[curl] new upstream release (fixes CVE-2012-0036)

Kamil Dudka kdudka at fedoraproject.org
Tue Jan 24 11:12:02 UTC 2012 

commit f28824c4c657c041155cfe631de4fd2b0ca0e8d1
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Tue Jan 24 12:10:59 2012 +0100

    new upstream release (fixes CVE-2012-0036)

 .gitignore                              |    1 +
 0001-curl-7.23.0-c532604.patch          |  227 ---------------------
 0002-curl-7.23.0-9f7f6a6.patch          |   32 ---
 0003-curl-7.23.0-e99128a.patch          |  339 -------------------------------
 0102-curl-7.21.2-debug.patch            |    2 +-
 0105-curl-7.21.3-disable-test1112.patch |    4 +-
 curl-7.23.0.tar.lzma.asc                |    7 -
 curl-7.24.0.tar.lzma.asc                |    7 +
 curl.spec                               |   21 +--
 sources                                 |    2 +-
 10 files changed, 17 insertions(+), 625 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 54cee0c..afacc38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 /curl-7.21.7.tar.lzma
 /curl-7.22.0.tar.lzma
 /curl-7.23.0.tar.lzma
+/curl-7.24.0.tar.lzma
diff --git a/0102-curl-7.21.2-debug.patch b/0102-curl-7.21.2-debug.patch
index 792d753..7691826 100644
--- a/0102-curl-7.21.2-debug.patch
+++ b/0102-curl-7.21.2-debug.patch
@@ -6,7 +6,7 @@ diff --git a/configure b/configure
 index d3ecf69..6d8f085 100755
 --- a/configure
 +++ b/configure
-@@ -15030,18 +15030,11 @@ $as_echo "yes" >&6; }
+@@ -15040,18 +15040,11 @@ $as_echo "yes" >&6; }
      gccvhi=`echo $gccver | cut -d . -f1`
      gccvlo=`echo $gccver | cut -d . -f2`
      compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
diff --git a/0105-curl-7.21.3-disable-test1112.patch b/0105-curl-7.21.3-disable-test1112.patch
index 515968e..d2367a9 100644
--- a/0105-curl-7.21.3-disable-test1112.patch
+++ b/0105-curl-7.21.3-disable-test1112.patch
@@ -6,7 +6,7 @@ diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
 index 9370974..b553f54 100644
 --- a/tests/data/Makefile.am
 +++ b/tests/data/Makefile.am
-@@ -72,7 +72,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
+@@ -73,7 +73,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
  test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093	\
  test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101	\
  test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109	\
@@ -19,7 +19,7 @@ diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
 index 435b126..1d71c4e 100644
 --- a/tests/data/Makefile.in
 +++ b/tests/data/Makefile.in
-@@ -320,7 +320,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
+@@ -326,7 +326,7 @@ test1078 test1079 test1080 test1081 test1082 test1083 test1084 test1085	\
  test1086 test1087 test1088 test1089 test1090 test1091 test1092 test1093	\
  test1094 test1095 test1096 test1097 test1098 test1099 test1100 test1101	\
  test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109	\
diff --git a/curl-7.24.0.tar.lzma.asc b/curl-7.24.0.tar.lzma.asc
new file mode 100644
index 0000000..720b4df
--- /dev/null
+++ b/curl-7.24.0.tar.lzma.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAk8eczoACgkQeOEcayedXJFoKACfUI6eBzthDt9SaQHF+uqXUIVS
+ewEAoM1e4Cuwt8vjL/6m4sEZSaaJ0Jp+
+=SL4u
+-----END PGP SIGNATURE-----
diff --git a/curl.spec b/curl.spec
index de2d880..4aa3a94 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,22 +1,13 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
-Version: 7.23.0
-Release: 6%{?dist}
+Version: 7.24.0
+Release: 1%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Source3: hide_selinux.c
 
-# -J -O: use -O name if no Content-Disposition header comes!
-Patch1: 0001-curl-7.23.0-c532604.patch
-
-# transfer: avoid unnecessary timeout event when waiting for 100-continue
-Patch2: 0002-curl-7.23.0-9f7f6a6.patch
-
-# do not skip FTPS tests with nss-3.13
-Patch3: 0003-curl-7.23.0-e99128a.patch
-
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch
 
@@ -115,11 +106,6 @@ for f in CHANGES README; do
     mv -f ${f}.utf8 ${f}
 done
 
-# upstream patches
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
@@ -232,6 +218,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Jan 24 2012 Kamil Dudka <kdudka at redhat.com> 7.24.0-1
+- new upstream release (fixes CVE-2012-0036)
+
 * Thu Jan 05 2012 Paul Howarth <paul at city-fan.org> 7.23.0-6
 - rebuild for gcc 4.7
 
diff --git a/sources b/sources
index b417d66..1a65fc7 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-af901db5f3d21609cc6fe960a6c293fb  curl-7.23.0.tar.lzma
+713d7d7cbc5cfaabd785a2ff905096f2  curl-7.24.0.tar.lzma

More information about the scm-commits mailing list