[packages/curl] - up to 7.40.0; fixes CVE-2014-8150, CVE-2014-8151
draenog
draenog at pld-linux.org
Fri Jan 9 17:55:08 CET 2015
commit f10e42c557ef75cfeafbbbee9f58dbf37cb01391
Author: Kacper Kornet <draenog at pld-linux.org>
Date: Fri Jan 9 16:54:09 2015 +0000
- up to 7.40.0; fixes CVE-2014-8150, CVE-2014-8151
curl-gssapi.patch | 32 ++++++++++++++++++++++++++++++++
curl.spec | 6 ++++--
2 files changed, 36 insertions(+), 2 deletions(-)
---
diff --git a/curl.spec b/curl.spec
index 7cd0e2e..16ea5e3 100644
--- a/curl.spec
+++ b/curl.spec
@@ -22,14 +22,15 @@ Summary(pt_BR.UTF-8): Busca URL (suporta FTP, TELNET, LDAP, GOPHER, DICT, HTTP e
Summary(ru.UTF-8): Утилита для получения файлов с серверов FTP, HTTP и других
Summary(uk.UTF-8): Утиліта для отримання файлів з серверів FTP, HTTP та інших
Name: curl
-Version: 7.39.0
+Version: 7.40.0
Release: 1
License: MIT-like
Group: Applications/Networking
Source0: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
-# Source0-md5: e9aa6dec29920eba8ef706ea5823bad7
+# Source0-md5: d18fb866d97b536e8948833b84a58a73
Patch0: %{name}-ac.patch
Patch1: %{name}-krb5flags.patch
+Patch2: %{name}-gssapi.patch
URL: http://curl.haxx.se/
BuildRequires: autoconf >= 2.57
BuildRequires: automake
@@ -200,6 +201,7 @@ Bibliotecas estáticas para desenvolvimento com o curl.
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%{__rm} m4/lt*.m4 m4/libtool.m4
diff --git a/curl-gssapi.patch b/curl-gssapi.patch
new file mode 100644
index 0000000..1b62a04
--- /dev/null
+++ b/curl-gssapi.patch
@@ -0,0 +1,32 @@
+From 5c0e66d63214e0306197c5a3f162441e074f3401 Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme at hotmail.com>
+Date: Thu, 8 Jan 2015 19:23:53 +0000
+Subject: [PATCH] sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
+
+Bug: http://curl.haxx.se/bug/view.cgi?id=1469
+Reported-by: Thomas Klausner
+---
+ lib/curl_sasl_gssapi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c
+index 6dda0e9..a50646a 100644
+--- a/lib/curl_sasl_gssapi.c
++++ b/lib/curl_sasl_gssapi.c
+@@ -6,6 +6,7 @@
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014, Steve Holme, <steve_holme at hotmail.com>.
++ * Copyright (C) 2015, Daniel Stenberg, <daniel at haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -126,7 +127,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
+
+ /* Import the SPN */
+ gss_major_status = gss_import_name(&gss_minor_status, &spn_token,
+- gss_nt_service_name, &krb5->spn);
++ GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
+ if(GSS_ERROR(gss_major_status)) {
+ Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: ");
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/curl.git/commitdiff/f10e42c557ef75cfeafbbbee9f58dbf37cb01391
More information about the pld-cvs-commit
mailing list