From 1ec3814ea4c19c26c8c403423ddc86b9da0a861d Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:32:47 +0000
Subject: import curl-7.29.0-57.el7


---

diff --git a/SOURCES/0070-curl-7.29.0-CVE-2019-5436.patch b/SOURCES/0070-curl-7.29.0-CVE-2019-5436.patch
new file mode 100644
index 0000000..97dee71
--- /dev/null
+++ b/SOURCES/0070-curl-7.29.0-CVE-2019-5436.patch
@@ -0,0 +1,31 @@
+From 55a27027d5f024a0ecc2c23c81ed99de6192c9f3 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 3 May 2019 22:20:37 +0200
+Subject: [PATCH] tftp: use the current blksize for recvfrom()
+
+bug: https://curl.haxx.se/docs/CVE-2019-5436.html
+Reported-by: l00p3r on hackerone
+CVE-2019-5436
+
+Upstream-commit: 2576003415625d7b5f0e390902f8097830b82275
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/tftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 269b3cd..4f2a131 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -985,7 +985,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
+   state->sockfd = state->conn->sock[FIRSTSOCKET];
+   state->state = TFTP_STATE_START;
+   state->error = TFTP_ERR_NONE;
+-  state->blksize = TFTP_BLKSIZE_DEFAULT;
++  state->blksize = blksize;
+   state->requested_blksize = blksize;
+ 
+   ((struct sockaddr *)&state->local_addr)->sa_family =
+-- 
+2.20.1
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index 65d0d0d..80c668e 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.29.0
-Release: 54%{?dist}.2
+Release: 57%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -214,6 +214,9 @@ Patch68:  0068-curl-7.29.0-CVE-2018-14618.patch
 # prevent curl --rate-limit from hanging on file URLs (#1281969)
 Patch69:  0069-curl-7.29.0-file-limit-rate.patch
 
+# fix TFTP receive buffer overflow (CVE-2019-5436)
+Patch70:  0070-curl-7.29.0-CVE-2019-5436.patch
+
 # fix auth failure with duplicated WWW-Authenticate header (#1754736)
 Patch72:  0072-curl-7.29.0-dup-auth-header.patch
 
@@ -419,6 +422,7 @@ documentation of the library, too.
 %patch67 -p1
 %patch68 -p1
 %patch69 -p1
+%patch70 -p1
 %patch72 -p1
 %patch73 -p1
 
@@ -536,12 +540,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
-* Wed Nov 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54.el7_7.2
+* Wed Nov 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-57
 - allow curl to POST from a char device (#1769307)
 
-* Mon Oct 07 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54.el7_7.1
+* Tue Oct 01 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-56
 - fix auth failure with duplicated WWW-Authenticate header (#1754736)
 
+* Tue Aug 06 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-55
+- fix TFTP receive buffer overflow (CVE-2019-5436)
+
 * Mon Jun 03 2019 Kamil Dudka <kdudka@redhat.com> - 7.29.0-54
 - make `curl --tlsv1` backward compatible (#1672639)