From 4c89d92ee7279c90c2c7bb738fadaf311a8f2e03 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 26 May 2021 09:13:52 +0200
Subject: [PATCH] new upstream release - 7.77.0

Resolves: CVE-2021-22901 - TLS session caching disaster
Resolves: CVE-2021-22898 - TELNET stack contents disclosure
---
 0001-curl-7.76.1-resource-leaks.patch   | 133 ------------------------
 0105-curl-7.63.0-lib1560-valgrind.patch |   2 +-
 curl-7.76.1.tar.xz.asc                  |  11 --
 curl-7.77.0.tar.xz.asc                  |  11 ++
 curl.spec                               |  13 +--
 sources                                 |   2 +-
 6 files changed, 20 insertions(+), 152 deletions(-)
 delete mode 100644 0001-curl-7.76.1-resource-leaks.patch
 delete mode 100644 curl-7.76.1.tar.xz.asc
 create mode 100644 curl-7.77.0.tar.xz.asc

diff --git a/0001-curl-7.76.1-resource-leaks.patch b/0001-curl-7.76.1-resource-leaks.patch
deleted file mode 100644
index 3fd4f40..0000000
--- a/0001-curl-7.76.1-resource-leaks.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 2281afef6757ed66c9e8a9a737aa91cb9e2950ef Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 30 Apr 2021 18:14:45 +0200
-Subject: [PATCH 1/2] http2: fix resource leaks in set_transfer_url()
-
-... detected by Coverity:
-
-Error: RESOURCE_LEAK (CWE-772):
-lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
-lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
-
-Error: RESOURCE_LEAK (CWE-772):
-lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
-lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
-
-Error: RESOURCE_LEAK (CWE-772):
-lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
-lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
-
-Error: RESOURCE_LEAK (CWE-772):
-lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
-lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
-lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
-
-Closes #6986
-
-Upstream-commit: 31931704707324af4b4edb24cc877829f7e9949e
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http2.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/lib/http2.c b/lib/http2.c
-index ce9a0d3..d5ba89b 100644
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -500,32 +500,42 @@ static int set_transfer_url(struct Curl_easy *data,
-   CURLU *u = curl_url();
-   CURLUcode uc;
-   char *url;
-+  int rc = 0;
- 
-   v = curl_pushheader_byname(hp, ":scheme");
-   if(v) {
-     uc = curl_url_set(u, CURLUPART_SCHEME, v, 0);
--    if(uc)
--      return 1;
-+    if(uc) {
-+      rc = 1;
-+      goto fail;
-+    }
-   }
- 
-   v = curl_pushheader_byname(hp, ":authority");
-   if(v) {
-     uc = curl_url_set(u, CURLUPART_HOST, v, 0);
--    if(uc)
--      return 2;
-+    if(uc) {
-+      rc = 2;
-+      goto fail;
-+    }
-   }
- 
-   v = curl_pushheader_byname(hp, ":path");
-   if(v) {
-     uc = curl_url_set(u, CURLUPART_PATH, v, 0);
--    if(uc)
--      return 3;
-+    if(uc) {
-+      rc = 3;
-+      goto fail;
-+    }
-   }
- 
-   uc = curl_url_get(u, CURLUPART_URL, &url, 0);
-   if(uc)
--    return 4;
-+    rc = 4;
-+  fail:
-   curl_url_cleanup(u);
-+  if(rc)
-+    return rc;
- 
-   if(data->state.url_alloc)
-     free(data->state.url);
--- 
-2.30.2
-
-
-From 92ad72983f8462be1d5a5228672657ddf4d7ed72 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 30 Apr 2021 18:18:02 +0200
-Subject: [PATCH 2/2] http2: fix a resource leak in push_promise()
-
-... detected by Coverity:
-
-Error: RESOURCE_LEAK (CWE-772):
-lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
-lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
-lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
-lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.
-
-Closes #6986
-
-Upstream-commit: 3a6058cb976981ec1db870f9657c73c9a1162822
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- lib/http2.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/http2.c b/lib/http2.c
-index d5ba89b..d0f69ea 100644
---- a/lib/http2.c
-+++ b/lib/http2.c
-@@ -581,6 +581,7 @@ static int push_promise(struct Curl_easy *data,
- 
-     rv = set_transfer_url(newhandle, &heads);
-     if(rv) {
-+      (void)Curl_close(&newhandle);
-       rv = CURL_PUSH_DENY;
-       goto fail;
-     }
--- 
-2.30.2
-
diff --git a/0105-curl-7.63.0-lib1560-valgrind.patch b/0105-curl-7.63.0-lib1560-valgrind.patch
index f492ac5..6b2773c 100644
--- a/0105-curl-7.63.0-lib1560-valgrind.patch
+++ b/0105-curl-7.63.0-lib1560-valgrind.patch
@@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
 index 080421b..ea3b806 100644
 --- a/tests/libtest/Makefile.inc
 +++ b/tests/libtest/Makefile.inc
-@@ -592,6 +592,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+@@ -600,6 +600,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
  lib1559_LDADD = $(TESTUTIL_LIBS)
  
  lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
diff --git a/curl-7.76.1.tar.xz.asc b/curl-7.76.1.tar.xz.asc
deleted file mode 100644
index c66be4f..0000000
--- a/curl-7.76.1.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmB2hJEACgkQXMkI/bce
-EsJN2Qf9GFcide66cPmOPEVW9Lu9dYmg5R6g6KanvxCO02CrdlCzD1Z49M7YjJdp
-dU6sP71/BWqI0+IoUd+94O39BR96ARqPgL3TjPf1Fux8x5PeaUP0oD0TaSGq635m
-da930dB1RABlvf5/0L9A5+x+Mkgjk/u+RCeoX1nh6WF0HLZ9RSQmBSBxuInzZgHe
-Q5bAj1DSOrDizHQ2yvNqymmDqUZVeiusIc3QIzTIwsFSg0PbBqG9sYUCSMdeVSjm
-jGcyp5EjyzCyBq7YIzA7VpSRvNTGFr7Q+QP+Sm68kZ6AMCCn/a83jiFUfMyy7H5/
-PEKUqdkKrPScu7DKFWAyqL5DWXt7cA==
-=GTGl
------END PGP SIGNATURE-----
diff --git a/curl-7.77.0.tar.xz.asc b/curl-7.77.0.tar.xz.asc
new file mode 100644
index 0000000..428b813
--- /dev/null
+++ b/curl-7.77.0.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmCt6IwACgkQXMkI/bce
+EsJd+Af/YCvzoV76IFh2aJpoi74XOglG327GQWnJRAt6VooIXvBPddundYOSepAw
+OQbReLSQgzmWIICjp4GnV/+gkNodpqJPB1uFHo8AHEBsiVJBTNO7c/mGirQlp5TM
+f5xGP8cf1OxwDJ6PBAHAYl4s71t6CWm0C2nf8x24ROlDsO85lz+yFCg1665IbZvp
+PFSfeIGHwyUoZesBmBFznm5KI5yc+Yn9gxsq3ujPYMvjMH7KFdw7zQu3SzYjT1+w
+bHqVul6+SC8laHuIqZfKnvrjLJMcIhe0vADoyV0/P64ZJ/4X2tGBrpxtXUJJ9S9C
+Cif/PNjYIGKg9Mk8odMjXzo8EcVFGA==
+=+IKy
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index f8b0c24..9fabf51 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,13 +1,10 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.76.1
-Release: 2%{?dist}
+Version: 7.77.0
+Release: 1%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
-# http2: fix resource leaks detected by Coverity
-Patch1:   0001-curl-7.76.1-resource-leaks.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -183,7 +180,6 @@ be installed.
 %setup -q
 
 # upstream patches
-%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -364,6 +360,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed May 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2021-22901 - TLS session caching disaster
+    CVE-2021-22898 - TELNET stack contents disclosure
+
 * Mon May 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-2
 - http2: fix resource leaks detected by Coverity
 
diff --git a/sources b/sources
index 01a34cd..7189d3e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (curl-7.76.1.tar.xz) = 5fe85d2e776789aa8117c57fe7648e375b7fa92d5ead5d69855f19ca9a2624d77a1f9ab91766ecb72bbc17e82862248cd07e48917884d6fd856b93fb00d83e28
+SHA512 (curl-7.77.0.tar.xz) = aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76