diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | backport-0101-curl-7.32.0-multilib.patch | 91 | ||||
| -rw-r--r-- | backport-CVE-2023-32001.patch | 37 | ||||
| -rw-r--r-- | backport-curl-7.84.0-test3026.patch | 71 | ||||
| -rw-r--r-- | backport-curl-7.88.0-tests-warnings.patch | 30 | ||||
| -rw-r--r-- | curl.spec | 417 | ||||
| -rw-r--r-- | sources | 1 |
7 files changed, 648 insertions, 0 deletions
@@ -0,0 +1 @@ +/curl-8.1.2.tar.xz diff --git a/backport-0101-curl-7.32.0-multilib.patch b/backport-0101-curl-7.32.0-multilib.patch new file mode 100644 index 0000000..b4f8e2a --- /dev/null +++ b/backport-0101-curl-7.32.0-multilib.patch @@ -0,0 +1,91 @@ +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Fri, 12 Apr 2013 12:04:05 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script + +--- + curl-config.in | 23 +++++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 150004d..95d0759 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -78,7 +78,7 @@ while test $# -gt 0; do + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -157,32 +157,19 @@ while test $# -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@ENABLE_SHARED@" = "Xno"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; + + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi ++ echo "curl was built with static libraries disabled" >&2 ++ exit 1 + ;; + + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl ++packages do not provide any static libraries, thus cannot be linked statically. ++(Added in 7.17.1) + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 2ba9c39..f8f8b00 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -31,6 +31,7 @@ libdir=@libdir@ + includedir=@includedir@ + supported_protocols="@SUPPORT_PROTOCOLS@" + supported_features="@SUPPORT_FEATURES@" ++configure_options=@CONFIGURE_OPTIONS@ + + Name: libcurl + URL: https://curl.se/ +-- +2.26.2 + diff --git a/backport-CVE-2023-32001.patch b/backport-CVE-2023-32001.patch new file mode 100644 index 0000000..8827596 --- /dev/null +++ b/backport-CVE-2023-32001.patch @@ -0,0 +1,37 @@ +From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 +From: SaltyMilk <soufiane.elmelcaoui@gmail.com> +Date: Mon, 10 Jul 2023 21:43:28 +0200 +Subject: [PATCH] fopen: optimize + +Closes #11419 +--- + lib/fopen.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index c9c9e3d6e..b6e3caddd 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + int fd = -1; + *tempname = NULL; + +- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { +- /* a non-regular file, fallback to direct fopen() */ +- *fh = fopen(filename, FOPEN_WRITETEXT); +- if(*fh) +- return CURLE_OK; ++ *fh = fopen(filename, FOPEN_WRITETEXT); ++ if(!*fh) + goto fail; +- } ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ return CURLE_OK; ++ fclose(*fh); ++ *fh = NULL; + + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); + if(result) +-- +2.33.0 + diff --git a/backport-curl-7.84.0-test3026.patch b/backport-curl-7.84.0-test3026.patch new file mode 100644 index 0000000..1098583 --- /dev/null +++ b/backport-curl-7.84.0-test3026.patch @@ -0,0 +1,71 @@ +From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 27 Jun 2022 16:50:57 +0200 +Subject: [PATCH] test3026: disable valgrind + +It fails on x86_64 with: +``` + Use --max-threads=INT to specify a larger number of threads + and rerun valgrind + valgrind: the 'impossible' happened: + Max number of threads is too low + host stacktrace: + ==174357== at 0x58042F5A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58043087: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580432EF: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58043310: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x58099E77: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580E67E9: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809D59D: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809901A: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x5809B0B6: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + ==174357== by 0x580E4050: ??? (in /usr/libexec/valgrind/memcheck-amd64-linux) + sched status: + running_tid=1 + Thread 1: status = VgTs_Runnable syscall 56 (lwpid 174357) + ==174357== at 0x4A07816: clone (in /usr/lib64/libc.so.6) + ==174357== by 0x4A08720: __clone_internal (in /usr/lib64/libc.so.6) + ==174357== by 0x4987ACF: create_thread (in /usr/lib64/libc.so.6) + ==174357== by 0x49885F6: pthread_create@@GLIBC_2.34 (in /usr/lib64/libc.so.6) + ==174357== by 0x1093B5: test.part.0 (lib3026.c:64) + ==174357== by 0x492454F: (below main) (in /usr/lib64/libc.so.6) + client stack range: [0x1FFEFFC000 0x1FFF000FFF] client SP: 0x1FFEFFC998 + valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576 +[...] +``` +--- + tests/data/test3026 | 3 +++ + tests/libtest/lib3026.c | 4 ++-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tests/data/test3026 b/tests/data/test3026 +index fb80cc8..01f2ba5 100644 +--- a/tests/data/test3026 ++++ b/tests/data/test3026 +@@ -41,5 +41,8 @@ none + <errorcode> + 0 + </errorcode> ++<valgrind> ++disable ++</valgrind> + </verify> + </testcase> +diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c +index 43fe335..70cd7a4 100644 +--- a/tests/libtest/lib3026.c ++++ b/tests/libtest/lib3026.c +@@ -147,8 +147,8 @@ int test(char *URL) + results[i] = CURL_LAST; /* initialize with invalid value */ + res = pthread_create(&tids[i], NULL, run_thread, &results[i]); + if(res) { +- fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", +- __FILE__, __LINE__, res); ++ fprintf(stderr, "%s:%d Couldn't create thread, i=%u, errno %d\n", ++ __FILE__, __LINE__, i, res); + tid_count = i; + test_failure = -1; + goto cleanup; +-- +2.37.1 + diff --git a/backport-curl-7.88.0-tests-warnings.patch b/backport-curl-7.88.0-tests-warnings.patch new file mode 100644 index 0000000..04b2ba2 --- /dev/null +++ b/backport-curl-7.88.0-tests-warnings.patch @@ -0,0 +1,30 @@ +From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Wed, 15 Feb 2023 10:42:38 +0100 +Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them" + +While it might be useful for upstream developers, it is not so useful +for downstream consumers. + +This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8. +--- + tests/runtests.pl | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tests/runtests.pl b/tests/runtests.pl +index 71644ad18..0cf85c3fe 100755 +--- a/tests/runtests.pl ++++ b/tests/runtests.pl +@@ -55,8 +55,7 @@ + # given, this won't be a problem. + + use strict; +-# Promote all warnings to fatal +-use warnings FATAL => 'all'; ++use warnings; + use 5.006; + + # These should be the only variables that might be needed to get edited: +-- +2.39.1 + diff --git a/curl.spec b/curl.spec new file mode 100644 index 0000000..5c88cd8 --- /dev/null +++ b/curl.spec @@ -0,0 +1,417 @@ +#Global macro or variable +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) +%global libssh_version %(pkg-config --modversion libssh 2>/dev/null || echo 0) +%global openssl_version %({ pkg-config --modversion openssl 2>/dev/null || echo 0;} | sed 's|-|-0.|') +%global _configure ../configure + +Name: curl +Version: 8.1.2 +Release: 2 +Summary: Curl is used in command lines or scripts to transfer data +License: curl +URL: https://curl.se/ +Source: https://curl.se/download/curl-%{version}.tar.xz + +Patch1: backport-0101-curl-7.32.0-multilib.patch +Patch2: backport-curl-7.84.0-test3026.patch +Patch4: backport-curl-7.88.0-tests-warnings.patch +Patch5: backport-CVE-2023-32001.patch + +BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel +BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel +BuildRequires: libssh-devel make openldap-devel openssh-clients openssh-server +BuildRequires: openssl-devel perl-interpreter pkgconfig python3-devel sed +BuildRequires: zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip) +BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings) +BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename) +BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) +BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars) perl(Digest::SHA) + +%ifnarch aarch64 +BuildRequires: stunnel +%endif + +Requires: libcurl = %{version}-%{release} +Provides: curl-full = %{version}-%{release} webclient + +%description +cURL is a computer software project providing a library (libcurl) and +command-line tool (curl) for transferring data using various protocols. + +%package -n libcurl +Summary: A library for getting files from web servers +Requires: libssh >= %{libssh_version} libpsl >= %{libpsl_version} +Requires: openssl-libs >= 1:%{openssl_version} +Provides: libcurl-full = %{version}-%{release} +Conflicts: curl < 7.66.0-3 + +%description -n libcurl +A library for getting files from web servers. + +%package -n libcurl-devel +Summary: Header files for libcurl +Requires: libcurl = %{version}-%{release} +Provides: curl-devel = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} + +%description -n libcurl-devel +Header files for libcurl. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 + +echo "1801" >> tests/data/DISABLED + +# adapt test 323 for updated OpenSSL +sed -e 's/^35$/35,52/' -i tests/data/test323 +# use localhost6 instead of ip6-localhost in the curl test-suite +( + # avoid glob expansion in the trace output of `bash -x` + { set +x; } 2>/dev/null + cmd="sed -e 's|ip6-localhost|localhost6|' -i tests/data/test[0-9]*" + printf "+ %s\n" "$cmd" >&2 + eval "$cmd" +) + +%build +# regenerate Makefile.in files +aclocal -I m4 +automake + +install -d build-full +export common_configure_opts="--cache-file=../config.cache \ + --enable-hsts --enable-ipv6 --enable-symbol-hiding --enable-threaded-resolver \ + --without-zstd --with-gssapi --with-libidn2 --with-nghttp2 --with-ssl \ + --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" + +%global _configure ../configure + +# configure full build +( + cd build-full + %configure $common_configure_opts \ + --enable-dict \ + --enable-gopher \ + --enable-imap \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ + --enable-mqtt \ + --enable-ntlm \ + --enable-ntlm-wb \ + --enable-pop3 \ + --enable-rtsp \ + --enable-smb \ + --enable-smtp \ + --enable-telnet \ + --enable-tftp \ + --enable-tls-srp \ + --with-brotli \ + --with-libpsl \ + --with-libssh +) + +sed -e 's/^runpath_var=.*/runpath_var=/' \ + -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ + -i build-full/libtool + +%make_build V=1 -C build-full + +%check +# compile upstream test-cases +%make_build V=1 -C build-full/tests + +# relax crypto policy for the test-suite to make it pass again (#1610888) +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX +export OPENSSL_CONF= + +# make runtests.pl work for out-of-tree builds +export srcdir=../../tests + +# prevent valgrind from being extremely slow (#1662656) +unset DEBUGINFOD_URLS + +# run the upstream test-suite for curl-full +for size in full; do ( + cd build-${size} + + # we have to override LD_LIBRARY_PATH because we eliminated rpath + export LD_LIBRARY_PATH="${PWD}/lib/.libs" + + cd tests + perl -I../../tests ../../tests/runtests.pl -a -n -p -v '!flaky' +) +done + +%install +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so} + +# install libcurl.m4 for devel +install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4 + +# curl file install +cd build-full +%make_install + +# install zsh completion for curl +LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts + +# do not install /usr/share/fish/completions/curl.fish which is also installed +# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict +rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish + +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.a +rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la + +%ldconfig_scriptlets + +%ldconfig_scriptlets -n libcurl + +%files +%defattr(-,root,root) +%license COPYING +%{_bindir}/curl +%{_datadir}/zsh + +%files -n libcurl +%defattr(-,root,root) +%{_libdir}/libcurl.so.4 +%{_libdir}/libcurl.so.4.[0-9].[0-9] + +%files -n libcurl-devel +%defattr(-,root,root) +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md +%doc docs/CONTRIBUTE.md docs/libcurl/ABI.md +%{_bindir}/curl-config* +%{_includedir}/curl +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/aclocal/libcurl.m4 + +%files help +%defattr(-,root,root) +%doc CHANGES README* +%doc docs/BUGS.md docs/FAQ docs/FEATURES.md +%doc docs/TheArtOfHttpScripting.md docs/TODO +%{_mandir}/man1/curl.1* +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* + +%changelog +* Thu Jul 20 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-2 +- Type:CVE +- CVE:CVE-2023-32001 +- SUG:NA +- DESC:fix CVE-2023-32001 + +* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update to curl 8.1.2 + +* Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.88.1-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:disable valgrind in tests + +* Thu Jun 08 2023 xingwei <xingwei14@h-partners.com> - 7.88.1-3 +- Type:CVE +- CVE:CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 +- SUG:NA +- DESC:fix CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 + +* Wed Mar 22 2023 zengwefeng <zwfeng@huawei.com> - 7.88.1-2 +- Type:cves +- ID:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 +- SUG:NA +- DESC:fix CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27537 CVE-2023-27538 + + +* Thu Mar 02 2023 xinghe <xinghe2@h-partners.com> - 7.88.1-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:upgrade to 7.88.1 + +* Sat Feb 18 2023 xinghe <xinghe2@h-partners.com> - 7.86.0-3 +- Type:cves +- ID:CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 +- SUG:NA +- DESC:fix CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 + +* Thu Dec 22 2022 zhouyihang <zhouyihang3@h-partners.com> - 7.86.0-2 +- Type:cves +- ID:CVE-2022-43551 CVE-2022-43552 +- SUG:NA +- DESC:fix CVE-2022-43551 CVE-2022-43552 + +* Wed Nov 16 2022 xinghe <xinghe2@h-partners.com> - 7.86.0-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:upgrade to 7.86.0 + +* Thu Oct 27 2022 yanglu <yanglu72@h-partners.com> - 7.79.1-12 +- Type:cves +- CVE:CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 +- SUG:NA +- DESC:fix CVE-2022-32221 CVE-2022-42915 CVE-2022-42916 + +* Tue Oct 11 2022 huangduirong <huangduirong@huawei.com> - 7.79.1-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Move autoreconf to build + +* Thu Sep 01 2022 zhouyihang <zhouyihang@h-partners.com> - 7.79.1-10 +- Type:cves +- CVE:CVE-2022-35252 +- SUG:NA +- DESC:fix CVE-2022-35252 + +* Thu Jul 28 2022 gaihuiying <eaglegai@163.com> - 7.79.1-9 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:just rebuild release to 7.79.1-9 + +* Mon Jul 25 2022 gaihuiying <eaglegai@163.com> - 7.79.1-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix build error when add --disable-http-auth configure option + +* Tue Jul 05 2022 gaihuiying <eaglegai@163.com> - 7.79.1-7 +- Type:cves +- CVE:CVE-2022-32207 +- SUG:NA +- DESC:fix CVE-2022-32207 better + +* Wed Jun 29 2022 gaihuiying <eaglegai@163.com> - 7.79.1-6 +- Type:cves +- CVE:CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 +- SUG:NA +- DESC:fix CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 + +* Tue May 17 2022 gaihuiying <eaglegai@163.com> - 7.79.1-5 +- Type:cves +- CVE:CVE-2022-27781 CVE-2022-27782 +- SUG:NA +- DESC:fix CVE-2022-27781 CVE-2022-27782 + +* Sat May 14 2022 gaoxingwang <gaoxingwang1@huawei.com> - 7.79.1-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix dict and neg telnet server start fail in upstream testcase + +* Fri May 06 2022 gaihuiying <eaglegai@163.com> - 7.79.1-3 +- Type:cves +- CVE:CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 +- SUG:NA +- DESC:fix CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 + +* Mon Apr 25 2022 gaoxingwang <gaoxingwang1@huawei.com> - 7.79.1-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:enable check in spec + +* Thu Jan 20 2022 gaoxingwang <gaoxingwang@huawei.com> - 7.79.1-1 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:update curl to 7.79.1 +* Wed Sep 29 2021 yanglu <yanglu72@huawei.com> - 7.77.0-3 +- Type:CVE +- CVE:CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 +- SUG:NA +- DESC:fix CVE-2021-22945 CVE-2021-22946CVE-2021-22947 + +* Fri Aug 13 2021 gaihuiying <gaihuiying1@huawei.com> - 7.77.0-2 +- Type:CVE +- CVE:CVE-2021-22925 CVE-2021-22926 +- SUG:NA +- DESC:fix CVE-2021-22925 CVE-2021-22926 + +* Thu Jul 8 2021 gaihuiying <gaihuiying1@huawei.com> - 7.77.0-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update curl to 7.77.0 + +* Tue Jun 8 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-9 +- Type:CVE +- CVE:CVE-2021-22897 CVE-2021-22898 +- SUG:NA +- DESC:fix CVE-2021-22897 CVE-2021-22898 + +* Tue Apr 20 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-8 +- Type:CVE +- CVE:CVE-2021-22890 +- SUG:NA +- DESC:fix CVE-2021-22890 + +* Thu Apr 8 2021 xieliuhua <xieliuhua@huawei.com> - 7.71.1-7 +- Type:CVE +- CVE:CVE-2021-22876 +- SUG:NA +- DESC:fix CVE-2021-22876 + +* Tue Jan 26 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 7.71.1-6 +- Type:CVE +- CVE:CVE-2020-8285 +- SUG:NA +- DESC:fix CVE-2020-8285 + +* Tue Jan 19 2021 xielh2000 <xielh2000@163.com> - 7.71.1-5 +- Type:CVE +- CVE:CVE-2020-8286 +- SUG:NA +- DESC:fix CVE-2020-8286 + +* Mon Jan 18 2021 xihaochen <xihaochen@huawei.com> - 7.71.1-4 +- Type:CVE +- CVE:CVE-2020-8284 +- SUG:NA +- DESC:fix CVE-2020-8284 + +* Tue Jan 5 2021 gaihuiying <gaihuiying1@huawei.com> - 7.71.1-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix downgrade error + +* Mon Dec 28 2020 liuxin <liuxin264@huawei.com> - 7.71.1-2 +- Type:cves +- ID:CVE-2020-8231 +- SUG:NA +- DESC:fix CVE-2020-8231 + +* Fri Jul 24 2020 zhujunhao <zhujunhao8@huawei.com> - 7.71.1-1 +- Update to 7.71.1 + +* Thu Apr 9 2020 songnannan <songnannan2@huawei.com> - 7.66.0-3 +- split out the libcurl and libcurl-devel package + +* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 7.66.0-2 +- Type:cves +- ID:CVE-2019-15601 +- SUG:NA +- DESC:fix CVE-2019-15601 + +* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.66.0-1 +- update to 7.66.0 + +* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.61.1-4 +- Type:cves +- ID:CVE-2019-5481 CVE-2019-5482 +- SUG:NA +- DESC:fix CVE-2019-5481 CVE-2019-5482 + +* Wed Sep 18 2019 guanyanjie <guanyanjie@huawei.com> - 7.61.1-3 +- Init for openEuler @@ -0,0 +1 @@ +1f7f6678b1342ad78f30e1dedd015fe2 curl-8.1.2.tar.xz |