From d02617d3252493983631775d7575e9c3dcbb09be Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 15 Sep 2021 09:08:01 +0200 Subject: [PATCH] new upstream release - 7.79.0 Resolves: CVE-2021-22947 - STARTTLS protocol injection via MITM Resolves: CVE-2021-22946 - protocol downgrade required TLS bypassed Resolves: CVE-2021-22945 - use-after-free and double-free in MQTT sending --- curl-7.78.0.tar.xz.asc | 11 ----------- curl-7.79.0.tar.xz.asc | 11 +++++++++++ curl.spec | 10 ++++++++-- sources | 2 +- 4 files changed, 20 insertions(+), 14 deletions(-) delete mode 100644 curl-7.78.0.tar.xz.asc create mode 100644 curl-7.79.0.tar.xz.asc diff --git a/curl-7.78.0.tar.xz.asc b/curl-7.78.0.tar.xz.asc deleted file mode 100644 index d93dee2..0000000 --- a/curl-7.78.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmD3wwYACgkQXMkI/bce -EsIFMggAt5xxRun4gxld2xZB0shI8fDhjGwMK+uQNpDnnt509j/UZ9+yfDra3Stl -BHeQXSnTE6y4dKfXIkq4q3sSX2XZUuFRLHMhzH99FsY6bxgOSnZi/iIZv/RLLXTX -NGlDR93OfsYg9UNkZVeZlFo9262f6rz7P5EsHa4HlCS0xpvLCU7q2dtkDu8SQSW1 -sQiEZOhsyXoiqqrLAgTIP9psHt6dE7qoYh1hS6b+7S9d87MSkL5MEnHukFkemlzC -7d9cYD9Bah1LfAaYunvzPuC9FoF6gonGPrw3tLECdl2P9PpnrGeV1Z/Nhmu0d5mN -E2A1BXBqLs8UVo4vUbiNLk0gB3TmHg== -=yVDK ------END PGP SIGNATURE----- diff --git a/curl-7.79.0.tar.xz.asc b/curl-7.79.0.tar.xz.asc new file mode 100644 index 0000000..0828b9f --- /dev/null +++ b/curl-7.79.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmFBj6gACgkQXMkI/bce +EsJkpQgAuTRPniJDsiVa9yqtfgSNq2BG3u+JpcKFC3bJ/PB2DAtNVORNrTYkk3B1 +wIgfVWYBBJiCXoy5Ivof0MIfUM8kMFJXwHfy0Gs5/60GCy5mXOvVC7IEmKZ24lOU +7cNNzNkyR69z1yWM1VFfaDNmO3+GWIvM2YJTEdHlAxABR71FfW/ARtXjSFEJ01FL +t9IyDiH56cCkWEFFvM2YxNo0IjduvC5pLBiGfrBe5bAKV63Z0/Qtp18zoVaYgv6Y ++yLxv4jgteN/wrTHXVQ5o6FiqoTP/OEpJOLe1Zd4sJhMBkobCPwi5HHAjbavqeFc +3zs3aRTNMaVdvv4VqFhO5o8u2kZEbg== +=2Tq/ +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index b13555a..c8ab381 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.78.0 -Release: 4%{?dist} +Version: 7.79.0 +Release: 1%{?dist} License: MIT Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc @@ -368,6 +368,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Sep 15 2021 Kamil Dudka - 7.79.0-1 +- new upstream release, which fixes the following vulnerabilities + CVE-2021-22947 - STARTTLS protocol injection via MITM + CVE-2021-22946 - protocol downgrade required TLS bypassed + CVE-2021-22945 - use-after-free and double-free in MQTT sending + * Tue Sep 14 2021 Sahana Prasad - 7.78.0-4 - Rebuilt with OpenSSL 3.0.0 diff --git a/sources b/sources index d95c311..b8a81d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (curl-7.78.0.tar.xz) = f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a +SHA512 (curl-7.79.0.tar.xz) = 68bccba61f18de9f94c311b0d92cfa6572bb7e55e8773917c13b25203164a5a9f4ef6b8ad84a14d3d5dcb286271bf18c3dd84c4ca353866763c726f9defce808