new upstream release (fixes CVE-2013-0249)

This commit is contained in:
Kamil Dudka 2013-02-06 13:57:26 +01:00
parent 32b2d061e9
commit 6896522e35
7 changed files with 23 additions and 50 deletions

View File

@ -26,15 +26,15 @@ index 150004d..95d0759 100644
- CURLLIBDIR=""
- fi
- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
- else
- echo ${CURLLIBDIR}-lcurl @LIBS@
- echo ${CURLLIBDIR}-lcurl
- fi
+ pkg-config libcurl --libs
;;
--static-libs)
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
;;
--configure)

View File

@ -12,7 +12,7 @@ diff --git a/configure b/configure
index 8f079a3..53b4774 100755
--- a/configure
+++ b/configure
@@ -15090,18 +15090,11 @@ $as_echo "yes" >&6; }
@@ -15759,18 +15759,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

View File

@ -6,15 +6,15 @@ Subject: [PATCH] Fix character encoding of docs
..., which are of mixed encoding originally so a simple iconv can't
fix them.
---
CHANGES | 22 +++++++++++-----------
CHANGES | 2 +-
README | 2 +-
2 files changed, 12 insertions(+), 12 deletions(-)
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/CHANGES b/CHANGES
index 4568408..5fc1652 100644
--- a/CHANGES
+++ b/CHANGES
@@ -198,7 +198,7 @@ Daniel Stenberg (12 Nov 2012)
@@ -1910,7 +1910,7 @@ Daniel Stenberg (12 Nov 2012)
- [Gabriel Sjoberg brought this change]
@ -23,24 +23,6 @@ index 4568408..5fc1652 100644
When using only 1 second precision, curl doesn't create new cnonce
values quickly enough for all uses.
@@ -209,7 +209,7 @@ Daniel Stenberg (12 Nov 2012)
curl --digest -utest:test http://tomcat.test.com:8080/manager/list
This is because curl uses the same cnonce for several seconds, but
- doesn't increment the nonce counter.  Tomcat correctly interprets
+ doesn't increment the nonce counter.  Tomcat correctly interprets
this as a replay attack and rejects the request.
When microsecond-precision is available, this commit causes curl to
@@ -5460,7 +5460,7 @@ Daniel Stenberg (12 Dec 2011)
linking with a static openssl requires a set of more libs to be linked
on Windows.
- Thanks also to Steve Holme and Martin Storsjö for additional feedback.
+ Thanks also to Steve Holme and Martin Storsjö for additional feedback.
Bug: http://curl.haxx.se/mail/lib-2011-12/0063.html
Reported by: Ward Willats
diff --git a/README b/README
index 2ffacc3..cfd6760 100644
--- a/README

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlCrLdwACgkQeOEcayedXJEWfACgwzpFlCeVscTbj9lVpcDstIeH
Jy4AnjMtLsxo3wBfcLQg2vS/RqGVvLyq
=NHEU
-----END PGP SIGNATURE-----

7
curl-7.29.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlESLQcACgkQeOEcayedXJEj8ACgrkSpZGzKYB1YW0E5x8YQA80z
188An0r1HNF+LSiTz5Gez17XMpliVGNS
=DH6L
-----END PGP SIGNATURE-----

View File

@ -1,27 +1,18 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.28.1
Release: 3%{?dist}
Version: 7.29.0
Release: 1%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
Source2: curlbuild.h
Source3: hide_selinux.c
# prevent NSS from crashing on client auth hook failure
Patch1: 0001-curl-7.28.1-68d2830e.patch
# clear session cache if a client cert from file is used
Patch2: 0002-curl-7.28.1-b36f1d26.patch
# fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
Patch3: 0003-curl-7.28.1-26613d78.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.27.0-multilib.patch
Patch101: 0101-curl-7.29.0-multilib.patch
# prevent configure script from discarding -g in CFLAGS (#496778)
Patch102: 0102-curl-7.28.1-debug.patch
Patch102: 0102-curl-7.29.0-debug.patch
# use localhost6 instead of ip6-localhost in the curl test-suite
Patch104: 0104-curl-7.19.7-localhost6.patch
@ -34,7 +25,7 @@ Patch107: 0107-curl-7.21.4-libidn-valgrind.patch
# Fix character encoding of docs, which are of mixed encoding originally so
# a simple iconv can't fix them
Patch108: 0108-curl-7.28.1-utf8.patch
Patch108: 0108-curl-7.29.0-utf8.patch
Provides: webclient
URL: http://curl.haxx.se/
@ -110,9 +101,6 @@ documentation of the library, too.
%setup -q
# upstream patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
# Fedora patches
%patch101 -p1
@ -236,6 +224,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
* Wed Feb 06 2013 Kamil Dudka <kdudka@redhat.com> 7.29.0-1
- new upstream release (fixes CVE-2013-0249)
* Tue Jan 15 2013 Kamil Dudka <kdudka@redhat.com> 7.28.1-3
- require valgrind for build only on i386 and x86_64 (#886891)

View File

@ -1 +1 @@
b716ab1103fd4bef99b98f5ff2c7b638 curl-7.28.1.tar.lzma
48eab66844553c37433fb861cf8ab5c9 curl-7.29.0.tar.lzma