From 4bddb2814cc9f4f9dcee33f27ae16114a3f8c31a Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 26 Mar 2014 08:48:31 +0100
Subject: [PATCH] new upstream release - 7.36.0 (fixes CVE-2014-0138)

---
 0001-curl-7.32.0-ffb8a21d.patch               | 36 -------------------
 ...ebug.patch => 0102-curl-7.36.0-debug.patch |  2 +-
 ...k.patch => 0103-curl-7.36.0-metalink.patch |  2 +-
 ...=> 0106-curl-7.36.0-libssh2-valgrind.patch | 13 +++++--
 curl-7.35.0.tar.lzma.asc                      |  7 ----
 curl-7.36.0.tar.lzma.asc                      |  7 ++++
 curl.spec                                     | 17 +++++----
 sources                                       |  2 +-
 8 files changed, 29 insertions(+), 57 deletions(-)
 delete mode 100644 0001-curl-7.32.0-ffb8a21d.patch
 rename 0102-curl-7.32.0-debug.patch => 0102-curl-7.36.0-debug.patch (97%)
 rename 0103-curl-7.32.0-metalink.patch => 0103-curl-7.36.0-metalink.patch (98%)
 rename 0106-curl-7.21.0-libssh2-valgrind.patch => 0106-curl-7.36.0-libssh2-valgrind.patch (65%)
 delete mode 100644 curl-7.35.0.tar.lzma.asc
 create mode 100644 curl-7.36.0.tar.lzma.asc

diff --git a/0001-curl-7.32.0-ffb8a21d.patch b/0001-curl-7.32.0-ffb8a21d.patch
deleted file mode 100644
index a7a5f7e..0000000
--- a/0001-curl-7.32.0-ffb8a21d.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1742db74f6527846581da8b846f9c9666eac4fd6 Mon Sep 17 00:00:00 2001
-From: Steve Holme <steve_holme@hotmail.com>
-Date: Sun, 2 Feb 2014 11:01:10 +0000
-Subject: [PATCH] tests: Fixed test172 cookie expiry
-
-The test contains a cookie jar file where one of the cookies has an
-expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has
-now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test
-179.
-
-Reported-by: Adam Sampson
-Bug: http://curl.haxx.se/bug/view.cgi?id=1330
-
-[upstream commit ffb8a21d85bde8b626e5dc52ce25f0447ee49f89]
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- tests/data/test172 |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/tests/data/test172 b/tests/data/test172
-index b3efae9..3d53418 100644
---- a/tests/data/test172
-+++ b/tests/data/test172
-@@ -36,7 +36,7 @@ http://%HOSTIP:%HTTPPORT/we/want/172 -b log/jar172.txt -b "tool=curl; name=fool"
- 
- .%HOSTIP	TRUE	/silly/	FALSE	0	ismatch	this
- .%HOSTIP	TRUE	/	FALSE	0	partmatch	present
--%HOSTIP	FALSE	/we/want/	FALSE	1391252187	nodomain	value
-+%HOSTIP	FALSE	/we/want/	FALSE	2139150993	nodomain	value
- </file>
- </client>
- 
--- 
-1.7.1
-
diff --git a/0102-curl-7.32.0-debug.patch b/0102-curl-7.36.0-debug.patch
similarity index 97%
rename from 0102-curl-7.32.0-debug.patch
rename to 0102-curl-7.36.0-debug.patch
index 035c524..731039a 100644
--- a/0102-curl-7.32.0-debug.patch
+++ b/0102-curl-7.36.0-debug.patch
@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index 8f079a3..53b4774 100755
 --- a/configure
 +++ b/configure
-@@ -16005,18 +16005,11 @@ $as_echo "yes" >&6; }
+@@ -16006,18 +16006,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
diff --git a/0103-curl-7.32.0-metalink.patch b/0103-curl-7.36.0-metalink.patch
similarity index 98%
rename from 0103-curl-7.32.0-metalink.patch
rename to 0103-curl-7.36.0-metalink.patch
index 33cec9c..3f8f0f0 100644
--- a/0103-curl-7.32.0-metalink.patch
+++ b/0103-curl-7.36.0-metalink.patch
@@ -12,7 +12,7 @@ diff --git a/configure b/configure
 index a466175..cb63075 100755
 --- a/configure
 +++ b/configure
-@@ -15470,13 +15470,9 @@ fi
+@@ -15471,13 +15471,9 @@ fi
  
  
  
diff --git a/0106-curl-7.21.0-libssh2-valgrind.patch b/0106-curl-7.36.0-libssh2-valgrind.patch
similarity index 65%
rename from 0106-curl-7.21.0-libssh2-valgrind.patch
rename to 0106-curl-7.36.0-libssh2-valgrind.patch
index 2b8cb38..e33fe50 100644
--- a/0106-curl-7.21.0-libssh2-valgrind.patch
+++ b/0106-curl-7.36.0-libssh2-valgrind.patch
@@ -1,3 +1,9 @@
+From a4c56b928518439399e051406145d7d5b150a3be Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 26 Mar 2014 08:51:53 +0100
+Subject: [PATCH] disable valgrind for certain test-cases (libssh2 problem)
+
+---
  tests/data/test604 |    3 +++
  tests/data/test623 |    4 +++-
  2 files changed, 6 insertions(+), 1 deletions(-)
@@ -6,7 +12,7 @@ diff --git a/tests/data/test604 b/tests/data/test604
 index af0259f..2bcf7d1 100644
 --- a/tests/data/test604
 +++ b/tests/data/test604
-@@ -26,5 +26,8 @@ SFTP retrieval of nonexistent file
+@@ -29,5 +29,8 @@ disable
  <errorcode>
  78
  </errorcode>
@@ -19,7 +25,7 @@ diff --git a/tests/data/test623 b/tests/data/test623
 index 19e505b..38a41d2 100644
 --- a/tests/data/test623
 +++ b/tests/data/test623
-@@ -36,6 +36,8 @@ for ssh upload test
+@@ -39,6 +39,8 @@ disable
  <errorcode>
  79
  </errorcode>
@@ -29,3 +35,6 @@ index 19e505b..38a41d2 100644
 +</valgrind>
  </verify>
  </testcase>
+-- 
+1.7.1
+
diff --git a/curl-7.35.0.tar.lzma.asc b/curl-7.35.0.tar.lzma.asc
deleted file mode 100644
index de64bca..0000000
--- a/curl-7.35.0.tar.lzma.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlLoqVAACgkQeOEcayedXJHXgACfXucGEK+4gBtUjRNJlPdBThPs
-lQkAoJRfmKWAlAvMtBuXofIEog9D2y9z
-=Wgsv
------END PGP SIGNATURE-----
diff --git a/curl-7.36.0.tar.lzma.asc b/curl-7.36.0.tar.lzma.asc
new file mode 100644
index 0000000..32220e2
--- /dev/null
+++ b/curl-7.36.0.tar.lzma.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlMyeZEACgkQeOEcayedXJFTpACfaOmp5/t6thzl/LLM4L6/AO70
+i5oAoJLzbaqGU31OhelQxcyrRX2gDubB
+=++7u
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index 5f87df4..f2003ff 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,29 +1,26 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.35.0
-Release: 5%{?dist}
+Version: 7.36.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 
-# refresh expired cookie in test172 from upstream test-suite (#1068967)
-Patch1: 0001-curl-7.32.0-ffb8a21d.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
 # prevent configure script from discarding -g in CFLAGS (#496778)
-Patch102: 0102-curl-7.32.0-debug.patch
+Patch102: 0102-curl-7.36.0-debug.patch
 
 # make the curl tool link SSL libraries also used by src/tool_metalink.c
-Patch103: 0103-curl-7.32.0-metalink.patch
+Patch103: 0103-curl-7.36.0-metalink.patch
 
 # use localhost6 instead of ip6-localhost in the curl test-suite
 Patch104: 0104-curl-7.19.7-localhost6.patch
 
 # disable valgrind for certain test-cases (libssh2 problem)
-Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch
+Patch106: 0106-curl-7.36.0-libssh2-valgrind.patch
 
 # work around valgrind bug (#678518)
 Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
@@ -122,7 +119,6 @@ documentation of the library, too.
 %setup -q
 
 # upstream patches
-%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -244,6 +240,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Mar 26 2014 Kamil Dudka <kdudka@redhat.com> 7.36.0-1
+- new upstream release (fixes CVE-2014-0138)
+
 * Mon Mar 17 2014 Paul Howarth <paul@city-fan.org> 7.35.0-5
 - add all perl build requirements for the test suite, in a portable way
 
diff --git a/sources b/sources
index c82983f..6f8474a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ad7d63864414c61246450dc5e2248c7b  curl-7.35.0.tar.lzma
+291081121e604b04e0035bfdd736d196  curl-7.36.0.tar.lzma