Skip to content
Snippets Groups Projects
Commit 0ad6eeb7 authored by Rocky Automation's avatar Rocky Automation :tv:
Browse files

import curl-7.76.1-26.el9_3.2

parent d8e9b3f0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 33 additions and 33 deletions
SPECS/curl.spec
+ 33
33
View file @ 0ad6eeb7
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.76.1 Version: 7.76.1
Release: 26%{?dist}.2.0.1 Release: 26%{?dist}.2
License: MIT License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz Source: https://curl.se/download/%{name}-%{version}.tar.xz
# http2: fix resource leaks detected by Coverity # http2: fix resource leaks detected by Coverity
Patch1: 0001-curl-7.76.1-resource-leaks.patch Patch1: 0001-curl-7.76.1-resource-leaks.patch
# fix TELNET stack contents disclosure (CVE-2021-22898) # fix TELNET stack contents disclosure (CVE-2021-22898)
Patch2: 0002-curl-7.76.1-CVE-2021-22898.patch Patch2: 0002-curl-7.76.1-CVE-2021-22898.patch
# fix TLS session caching disaster (CVE-2021-22901) # fix TLS session caching disaster (CVE-2021-22901)
Patch3: 0003-curl-7.76.1-CVE-2021-22901.patch Patch3: 0003-curl-7.76.1-CVE-2021-22901.patch
# fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) # fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
Patch4: 0004-curl-7.76.1-ldaps-segv.patch Patch4: 0004-curl-7.76.1-ldaps-segv.patch
# fix bad connection reuse due to flawed path name checks (CVE-2021-22924) # fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
# fix TELNET stack contents disclosure again (CVE-2021-22925) # fix TELNET stack contents disclosure again (CVE-2021-22925)
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
# fix use-after-free and double-free in MQTT sending (CVE-2021-22945) # fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
# fix protocol downgrade required TLS bypass (CVE-2021-22946) # fix protocol downgrade required TLS bypass (CVE-2021-22946)
Patch8: 0008-curl-7.76.1-CVE-2021-22946.patch Patch8: 0008-curl-7.76.1-CVE-2021-22946.patch
# fix STARTTLS protocol injection via MITM (CVE-2021-22947) # fix STARTTLS protocol injection via MITM (CVE-2021-22947)
Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) # fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch
# fix bad local IPv6 connection reuse (CVE-2022-27775) # fix bad local IPv6 connection reuse (CVE-2022-27775)
Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch
# fix auth/cookie leak on redirect (CVE-2022-27776) # fix auth/cookie leak on redirect (CVE-2022-27776)
Patch12: 0012-curl-7.76.1-CVE-2022-27776.patch Patch12: 0012-curl-7.76.1-CVE-2022-27776.patch
# fix credential leak on redirect (CVE-2022-27774) # fix credential leak on redirect (CVE-2022-27774)
Patch13: 0013-curl-7.76.1-CVE-2022-27774.patch Patch13: 0013-curl-7.76.1-CVE-2022-27774.patch
# fix too eager reuse of TLS and SSH connections (CVE-2022-27782) # fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
Patch14: 0014-curl-7.76.1-CVE-2022-27782.patch Patch14: 0014-curl-7.76.1-CVE-2022-27782.patch
# make upstream tests work with openssh-8.7p1 # make upstream tests work with openssh-8.7p1
Patch15: 0015-curl-7.76.1-tests-openssh.patch Patch15: 0015-curl-7.76.1-tests-openssh.patch
# fix FTP-KRB bad message verification (CVE-2022-32208) # fix FTP-KRB bad message verification (CVE-2022-32208)
Patch16: 0016-curl-7.76.1-CVE-2022-32208.patch Patch16: 0016-curl-7.76.1-CVE-2022-32208.patch
# fix HTTP compression denial of service (CVE-2022-32206) # fix HTTP compression denial of service (CVE-2022-32206)
Patch17: 0017-curl-7.76.1-CVE-2022-32206.patch Patch17: 0017-curl-7.76.1-CVE-2022-32206.patch
# fix unpreserved file permissions (CVE-2022-32207) # fix unpreserved file permissions (CVE-2022-32207)
Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch Patch19: 0019-curl-7.76.1-CVE-2022-32207.patch
# fix build failure caused by openldap rebase (#2094159) # fix build failure caused by openldap rebase (#2094159)
Patch20: 0020-curl-7.76.1-openldap-rebase.patch Patch20: 0020-curl-7.76.1-openldap-rebase.patch
# control code in cookie denial of service (CVE-2022-35252) # control code in cookie denial of service (CVE-2022-35252)
Patch21: 0021-curl-7.76.1-CVE-2022-35252.patch Patch21: 0021-curl-7.76.1-CVE-2022-35252.patch
# fix POST following PUT confusion (CVE-2022-32221) # fix POST following PUT confusion (CVE-2022-32221)
Patch22: 0022-curl-7.76.1-CVE-2022-32221.patch Patch22: 0022-curl-7.76.1-CVE-2022-32221.patch
# smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) # smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
Patch23: 0023-curl-7.76.1-CVE-2022-43552.patch Patch23: 0023-curl-7.76.1-CVE-2022-43552.patch
# fix HTTP multi-header compression denial of service (CVE-2023-23916) # fix HTTP multi-header compression denial of service (CVE-2023-23916)
Patch24: 0024-curl-7.76.1-CVE-2023-23916.patch Patch24: 0024-curl-7.76.1-CVE-2023-23916.patch
# fix TELNET option IAC injection (CVE-2023-27533) # fix TELNET option IAC injection (CVE-2023-27533)
Patch25: 0025-curl-7.76.1-CVE-2023-27533.patch Patch25: 0025-curl-7.76.1-CVE-2023-27533.patch
# fix SFTP path ~ resolving discrepancy (CVE-2023-27534) # fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
# fix FTP too eager connection reuse (CVE-2023-27535) # fix FTP too eager connection reuse (CVE-2023-27535)
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
# fix GSS delegation too eager connection re-use (CVE-2023-27536) # fix GSS delegation too eager connection re-use (CVE-2023-27536)
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
# fix SSH connection too eager reuse still (CVE-2023-27538) # fix SSH connection too eager reuse still (CVE-2023-27538)
Patch29: 0029-curl-7.76.1-CVE-2023-27538.patch Patch29: 0029-curl-7.76.1-CVE-2023-27538.patch
# unify the upload/method handling (CVE-2023-28322) # unify the upload/method handling (CVE-2023-28322)
Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch Patch30: 0030-curl-7.76.1-CVE-2023-28322.patch
# fix host name wildcard checking # fix host name wildcard checking
Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch Patch31: 0031-curl-7.76.1-CVE-2023-28321.patch
# return error if hostname too long for remote resolve (CVE-2023-38545) # return error if hostname too long for remote resolve (CVE-2023-38545)
Patch32: 0032-curl-7.76.1-CVE-2023-38545.patch Patch32: 0032-curl-7.76.1-CVE-2023-38545.patch
# fix cookie injection with none file (CVE-2023-38546) # fix cookie injection with none file (CVE-2023-38546)
Patch33: 0033-curl-7.61.1-CVE-2023-38546.patch Patch33: 0033-curl-7.61.1-CVE-2023-38546.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment