From 01d72d81f7e86f9433a81792cd61038506fe0048 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sat, 20 Dec 2014 09:04:54 +0100 Subject: curl: sync with 7.29.0-19 from RHEL-7 (for EL-5) --- curl.spec | 155 +++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 92 insertions(+), 63 deletions(-) (limited to 'curl.spec') diff --git a/curl.spec b/curl.spec index e36f253..02aa074 100644 --- a/curl.spec +++ b/curl.spec @@ -1,63 +1,77 @@ +# Define %%{__isa_bits} for old releases +%{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl -Version: 7.27.0 -Release: 11%{?dist} +Version: 7.29.0 +Release: 19%{?dist} License: MIT Group: Applications/Internet -Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 +Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: curlbuild.h -Source3: hide_selinux.c -# eliminate unnecessary inotify events on upload via file protocol (#844385) -Patch1: 0001-curl-7.27.0-1f8518c5.patch +# fix a SIGSEGV when closing an unused multi handle (#914411) +Patch1: 0001-curl-7.29.0-da3fc1ee.patch -# do not crash if MD5 fingerprint is not provided by libssh2 -Patch2: 0002-curl-7.27.0-f05e5136.patch +# switch SSL socket into non-blocking mode after handshake +Patch2: 0002-curl-7.29.0-9d0af301.patch -# fix a syntax error in curl-config (#871317) -Patch3: 0003-curl-7.27.0-382429e7.patch +# do not ignore poll() failures other than EINTR +Patch3: 0003-curl-7.29.0-491e026c.patch -# do not print misleading NSS error codes -Patch4: 0004-curl-7.27.0-52b6eda4.patch +# curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag +Patch4: 0004-curl-7.29.0-57ccdfa8.patch -# update the links to cipher-suites supported by NSS -Patch5: 0005-curl-7.27.0-f208bf5a.patch +# fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944) +Patch5: 0005-curl-7.29.0-2eb8dcf2.patch -# prevent NSS from crashing on client auth hook failure -Patch6: 0006-curl-7.27.0-68d2830e.patch +# show proper host name on failed resolve (#957173) +Patch6: 0006-curl-7.29.0-25e577b3.patch -# clear session cache if a client cert from file is used -Patch7: 0007-curl-7.27.0-b36f1d26.patch +# prevent an artificial timeout event due to stale speed-check data (#906031) +Patch7: 0007-curl-7.29.0-b37b5233.patch -# fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE -Patch8: 0008-curl-7.27.0-26613d78.patch +# fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174) +Patch8: 0008-curl-7.29.0-192c4f78.patch -# fix buffer overflow when negotiating SASL DIGEST-MD5 auth (CVE-2013-0249) -Patch9: 0009-curl-7.27.0-f206d6c0.patch +# mention all option listed in 'curl --help' in curl.1 man page +Patch9: 0009-curl-7.29.0-3a0e931f.patch -# curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag -Patch10: 0010-curl-7.27.0-57ccdfa8.patch +# FTP: when EPSV gets a 229 but fails to connect, retry with PASV (#1002815) +Patch10: 0010-curl-7.29.0-7cc00d9a.patch -# fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944) -Patch11: 0011-curl-7.27.0-2eb8dcf2.patch +# avoid a busy-loop in curl_easy_perform() +Patch11: 0011-curl-7.29.0-0feeab78.patch -# show proper host name on failed resolve (#957173) -Patch12: 0012-curl-7.27.0-25e577b3.patch +# avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686) +Patch12: 0012-curl-7.29.0-c639d725.patch -# prevent an artificial timeout event due to stale speed-check data (#906031) -Patch13: 0013-curl-7.27.0-b37b5233.patch +# allow to use ECC ciphers if NSS implements them (#1058776) +Patch13: 0013-curl-7.29.0-665c160f.patch -# switch SSL socket into non-blocking mode after handshake (#960765) -Patch14: 0014-curl-7.27.0-9d0af301.patch +# re-use of wrong HTTP NTLM connection in libcurl (CVE-2014-0015) +Patch14: 0014-curl-7.29.0-8ae35102.patch -# fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174) -Patch15: 0015-curl-7.27.0-192c4f78.patch +# allow to use TLS > 1.0 if built against recent NSS (#1036789) +Patch15: 0015-curl-7.29.0-7fc9325a.patch + +# use proxy name in error message when proxy is used (#1042831) +Patch16: 0016-curl-7.29.0-1cf71bd7.patch + +# refresh expired cookie in test172 from upstream test-suite (#1063693) +Patch17: 0017-curl-7.29.0-ffb8a21d.patch + +# fix documentation of curl's options --tlsv1.[0-2] (#1066364) +Patch18: 0018-curl-7.29.0-03c28820.patch + +# fix connection re-use when using different log-in credentials (CVE-2014-0138) +Patch19: 0018-curl-7.29.0-517b06d6.patch # patch making libcurl multilib ready -Patch101: 0101-curl-7.27.0-multilib.patch +Patch101: 0101-curl-7.29.0-multilib.patch # prevent configure script from discarding -g in CFLAGS (#496778) -Patch102: 0102-curl-7.27.0-debug.patch +Patch102: 0102-curl-7.29.0-debug.patch # use localhost6 instead of ip6-localhost in the curl test-suite Patch104: 0104-curl-7.19.7-localhost6.patch @@ -65,20 +79,26 @@ Patch104: 0104-curl-7.19.7-localhost6.patch # disable valgrind for certain test-cases (libssh2 problem) Patch106: 0106-curl-7.21.0-libssh2-valgrind.patch +# http://thread.gmane.org/gmane.comp.web.curl.library/40551/focus=40561 +Patch105: 0105-curl-7.32.0-scp-upload.patch + # work around valgrind bug (#678518) Patch107: 0107-curl-7.21.4-libidn-valgrind.patch # Fix character encoding of docs, which are of mixed encoding originally so # a simple iconv can't fix them -Patch108: 0108-curl-7.27.0-utf8.patch +Patch108: 0108-curl-7.29.0-utf8.patch + +# For old openssl in EL-5 +Patch201: 0201-curl-7.29.0-openssl.patch Provides: webclient URL: http://curl.haxx.se/ -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libidn-devel -BuildRequires: libssh2-devel >= 1.2.0 +BuildRequires: libssh2-devel BuildRequires: openssl-devel BuildRequires: openldap-devel >= %{openldap_version} BuildRequires: openssh-clients @@ -87,8 +107,23 @@ BuildRequires: pkgconfig BuildRequires: stunnel BuildRequires: zlib-devel -# valgrind is not available on s390(x), sparc or arm5 -%ifnarch s390 s390x %{sparc} %{arm} ppc +# perl modules used in the test suite +BuildRequires: perl(Cwd) +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Exporter) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Spec) +BuildRequires: perl(IPC::Open2) +BuildRequires: perl(MIME::Base64) +BuildRequires: perl(strict) +BuildRequires: perl(Time::Local) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(warnings) +BuildRequires: perl(vars) + +# require valgrind to boost test coverage on i386 and x86_64 +%ifarch %{ix86} x86_64 BuildRequires: valgrind %endif @@ -165,6 +200,11 @@ documentation of the library, too. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch105 -p1 +%patch19 -p1 # Fedora patches %patch101 -p1 @@ -174,12 +214,13 @@ documentation of the library, too. %patch107 -p1 %patch108 -p1 +# For EL-5 with old openssl +%patch201 -p1 + # replace hard wired port numbers in the test suite -%ifarch x86_64 -sed -i s/899\\\([0-9]\\\)/649\\1/ tests/data/test* -%else -sed -i s/899\\\([0-9]\\\)/329\\1/ tests/data/test* -%endif +cd tests/data/ +sed -i s/899\\\([0-9]\\\)/%{?__isa_bits}9\\1/ test* +cd - # disable test 1112 (#565305) printf "1112\n" >> tests/data/DISABLED @@ -189,7 +230,6 @@ printf "1112\n" >> tests/data/DISABLED echo "1319" >> tests/data/DISABLED %endif - %build [ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos" %configure --disable-static \ @@ -224,23 +264,9 @@ export LD_LIBRARY_PATH cd tests make %{?_smp_mflags} -# make it possible to start a testing OpenSSH server with SELinux -# in the enforcing mode (#521087) -gcc -o hide_selinux.so -fPIC -shared %{SOURCE3} -LD_PRELOAD="`readlink -f ./hide_selinux.so`:$LD_PRELOAD" -export LD_PRELOAD - -# Ignore this tests for now (use !xxx) -DISABLED= - # use different port range for 32bit and 64bit build, thus make it possible # to run both in parallel on the same machine -%ifarch x86_64 -./runtests.pl -a -b6490 -p -v $DISABLED -%else -./runtests.pl -a -b3290 -p -v $DISABLED -%endif - +./runtests.pl -a -b%{?__isa_bits}90 -p -v %install rm -rf $RPM_BUILD_ROOT @@ -256,7 +282,7 @@ install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/mk-ca-bundle.1 # Make libcurl-devel multilib-ready (bug #488922) -%ifarch x86_64 +%if 0%{?__isa_bits} == 64 %define _curlbuild_h curlbuild-64.h %else %define _curlbuild_h curlbuild-32.h @@ -299,6 +325,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Sat Dec 20 2014 Remi Collet - 7.29.0-19 +- sync with 7.29.0-19 from RHEL-7: + * Mon Jun 24 2013 Remi Collet - 7.27.0-11 - sync with 7.27.0-11 from F18: fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174) -- cgit