38.0 (fixes CVE-2014-3613 and CVE-2014-3620)

2014-09-10 15:34:06 +02:00 · 2014-09-10 15:34:06 +02:00 · 0d94c479b6
parent acdb7eec10
commit 0d94c479b6
7 changed files with 16 additions and 1027 deletions
--- a/0001-curl-7.37.1-gssapi.patch
+++ b/0001-curl-7.37.1-gssapi.patch
--- a/0102-curl-7.36.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16006,18 +16006,11 @@ $as_echo "yes" >&6; }
+@@ -16004,18 +16004,11 @@ $as_echo "yes" >&6; }
     gccvhi=`echo $gccver | cut -d . -f1`
     gccvlo=`echo $gccver | cut -d . -f2`
     compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
--- a/0103-curl-7.36.0-metalink.patch
+++ b/0103-curl-7.36.0-metalink.patch
@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index a466175..cb63075 100755
 --- a/configure
 +++ b/configure
-@@ -15471,13 +15471,9 @@ fi
+@@ -15469,13 +15469,9 @@ fi
 
 
 
@ -33,7 +33,7 @@ diff --git a/configure.ac b/configure.ac
 index 49309e6..90c56b5 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -242,13 +242,17 @@ fi
+@@ -241,13 +241,17 @@ fi
 AC_SUBST([CPPFLAG_CURL_STATICLIB])
 
 
--- a/curl-7.37.1.tar.lzma.asc
+++ b/curl-7.37.1.tar.lzma.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlPGjoIACgkQeOEcayedXJEelACg3KLWyIN61do2wGJDBbD7OuKE
-BvUAoLM3qS3woSWA33C4+eWHxESUBJhX
-=4sUq
-----END PGP SIGNATURE-----
--- a/curl-7.38.0.tar.lzma.asc
+++ b/curl-7.38.0.tar.lzma.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
+U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
+=9D9Q
+-----END PGP SIGNATURE-----
--- a/curl.spec
+++ b/curl.spec
@ -1,15 +1,12 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.37.1
-Release: 3%{?dist}
+Version: 7.38.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h

-# fix endless loop with GSSAPI proxy auth (patches by David Woodhouse, #1118751)
-Patch1:   0001-curl-7.37.1-gssapi.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -123,7 +120,6 @@ documentation of the library, too.
 %setup -q

 # upstream patches
-%patch1 -p1

 # Fedora patches
 %patch101 -p1
@ -247,6 +243,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Wed Sep 10 2014 Kamil Dudka <kdudka@redhat.com> 7.38.0-1
+- new upstream release (fixes CVE-2014-3613 and CVE-2014-3620)
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.37.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-71c313865ce687b0d3f05035fad4dfa5  curl-7.37.1.tar.lzma
+fdafc30cbf0acd2fe6bc31b956b856a5  curl-7.38.0.tar.lzma