new upstream release - 7.84.0

Resolves: CVE-2022-32207 - Unpreserved file permissions Resolves: CVE-2022-32205 - Set-Cookie denial of service Resolves: CVE-2022-32206 - HTTP compression denial of service Resolves: CVE-2022-32208 - FTP-KRB bad message verification
2022-06-27 12:57:53 +02:00 · 2022-06-27 12:57:53 +02:00 · a4ed273b19
parent dd6ee45b2d
commit a4ed273b19
3 changed files with 14 additions and 7 deletions
--- a/0101-curl-7.32.0-multilib.patch
+++ b/0101-curl-7.32.0-multilib.patch
@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
 index 150004d..95d0759 100644
 --- a/curl-config.in
 +++ b/curl-config.in
-@@ -76,7 +76,7 @@ while test $# -gt 0; do
+@@ -78,7 +78,7 @@ while test $# -gt 0; do
         ;;
 
     --cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
         ;;
 
     --prefix)
-@@ -155,32 +155,19 @@ while test $# -gt 0; do
+@@ -157,32 +157,19 @@ while test $# -gt 0; do
         ;;
 
     --libs)
@ -63,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
 index 14a9d2b..ffcc004 100644
 --- a/docs/curl-config.1
 +++ b/docs/curl-config.1
-@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
+@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
 comma-separated. (Added in 7.58.0)
 .IP "--static-libs"
 Shows the complete set of libs and other linker options you will need in order
@ -78,7 +78,7 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in
 index 2ba9c39..f8f8b00 100644
 --- a/libcurl.pc.in
 +++ b/libcurl.pc.in
-@@ -29,6 +29,7 @@ libdir=@libdir@
+@@ -31,6 +31,7 @@ libdir=@libdir@
 includedir=@includedir@
 supported_protocols="@SUPPORT_PROTOCOLS@"
 supported_features="@SUPPORT_FEATURES@"
--- a/curl.spec
+++ b/curl.spec
@ -1,6 +1,6 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.83.1
+Version: 7.84.0
 Release: 1%{?dist}
 License: MIT
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@ -411,6 +411,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
+- new upstream release, which fixes the following vulnerabilities
+    CVE-2022-32207 - Unpreserved file permissions
+    CVE-2022-32205 - Set-Cookie denial of service
+    CVE-2022-32206 - HTTP compression denial of service
+    CVE-2022-32208 - FTP-KRB bad message verification
+
 * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
 - new upstream release, which fixes the following vulnerabilities
    CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (curl-7.83.1.tar.xz) = 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
-SHA512 (curl-7.83.1.tar.xz.asc) = f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
+SHA512 (curl-7.84.0.tar.xz) = 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
+SHA512 (curl-7.84.0.tar.xz.asc) = 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702