curl / el5: sync with 7.27.0-10 from F18

author: Remi Collet <fedora@famillecollet.com> 2013-05-13 18:12:37 +0200
committer: Remi Collet <fedora@famillecollet.com> 2013-05-13 18:12:37 +0200
commit: bea985e3e644ab80c4075fe4aa440553698567a2 (patch)
tree: c016caaeb817f120fb9e38a6b01f457bc7cab268
parent: 3a7fae97dc994e8a1ac5f2253527c7b76c86e8be (diff)
5 files changed, 550 insertions, 1 deletions
diff --git a/0011-curl-7.27.0-2eb8dcf2.patch b/0011-curl-7.27.0-2eb8dcf2.patch
new file mode 100644
index 0000000..f77f104
--- /dev/null
+++ b/0011-curl-7.27.0-2eb8dcf2.patch
@@ -0,0 +1,295 @@
+From 5ceda5fa61a87015275ab94f99da4f92f49ac802 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 12 Apr 2013 16:49:32 +0200
+Subject: [PATCH 1/3] test1216: test tailmatching cookie domains
+
+This test is an attempt to repeat the problem YAMADA Yasuharu reported
+at http://curl.haxx.se/mail/lib-2013-04/0108.html
+
+Conflicts:
+
+	tests/data/Makefile.am
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/Makefile.am |    2 +-
+ tests/data/Makefile.in |    2 +-
+ tests/data/test1216    |   62 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 64 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1216
+
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 372f127..9321d61 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -78,7 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1129 test1130 test1131 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 \
+-test1220 \
++test1220 test1216 \
+ test1300 test1301 test1302 test1303 test1304 test1305	\
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
+index e0a554a..0c18cb5 100644
+--- a/tests/data/Makefile.in
++++ b/tests/data/Makefile.in
+@@ -343,7 +343,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1129 test1130 test1131 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 \
+-test1220 \
++test1220 test1216 \
+ test1300 test1301 test1302 test1303 test1304 test1305	\
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/test1216 b/tests/data/test1216
+new file mode 100644
+index 0000000..e63fe92
+--- /dev/null
++++ b/tests/data/test1216
+@@ -0,0 +1,62 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++HTTP proxy
++cookies
++</keywords>
++</info>
++
++# Server-side
++<reply>
++<data>
++HTTP/1.1 200 OK
++Server: Microsoft-IIS/4.0
++Date: Tue, 25 Sep 2001 19:37:44 GMT
++Content-Type: text/html
++Connection: close
++Content-Length: 21
++
++This server says moo
++</data>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP cookie domains tailmatching the host name
++ </name>
++ <command>
++http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOSTIP:%HTTPPORT
++</command>
++<file name="log/injar1216">
++example.fake	FALSE	/a	FALSE	2139150993	mooo	indeed
++example.fake	FALSE	/b	FALSE	0		moo1	indeed
++example.fake	FALSE	/c	FALSE	2139150993	moo2	indeed
++</file>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++GET http://example.fake/c/1216 HTTP/1.1
++Host: example.fake
++Accept: */*
++Proxy-Connection: Keep-Alive
++Cookie: moo2=indeed
++
++GET http://bexample.fake/c/1216 HTTP/1.1
++Host: bexample.fake
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+-- 
+1.7.1
+
+
+From 3cf21844356a152df3af92530bb607ef880588af Mon Sep 17 00:00:00 2001
+From: YAMADA Yasuharu <yasuharu.yamada@access-company.com>
+Date: Thu, 11 Apr 2013 00:17:15 +0200
+Subject: [PATCH 2/3] cookie: fix tailmatching to prevent cross-domain leakage
+
+Cookies set for 'example.com' could accidentaly also be sent by libcurl
+to the 'bexample.com' (ie with a prefix to the first domain name).
+
+This is a security vulnerabilty, CVE-2013-1944.
+
+Bug: http://curl.haxx.se/docs/adv_20130412.html
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/cookie.c |   24 +++++++++++++++++++-----
+ 1 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 644b33a..760a931 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -118,15 +118,29 @@ static void freecookie(struct Cookie *co)
+   free(co);
+ }
+ 
+-static bool tailmatch(const char *little, const char *bigone)
++static bool tailmatch(const char *cooke_domain, const char *hostname)
+ {
+-  size_t littlelen = strlen(little);
+-  size_t biglen = strlen(bigone);
++  size_t cookie_domain_len = strlen(cooke_domain);
++  size_t hostname_len = strlen(hostname);
+ 
+-  if(littlelen > biglen)
++  if(hostname_len < cookie_domain_len)
+     return FALSE;
+ 
+-  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
++  if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
++    return FALSE;
++
++  /* A lead char of cookie_domain is not '.'.
++     RFC6265 4.1.2.3. The Domain Attribute says:
++       For example, if the value of the Domain attribute is
++       "example.com", the user agent will include the cookie in the Cookie
++       header when making HTTP requests to example.com, www.example.com, and
++       www.corp.example.com.
++   */
++  if(hostname_len == cookie_domain_len)
++    return TRUE;
++  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
++    return TRUE;
++  return FALSE;
+ }
+ 
+ /*
+-- 
+1.7.1
+
+
+From cb95277d4732d7e9a50df7cca2ce0aa8dc0aa5b9 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 12 Apr 2013 16:50:11 +0200
+Subject: [PATCH 3/3] test1218: another cookie tailmatch test
+
+These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
+domain tailmatch" vulnerability. See
+http://curl.haxx.se/docs/adv_20130412.html
+
+Conflicts:
+
+	tests/data/Makefile.am
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/data/Makefile.am |    2 +-
+ tests/data/Makefile.in |    2 +-
+ tests/data/test1218    |   61 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 63 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1218
+
+diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
+index 9321d61..c8295c3 100644
+--- a/tests/data/Makefile.am
++++ b/tests/data/Makefile.am
+@@ -78,7 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1129 test1130 test1131 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 \
+-test1220 test1216 \
++test1220 test1216 test1218 \
+ test1300 test1301 test1302 test1303 test1304 test1305	\
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/Makefile.in b/tests/data/Makefile.in
+index 0c18cb5..96678cd 100644
+--- a/tests/data/Makefile.in
++++ b/tests/data/Makefile.in
+@@ -343,7 +343,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
+ test1126 test1127 test1128 test1129 test1130 test1131 \
+ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
+ test1208 test1209 test1210 test1211 \
+-test1220 test1216 \
++test1220 test1216 test1218 \
+ test1300 test1301 test1302 test1303 test1304 test1305	\
+ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
+diff --git a/tests/data/test1218 b/tests/data/test1218
+new file mode 100644
+index 0000000..7d86547
+--- /dev/null
++++ b/tests/data/test1218
+@@ -0,0 +1,61 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++HTTP proxy
++cookies
++</keywords>
++</info>
++
++# This test is very similar to 1216, only that it sets the cookies from the
++# first site instead of reading from a file
++<reply>
++<data>
++HTTP/1.1 200 OK
++Date: Tue, 25 Sep 2001 19:37:44 GMT
++Set-Cookie: domain=.example.fake; bug=fixed;
++Content-Length: 21
++
++This server says moo
++</data>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP cookies and domains with same prefix
++ </name>
++ <command>
++http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++GET http://example.fake/c/1218 HTTP/1.1
++Host: example.fake
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++GET http://example.fake/c/1218 HTTP/1.1
++Host: example.fake
++Accept: */*
++Proxy-Connection: Keep-Alive
++Cookie: bug=fixed
++
++GET http://bexample.fake/c/1218 HTTP/1.1
++Host: bexample.fake
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+-- 
+1.7.1
+
diff --git a/0012-curl-7.27.0-25e577b3.patch b/0012-curl-7.27.0-25e577b3.patch
new file mode 100644
index 0000000..4b6ec7d
--- /dev/null
+++ b/0012-curl-7.27.0-25e577b3.patch
@@ -0,0 +1,86 @@
+From 461a96d26c08fcd27fc0ab2c94574461a85782bf Mon Sep 17 00:00:00 2001
+From: Kim Vandry <vandry@users.sf.net>
+Date: Mon, 18 Feb 2013 21:36:34 +0100
+Subject: [PATCH] Curl_resolver_is_resolved: show proper host name on failed resolve
+
+[upstream commit 25e577b33d00afb6630cf2cac98d6baa319e9aef]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/asyn-thread.c |   35 ++++++++++++++++++++---------------
+ 1 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
+index b027144..5552810 100644
+--- a/lib/asyn-thread.c
++++ b/lib/asyn-thread.c
+@@ -436,8 +436,19 @@ static const char *gai_strerror(int ecode)
+  * error
+  */
+ 
+-static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
++static CURLcode resolver_error(struct connectdata *conn)
+ {
++  const char *host_or_proxy;
++  CURLcode rc;
++  if(conn->bits.httpproxy) {
++    host_or_proxy = "proxy";
++    rc = CURLE_COULDNT_RESOLVE_PROXY;
++  }
++  else {
++    host_or_proxy = "host";
++    rc = CURLE_COULDNT_RESOLVE_HOST;
++  }
++
+   failf(conn->data, "Could not resolve %s: %s; %s", host_or_proxy,
+         conn->async.hostname,
+ #ifdef HAVE_GAI_STRERROR
+@@ -448,6 +459,7 @@ static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
+         Curl_strerror(conn, conn->async.status)
+ #endif
+     );
++  return rc;
+ }
+ 
+ /*
+@@ -479,17 +491,9 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+   if(entry)
+     *entry = conn->async.dns;
+ 
+-  if(!conn->async.dns) {
+-    /* a name was not resolved */
+-    if(conn->bits.httpproxy) {
+-      resolver_error(conn, "proxy");
+-      rc = CURLE_COULDNT_RESOLVE_PROXY;
+-    }
+-    else {
+-      resolver_error(conn, "host");
+-      rc = CURLE_COULDNT_RESOLVE_HOST;
+-    }
+-  }
++  if(!conn->async.dns)
++    /* a name was not resolved, report error */
++    rc = resolver_error(conn);
+ 
+   destroy_async_data(&conn->async);
+ 
+@@ -524,12 +528,13 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+ 
+   if(done) {
+     getaddrinfo_complete(conn);
+-    destroy_async_data(&conn->async);
+ 
+     if(!conn->async.dns) {
+-      resolver_error(conn, "host");
+-      return CURLE_COULDNT_RESOLVE_HOST;
++      CURLcode rc = resolver_error(conn);
++      destroy_async_data(&conn->async);
++      return rc;
+     }
++    destroy_async_data(&conn->async);
+     *entry = conn->async.dns;
+   }
+   else {
+-- 
+1.7.1
+
diff --git a/0013-curl-7.27.0-b37b5233.patch b/0013-curl-7.27.0-b37b5233.patch
new file mode 100644
index 0000000..63c2779
--- /dev/null
+++ b/0013-curl-7.27.0-b37b5233.patch
@@ -0,0 +1,35 @@
+From a0d7db27c1cf8edbde1d468d655be942bcacb39c Mon Sep 17 00:00:00 2001
+From: Zdenek Pavlas <zpavlas@redhat.com>
+Date: Fri, 26 Apr 2013 14:56:38 +0200
+Subject: [PATCH] url: initialize speed-check data for file:// protocol
+
+... in order to prevent an artificial timeout event based on stale
+speed-check data from a previous network transfer.  This commit fixes
+a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e.
+
+Bug: https://bugzilla.redhat.com/906031
+
+[upstream commit b37b5233cab96b5b1f2ab7f6e0b9c3df77320bba]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/url.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 87b8701..da53086 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -5058,6 +5058,9 @@ static CURLcode create_conn(struct SessionHandle *data,
+                           -1, NULL); /* no upload */
+     }
+ 
++    /* since we skip do_init() */
++    Curl_speedinit(data);
++
+     return result;
+   }
+ #endif
+-- 
+1.7.1
+
diff --git a/0014-curl-7.27.0-9d0af301.patch b/0014-curl-7.27.0-9d0af301.patch
new file mode 100644
index 0000000..739bbe7
--- /dev/null
+++ b/0014-curl-7.27.0-9d0af301.patch
@@ -0,0 +1,95 @@
+From c7bd0361565f70caf621f588e38bfc6cc196c432 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 5 Mar 2013 17:51:01 +0100
+Subject: [PATCH 1/2] nss: fix misplaced code enabling non-blocking socket mode
+
+The option needs to be set on the SSL socket.  Setting it on the model
+takes no effect.  Note that the non-blocking mode is still not enabled
+for the handshake because the code is not yet ready for that.
+
+[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
+---
+ lib/nss.c |   12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index efa578c..0ad1863 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1240,12 +1240,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   model = SSL_ImportFD(NULL, model);
+ 
+-  /* make the socket nonblocking */
+-  sock_opt.option = PR_SockOpt_Nonblocking;
+-  sock_opt.value.non_blocking = PR_TRUE;
+-  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
+-    goto error;
+-
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+     goto error;
+   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1420,6 +1414,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   }
+ 
++  /* switch the SSL socket into non-blocking mode */
++  sock_opt.option = PR_SockOpt_Nonblocking;
++  sock_opt.value.non_blocking = PR_TRUE;
++  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
++    goto error;
++
+   connssl->state = ssl_connection_complete;
+   conn->recv[sockindex] = nss_recv;
+   conn->send[sockindex] = nss_send;
+-- 
+1.7.1
+
+
+From f3a5d46280264965ca096c9b3efba481d4883d0e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 7 May 2013 23:30:52 +0200
+Subject: [PATCH 2/2] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
+
+Reported by: David Strauss
+Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
+
+[upstream commit 01a2abedd7e3a2075de70979003302313570c58c]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/nss.c |   11 ++++-------
+ 1 files changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index 0ad1863..f69a888 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1487,10 +1487,8 @@ static ssize_t nss_send(struct connectdata *conn,  /* connection data */
+                         size_t len,                /* amount to write */
+                         CURLcode *curlcode)
+ {
+-  int rc;
+-
+-  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
+-
++  ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
++                       PR_INTERVAL_NO_WAIT);
+   if(rc < 0) {
+     PRInt32 err = PR_GetError();
+     if(err == PR_WOULD_BLOCK_ERROR)
+@@ -1518,9 +1516,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
+                         size_t buffersize,         /* max amount to read */
+                         CURLcode *curlcode)
+ {
+-  ssize_t nread;
+-
+-  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
++  ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
++                          PR_INTERVAL_NO_WAIT);
+   if(nread < 0) {
+     /* failed SSL read */
+     PRInt32 err = PR_GetError();
+-- 
+1.7.1
+
diff --git a/curl.spec b/curl.spec
index 6f2d5d0..71458a7 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.27.0
-Release: 7%{?dist}
+Release: 10%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -38,6 +38,18 @@ Patch9: 0009-curl-7.27.0-f206d6c0.patch
 # curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
 Patch10: 0010-curl-7.27.0-57ccdfa8.patch
 
+# fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
+Patch11: 0011-curl-7.27.0-2eb8dcf2.patch
+
+# show proper host name on failed resolve (#957173)
+Patch12: 0012-curl-7.27.0-25e577b3.patch
+
+# prevent an artificial timeout event due to stale speed-check data (#906031)
+Patch13: 0013-curl-7.27.0-b37b5233.patch
+
+# switch SSL socket into non-blocking mode after handshake (#960765)
+Patch14: 0014-curl-7.27.0-9d0af301.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.27.0-multilib.patch
 
@@ -145,6 +157,10 @@ documentation of the library, too.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -161,6 +177,15 @@ sed -i s/899\\\([0-9]\\\)/649\\1/ tests/data/test*
 sed -i s/899\\\([0-9]\\\)/329\\1/ tests/data/test*
 %endif
 
+# disable test 1112 (#565305)
+printf "1112\n" >> tests/data/DISABLED
+
+# disable test 1319 on ppc64 (server times out)
+%ifarch ppc64
+echo "1319" >> tests/data/DISABLED
+%endif
+
+
 %build
 [ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos"
 %configure --disable-static \
@@ -270,6 +295,19 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Mon May 13 2013 Remi Collet <RPMS@FamilleCollet.com> - 7.27.0-10
+- sync with 7.27.0-10 from F18
+
+* Thu May 09 2013 Kamil Dudka <kdudka@redhat.com> 7.27.0-10
+- switch SSL socket into non-blocking mode after handshake (#960765)
+
+* Fri Apr 26 2013 Kamil Dudka <kdudka@redhat.com> 7.27.0-9
+- prevent an artificial timeout event due to stale speed-check data (#906031)
+- show proper host name on failed resolve (#957173)
+
+* Fri Apr 12 2013 Kamil Dudka <kdudka@redhat.com> 7.27.0-8
+- fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944)
+
 * Mon Oct 17 2011 Remi Collet <RPMS@FamilleCollet.com> - 7.27.0-7
 - sync with 7.27.0-7 from F18
author	Remi Collet <fedora@famillecollet.com>	2013-05-13 18:12:37 +0200
committer	Remi Collet <fedora@famillecollet.com>	2013-05-13 18:12:37 +0200
commit	bea985e3e644ab80c4075fe4aa440553698567a2 (patch)
tree	c016caaeb817f120fb9e38a6b01f457bc7cab268
parent	3a7fae97dc994e8a1ac5f2253527c7b76c86e8be (diff)