diff --git a/0001-curl-7.84.0-sched-yield.patch b/0001-curl-7.84.0-sched-yield.patch deleted file mode 100644 index 104bd8b..0000000 --- a/0001-curl-7.84.0-sched-yield.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 711902d9e591947d5d8ec9568beab0c7d36b7dd0 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 27 Jun 2022 08:46:21 +0200 -Subject: [PATCH] easy_lock.h: include sched.h if available to fix build - -Patched-by: Harry Sintonen - -Closes #9054 - -Upstream-commit: e2e7f54b7bea521fa8373095d0f43261a720cda0 -Signed-off-by: Kamil Dudka ---- - lib/easy_lock.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/easy_lock.h b/lib/easy_lock.h -index 819f50c..1f54289 100644 ---- a/lib/easy_lock.h -+++ b/lib/easy_lock.h -@@ -36,6 +36,9 @@ - - #elif defined (HAVE_ATOMIC) - #include -+#if defined(HAVE_SCHED_YIELD) -+#include -+#endif - - #define curl_simple_lock atomic_bool - #define CURL_SIMPLE_LOCK_INIT false --- -2.35.3 - diff --git a/0002-curl-7.84.0-tests-http2.patch b/0002-curl-7.84.0-tests-http2.patch deleted file mode 100644 index a6b9b62..0000000 --- a/0002-curl-7.84.0-tests-http2.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 221905eca9fb4b82822b6a14ef6d82c98c5702d9 Mon Sep 17 00:00:00 2001 -From: Jay Satiro -Date: Thu, 25 Aug 2022 03:46:42 -0400 -Subject: [PATCH] tests: fix http2 tests to use CRLF headers - -Prior to this change some tests that rely on nghttpx proxy did not use -CRLF headers everywhere. Recent changes in nghttp2 (??? ref here) -requires curl's HTTP/1.1 test server to use CRLF headers. - -Fixes https://github.com/curl/curl/issues/9364 -Closes https://github.com/curl/curl/pull/9365 ---- - tests/data/test1700 | 34 +++++++++++++++++----------------- - tests/data/test1701 | 22 +++++++++++----------- - tests/data/test358 | 16 ++++++++-------- - tests/data/test359 | 16 ++++++++-------- - 4 files changed, 44 insertions(+), 44 deletions(-) - -diff --git a/tests/data/test1700 b/tests/data/test1700 -index 8b1ef4ae3..7f78bcf5f 100644 ---- a/tests/data/test1700 -+++ b/tests/data/test1700 -@@ -11,26 +11,26 @@ HTTP/2 - # Server-side - - --HTTP/1.1 200 OK --Date: Tue, 09 Nov 2010 14:49:00 GMT --Server: test-server/fake --Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT --ETag: "21025-dc7-39462498" --Accept-Ranges: bytes --Content-Length: 6 --Connection: close --Content-Type: text/html --Funny-head: yesyes -- -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT -+ETag: "21025-dc7-39462498" -+Accept-Ranges: bytes -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+Funny-head: yesyes -+ - -foo- - - --HTTP/1.1 200 OK --Date: Tue, 09 Nov 2010 14:49:00 GMT --Content-Length: 6 --Connection: close --Content-Type: text/html -- -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+ - -maa- - - -diff --git a/tests/data/test1701 b/tests/data/test1701 -index 3c1a2bd0b..22f6147d0 100644 ---- a/tests/data/test1701 -+++ b/tests/data/test1701 -@@ -11,17 +11,17 @@ HTTP/2 - # Server-side - - --HTTP/1.1 200 OK --Date: Tue, 09 Nov 2010 14:49:00 GMT --Server: test-server/fake --Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT --ETag: "21025-dc7-39462498" --Accept-Ranges: bytes --Content-Length: 6 --Connection: close --Content-Type: text/html --Funny-head: yesyes -- -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Server: test-server/fake -+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT -+ETag: "21025-dc7-39462498" -+Accept-Ranges: bytes -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+Funny-head: yesyes -+ - -foo- - - -diff --git a/tests/data/test358 b/tests/data/test358 -index 8b4f66062..0f8a9801b 100644 ---- a/tests/data/test358 -+++ b/tests/data/test358 -@@ -12,14 +12,14 @@ HTTP/2 - # Server-side - - --HTTP/1.1 200 OK --Date: Tue, 09 Nov 2010 14:49:00 GMT --Content-Length: 6 --Connection: close --Content-Type: text/html --Funny-head: yesyes --Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0 -- -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+Funny-head: yesyes -+Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0 -+ - -foo- - - -diff --git a/tests/data/test359 b/tests/data/test359 -index a5ba4e3ae..0e684e39e 100644 ---- a/tests/data/test359 -+++ b/tests/data/test359 -@@ -12,14 +12,14 @@ HTTP/2 - # Server-side - - --HTTP/1.1 200 OK --Date: Tue, 09 Nov 2010 14:49:00 GMT --Content-Length: 6 --Connection: close --Content-Type: text/html --Funny-head: yesyes --Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0 -- -+HTTP/1.1 200 OK -+Date: Tue, 09 Nov 2010 14:49:00 GMT -+Content-Length: 6 -+Connection: close -+Content-Type: text/html -+Funny-head: yesyes -+Alt-Svc: h2=":%HTTP2PORT", ma=315360000; persist=0 -+ - -foo- - - --- -2.37.1 - diff --git a/0101-curl-7.32.0-multilib.patch b/0101-curl-7.32.0-multilib.patch index 63701c1..b4f8e2a 100644 --- a/0101-curl-7.32.0-multilib.patch +++ b/0101-curl-7.32.0-multilib.patch @@ -44,7 +44,7 @@ index 150004d..95d0759 100644 --static-libs) - if test "X@ENABLE_STATIC@" != "Xno" ; then -- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ +- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ - else - echo "curl was built with static libraries disabled" >&2 - exit 1 diff --git a/0102-curl-7.84.0-test3026.patch b/0102-curl-7.84.0-test3026.patch index e00ef94..8c4ddb5 100644 --- a/0102-curl-7.84.0-test3026.patch +++ b/0102-curl-7.84.0-test3026.patch @@ -34,8 +34,9 @@ It fails on x86_64 with: [...] ``` --- - tests/data/test3026 | 3 +++ - 1 file changed, 3 insertions(+) + tests/data/test3026 | 3 +++ + tests/libtest/lib3026.c | 4 ++-- + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/data/test3026 b/tests/data/test3026 index fb80cc8..01f2ba5 100644 @@ -50,16 +51,13 @@ index fb80cc8..01f2ba5 100644 + --- -2.35.3 - diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c index 43fe335..70cd7a4 100644 --- a/tests/libtest/lib3026.c +++ b/tests/libtest/lib3026.c -@@ -63,8 +63,8 @@ int test(char *URL) - for(i = 0; i < tid_count; i++) { - int res = pthread_create(&tids[i], NULL, run_thread, &results[i]); +@@ -123,8 +123,8 @@ int test(char *URL) + results[i] = CURL_LAST; /* initialize with invalid value */ + res = pthread_create(&tids[i], NULL, run_thread, &results[i]); if(res) { - fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", - __FILE__, __LINE__, res); @@ -68,3 +66,6 @@ index 43fe335..70cd7a4 100644 tid_count = i; test_failure = -1; goto cleanup; +-- +2.37.1 + diff --git a/curl.spec b/curl.spec index ac30fa7..3dcf355 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.84.0 -Release: 3%{?dist} +Version: 7.85.0 +Release: 1%{?dist} License: MIT Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -10,12 +10,6 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc Source2: mykey.asc -# easy_lock.h: include sched.h if available to fix build -Patch1: 0001-curl-7.84.0-sched-yield.patch - -# tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0 -Patch2: 0002-curl-7.84.0-tests-http2.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -194,8 +188,6 @@ be installed. %setup -q # upstream patches -%patch1 -p1 -%patch2 -p1 # Fedora patches %patch101 -p1 @@ -429,6 +421,10 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu Sep 01 2022 Kamil Dudka - 7.85.0-3 +- new upstream release, which fixes the following vulnerability + CVE-2022-35252 - control code in cookie denial of service + * Thu Aug 25 2022 Kamil Dudka - 7.84.0-3 - tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0 diff --git a/sources b/sources index 2bfcb46..3662440 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (curl-7.84.0.tar.xz) = 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce -SHA512 (curl-7.84.0.tar.xz.asc) = 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702 +SHA512 (curl-7.85.0.tar.xz) = b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd +SHA512 (curl-7.85.0.tar.xz.asc) = 7022daf84b330b24112d595edee715cdeb881a4ba8a4fa7eec23aed28292e5d943af778f03aadd036d44d875f9e226096ea142d18afe516b6bdbd475fcd3aca6