From aae5884922f501ec05e6f38573c6cdb0b5ddf838 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 27 2017 13:59:36 +0000
Subject: import curl-7.29.0-42.el7_4.1


---

diff --git a/SOURCES/0055-curl-7.29.0-CVE-2017-1000257.patch b/SOURCES/0055-curl-7.29.0-CVE-2017-1000257.patch
new file mode 100644
index 0000000..b186946
--- /dev/null
+++ b/SOURCES/0055-curl-7.29.0-CVE-2017-1000257.patch
@@ -0,0 +1,36 @@
+From f8b7620e0578ef44e8fd958d32f348b535d1ab77 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 7 Oct 2017 00:11:31 +0200
+Subject: [PATCH] imap: if a FETCH response has no size, don't call write
+ callback
+
+CVE-2017-1000257
+
+Reported-by: Brian Carpenter and 0xd34db347
+Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
+
+Upstream-commit: 13c9a9ded3ae744a1e11cbc14e9146d9fa427040
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/imap.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/imap.c b/lib/imap.c
+index 48af290..4deba88 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -1137,6 +1137,11 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
+         /* the conversion from curl_off_t to size_t is always fine here */
+         chunk = (size_t)filesize;
+ 
++      if(!chunk) {
++        /* no size, we're done with the data */
++        state(conn, IMAP_STOP);
++        return CURLE_OK;
++      }
+       result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
+       if(result)
+         return result;
+-- 
+2.13.6
+
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index e89db35..1cd4453 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.29.0
-Release: 42%{?dist}
+Release: 42%{?dist}.1
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -157,6 +157,9 @@ Patch49:  0049-curl-7.29.0-8fa54098.patch
 # work around race condition in PK11_FindSlotByName() in NSS (#1404815)
 Patch50:  0050-curl-7.29.0-3a5d5de9.patch
 
+# fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257)
+Patch55:  0055-curl-7.29.0-CVE-2017-1000257.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.29.0-multilib.patch
 
@@ -339,6 +342,9 @@ documentation of the library, too.
 %patch49 -p1
 %patch50 -p1
 
+# 7.4.z
+%patch55 -p1
+
 # regenerate Makefile.in files
 aclocal -I m4
 automake
@@ -453,6 +459,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Mon Oct 23 2017 Kamil Dudka <kdudka@redhat.com> - 7.29.0-42.el7_4.1
+- fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257)
+
 * Wed Mar 29 2017 Kamil Dudka <kdudka@redhat.com> 7.29.0-42
 - fix use of uninitialized variable detected by Covscan