rpms/curl/FC-5 curl-7.15.1-cve-2006-1061.patch, NONE, 1.1 curl-7.15.1-multilib.patch, NONE, 1.1 curl.spec, 1.34, 1.35
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Mar 21 09:49:35 UTC 2006
Author: varekova
Update of /cvs/dist/rpms/curl/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv30631
Modified Files:
curl.spec
Added Files:
curl-7.15.1-cve-2006-1061.patch curl-7.15.1-multilib.patch
Log Message:
- fix multilib problem using pkg-config
- fix cve-2006-1061 problem - cURL tftp buffer overflow
----------------------------------------------------------------------
curl-7.15.1-cve-2006-1061.patch:
tftp.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE curl-7.15.1-cve-2006-1061.patch ---
--- curl-7.15.1/lib/tftp.c.cve-200-1061 2005-12-05 21:10:37.000000000 +0100
+++ curl-7.15.1/lib/tftp.c 2006-03-20 13:44:18.020981952 +0100
@@ -271,7 +271,9 @@
/* If we are downloading, send an RRQ */
state->spacket.event = htons(TFTP_EVENT_RRQ);
}
- sprintf((char *)state->spacket.u.request.data, "%s%c%s%c",
+ snprintf((char *)state->spacket.u.request.data,
+ sizeof(state->spacket.u.request.data),
+ "%s%c%s%c",
filename, '\0', mode, '\0');
sbytes = 4 + (int)strlen(filename) + (int)strlen(mode);
sbytes = sendto(state->sockfd, (void *)&state->spacket,
curl-7.15.1-multilib.patch:
curl-config.in | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE curl-7.15.1-multilib.patch ---
--- curl-7.15.1/curl-config.in.pom 2005-09-04 20:15:24.000000000 +0200
+++ curl-7.15.1/curl-config.in 2006-03-20 14:12:04.485640816 +0100
@@ -50,7 +50,7 @@
;;
--cc)
- echo "@CC@"
+ echo "gcc"
;;
--prefix)
@@ -143,7 +143,7 @@
;;
--libs)
- echo -L at libdir@ -lcurl @LDFLAGS@ @LIBS@
+ pkg-config libcurl --libs
;;
*)
Index: curl.spec
===================================================================
RCS file: /cvs/dist/rpms/curl/FC-5/curl.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- curl.spec 23 Feb 2006 11:58:07 -0000 1.34
+++ curl.spec 21 Mar 2006 09:49:33 -0000 1.35
@@ -1,12 +1,14 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
Name: curl
Version: 7.15.1
-Release: 2
+Release: 3
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
Patch0: curl-7.14.1-nousr.patch
Patch1: curl-7.15.0-curl_config-version.patch
+Patch2: curl-7.15.1-cve-2006-1061.patch
+Patch3: curl-7.15.1-multilib.patch
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
@@ -36,6 +38,8 @@
%setup -q
%patch0 -p1 -b .nousr
%patch1 -p1 -b .ver
+%patch2 -p1 -b .cve-2006-1061
+%patch3 -p1 -b .pom
%build
aclocal
@@ -56,19 +60,6 @@
%makeinstall
rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
-curlcsuffix=`echo %{_libdir} | sed s,/usr/,,`
-mv $RPM_BUILD_ROOT%{_bindir}/curl-config $RPM_BUILD_ROOT%{_bindir}/curl-config-$curlcsuffix
-cat > $RPM_BUILD_ROOT%{_bindir}/curl-config <<EOF
-#!/bin/sh
-if [ -e %{_bindir}/curl-config-lib64 ]; then
- exec %{_bindir}/curl-config-lib64 "\$@"
-elif [ -e %{_bindir}/curl-config-* ]; then
- curlcfile="\`ls %{_bindir}/curl-config-* | head\`"
- exec \$curlcfile "\$@"
-fi
-EOF
-chmod 755 $RPM_BUILD_ROOT%{_bindir}/curl-config
-
# don't need curl's copy of the certs; use openssl's
find ${RPM_BUILD_ROOT} -name ca-bundle.crt -exec rm -f '{}' \;
@@ -105,6 +96,10 @@
%{_mandir}/man3/*
%changelog
+* Mon Mar 20 2006 Ivana Varekova <vareokva at redhat.com> - 7.15.1-3
+- fix multilib problem using pkg-config
+- fix cve-2006-1061 problem - cURL tftp buffer overflow
+
* Thu Feb 23 2006 Ivana Varekova <varekova at redhat.com> - 7.15.1-2
- fix multilib problem - #181290 -
curl-devel.i386 not installable together with curl-devel.x86-64
More information about the fedora-cvs-commits
mailing list