new upstream release, which fixes the following vulnerabilities
Resolves: CVE-2018-1000300 - FTP shutdown response buffer overflow Resolves: CVE-2018-1000301 - RTSP bad headers buffer over-read
This commit is contained in:
Kamil Dudka
parent
a1b38730ce
commit
5a0fa9250b
@ -1,29 +0,0 @@
|
||||
From 1b02cb2b51148915b2ba025bb262ef34f369fa4b Mon Sep 17 00:00:00 2001
|
||||
From: dasimx <g9264140@trbvm.com>
|
||||
Date: Wed, 14 Mar 2018 11:02:05 +0100
|
||||
Subject: [PATCH] FTP: fix typo in recursive callback detection for seeking
|
||||
|
||||
Fixes #2380
|
||||
|
||||
Upstream-commit: 920f73a6906dce87c6ee87c32b109a287189965d
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/ftp.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ftp.c b/lib/ftp.c
|
||||
index e2cc38b..0cc583b 100644
|
||||
--- a/lib/ftp.c
|
||||
+++ b/lib/ftp.c
|
||||
@@ -1621,7 +1621,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
|
||||
Curl_set_in_callback(data, true);
|
||||
seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
|
||||
SEEK_SET);
|
||||
- Curl_set_in_callback(data, true);
|
||||
+ Curl_set_in_callback(data, false);
|
||||
}
|
||||
|
||||
if(seekerr != CURL_SEEKFUNC_OK) {
|
||||
--
|
||||
2.14.3
|
||||
|
||||
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
||||
index 8f079a3..53b4774 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -16524,18 +16524,11 @@ $as_echo "yes" >&6; }
|
||||
@@ -16537,18 +16537,11 @@ $as_echo "yes" >&6; }
|
||||
gccvhi=`echo $gccver | cut -d . -f1`
|
||||
gccvlo=`echo $gccver | cut -d . -f2`
|
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||
|
||||
@ -32,7 +32,7 @@ diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||
index d6aa5ca..4d395ef 100755
|
||||
--- a/tests/runtests.pl
|
||||
+++ b/tests/runtests.pl
|
||||
@@ -1437,7 +1437,7 @@ sub runhttpserver {
|
||||
@@ -1438,7 +1438,7 @@ sub runhttpserver {
|
||||
elsif($alt eq "pipe") {
|
||||
# basically the same, but another ID
|
||||
$idnum = 3;
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlqoxTwACgkQXMkI/bce
|
||||
EsJrHQf7B0ik8F5dfGYumYWkXHc9poJU+dJ0o6pwzg4QsP+4mwVTw/gnrXDm1hVk
|
||||
iFPIAdgTkxiIDZi+6mDfZA9dZ8Aq38XbYjRIwXTW4KrjTtEFQXtwlEClrHrJyXfl
|
||||
+2YC52BcY0D2JVDqUAB9cVSSgaHHf1jd4h32a8YMrwco4jP5rSxbmZe4psU2m8TC
|
||||
skaZEoSIRJzg5oV+AgDSQMrq+fLsc5lIDKTl+7v6sjnGlcYeRC1SiBePyrh5g/o5
|
||||
w4JJH839MyjrYvi6MyCBHeyCFYDrxKvQw8zRwivfZ1oipM2SaSVq8c60PdR85Zw5
|
||||
/SNOU/7Qpvhua0GhAfaI/CTwwewy6w==
|
||||
=OcVv
|
||||
-----END PGP SIGNATURE-----
|
||||
11
curl-7.60.0.tar.xz.asc
Normal file
11
curl-7.60.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlr7zUoACgkQXMkI/bce
|
||||
EsK3jgf7Bvnswxxgq4wQWmqRKQvkN/zkuA2GjSm98M7mizVHl/7/imeqDl7S1vp0
|
||||
A6KCI99Epf+2EYgxrEbvZqlSQ6H30eBxOvV2yNwPhrS3UnXwNSJsbFr5bDRE4o8S
|
||||
upyP/tSgEIGJcpq0bstrD7T/DRZ1yFCLB5rOOJx4lQnPuB3C7GAmuOj1ZtIxWIn+
|
||||
D/G+X1+/oZlils2TMI7ryjRuFvOSPHdUNldwtvfaRg0i3tNYnPbWq54lhouSn31H
|
||||
ft8wNd3nnUpueWCWaKKXo+GBVDemDAMEcDbna+woW5SFLI6ZG/c822ljtld05Dk1
|
||||
KmwikC7MREQxkODmC10yrgy9I9akNg==
|
||||
=f++X
|
||||
-----END PGP SIGNATURE-----
|
||||
13
curl.spec
13
curl.spec
@ -1,13 +1,10 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.59.0
|
||||
Release: 3%{?dist}
|
||||
Version: 7.60.0
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
# ftp: fix typo in recursive callback detection for seeking
|
||||
Patch1: 0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -157,7 +154,6 @@ be installed.
|
||||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -307,6 +303,11 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Wed May 16 2018 Kamil Dudka <kdudka@redhat.com> - 7.60.0-1
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
CVE-2018-1000300 - FTP shutdown response buffer overflow
|
||||
CVE-2018-1000301 - RTSP bad headers buffer over-read
|
||||
|
||||
* Thu Mar 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
|
||||
- make the test-suite use Python 3
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (curl-7.59.0.tar.xz) = 6982a5950b564d6b2a4f4b96296b6db3db24a096acc68aa96966821b57f66362f5a69d9f2da762b5d2b1011a4a47478ebacaf05e26604f78bb013098749dd8a6
|
||||
SHA512 (curl-7.60.0.tar.xz) = 96a0c32ca846a76bba75e9e560ad4c15df79540992ed1a83713095be94ddba039f289bda9678762fd79fb9691fe810735178fb9dc970c37012dff96b8ce08abf
|
||||
|
||||
Loading…
Reference in New Issue
Block a user