From c7f398e9ea89da5e016e8a17a284ce181f0b98e4 Mon Sep 17 00:00:00 2001
From: Joe Slater <joe.slater@windriver.com>
Date: Wed, 11 Nov 2020 10:33:55 -0500
Subject: [PATCH] curl: fix CVE-2019-5482 - heap overflow in tftp

curl-7.29.0-59.el7
libcurl-7.29.0-59.el7
libcurl-devel-7.29.0-59.el7

depends on

libssh2-1.8.0-4.el7
libssh2-devel-1.8.0-4.el7

Closes-Bug: 190214
Change-Id: I2755068e55dc8c70452894030404df3d936fa6a5
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
 .../config/centos/compiler/rpms_centos.lst               | 4 ----
 centos-mirror-tools/config/centos/distro/rpms_centos.lst | 5 -----
 centos-mirror-tools/config/centos/flock/rpms_centos.lst  | 5 -----
 centos-mirror-tools/config/centos/mock/rpms_centos.lst   | 9 +++++----
 4 files changed, 5 insertions(+), 18 deletions(-)

diff --git a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst
index c57ae24d..34b6aa73 100644
--- a/centos-mirror-tools/config/centos/compiler/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/compiler/rpms_centos.lst
@@ -23,7 +23,6 @@ bzip2-devel-1.0.6-13.el7.x86_64.rpm
 # cracklib-2.9.0-11.el7.x86_64.rpm provided by mock
 # cracklib-dicts-2.9.0-11.el7.x86_64.rpm provided by mock
 # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock
-# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock
 # dbus-1.10.24-12.el7.x86_64.rpm provided by mock
 dbus-devel-1.10.24-12.el7.x86_64.rpm
@@ -99,8 +98,6 @@ libcap-devel-2.22-9.el7.x86_64.rpm
 # libcap-ng-0.7.5-4.el7.x86_64.rpm provided by mock
 libcap-ng-devel-0.7.5-4.el7.x86_64.rpm
 libcroco-0.6.12-4.el7.x86_64.rpm
-# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
-# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 # libdb-5.3.21-24.el7.x86_64.rpm provided by mock
 libdb-devel-5.3.21-24.el7.x86_64.rpm
 # libdb-utils-5.3.21-24.el7.x86_64.rpm provided by mock
@@ -132,7 +129,6 @@ libselinux-devel-2.5-14.1.el7.x86_64.rpm
 # libsepol-2.5-10.el7.x86_64.rpm provided by mock
 libsepol-devel-2.5-10.el7.x86_64.rpm
 # libsmartcols-2.23.2-59.el7.x86_64.rpm provided by mock
-# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock
 # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock
 # libstdc++-devel-4.8.5-36.el7.x86_64.rpm provided by mock
 # libtasn1-4.10-1.el7.x86_64.rpm provided by mock
diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst
index d7543c05..9bdf6855 100644
--- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst
@@ -99,7 +99,6 @@ cryptsetup-devel-2.0.3-3.el7.x86_64.rpm
 ctags-5.8-13.el7.x86_64.rpm
 cups-client-1.6.3-35.el7.x86_64.rpm
 cups-libs-1.6.3-35.el7.x86_64.rpm
-# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 cyrus-sasl-2.1.26-23.el7.x86_64.rpm
 cyrus-sasl-devel-2.1.26-23.el7.x86_64.rpm
 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm
@@ -345,8 +344,6 @@ libcmocka-devel-1.1.5-1.el7.x86_64.rpm
 libcollection-0.7.0-32.el7.x86_64.rpm
 libcomps-0.1.8-12.el7.x86_64.rpm
 libcroco-0.6.12-4.el7.x86_64.rpm
-# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
-# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 libdaemon-0.14-7.el7.x86_64.rpm
 # libdb-5.3.21-24.el7.x86_64.rpm provided by mock
 libdb-devel-5.3.21-24.el7.x86_64.rpm
@@ -433,8 +430,6 @@ libSM-1.2.2-2.el7.x86_64.rpm
 libsndfile-1.0.25-10.el7.x86_64.rpm
 libsolv-0.6.34-4.el7.x86_64.rpm
 libsoup-2.62.2-2.el7.x86_64.rpm
-# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock
-libssh2-devel-1.4.3-12.el7.x86_64.rpm
 # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock
 # libtasn1-4.10-1.el7.x86_64.rpm provided by mock
 libtasn1-devel-4.10-1.el7.x86_64.rpm
diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
index fbd9b23e..d0087e2c 100644
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@@ -104,7 +104,6 @@ crudini-0.9-2.el7.noarch.rpm
 cryptsetup-2.0.3-3.el7.x86_64.rpm
 # cryptsetup-libs-2.0.3-3.el7.x86_64.rpm provided by mock
 cups-libs-1.6.3-35.el7.x86_64.rpm
-# curl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 cyrus-sasl-2.1.26-23.el7.x86_64.rpm
 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64.rpm
 # cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm provided by mock
@@ -384,8 +383,6 @@ libcollection-0.7.0-32.el7.x86_64.rpm
 libcomps-0.1.8-12.el7.x86_64.rpm
 libconfig-1.4.9-5.el7.x86_64.rpm
 libcroco-0.6.12-4.el7.x86_64.rpm
-# libcurl-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
-# libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm provided by mock
 libdaemon-0.14-7.el7.x86_64.rpm
 # libdb-5.3.21-24.el7.x86_64.rpm provided by mock
 libdb-devel-5.3.21-24.el7.x86_64.rpm
@@ -479,8 +476,6 @@ libSM-1.2.2-2.el7.x86_64.rpm
 libSM-devel-1.2.2-2.el7.x86_64.rpm
 libsndfile-1.0.25-10.el7.x86_64.rpm
 libsolv-0.6.34-4.el7.x86_64.rpm
-# libssh2-1.4.3-12.el7.x86_64.rpm provided by mock
-libssh2-devel-1.4.3-12.el7.x86_64.rpm
 # libstdc++-4.8.5-36.el7.x86_64.rpm provided by mock
 libsysfs-2.1.0-16.el7.x86_64.rpm
 # libtasn1-4.10-1.el7.x86_64.rpm provided by mock
diff --git a/centos-mirror-tools/config/centos/mock/rpms_centos.lst b/centos-mirror-tools/config/centos/mock/rpms_centos.lst
index 3100c2b2..d388c24c 100644
--- a/centos-mirror-tools/config/centos/mock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/mock/rpms_centos.lst
@@ -14,7 +14,7 @@ cpp-4.8.5-36.el7.x86_64.rpm
 cracklib-2.9.0-11.el7.x86_64.rpm
 cracklib-dicts-2.9.0-11.el7.x86_64.rpm
 cryptsetup-libs-2.0.3-3.el7.x86_64.rpm
-curl-7.29.0-51.el7_6.3.x86_64.rpm
+curl-7.29.0-59.el7.x86_64.rpm
 cyrus-sasl-lib-2.1.26-23.el7.x86_64.rpm
 dbus-1.10.24-12.el7.x86_64.rpm
 dbus-libs-1.10.24-12.el7.x86_64.rpm
@@ -61,8 +61,8 @@ libassuan-2.1.0-3.el7.x86_64.rpm
 libattr-2.4.46-13.el7.x86_64.rpm
 libcap-2.22-9.el7.x86_64.rpm
 libcap-ng-0.7.5-4.el7.x86_64.rpm
-libcurl-7.29.0-51.el7_6.3.x86_64.rpm
-libcurl-devel-7.29.0-51.el7_6.3.x86_64.rpm
+libcurl-7.29.0-59.el7.x86_64.rpm
+libcurl-devel-7.29.0-59.el7.x86_64.rpm
 libdb-5.3.21-24.el7.x86_64.rpm
 libdb-utils-5.3.21-24.el7.x86_64.rpm
 libffi-3.0.13-18.el7.x86_64.rpm
@@ -77,7 +77,8 @@ libpwquality-1.2.3-5.el7.x86_64.rpm
 libselinux-2.5-14.1.el7.x86_64.rpm
 libsepol-2.5-10.el7.x86_64.rpm
 libsmartcols-2.23.2-59.el7.x86_64.rpm
-libssh2-1.4.3-12.el7.x86_64.rpm
+libssh2-1.8.0-4.el7.x86_64.rpm
+libssh2-devel-1.8.0-4.el7.x86_64.rpm
 libstdc++-4.8.5-36.el7.x86_64.rpm
 libstdc++-devel-4.8.5-36.el7.x86_64.rpm
 libtasn1-4.10-1.el7.x86_64.rpm