From 4bddb2814cc9f4f9dcee33f27ae16114a3f8c31a Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mar 26 2014 07:55:38 +0000 Subject: new upstream release - 7.36.0 (fixes CVE-2014-0138) --- diff --git a/0001-curl-7.32.0-ffb8a21d.patch b/0001-curl-7.32.0-ffb8a21d.patch deleted file mode 100644 index a7a5f7e..0000000 --- a/0001-curl-7.32.0-ffb8a21d.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1742db74f6527846581da8b846f9c9666eac4fd6 Mon Sep 17 00:00:00 2001 -From: Steve Holme -Date: Sun, 2 Feb 2014 11:01:10 +0000 -Subject: [PATCH] tests: Fixed test172 cookie expiry - -The test contains a cookie jar file where one of the cookies has an -expiry date of 1391252187 -- Sat, 1 Feb 2014 10:56:27 GMT which has -now expired. Updated to Wed, 14 Oct 2037 16:36:33 GMT as per test -179. - -Reported-by: Adam Sampson -Bug: http://curl.haxx.se/bug/view.cgi?id=1330 - -[upstream commit ffb8a21d85bde8b626e5dc52ce25f0447ee49f89] - -Signed-off-by: Kamil Dudka ---- - tests/data/test172 | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/tests/data/test172 b/tests/data/test172 -index b3efae9..3d53418 100644 ---- a/tests/data/test172 -+++ b/tests/data/test172 -@@ -36,7 +36,7 @@ http://%HOSTIP:%HTTPPORT/we/want/172 -b log/jar172.txt -b "tool=curl; name=fool" - - .%HOSTIP TRUE /silly/ FALSE 0 ismatch this - .%HOSTIP TRUE / FALSE 0 partmatch present --%HOSTIP FALSE /we/want/ FALSE 1391252187 nodomain value -+%HOSTIP FALSE /we/want/ FALSE 2139150993 nodomain value - - - --- -1.7.1 - diff --git a/0102-curl-7.32.0-debug.patch b/0102-curl-7.32.0-debug.patch deleted file mode 100644 index 035c524..0000000 --- a/0102-curl-7.32.0-debug.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 31 Oct 2012 11:38:30 +0100 -Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) - ---- - configure | 13 +++---------- - m4/curl-compilers.m4 | 13 +++---------- - 2 files changed, 6 insertions(+), 20 deletions(-) - -diff --git a/configure b/configure -index 8f079a3..53b4774 100755 ---- a/configure -+++ b/configure -@@ -16005,18 +16005,11 @@ $as_echo "yes" >&6; } - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - - if test -z "$SED"; then -diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 -index 0cbba7a..9175b5b 100644 ---- a/m4/curl-compilers.m4 -+++ b/m4/curl-compilers.m4 -@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ - gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` - compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` -- flags_dbg_all="-g -g0 -g1 -g2 -g3" -- flags_dbg_all="$flags_dbg_all -ggdb" -- flags_dbg_all="$flags_dbg_all -gstabs" -- flags_dbg_all="$flags_dbg_all -gstabs+" -- flags_dbg_all="$flags_dbg_all -gcoff" -- flags_dbg_all="$flags_dbg_all -gxcoff" -- flags_dbg_all="$flags_dbg_all -gdwarf-2" -- flags_dbg_all="$flags_dbg_all -gvms" -+ flags_dbg_all="" - flags_dbg_yes="-g" - flags_dbg_off="" -- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" -- flags_opt_yes="-O2" -+ flags_opt_all="" -+ flags_opt_yes="" - flags_opt_off="-O0" - CURL_CHECK_DEF([_WIN32], [], [silent]) - else --- -1.7.1 - diff --git a/0102-curl-7.36.0-debug.patch b/0102-curl-7.36.0-debug.patch new file mode 100644 index 0000000..731039a --- /dev/null +++ b/0102-curl-7.36.0-debug.patch @@ -0,0 +1,65 @@ +From 6710648c2b270c9ce68a7d9f1bba1222c7be8b58 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 31 Oct 2012 11:38:30 +0100 +Subject: [PATCH] prevent configure script from discarding -g in CFLAGS (#496778) + +--- + configure | 13 +++---------- + m4/curl-compilers.m4 | 13 +++---------- + 2 files changed, 6 insertions(+), 20 deletions(-) + +diff --git a/configure b/configure +index 8f079a3..53b4774 100755 +--- a/configure ++++ b/configure +@@ -16006,18 +16006,11 @@ $as_echo "yes" >&6; } + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + + if test -z "$SED"; then +diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 +index 0cbba7a..9175b5b 100644 +--- a/m4/curl-compilers.m4 ++++ b/m4/curl-compilers.m4 +@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else +-- +1.7.1 + diff --git a/0103-curl-7.32.0-metalink.patch b/0103-curl-7.32.0-metalink.patch deleted file mode 100644 index 33cec9c..0000000 --- a/0103-curl-7.32.0-metalink.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 5a4feefe61733d7b650d6f6e1995a6d1555530d3 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 26 Jun 2013 18:00:43 +0200 -Subject: [PATCH] make the curl tool link SSL libraries also used by src/tool_metalink.c - ---- - configure | 10 +++------- - configure.ac | 18 +++++++++++------- - 2 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/configure b/configure -index a466175..cb63075 100755 ---- a/configure -+++ b/configure -@@ -15470,13 +15470,9 @@ fi - - - --# Determine whether all dependent libraries must be specified when linking --if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" --then -- REQUIRE_LIB_DEPS=no --else -- REQUIRE_LIB_DEPS=yes --fi -+REQUIRE_LIB_DEPS=yes -+ -+ - - if test x$REQUIRE_LIB_DEPS = xyes; then - USE_EXPLICIT_LIB_DEPS_TRUE= -diff --git a/configure.ac b/configure.ac -index 49309e6..90c56b5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -242,13 +242,17 @@ fi - AC_SUBST([CPPFLAG_CURL_STATICLIB]) - - --# Determine whether all dependent libraries must be specified when linking --if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" --then -- REQUIRE_LIB_DEPS=no --else -- REQUIRE_LIB_DEPS=yes --fi -+dnl make the curl tool link SSL libraries also used by src/tool_metalink.c -+REQUIRE_LIB_DEPS=yes -+ -+dnl # Determine whether all dependent libraries must be specified when linking -+dnl if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" -+dnl then -+dnl REQUIRE_LIB_DEPS=no -+dnl else -+dnl REQUIRE_LIB_DEPS=yes -+dnl fi -+ - AC_SUBST(REQUIRE_LIB_DEPS) - AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes) - --- -1.7.1 - diff --git a/0103-curl-7.36.0-metalink.patch b/0103-curl-7.36.0-metalink.patch new file mode 100644 index 0000000..3f8f0f0 --- /dev/null +++ b/0103-curl-7.36.0-metalink.patch @@ -0,0 +1,63 @@ +From 5a4feefe61733d7b650d6f6e1995a6d1555530d3 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 26 Jun 2013 18:00:43 +0200 +Subject: [PATCH] make the curl tool link SSL libraries also used by src/tool_metalink.c + +--- + configure | 10 +++------- + configure.ac | 18 +++++++++++------- + 2 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/configure b/configure +index a466175..cb63075 100755 +--- a/configure ++++ b/configure +@@ -15471,13 +15471,9 @@ fi + + + +-# Determine whether all dependent libraries must be specified when linking +-if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" +-then +- REQUIRE_LIB_DEPS=no +-else +- REQUIRE_LIB_DEPS=yes +-fi ++REQUIRE_LIB_DEPS=yes ++ ++ + + if test x$REQUIRE_LIB_DEPS = xyes; then + USE_EXPLICIT_LIB_DEPS_TRUE= +diff --git a/configure.ac b/configure.ac +index 49309e6..90c56b5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -242,13 +242,17 @@ fi + AC_SUBST([CPPFLAG_CURL_STATICLIB]) + + +-# Determine whether all dependent libraries must be specified when linking +-if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" +-then +- REQUIRE_LIB_DEPS=no +-else +- REQUIRE_LIB_DEPS=yes +-fi ++dnl make the curl tool link SSL libraries also used by src/tool_metalink.c ++REQUIRE_LIB_DEPS=yes ++ ++dnl # Determine whether all dependent libraries must be specified when linking ++dnl if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" ++dnl then ++dnl REQUIRE_LIB_DEPS=no ++dnl else ++dnl REQUIRE_LIB_DEPS=yes ++dnl fi ++ + AC_SUBST(REQUIRE_LIB_DEPS) + AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes) + +-- +1.7.1 + diff --git a/0106-curl-7.21.0-libssh2-valgrind.patch b/0106-curl-7.21.0-libssh2-valgrind.patch deleted file mode 100644 index 2b8cb38..0000000 --- a/0106-curl-7.21.0-libssh2-valgrind.patch +++ /dev/null @@ -1,31 +0,0 @@ - tests/data/test604 | 3 +++ - tests/data/test623 | 4 +++- - 2 files changed, 6 insertions(+), 1 deletions(-) - -diff --git a/tests/data/test604 b/tests/data/test604 -index af0259f..2bcf7d1 100644 ---- a/tests/data/test604 -+++ b/tests/data/test604 -@@ -26,5 +26,8 @@ SFTP retrieval of nonexistent file - - 78 - -+ -+disable -+ - - -diff --git a/tests/data/test623 b/tests/data/test623 -index 19e505b..38a41d2 100644 ---- a/tests/data/test623 -+++ b/tests/data/test623 -@@ -36,6 +36,8 @@ for ssh upload test - - 79 - -- -+ -+disable -+ - - diff --git a/0106-curl-7.36.0-libssh2-valgrind.patch b/0106-curl-7.36.0-libssh2-valgrind.patch new file mode 100644 index 0000000..e33fe50 --- /dev/null +++ b/0106-curl-7.36.0-libssh2-valgrind.patch @@ -0,0 +1,40 @@ +From a4c56b928518439399e051406145d7d5b150a3be Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 26 Mar 2014 08:51:53 +0100 +Subject: [PATCH] disable valgrind for certain test-cases (libssh2 problem) + +--- + tests/data/test604 | 3 +++ + tests/data/test623 | 4 +++- + 2 files changed, 6 insertions(+), 1 deletions(-) + +diff --git a/tests/data/test604 b/tests/data/test604 +index af0259f..2bcf7d1 100644 +--- a/tests/data/test604 ++++ b/tests/data/test604 +@@ -29,5 +29,8 @@ disable + + 78 + ++ ++disable ++ + + +diff --git a/tests/data/test623 b/tests/data/test623 +index 19e505b..38a41d2 100644 +--- a/tests/data/test623 ++++ b/tests/data/test623 +@@ -39,6 +39,8 @@ disable + + 79 + +- ++ ++disable ++ + + +-- +1.7.1 + diff --git a/curl-7.35.0.tar.lzma.asc b/curl-7.35.0.tar.lzma.asc deleted file mode 100644 index de64bca..0000000 --- a/curl-7.35.0.tar.lzma.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlLoqVAACgkQeOEcayedXJHXgACfXucGEK+4gBtUjRNJlPdBThPs -lQkAoJRfmKWAlAvMtBuXofIEog9D2y9z -=Wgsv ------END PGP SIGNATURE----- diff --git a/curl-7.36.0.tar.lzma.asc b/curl-7.36.0.tar.lzma.asc new file mode 100644 index 0000000..32220e2 --- /dev/null +++ b/curl-7.36.0.tar.lzma.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlMyeZEACgkQeOEcayedXJFTpACfaOmp5/t6thzl/LLM4L6/AO70 +i5oAoJLzbaqGU31OhelQxcyrRX2gDubB +=++7u +-----END PGP SIGNATURE----- diff --git a/curl.spec b/curl.spec index 5f87df4..f2003ff 100644 --- a/curl.spec +++ b/curl.spec @@ -1,29 +1,26 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.35.0 -Release: 5%{?dist} +Version: 7.36.0 +Release: 1%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h -# refresh expired cookie in test172 from upstream test-suite (#1068967) -Patch1: 0001-curl-7.32.0-ffb8a21d.patch - # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.32.0-debug.patch +Patch102: 0102-curl-7.36.0-debug.patch # make the curl tool link SSL libraries also used by src/tool_metalink.c -Patch103: 0103-curl-7.32.0-metalink.patch +Patch103: 0103-curl-7.36.0-metalink.patch # use localhost6 instead of ip6-localhost in the curl test-suite Patch104: 0104-curl-7.19.7-localhost6.patch # disable valgrind for certain test-cases (libssh2 problem) -Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch +Patch106: 0106-curl-7.36.0-libssh2-valgrind.patch # work around valgrind bug (#678518) Patch107: 0107-curl-7.21.4-libidn-valgrind.patch @@ -122,7 +119,6 @@ documentation of the library, too. %setup -q # upstream patches -%patch1 -p1 # Fedora patches %patch101 -p1 @@ -244,6 +240,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Mar 26 2014 Kamil Dudka 7.36.0-1 +- new upstream release (fixes CVE-2014-0138) + * Mon Mar 17 2014 Paul Howarth 7.35.0-5 - add all perl build requirements for the test suite, in a portable way diff --git a/sources b/sources index c82983f..6f8474a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ad7d63864414c61246450dc5e2248c7b curl-7.35.0.tar.lzma +291081121e604b04e0035bfdd736d196 curl-7.36.0.tar.lzma