Resolves: CVE-2018-20483 - xattr: strip credentials from any URL that is stored
This commit is contained in:
parent
51f07044e3
commit
b3c6d97e26
4776
0008-curl-7.61.1-CVE-2018-20483.patch
Normal file
4776
0008-curl-7.61.1-CVE-2018-20483.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.61.1
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -28,6 +28,9 @@ Patch6: 0006-curl-7.61.1-CVE-2018-16839.patch
|
||||
# curl -J: do not append to the destination file (#1658574)
|
||||
Patch7: 0007-curl-7.63.0-JO-preserve-local-file.patch
|
||||
|
||||
# xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
||||
Patch8: 0008-curl-7.61.1-CVE-2018-20483.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -194,6 +197,7 @@ git apply %{PATCH4}
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -360,6 +364,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Mon Jan 21 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-7
|
||||
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
|
||||
|
||||
* Wed Dec 19 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-6
|
||||
- curl -J: do not append to the destination file (#1658574)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user