deleted file mode 100644

@@ -1,36 +0,0 @@

-From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001

-From: Even Rouault <even.rouault@spatialys.com>

-Date: Tue, 1 Aug 2017 17:17:06 +0200

-Subject: [PATCH] file: output the correct buffer to the user

-

-Regression brought by 7c312f84ea930d8 (April 2017)

-

-CVE-2017-1000099

-

-Bug: https://curl.haxx.se/docs/adv_20170809C.html

-

-Credit to OSS-Fuzz for the discovery

- lib/file.c | 2 +-

- 1 file changed, 1 insertion(+), 1 deletion(-)

-

-diff --git a/lib/file.c b/lib/file.c

-index bd426eac2..666cbe75b 100644

-+++ b/lib/file.c

-@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)

-              Curl_month[tm->tm_mon],

-              tm->tm_year + 1900,

-              tm->tm_hour,

-              tm->tm_min,

-              tm->tm_sec);

--    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);

-+    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);

-     if(!result)

-       /* set the file size to make it available post transfer */

-       Curl_pgrsSetDownloadSize(data, expected_size);

-     return result;

-   }

-2.13.3

-

deleted file mode 100644

@@ -1,54 +0,0 @@

-From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001

-From: Daniel Stenberg <daniel@haxx.se>

-Date: Tue, 1 Aug 2017 17:16:46 +0200

-Subject: [PATCH] tftp: reject file name lengths that don't fit

-

-... and thereby avoid telling send() to send off more bytes than the

-size of the buffer!

-

-CVE-2017-1000100

-

-Bug: https://curl.haxx.se/docs/adv_20170809B.html

-Reported-by: Even Rouault

-

-Credit to OSS-Fuzz for the discovery

- lib/tftp.c | 7 ++++++-

- 1 file changed, 6 insertions(+), 1 deletion(-)

-

-diff --git a/lib/tftp.c b/lib/tftp.c

-index 02bd84242..f6f4bce5b 100644

-+++ b/lib/tftp.c

-@@ -3,11 +3,11 @@

-  *  Project                     ___| | | |  _ \| |

-  *                             / __| | | | |_) | |

-  *                            | (__| |_| |  _ <| |___

-  *                             \___|\___/|_| \_\_____|

-  *

-- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.

-+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.

-  *

-  * This software is licensed as described in the file COPYING, which

-  * you should have received as part of this distribution. The terms

-  * are also available at https://curl.haxx.se/docs/copyright.html.

-  *

-@@ -489,10 +489,15 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)

-     result = Curl_urldecode(data, &state->conn->data->state.path[1], 0,

-                             &filename, NULL, FALSE);

-     if(result)

-       return result;

- 

-+    if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {

-+      failf(data, "TFTP file name too long\n");

-+      return CURLE_TFTP_ILLEGAL; /* too long file name field */

-+    }

-+

-     snprintf((char *)state->spacket.data+2,

-              state->blksize,

-              "%s%c%s%c", filename, '\0',  mode, '\0');

-     sbytes = 4 + strlen(filename) + strlen(mode);

- 

-2.13.3

-

deleted file mode 100644

@@ -1,96 +0,0 @@

-From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001

-From: Daniel Stenberg <daniel@haxx.se>

-Date: Tue, 1 Aug 2017 17:16:07 +0200

-Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow

- range

-

-Added test 1289 to verify.

-

-CVE-2017-1000101

-

-Bug: https://curl.haxx.se/docs/adv_20170809A.html

-Reported-by: Brian Carpenter

- src/tool_urlglob.c      |  5 ++++-

- tests/data/Makefile.inc |  2 +-

- tests/data/test1289     | 35 +++++++++++++++++++++++++++++++++++

- 3 files changed, 40 insertions(+), 2 deletions(-)

- create mode 100644 tests/data/test1289

-

-diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c

-index 6b1ece008..d56dcd912 100644

-+++ b/src/tool_urlglob.c

-@@ -271,11 +271,14 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,

-           endp = NULL;

-           goto fail;

-         }

-         errno = 0;

-         max_n = strtoul(pattern, &endp, 10);

--        if(errno || (*endp == ':')) {

-+        if(errno)

-+          /* overflow */

-+          endp = NULL;

-+        else if(*endp == ':') {

-           pattern = endp+1;

-           errno = 0;

-           step_n = strtoul(pattern, &endp, 10);

-           if(errno)

-             /* over/underflow situation */

-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc

-index 35446cf71..59f692e8f 100644

-+++ b/tests/data/Makefile.inc

-@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \

- test1260 test1261 test1262 \

- \

- test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \

--test1288 \

-+test1288 test1289 \

- \

- test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \

- test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \

-diff --git a/tests/data/test1289 b/tests/data/test1289

-new file mode 100644

-index 000000000..d679cc0bc

-+++ b/tests/data/test1289

-@@ -0,0 +1,35 @@

-+<testcase>

-+<info>

-+<keywords>

-+HTTP

-+HTTP GET

-+globbing

-+</keywords>

-+</info>

-+

-+#

-+# Server-side

-+<reply>

-+</reply>

-+

-+# Client-side

-+<client>

-+<server>

-+http

-+</server>

-+<name>

-+globbing with overflow and bad syntxx

-+</name>

-+<command>

-+http://ur%20[0-60000000000000000000

-+</command>

-+</client>

-+

-+# Verify data after the test has been "shot"

-+<verify>

-+# curl: (3) [globbing] bad range in column 

-+<errorcode>

-+3

-+</errorcode>

-+</verify>

-+</testcase>

-2.13.3

-

deleted file mode 100644

@@ -1,133 +0,0 @@

-From 9d9157bb0c230c769fdf902ed3a62edf642d424b Mon Sep 17 00:00:00 2001

-From: Daniel Stenberg <daniel@haxx.se>

-Date: Mon, 25 Sep 2017 00:35:22 +0200

-Subject: [PATCH v2] FTP: zero terminate the entry path even on bad input

-

-... a single double quote could leave the entry path buffer without a zero

-terminating byte.

-

-Test 1152 added to verify.

-

-Reported-by: Max Dymond

- lib/ftp.c               |  7 ++++--

- tests/data/Makefile.inc |  1 +

- tests/data/test1152     | 61 +++++++++++++++++++++++++++++++++++++++++++++++++

- 3 files changed, 67 insertions(+), 2 deletions(-)

- create mode 100644 tests/data/test1152

-

-diff --git a/lib/ftp.c b/lib/ftp.c

-index 4860509f3..54ba4057f 100644

-+++ b/lib/ftp.c

-@@ -2826,7 +2826,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)

-         const size_t buf_size = data->set.buffer_size;

-         char *dir;

-         char *store;

--

-+        bool entry_extracted = FALSE;

-         dir = malloc(nread + 1);

-         if(!dir)

-           return CURLE_OUT_OF_MEMORY;

-@@ -2857,7 +2857,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)

-               }

-               else {

-                 /* end of path */

--                *store = '\0'; /* zero terminate */

-+                entry_extracted = TRUE;

-                 break; /* get out of this loop */

-               }

-             }

-@@ -2866,7 +2866,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)

-             store++;

-             ptr++;

-           }

--

-+          *store = '\0'; /* zero terminate */

-+        }

-+        if(entry_extracted) {

-           /* If the path name does not look like an absolute path (i.e.: it

-              does not start with a '/'), we probably need some server-dependent

-              adjustments. For example, this is the case when connecting to

-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc

-index 1bfd75eca..268f5e29e 100644

-+++ b/tests/data/Makefile.inc

-@@ -121,6 +121,7 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \

- test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \

- test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \

- test1144 test1145 test1146 \

-+test1152 \

- test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \

- test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \

- test1216 test1217 test1218 test1219 \

-diff --git a/tests/data/test1152 b/tests/data/test1152

-new file mode 100644

-index 000000000..aa8c0a7e4

-+++ b/tests/data/test1152

-@@ -0,0 +1,61 @@

-+<testcase>

-+<info>

-+<keywords>

-+FTP

-+PASV

-+LIST

-+</keywords>

-+</info>

-+#

-+# Server-side

-+<reply>

-+<servercmd>

-+REPLY PWD 257 "just one

-+</servercmd>

-+

-+# When doing LIST, we get the default list output hard-coded in the test

-+# FTP server

-+<data mode="text">

-+total 20

-+drwxr-xr-x   8 98       98           512 Oct 22 13:06 .

-+drwxr-xr-x   8 98       98           512 Oct 22 13:06 ..

-+drwxr-xr-x   2 98       98           512 May  2  1996 curl-releases

-+-r--r--r--   1 0        1             35 Jul 16  1996 README

-+lrwxrwxrwx   1 0        1              7 Dec  9  1999 bin -> usr/bin

-+dr-xr-xr-x   2 0        1            512 Oct  1  1997 dev

-+drwxrwxrwx   2 98       98           512 May 29 16:04 download.html

-+dr-xr-xr-x   2 0        1            512 Nov 30  1995 etc

-+drwxrwxrwx   2 98       1            512 Oct 30 14:33 pub

-+dr-xr-xr-x   5 0        1            512 Oct  1  1997 usr

-+</data>

-+</reply>

-+

-+#

-+# Client-side

-+<client>

-+<server>

-+ftp

-+</server>

-+ <name>

-+FTP with uneven quote in PWD response

-+ </name>

-+ <command>

-+ftp://%HOSTIP:%FTPPORT/test-1152/

-+</command>

-+</client>

-+

-+#

-+# Verify data after the test has been "shot"

-+<verify>

-+<protocol>

-+USER anonymous

-+PASS ftp@example.com

-+PWD

-+CWD test-1152

-+EPSV

-+TYPE A

-+LIST

-+QUIT

-+</protocol>

-+</verify>

-+</testcase>

-2.14.1

-

deleted file mode 100644

@@ -1,37 +0,0 @@

-From 13c9a9ded3ae744a1e11cbc14e9146d9fa427040 Mon Sep 17 00:00:00 2001

-From: Daniel Stenberg <daniel@haxx.se>

-Date: Sat, 7 Oct 2017 00:11:31 +0200

-Subject: [PATCH] imap: if a FETCH response has no size, don't call write

- callback

-

-CVE-2017-1000257

-

-Reported-by: Brian Carpenter and 0xd34db347

-Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586

- lib/imap.c | 5 +++++

- 1 file changed, 5 insertions(+)

-

-diff --git a/lib/imap.c b/lib/imap.c

-index 954d18f37..baa31a2f8 100644

-+++ b/lib/imap.c

-@@ -1124,10 +1124,15 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,

- 

-       if(chunk > (size_t)size)

-         /* The conversion from curl_off_t to size_t is always fine here */

-         chunk = (size_t)size;

- 

-+      if(!chunk) {

-+        /* no size, we're done with the data */

-+        state(conn, IMAP_STOP);

-+        return CURLE_OK;

-+      }

-       result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);

-       if(result)

-         return result;

- 

-       data->req.bytecount += chunk;

-2.15.0.rc1

-

@@ -1,19 +1,14 @@

 Summary:        An URL retrieval utility and library

 Name:           curl

-Version:        7.54.1

-Release:        4%{?dist}

+Version:        7.56.1

+Release:        1%{?dist}

 License:        MIT

 URL:            http://curl.haxx.se

 Group:          System Environment/NetworkingLibraries

 Vendor:         VMware, Inc.

 Distribution:   Photon

-Source0:        http://curl.haxx.se/download/%{name}-%{version}.tar.lzma

-%define sha1    curl=5e549585a3e9746bd672f52cea2a7ea4936021ef

-Patch0:         curl-CVE-2017-1000099.patch

-Patch1:         curl-CVE-2017-1000100.patch

-Patch2:         curl-CVE-2017-1000101.patch

-Patch3:         curl-CVE-2017-1000254.patch

-Patch4:         curl-CVE-2017-1000257.patch

+Source0:        http://curl.haxx.se/download/%{name}-%{version}.tar.xz

+%define sha1    curl=c26bd88fdd5fe5d31a3b9e7a0a6b3dffff3168df

 BuildRequires:  ca-certificates

 BuildRequires:  openssl-devel

 BuildRequires:  krb5-devel

@@ -46,11 +41,6 @@ This package contains minimal set of shared curl libraries.

 %prep

 %setup -q

-%patch0 -p1

-%patch1 -p1

-%patch2 -p1

-%patch3 -p1

-%patch4 -p1

 %build

 ./configure \

     CFLAGS="%{optflags}" \

@@ -98,6 +88,8 @@ rm -rf %{buildroot}/*

 %{_libdir}/libcurl.so.*

 %changelog

+*   Wed Dec 13 2017 Xiaolin Li <xiaolinl@vmware.com> 7.56.1-1

+-   Update to version 7.56.1

 *   Mon Nov 27 2017 Xiaolin Li <xiaolinl@vmware.com> 7.54.1-4

 -   Fix CVE-2017-1000257

 *   Mon Nov 06 2017 Xiaolin Li <xiaolinl@vmware.com> 7.54.1-3

@@ -1,7 +1,7 @@

 %global security_hardening none

 Summary:        Sysdig is a universal system visibility tool with native support for containers.

 Name:           sysdig

-Version:        0.15.1

+Version:        0.19.1

 Release:        1%{?kernelsubrelease}%{?dist}

 License:        GPLv2

 URL:            http://www.sysdig.org/

@@ -9,7 +9,7 @@ Group:          Applications/System

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        https://github.com/draios/sysdig/archive/%{name}-%{version}.tar.gz

-%define sha1    sysdig=5b1a7a4978315176412989b5400572d849691917

+%define sha1    sysdig=425ea9fab8e831274626a9c9e65f0dfb4f9bc019

 BuildRequires:  cmake 

 BuildRequires:  linux-devel = %{KERNEL_VERSION}-%{KERNEL_RELEASE}

 BuildRequires:  openssl-devel

@@ -74,6 +74,8 @@ rm -rf %{buildroot}/*

 /lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/extra/sysdig-probe.ko

 %changelog

+*   Wed Dec 13 2017 Xiaolin Li <xiaolinl@vmware.com> 0.19.1-1

+-   Update to version 0.19.1

 *   Wed Apr 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 0.15.1-1

 -   Update to version 0.15.1

 *   Wed Jan 11 2017 Alexey Makhalov <amakhalov@vmware.com> 0.10.1-6