new upstream release (fixes CVE-2013-2174)

This commit is contained in:
Kamil Dudka 2013-06-22 21:39:26 +02:00
parent 97702c76cc
commit 104dece0d5
9 changed files with 24 additions and 190 deletions

View File

@ -1,131 +0,0 @@
From c5c7d61620e1d9ebd039b9931898635659a0a356 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 12 Apr 2013 14:13:42 +0200
Subject: [PATCH] tests: prevent test206, test1060, and test1061 from failing
... in case runtests.pl is invoked with non-default -b option
Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
[upstream commit ddbda328b37eb4b5f43fbd1dd8248c301fd2b30e]
---
tests/data/test1060 | 14 +++++++-------
tests/data/test1061 | 14 +++++++-------
tests/data/test206 | 14 +++++++-------
3 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/tests/data/test1060 b/tests/data/test1060
index da1be78..e303a89 100644
--- a/tests/data/test1060
+++ b/tests/data/test1060
@@ -874,7 +874,7 @@ crypto
HTTP proxy CONNECT auth Digest, large headers and data
</name>
<command>
-http://test.remote.haxx.se.1060:%HTTPPORT/path/10600002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
+http://test.remote.haxx.se.1060:8990/path/10600002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
</command>
</client>
@@ -884,17 +884,17 @@ http://test.remote.haxx.se.1060:%HTTPPORT/path/10600002 --proxy http://%HOSTIP:%
^User-Agent: curl/.*
</strip>
<protocol>
-CONNECT test.remote.haxx.se.1060:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.1060:%HTTPPORT
+CONNECT test.remote.haxx.se.1060:8990 HTTP/1.1
+Host: test.remote.haxx.se.1060:8990
Proxy-Connection: Keep-Alive
-CONNECT test.remote.haxx.se.1060:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.1060:%HTTPPORT
-Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.1060:%HTTPPORT", response="e1fbed39c26f4efe284adc0e576ff638"
+CONNECT test.remote.haxx.se.1060:8990 HTTP/1.1
+Host: test.remote.haxx.se.1060:8990
+Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.1060:8990", response="e1fbed39c26f4efe284adc0e576ff638"
Proxy-Connection: Keep-Alive
GET /path/10600002 HTTP/1.1
-Host: test.remote.haxx.se.1060:%HTTPPORT
+Host: test.remote.haxx.se.1060:8990
Accept: */*
</protocol>
diff --git a/tests/data/test1061 b/tests/data/test1061
index 05c3209..a1d7286 100644
--- a/tests/data/test1061
+++ b/tests/data/test1061
@@ -879,7 +879,7 @@ crypto
HTTP proxy CONNECT auth Digest, large headers and chunked data
</name>
<command>
-http://test.remote.haxx.se.1061:%HTTPPORT/path/10610002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
+http://test.remote.haxx.se.1061:8990/path/10610002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
</command>
</client>
@@ -889,17 +889,17 @@ http://test.remote.haxx.se.1061:%HTTPPORT/path/10610002 --proxy http://%HOSTIP:%
^User-Agent: curl/.*
</strip>
<protocol>
-CONNECT test.remote.haxx.se.1061:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.1061:%HTTPPORT
+CONNECT test.remote.haxx.se.1061:8990 HTTP/1.1
+Host: test.remote.haxx.se.1061:8990
Proxy-Connection: Keep-Alive
-CONNECT test.remote.haxx.se.1061:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.1061:%HTTPPORT
-Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.1061:%HTTPPORT", response="4e23449fa93224834299e7282a70472c"
+CONNECT test.remote.haxx.se.1061:8990 HTTP/1.1
+Host: test.remote.haxx.se.1061:8990
+Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.1061:8990", response="4e23449fa93224834299e7282a70472c"
Proxy-Connection: Keep-Alive
GET /path/10610002 HTTP/1.1
-Host: test.remote.haxx.se.1061:%HTTPPORT
+Host: test.remote.haxx.se.1061:8990
Accept: */*
</protocol>
diff --git a/tests/data/test206 b/tests/data/test206
index 3ddc1d9..902d0a6 100644
--- a/tests/data/test206
+++ b/tests/data/test206
@@ -77,7 +77,7 @@ crypto
HTTP proxy CONNECT auth Digest
</name>
<command>
-http://test.remote.haxx.se.206:%HTTPPORT/path/2060002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
+http://test.remote.haxx.se.206:8990/path/2060002 --proxy http://%HOSTIP:%HTTPPORT --proxy-user silly:person --proxy-digest --proxytunnel
</command>
</client>
@@ -87,18 +87,18 @@ http://test.remote.haxx.se.206:%HTTPPORT/path/2060002 --proxy http://%HOSTIP:%HT
^User-Agent: curl/.*
</strip>
<protocol>
-CONNECT test.remote.haxx.se.206:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.206:%HTTPPORT
+CONNECT test.remote.haxx.se.206:8990 HTTP/1.1
+Host: test.remote.haxx.se.206:8990
Proxy-Connection: Keep-Alive
-CONNECT test.remote.haxx.se.206:%HTTPPORT HTTP/1.1
-Host: test.remote.haxx.se.206:%HTTPPORT
-Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.206:%HTTPPORT", response="003e36decb4dbf6366b3ecb9b87c24ec"
+CONNECT test.remote.haxx.se.206:8990 HTTP/1.1
+Host: test.remote.haxx.se.206:8990
+Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="test.remote.haxx.se.206:8990", response="003e36decb4dbf6366b3ecb9b87c24ec"
Proxy-Connection: Keep-Alive
GET /path/2060002 HTTP/1.1
User-Agent: curl/7.12.3-CVS (i686-pc-linux-gnu) libcurl/7.12.3-CVS OpenSSL/0.9.6b zlib/1.1.4
-Host: test.remote.haxx.se.206:%HTTPPORT
+Host: test.remote.haxx.se.206:8990
Accept: */*
[DISCONNECT]
--
1.7.1

View File

@ -1,35 +0,0 @@
From 7a90359b61407cc63e6a8337602ac8ed70775475 Mon Sep 17 00:00:00 2001
From: Zdenek Pavlas <zpavlas@redhat.com>
Date: Fri, 26 Apr 2013 14:56:38 +0200
Subject: [PATCH] url: initialize speed-check data for file:// protocol
... in order to prevent an artificial timeout event based on stale
speed-check data from a previous network transfer. This commit fixes
a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e.
Bug: https://bugzilla.redhat.com/906031
[upstream commit b37b5233cab96b5b1f2ab7f6e0b9c3df77320bba]
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/url.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/lib/url.c b/lib/url.c
index 4399162..19a3a38 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -5010,6 +5010,9 @@ static CURLcode create_conn(struct SessionHandle *data,
-1, NULL); /* no upload */
}
+ /* since we skip do_init() */
+ Curl_speedinit(data);
+
return result;
}
#endif
--
1.7.1

View File

@ -4,10 +4,10 @@ Date: Fri, 12 Apr 2013 12:04:05 +0200
Subject: [PATCH] prevent multilib conflicts on the curl-config script
---
curl-config.in | 16 +++-------------
curl-config.in | 21 +++------------------
docs/curl-config.1 | 4 +++-
libcurl.pc.in | 1 +
3 files changed, 7 insertions(+), 14 deletions(-)
3 files changed, 7 insertions(+), 19 deletions(-)
diff --git a/curl-config.in b/curl-config.in
index 150004d..95d0759 100644
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;;
--prefix)
@@ -142,24 +142,14 @@ while test $# -gt 0; do
@@ -142,29 +142,14 @@ while test $# -gt 0; do
;;
--libs)
@ -40,7 +40,12 @@ index 150004d..95d0759 100644
;;
--static-libs)
- if test "X@ENABLE_STATIC@" != "Xno" ; then
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
- else
- echo "curl was built with static libraries disabled" >&2
- exit 1
- fi
;;
--configure)

View File

@ -12,7 +12,7 @@ diff --git a/configure b/configure
index 8f079a3..53b4774 100755
--- a/configure
+++ b/configure
@@ -15950,18 +15950,11 @@ $as_echo "yes" >&6; }
@@ -16020,18 +16020,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -14,7 +14,7 @@ diff --git a/CHANGES b/CHANGES
index 4568408..5fc1652 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4312,7 +4312,7 @@ Daniel Stenberg (12 Nov 2012)
@@ -5325,7 +5325,7 @@ Daniel Stenberg (12 Nov 2012)
- [Gabriel Sjoberg brought this change]

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlFntDMACgkQeOEcayedXJE9vwCg2icVm/xDjGiK9lDvBN2Yck5h
jwIAn2UNo1J6RyA3TRqpnXWMXr1Jjq4g
=7Wds
-----END PGP SIGNATURE-----

7
curl-7.31.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlHFb/oACgkQeOEcayedXJFVRACfZw0PkPESVwBmLofyVsmzvawi
hDoAniqfcgXqIiLt8KPz0MkA6uXcol5E
=gOQA
-----END PGP SIGNATURE-----

View File

@ -1,18 +1,12 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.30.0
Release: 2%{?dist}
Version: 7.31.0
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
# prevent test-suite failure due to using non-default port ranges in tests
Patch1: 0001-curl-7.30.0-ddbda328.patch
# prevent an artificial timeout event due to stale speed-check data (#906031)
Patch2: 0002-curl-7.30.0-b37b5233.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.30.0-multilib.patch
@ -106,8 +100,6 @@ documentation of the library, too.
%setup -q
# upstream patches
%patch1 -p1
%patch2 -p1
# Fedora patches
%patch101 -p1
@ -227,6 +219,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Sat Jun 22 2013 Kamil Dudka <kdudka@redhat.com> 7.31.0-1
- new upstream release (fixes CVE-2013-2174)
* Fri Apr 26 2013 Kamil Dudka <kdudka@redhat.com> 7.30.0-2
- prevent an artificial timeout event due to stale speed-check data (#906031)

View File

@ -1 +1 @@
e47049eaabfbed194bef7ae4960fdc37 curl-7.30.0.tar.lzma
996c1a5004d96cb4baa3f4e1985058b8 curl-7.31.0.tar.lzma