Skip to content
Snippets Groups Projects
Commit 0ad6eeb7 authored by Rocky Automation's avatar Rocky Automation :tv:
Browse files

import curl-7.76.1-26.el9_3.2

parent d8e9b3f0
No related branches found
Tags imports/r8/curl-7.61.1-34.el8_10.2
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 33 additions and 33 deletions
SPECS/curl.spec
+ 33
33
View file @ 0ad6eeb7
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.76.1
Release: 26%{?dist}.2.0.1
Release: 26%{?dist}.2
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
# http2: fix resource leaks detected by Coverity
Patch1: 0001-curl-7.76.1-resource-leaks.patch
Patch1: 0001-curl-7.76.1-resource-leaks.patch
# fix TELNET stack contents disclosure (CVE-2021-22898)
Patch2: 0002-curl-7.76.1-CVE-2021-22898.patch
Patch2: 0002-curl-7.76.1-CVE-2021-22898.patch
# fix TLS session caching disaster (CVE-2021-22901)
Patch3: 0003-curl-7.76.1-CVE-2021-22901.patch
Patch3: 0003-curl-7.76.1-CVE-2021-22901.patch
# fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
Patch4: 0004-curl-7.76.1-ldaps-segv.patch
Patch4: 0004-curl-7.76.1-ldaps-segv.patch
# fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
# fix TELNET stack contents disclosure again (CVE-2021-22925)
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
# fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
# fix protocol downgrade required TLS bypass (CVE-2021-22946)
Patch8: 0008-curl-7.76.1-CVE-2021-22946.patch
Patch8: 0008-curl-7.76.1-CVE-2021-22946.patch
# fix STARTTLS protocol injection via MITM (CVE-2021-22947)
Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch
Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch
Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch
# fix bad local IPv6 connection reuse (CVE-2022-27775)
Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch
Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch
# fix auth/cookie leak on redirect (CVE-2022-27776)
Patch12: 0012-curl-7.76.1-CVE-2022-27776.patch
Patch12: 0012-curl-7.76.1-CVE-2022-27776.patch
# fix credential leak on redirect (CVE-2022-27774)
Patch13: 0013-curl-7.76.1-CVE-2022-27774.patch
Patch13: 0013-curl-7.76.1-CVE-2022-27774.patch
# fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
Patch14: 0014-curl-7.76.1-CVE-2022-27782.patch
Patch14: 0014-curl-7.76.1-CVE-2022-27782.patch
# make upstream tests work with openssh-8.7p1
Patch15: 0015-curl-7.76.1-tests-openssh.patch
Patch15: 0015-curl-7.76.1-tests-openssh.patch
# fix FTP-KRB bad message verification (CVE-2022-32208)
Patch16: 0016-curl-7.76.1-CVE-2022-32208.patch
Patch16: 0016-curl-7.76.1-CVE-2022-32208.patch
# fix HTTP compression denial of service (CVE-2022-32206)
Patch17: 0017-curl-7.76.1-CVE-2022-32206.patch
Patch17: 0017-curl-7.76.1-CVE-2022-32206.patch
# fix unpreserved file permissions (CVE-2022-32207)
Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch
Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch
# fix build failure caused by openldap rebase (#2094159)
Patch20: 0020-curl-7.76.1-openldap-rebase.patch
Patch20: 0020-curl-7.76.1-openldap-rebase.patch
# control code in cookie denial of service (CVE-2022-35252)
Patch21: 0021-curl-7.76.1-CVE-2022-35252.patch
Patch21: 0021-curl-7.76.1-CVE-2022-35252.patch
# fix POST following PUT confusion (CVE-2022-32221)
Patch22: 0022-curl-7.76.1-CVE-2022-32221.patch
Patch22: 0022-curl-7.76.1-CVE-2022-32221.patch
# smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
Patch23: 0023-curl-7.76.1-CVE-2022-43552.patch
Patch23: 0023-curl-7.76.1-CVE-2022-43552.patch
# fix HTTP multi-header compression denial of service (CVE-2023-23916)
Patch24: 0024-curl-7.76.1-CVE-2023-23916.patch
Patch24: 0024-curl-7.76.1-CVE-2023-23916.patch
# fix TELNET option IAC injection (CVE-2023-27533)
Patch25: 0025-curl-7.76.1-CVE-2023-27533.patch
Patch25: 0025-curl-7.76.1-CVE-2023-27533.patch
# fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
# fix FTP too eager connection reuse (CVE-2023-27535)
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
# fix SSH connection too eager reuse still (CVE-2023-27538)
Patch29: 0029-curl-7.76.1-CVE-2023-27538.patch
Patch29: 0029-curl-7.76.1-CVE-2023-27538.patch
# unify the upload/method handling (CVE-2023-28322)
Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch
Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch
# fix host name wildcard checking
Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch
Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch
# return error if hostname too long for remote resolve (CVE-2023-38545)
Patch32: 0032-curl-7.76.1-CVE-2023-38545.patch
Patch32: 0032-curl-7.76.1-CVE-2023-38545.patch
# fix cookie injection with none file (CVE-2023-38546)
Patch33: 0033-curl-7.61.1-CVE-2023-38546.patch
Patch33: 0033-curl-7.61.1-CVE-2023-38546.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment