new upstream release - 7.78.0

Resolves: CVE-2021-22925 - TELNET stack contents disclosure again
Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks
Resolves: CVE-2021-22923 - metalink download sends credentials
Resolves: CVE-2021-22922 - wrong content via metalink not discarded
This commit is contained in:
Kamil Dudka 2021-07-21 10:15:27 +02:00
parent ece67bdd2f
commit 64bcb4bcc1
6 changed files with 22 additions and 81 deletions

View File

@ -1,61 +0,0 @@
From 3602ee9dcc74683f91fe4f9ca228aa17a6474403 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 31 Oct 2012 11:38:30 +0100
Subject: [PATCH] prevent configure script from discarding -g in CFLAGS
(#496778)
---
m4/curl-compilers.m4 | 26 ++++++--------------------
1 file changed, 6 insertions(+), 20 deletions(-)
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index c64db4bc6..d115a4aed 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -106,18 +106,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_CLANG], [
clangvhi=`echo $clangver | cut -d . -f1`
clangvlo=`echo $clangver | cut -d . -f2`
compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null`
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
- flags_dbg_all="$flags_dbg_all -ggdb"
- flags_dbg_all="$flags_dbg_all -gstabs"
- flags_dbg_all="$flags_dbg_all -gstabs+"
- flags_dbg_all="$flags_dbg_all -gcoff"
- flags_dbg_all="$flags_dbg_all -gxcoff"
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
- flags_dbg_all="$flags_dbg_all -gvms"
+ flags_dbg_all=""
flags_dbg_yes="-g"
flags_dbg_off=""
- flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4"
- flags_opt_yes="-Os"
+ flags_opt_all=""
+ flags_opt_yes=""
flags_opt_off="-O0"
else
AC_MSG_RESULT([no])
@@ -175,18 +168,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
- flags_dbg_all="$flags_dbg_all -ggdb"
- flags_dbg_all="$flags_dbg_all -gstabs"
- flags_dbg_all="$flags_dbg_all -gstabs+"
- flags_dbg_all="$flags_dbg_all -gcoff"
- flags_dbg_all="$flags_dbg_all -gxcoff"
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
- flags_dbg_all="$flags_dbg_all -gvms"
+ flags_dbg_all=""
flags_dbg_yes="-g"
flags_dbg_off=""
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast"
- flags_opt_yes="-O2"
+ flags_opt_all=""
+ flags_opt_yes=""
flags_opt_off="-O0"
CURL_CHECK_DEF([_WIN32], [], [silent])
else
--
1.7.1

View File

@ -26,7 +26,7 @@ diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 080421b..ea3b806 100644 index 080421b..ea3b806 100644
--- a/tests/libtest/Makefile.inc --- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc
@@ -600,6 +600,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) @@ -601,6 +601,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1559_LDADD = $(TESTUTIL_LIBS) lib1559_LDADD = $(TESTUTIL_LIBS)
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmCt6IwACgkQXMkI/bce
EsJd+Af/YCvzoV76IFh2aJpoi74XOglG327GQWnJRAt6VooIXvBPddundYOSepAw
OQbReLSQgzmWIICjp4GnV/+gkNodpqJPB1uFHo8AHEBsiVJBTNO7c/mGirQlp5TM
f5xGP8cf1OxwDJ6PBAHAYl4s71t6CWm0C2nf8x24ROlDsO85lz+yFCg1665IbZvp
PFSfeIGHwyUoZesBmBFznm5KI5yc+Yn9gxsq3ujPYMvjMH7KFdw7zQu3SzYjT1+w
bHqVul6+SC8laHuIqZfKnvrjLJMcIhe0vADoyV0/P64ZJ/4X2tGBrpxtXUJJ9S9C
Cif/PNjYIGKg9Mk8odMjXzo8EcVFGA==
=+IKy
-----END PGP SIGNATURE-----

11
curl-7.78.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmD3wwYACgkQXMkI/bce
EsIFMggAt5xxRun4gxld2xZB0shI8fDhjGwMK+uQNpDnnt509j/UZ9+yfDra3Stl
BHeQXSnTE6y4dKfXIkq4q3sSX2XZUuFRLHMhzH99FsY6bxgOSnZi/iIZv/RLLXTX
NGlDR93OfsYg9UNkZVeZlFo9262f6rz7P5EsHa4HlCS0xpvLCU7q2dtkDu8SQSW1
sQiEZOhsyXoiqqrLAgTIP9psHt6dE7qoYh1hS6b+7S9d87MSkL5MEnHukFkemlzC
7d9cYD9Bah1LfAaYunvzPuC9FoF6gonGPrw3tLECdl2P9PpnrGeV1Z/Nhmu0d5mN
E2A1BXBqLs8UVo4vUbiNLk0gB3TmHg==
=yVDK
-----END PGP SIGNATURE-----

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.77.0 Version: 7.78.0
Release: 2%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source0: https://curl.se/download/%{name}-%{version}.tar.xz
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
@ -13,9 +13,6 @@ Source2: mykey.asc
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
# prevent configure script from discarding -g in CFLAGS (#496778)
Patch102: 0102-curl-7.36.0-debug.patch
# prevent valgrind from reporting false positives on x86_64 # prevent valgrind from reporting false positives on x86_64
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
@ -191,7 +188,6 @@ be installed.
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
%patch102 -p1
%patch105 -p1 %patch105 -p1
# disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed # disable test 1112 (#565305), test 1455 (occasionally fails with 'bind failed
@ -237,7 +233,6 @@ export common_configure_opts=" \
--enable-symbol-hiding \ --enable-symbol-hiding \
--enable-ipv6 \ --enable-ipv6 \
--enable-threaded-resolver \ --enable-threaded-resolver \
--without-libmetalink \
--with-gssapi \ --with-gssapi \
--with-nghttp2 \ --with-nghttp2 \
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
@ -367,6 +362,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.78.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22925 - TELNET stack contents disclosure again
CVE-2021-22924 - bad connection reuse due to flawed path name checks
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2 * Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-2
- build the curl tool without metalink support (#1967213) - build the curl tool without metalink support (#1967213)

View File

@ -1 +1 @@
SHA512 (curl-7.77.0.tar.xz) = aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76 SHA512 (curl-7.78.0.tar.xz) = f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a