!92 disable metalink to fix CVE-2021-22922 and CVE-2021-22923

Merge pull request !92 from robertxw/openEuler-20.03-LTS-SP3

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.71.1
-Release:        11
+Release:        12
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -35,7 +35,7 @@ Patch121:       backport-0002-CVE-2021-22946.patch
 Patch122:       backport-CVE-2021-22947.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
-BuildRequires:  libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
+BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
 BuildRequires:  libssh-devel make openldap-devel openssh-clients openssh-server
 BuildRequires:  openssl-devel perl-interpreter pkgconfig python3-devel sed
 BuildRequires:  stunnel zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip)
@@ -95,6 +95,7 @@ install -d build-full
 export common_configure_opts="--cache-file=../config.cache \
     --enable-symbol-hiding  --enable-ipv6  --enable-threaded-resolver \
     --with-gssapi  --with-nghttp2  --with-ssl \
+    --without-libmetalink \
     --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
 
 %global _configure ../configure
@@ -108,7 +109,6 @@ export common_configure_opts="--cache-file=../config.cache \
         --enable-manual \
         --with-brotli \
         --with-libidn2 \
-        --with-libmetalink \
         --with-libpsl \
         --with-libssh
 )
@@ -174,6 +174,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Thu Jan 20 2021 gaoxingwang<gaoxingwang@huawei.com> - 7.71.1-12
+- Type:CVE
+- CVE:CVE-2021-22922 CVE-2021-22923
+- SUG:NA
+- DESC:disable metalink to fix CVE-2021-22922 and CVE-2021-22923
+
 * Fri Oct 8 2021 yanglu <yanglu72@huawei.com> - 7.71.1-11
 - Type:CVE
 - CVE:CVE-2021-22945 CVE-2021-22946 CVE-2021-22947