Merge pull request microsoft#6486 from microsoft/ddstreet/fasttrack-c…

…make-cve-2023-44487 fasttrack cmake CVE 2023 44487
PawelWMS · Oct 19, 2023 · 96a3515 · 96a3515
2 parents d888008 + bfeeb89
commit 96a3515
Show file tree

Hide file tree

Showing 4 changed files with 496 additions and 5 deletions.
diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec
@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.21.4
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -19,6 +19,7 @@ Patch4:         CVE-2023-28322-lib-unify-the-upload-method-handling.patch
 Patch5:         CVE-2023-35945.patch
 Patch6:         CVE-2023-38545.patch
 Patch7:         CVE-2023-38546.patch
+Patch8:         cve-2023-44487.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@@ -84,6 +85,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_prefix}/doc/%{name}-*/*
 
 %changelog
+* Thu Oct 19 2023 Dan Streetman <[email protected]> - 3.21.4-10
+- Patch vendored nghttp2 for CVE-2023-44487
+
 * Tue Oct 10 2023 Mykhailo Bykhovtsev <[email protected]> - 3.21.4-9
 - Patch vendored curl for CVE-2023-38545, CVE-2023-38546