new upstream release - 7.84.0

Resolves: CVE-2022-32207 - Unpreserved file permissions
Resolves: CVE-2022-32205 - Set-Cookie denial of service
Resolves: CVE-2022-32206 - HTTP compression denial of service
Resolves: CVE-2022-32208 - FTP-KRB bad message verification
This commit is contained in:
Kamil Dudka 2022-06-27 12:57:53 +02:00
parent dd6ee45b2d
commit a4ed273b19
3 changed files with 14 additions and 7 deletions

View File

@ -13,7 +13,7 @@ diff --git a/curl-config.in b/curl-config.in
index 150004d..95d0759 100644 index 150004d..95d0759 100644
--- a/curl-config.in --- a/curl-config.in
+++ b/curl-config.in +++ b/curl-config.in
@@ -76,7 +76,7 @@ while test $# -gt 0; do @@ -78,7 +78,7 @@ while test $# -gt 0; do
;; ;;
--cc) --cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;; ;;
--prefix) --prefix)
@@ -155,32 +155,19 @@ while test $# -gt 0; do @@ -157,32 +157,19 @@ while test $# -gt 0; do
;; ;;
--libs) --libs)
@ -63,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
index 14a9d2b..ffcc004 100644 index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1 --- a/docs/curl-config.1
+++ b/docs/curl-config.1 +++ b/docs/curl-config.1
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear @@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
comma-separated. (Added in 7.58.0) comma-separated. (Added in 7.58.0)
.IP "--static-libs" .IP "--static-libs"
Shows the complete set of libs and other linker options you will need in order Shows the complete set of libs and other linker options you will need in order
@ -78,7 +78,7 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in
index 2ba9c39..f8f8b00 100644 index 2ba9c39..f8f8b00 100644
--- a/libcurl.pc.in --- a/libcurl.pc.in
+++ b/libcurl.pc.in +++ b/libcurl.pc.in
@@ -29,6 +29,7 @@ libdir=@libdir@ @@ -31,6 +31,7 @@ libdir=@libdir@
includedir=@includedir@ includedir=@includedir@
supported_protocols="@SUPPORT_PROTOCOLS@" supported_protocols="@SUPPORT_PROTOCOLS@"
supported_features="@SUPPORT_FEATURES@" supported_features="@SUPPORT_FEATURES@"

View File

@ -1,6 +1,6 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.83.1 Version: 7.84.0
Release: 1%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@ -411,6 +411,13 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Mon Jun 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.84.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-32207 - Unpreserved file permissions
CVE-2022-32205 - Set-Cookie denial of service
CVE-2022-32206 - HTTP compression denial of service
CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1 * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
- new upstream release, which fixes the following vulnerabilities - new upstream release, which fixes the following vulnerabilities
CVE-2022-27782 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 - fix too eager reuse of TLS and SSH connections

View File

@ -1,2 +1,2 @@
SHA512 (curl-7.83.1.tar.xz) = 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee SHA512 (curl-7.84.0.tar.xz) = 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
SHA512 (curl-7.83.1.tar.xz.asc) = f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191 SHA512 (curl-7.84.0.tar.xz.asc) = 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702