[packages/curl] - up to 7.40.0; fixes CVE-2014-8150, CVE-2014-8151

Fri Jan 9 17:55:08 CET 2015

commit f10e42c557ef75cfeafbbbee9f58dbf37cb01391
Author: Kacper Kornet <draenog at pld-linux.org>
Date:   Fri Jan 9 16:54:09 2015 +0000

    - up to 7.40.0; fixes CVE-2014-8150, CVE-2014-8151

 curl-gssapi.patch | 32 ++++++++++++++++++++++++++++++++
 curl.spec         |  6 ++++--
 2 files changed, 36 insertions(+), 2 deletions(-)
---

diff --git a/curl.spec b/curl.spec
index 7cd0e2e..16ea5e3 100644
--- a/curl.spec
+++ b/curl.spec
@@ -22,14 +22,15 @@ Summary(pt_BR.UTF-8):	Busca URL (suporta FTP, TELNET, LDAP, GOPHER, DICT, HTTP e
 Summary(ru.UTF-8):	Утилита для получения файлов с серверов FTP, HTTP и других
 Summary(uk.UTF-8):	Утиліта для отримання файлів з серверів FTP, HTTP та інших
 Name:		curl
-Version:	7.39.0
+Version:	7.40.0
 Release:	1
 License:	MIT-like
 Group:		Applications/Networking
 Source0:	http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
-# Source0-md5:	e9aa6dec29920eba8ef706ea5823bad7
+# Source0-md5:	d18fb866d97b536e8948833b84a58a73
 Patch0:		%{name}-ac.patch
 Patch1:		%{name}-krb5flags.patch
+Patch2:		%{name}-gssapi.patch
 URL:		http://curl.haxx.se/
 BuildRequires:	autoconf >= 2.57
 BuildRequires:	automake
@@ -200,6 +201,7 @@ Bibliotecas estáticas para desenvolvimento com o curl.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %{__rm} m4/lt*.m4 m4/libtool.m4
 
diff --git a/curl-gssapi.patch b/curl-gssapi.patch
new file mode 100644
index 0000000..1b62a04
--- /dev/null
+++ b/curl-gssapi.patch
@@ -0,0 +1,32 @@
+From 5c0e66d63214e0306197c5a3f162441e074f3401 Mon Sep 17 00:00:00 2001
+From: Steve Holme <steve_holme at hotmail.com>
+Date: Thu, 8 Jan 2015 19:23:53 +0000
+Subject: [PATCH] sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
+
+Bug: http://curl.haxx.se/bug/view.cgi?id=1469
+Reported-by: Thomas Klausner
+---
+ lib/curl_sasl_gssapi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c
+index 6dda0e9..a50646a 100644
+--- a/lib/curl_sasl_gssapi.c
++++ b/lib/curl_sasl_gssapi.c
+@@ -6,6 +6,7 @@
+  *                             \___|\___/|_| \_\_____|
+  *
+  * Copyright (C) 2014, Steve Holme, <steve_holme at hotmail.com>.
++ * Copyright (C) 2015, Daniel Stenberg, <daniel at haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -126,7 +127,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
+ 
+     /* Import the SPN */
+     gss_major_status = gss_import_name(&gss_minor_status, &spn_token,
+-                                       gss_nt_service_name, &krb5->spn);
++                                       GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
+     if(GSS_ERROR(gss_major_status)) {
+       Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: ");
+ 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/curl.git/commitdiff/f10e42c557ef75cfeafbbbee9f58dbf37cb01391

