From 048e7cd8a0bc68aa95dd0e007f55087f222ebee9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 04 2020 15:58:29 +0000 Subject: import curl-7.29.0-54.el7_7.2 --- diff --git a/SOURCES/0073-curl-7.29.0-post-cdev.patch b/SOURCES/0073-curl-7.29.0-post-cdev.patch new file mode 100644 index 0000000..18c82d6 --- /dev/null +++ b/SOURCES/0073-curl-7.29.0-post-cdev.patch @@ -0,0 +1,39 @@ +From f4ae40a0e8a35d18a7b8560980b9408d7b06ba8c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 4 Mar 2013 15:20:22 +0100 +Subject: [PATCH] AddFormData: prevent only directories from being posted +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit f4cc54cb4746ae5a6d (shipped as part of the 7.29.0 release) was a +bug fix that introduced a regression in that while trying to avoid +allowing directory names, it also forbade "special" files like character +devices and more. like "/dev/null" as was used by Oliver who reported +this regression. + +Reported by: Oliver Gondža +Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html + +Upstream-commit: 26eaa8383001219e7cd14a153dff95ea9274be6e +Signed-off-by: Kamil Dudka +--- + lib/formdata.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/formdata.c b/lib/formdata.c +index 0da6de3..28f9a32 100644 +--- a/lib/formdata.c ++++ b/lib/formdata.c +@@ -796,7 +796,7 @@ static CURLcode AddFormData(struct FormData **formp, + file */ + if(!strequal("-", newform->line)) { + struct_stat file; +- if(!stat(newform->line, &file) && S_ISREG(file.st_mode)) ++ if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode)) + *size += file.st_size; + else + return CURLE_BAD_FUNCTION_ARGUMENT; +-- +2.20.1 + diff --git a/SPECS/curl.spec b/SPECS/curl.spec index 57e0411..65d0d0d 100644 --- a/SPECS/curl.spec +++ b/SPECS/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.29.0 -Release: 54%{?dist}.1 +Release: 54%{?dist}.2 License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma @@ -217,6 +217,9 @@ Patch69: 0069-curl-7.29.0-file-limit-rate.patch # fix auth failure with duplicated WWW-Authenticate header (#1754736) Patch72: 0072-curl-7.29.0-dup-auth-header.patch +# allow curl to POST from a char device (#1769307) +Patch73: 0073-curl-7.29.0-post-cdev.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.29.0-multilib.patch @@ -417,6 +420,7 @@ documentation of the library, too. %patch68 -p1 %patch69 -p1 %patch72 -p1 +%patch73 -p1 # regenerate Makefile.in files aclocal -I m4 @@ -532,6 +536,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Nov 27 2019 Kamil Dudka - 7.29.0-54.el7_7.2 +- allow curl to POST from a char device (#1769307) + * Mon Oct 07 2019 Kamil Dudka - 7.29.0-54.el7_7.1 - fix auth failure with duplicated WWW-Authenticate header (#1754736)