new upstream release (fixes CVE-2013-0249)
This commit is contained in:
Kamil Dudka
parent
32b2d061e9
commit
6896522e35
|
|
@ -26,15 +26,15 @@ index 150004d..95d0759 100644
|
|||
- CURLLIBDIR=""
|
||||
- fi
|
||||
- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
|
||||
- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
|
||||
- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
|
||||
- else
|
||||
- echo ${CURLLIBDIR}-lcurl @LIBS@
|
||||
- echo ${CURLLIBDIR}-lcurl
|
||||
- fi
|
||||
+ pkg-config libcurl --libs
|
||||
;;
|
||||
|
||||
--static-libs)
|
||||
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
|
||||
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
|
||||
;;
|
||||
|
||||
--configure)
|
||||
|
|
@ -12,7 +12,7 @@ diff --git a/configure b/configure
|
|||
index 8f079a3..53b4774 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; }
|
||||
@@ -15759,18 +15759,11 @@ $as_echo "yes" >&6; }
|
||||
gccvhi=`echo $gccver | cut -d . -f1`
|
||||
gccvlo=`echo $gccver | cut -d . -f2`
|
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
|
||||
|
|
@ -6,15 +6,15 @@ Subject: [PATCH] Fix character encoding of docs
|
|||
..., which are of mixed encoding originally so a simple iconv can't
|
||||
fix them.
|
||||
---
|
||||
CHANGES | 22 +++++++++++-----------
|
||||
CHANGES | 2 +-
|
||||
README | 2 +-
|
||||
2 files changed, 12 insertions(+), 12 deletions(-)
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/CHANGES b/CHANGES
|
||||
index 4568408..5fc1652 100644
|
||||
--- a/CHANGES
|
||||
+++ b/CHANGES
|
||||
@@ -198,7 +198,7 @@ Daniel Stenberg (12 Nov 2012)
|
||||
@@ -1910,7 +1910,7 @@ Daniel Stenberg (12 Nov 2012)
|
||||
|
||||
- [Gabriel Sjoberg brought this change]
|
||||
|
||||
|
|
@ -23,24 +23,6 @@ index 4568408..5fc1652 100644
|
|||
|
||||
When using only 1 second precision, curl doesn't create new cnonce
|
||||
values quickly enough for all uses.
|
||||
@@ -209,7 +209,7 @@ Daniel Stenberg (12 Nov 2012)
|
||||
curl --digest -utest:test http://tomcat.test.com:8080/manager/list
|
||||
|
||||
This is because curl uses the same cnonce for several seconds, but
|
||||
- doesn't increment the nonce counter. Â Tomcat correctly interprets
|
||||
+ doesn't increment the nonce counter. Â Tomcat correctly interprets
|
||||
this as a replay attack and rejects the request.
|
||||
|
||||
When microsecond-precision is available, this commit causes curl to
|
||||
@@ -5460,7 +5460,7 @@ Daniel Stenberg (12 Dec 2011)
|
||||
linking with a static openssl requires a set of more libs to be linked
|
||||
on Windows.
|
||||
|
||||
- Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
||||
+ Thanks also to Steve Holme and Martin Storsjö for additional feedback.
|
||||
|
||||
Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
|
||||
Reported by: Ward Willats
|
||||
diff --git a/README b/README
|
||||
index 2ffacc3..cfd6760 100644
|
||||
--- a/README
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||
|
||||
iEYEABECAAYFAlCrLdwACgkQeOEcayedXJEWfACgwzpFlCeVscTbj9lVpcDstIeH
|
||||
Jy4AnjMtLsxo3wBfcLQg2vS/RqGVvLyq
|
||||
=NHEU
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||
|
||||
iEYEABECAAYFAlESLQcACgkQeOEcayedXJEj8ACgrkSpZGzKYB1YW0E5x8YQA80z
|
||||
188An0r1HNF+LSiTz5Gez17XMpliVGNS
|
||||
=DH6L
|
||||
-----END PGP SIGNATURE-----
|
||||
25
curl.spec
25
curl.spec
|
|
@ -1,27 +1,18 @@
|
|||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.28.1
|
||||
Release: 3%{?dist}
|
||||
Version: 7.29.0
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
Source2: curlbuild.h
|
||||
Source3: hide_selinux.c
|
||||
|
||||
# prevent NSS from crashing on client auth hook failure
|
||||
Patch1: 0001-curl-7.28.1-68d2830e.patch
|
||||
|
||||
# clear session cache if a client cert from file is used
|
||||
Patch2: 0002-curl-7.28.1-b36f1d26.patch
|
||||
|
||||
# fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
|
||||
Patch3: 0003-curl-7.28.1-26613d78.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.27.0-multilib.patch
|
||||
Patch101: 0101-curl-7.29.0-multilib.patch
|
||||
|
||||
# prevent configure script from discarding -g in CFLAGS (#496778)
|
||||
Patch102: 0102-curl-7.28.1-debug.patch
|
||||
Patch102: 0102-curl-7.29.0-debug.patch
|
||||
|
||||
# use localhost6 instead of ip6-localhost in the curl test-suite
|
||||
Patch104: 0104-curl-7.19.7-localhost6.patch
|
||||
|
|
@ -34,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
|
|||
|
||||
# Fix character encoding of docs, which are of mixed encoding originally so
|
||||
# a simple iconv can't fix them
|
||||
Patch108: 0108-curl-7.28.1-utf8.patch
|
||||
Patch108: 0108-curl-7.29.0-utf8.patch
|
||||
|
||||
Provides: webclient
|
||||
URL: http://curl.haxx.se/
|
||||
|
|
@ -110,9 +101,6 @@ documentation of the library, too.
|
|||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -236,6 +224,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Wed Feb 06 2013 Kamil Dudka <kdudka@redhat.com> 7.29.0-1
|
||||
- new upstream release (fixes CVE-2013-0249)
|
||||
|
||||
* Tue Jan 15 2013 Kamil Dudka <kdudka@redhat.com> 7.28.1-3
|
||||
- require valgrind for build only on i386 and x86_64 (#886891)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue