Sync from SUSE:SLFO:Main curl revision d02880ca69623f40b6a05705826f7da7

This commit is contained in:
Adrian Schröter 2024-05-03 11:57:29 +02:00
commit 59d34073d7
11 changed files with 6598 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

6
baselibs.conf Normal file
View File

@ -0,0 +1,6 @@
libcurl4
obsoletes "curl-<targettype> <= <version>"
provides "curl-<targettype> = <version>"
libcurl-devel
requires -curl-<targettype>
requires "libcurl4-<targettype> = <version>"

BIN
curl-8.6.0.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

11
curl-8.6.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmW58RcACgkQXMkI/bce
EsKLvgf9Em0etBEnbJzkhmCiKUOfn3sTKhIHA4y1/O+anaNfEx0E89VUQuFZRcUz
i4ENOVjTXxVy4zZUobOOWz7RXrvv6XnX9A++RYkBoEk4mmNB3A6ShsTeCR2mS4yi
dL5UfH2YEu7B6x/ONROKKuGawsqw0D6wzVgrD+J1e8Bu+1P8YOUqsQWVJmJFlYMN
2A8NP4GZHnmP3rnupx1RY3/MgJU0FjlQ428BOA7PIiYKEVto0dp6cqd4AQsLgQPy
J1RBcge1Uwqe+k/IenUx7bUaQfr+NY34ryrMxbLPghPimfeyjjsDxyr+OwoQM1aw
64WqLXBgQmhluT0STyHdD0Tc/JHYrw==
=GboB
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,20 @@
Index: curl-7.82.0/lib/url.c
===================================================================
--- curl-7.82.0.orig/lib/url.c
+++ curl-7.82.0/lib/url.c
@@ -1832,9 +1832,13 @@ static CURLcode findprotocol(struct Curl
/* it is allowed for "normal" request, now do an extra check if this is
the result of a redirect */
if(data->state.this_is_a_follow &&
- !(data->set.redir_protocols & p->protocol))
+ !(data->set.redir_protocols & p->protocol)) {
/* nope, get out */
- ;
+ failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
+ LIBCURL_NAME, protostr);
+
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
else {
/* Perform setup complement if some. */
conn->handler = conn->given = p;

41
curl-secure-getenv.patch Normal file
View File

@ -0,0 +1,41 @@
Index: curl-8.5.0/lib/getenv.c
===================================================================
--- curl-8.5.0.orig/lib/getenv.c
+++ curl-8.5.0/lib/getenv.c
@@ -29,6 +29,14 @@
#include "memdebug.h"
+#ifndef HAVE_SECURE_GETENV
+# ifdef HAVE___SECURE_GETENV
+# define secure_getenv __secure_getenv
+# else
+# error neither secure_getenv nor __secure_getenv is available
+# endif
+#endif
+
static char *GetEnv(const char *variable)
{
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \
@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
/* else rc is bytes needed, try again */
}
#else
- char *env = getenv(variable);
+ char *env = secure_getenv(variable);
return (env && env[0])?strdup(env):NULL;
#endif
}
Index: curl-8.5.0/configure.ac
===================================================================
--- curl-8.5.0.orig/configure.ac
+++ curl-8.5.0/configure.ac
@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy
ac_configure_args="$ac_configure_args --enable-curldebug"
fi
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
AC_CONFIG_FILES([Makefile \
docs/Makefile \
docs/examples/Makefile \

6114
curl.changes Normal file

File diff suppressed because it is too large Load Diff

77
curl.keyring Normal file
View File

@ -0,0 +1,77 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
+BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
j/qx4ytjt5uxt6Jm6IXV9cry8i6x
=Phs/
-----END PGP PUBLIC KEY BLOCK-----

195
curl.spec Normal file
View File

@ -0,0 +1,195 @@
#
# spec file for package curl
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%bcond_without testsuite
%bcond_with mozilla_nss
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
Version: 8.6.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
URL: https://curl.se
Source: https://curl.se/download/curl-%{version}.tar.xz
Source2: https://curl.se/download/curl-%{version}.tar.xz.asc
Source3: baselibs.conf
Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring
Patch0: libcurl-ocloexec.patch
Patch1: dont-mess-with-rpmoptflags.patch
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
BuildRequires: libtool
BuildRequires: pkgconfig
Requires: libcurl4 = %{version}
BuildRequires: groff
BuildRequires: lzma
BuildRequires: openldap2-devel
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libbrotlidec)
BuildRequires: pkgconfig(libidn2)
# Disable metalink [bsc#1188218, CVE-2021-22923][bsc#1188217, CVE-2021-22922]
# BuildRequires: pkgconfig(libmetalink)
#
# The 7.86.0 cURL release introduced the use of
# nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
# a function introduced by the 1.50.0 nghttp2 release.
#
# This is a bandaid, as cURL didn't provide a function/version check
# in their build scripts. Without this some users my end up with a broken
# Zypper/cURL if they have a libnghttp2 < 1.50.0 yet in their system,
# and do some Zypper transaction that updates cURL, but not libnghttp2.
#
BuildRequires: pkgconfig(libnghttp2) >= 1.50.0
BuildRequires: pkgconfig(libpsl)
BuildRequires: pkgconfig(libssh)
BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(zlib)
%if %{with openssl}
BuildRequires: pkgconfig(libssl)
%endif
%if %{with mozilla_nss}
BuildRequires: mozilla-nss-devel
%endif
#BuildRequires: openssh
%if 0%{?_with_stunnel:1}
# used by the testsuite
BuildRequires: stunnel
%endif
%description
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS,
TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work
without user interaction or any kind of interactivity.
%package -n libcurl4
Summary: Library for transferring data from URLs
%description -n libcurl4
The cURL shared library for accessing data using different
network protocols.
%package -n libcurl-devel
Summary: Development files for the curl library
Requires: glibc-devel
Requires: libcurl4 = %{version}
Provides: curl-devel = %{version}
Obsoletes: curl-devel < %{version}
%description -n libcurl-devel
Curl is a client to get documents and files from or send documents to a
server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER,
DICT, TELNET, LDAP, or FILE). The command is designed to work without
user interaction or any kind of interactivity.
%prep
%setup -q -n curl-%{version}
%autopatch -p1
%build
# curl complains if macro definition is contained in CFLAGS
# see m4/xc-val-flgs.m4
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
export CPPFLAGS
export CFLAGS="$CFLAGS -fPIE"
export LDFLAGS="$LDFLAGS -Wl,-z,defs,-z,now,-z,relro -pie"
autoreconf -fiv
# local hack to make curl-config --libs stop printing libraries it depends on
# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere,
# will hopefully change in the future)
sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
%configure \
--enable-ipv6 \
%if %{with openssl}
--with-openssl \
--with-ca-fallback \
--without-ca-path \
--without-ca-bundle \
%else
--without-openssl \
%if %{with mozilla_nss}
--with-nss \
%endif
%endif
--with-gssapi=$(krb5-config --prefix) \
--with-libidn2 \
--with-libssh \
--enable-symbol-hiding \
--disable-static \
--enable-threaded-resolver
# if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no
# enable-hidden-symbols needs gcc4 and causes that curl exports only its API
%make_build
%if %{with testsuite}
%check
pushd tests
%make_build
find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
perl ./runtests.pl -a -v -p '!flaky' || exit
popd
%endif
%install
%make_install
rm -f %{buildroot}%{_libdir}/libcurl.la
install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4
pushd scripts
%make_install
popd
%post -n libcurl4 -p /sbin/ldconfig
%postun -n libcurl4 -p /sbin/ldconfig
%files
%doc README RELEASE-NOTES CHANGES
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
%{_bindir}/curl
%{_datadir}/zsh/site-functions/_curl
%{_mandir}/man1/curl.1%{?ext_man}
%{_mandir}/man1/mk-ca-bundle.1%{?ext_man}
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%dir %{_datadir}/fish/
%dir %{_datadir}/fish/vendor_completions.d/
%{_datadir}/fish/vendor_completions.d/curl.fish
%files -n libcurl4
%license COPYING
%{_libdir}/libcurl.so.4*
%files -n libcurl-devel
%{_bindir}/curl-config
%{_includedir}/curl
%dir %{_datadir}/aclocal/
%{_datadir}/aclocal/libcurl.m4
%{_libdir}/libcurl.so
%{_libdir}/pkgconfig/libcurl.pc
%{_mandir}/man1/curl-config.1%{?ext_man}
%{_mandir}/man3/*
%doc docs/libcurl/symbols-in-versions
%changelog

View File

@ -0,0 +1,15 @@
Index: curl-8.6.0/configure.ac
===================================================================
--- curl-8.6.0.orig/configure.ac
+++ curl-8.6.0/configure.ac
@@ -506,10 +506,6 @@ dnl ************************************
CURL_CHECK_COMPILER
CURL_CHECK_NATIVE_WINDOWS
-CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
-CURL_SET_COMPILER_OPTIMIZE_OPTS
-CURL_SET_COMPILER_WARNING_OPTS
if test "$compiler_id" = "INTEL_UNIX_C"; then
#

93
libcurl-ocloexec.patch Normal file
View File

@ -0,0 +1,93 @@
Open library file descriptors with O_CLOEXEC
This patch is non-portable, it needs linux 2.6.23 and glibc 2.7
or later, different combinations (old linux, new glibc and vice-versa)
will result in a crash.
To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough.
Index: curl-8.4.0/lib/file.c
===================================================================
--- curl-8.4.0.orig/lib/file.c
+++ curl-8.4.0/lib/file.c
@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
}
}
#else
- fd = open_readonly(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path;
#endif
#endif
@@ -318,7 +318,7 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
- fd = open(file->path, mode, data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
Index: curl-8.4.0/lib/if2ip.c
===================================================================
--- curl-8.4.0.orig/lib/if2ip.c
+++ curl-8.4.0/lib/if2ip.c
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
- dummy = socket(AF_INET, SOCK_STREAM, 0);
+ dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0);
if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND;
Index: curl-8.4.0/configure.ac
===================================================================
--- curl-8.4.0.orig/configure.ac
+++ curl-8.4.0/configure.ac
@@ -428,6 +428,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr])
+AC_USE_SYSTEM_EXTENSIONS
+
dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE
Index: curl-8.4.0/lib/hostip.c
===================================================================
--- curl-8.4.0.orig/lib/hostip.c
+++ curl-8.4.0/lib/hostip.c
@@ -44,6 +44,7 @@
#include <setjmp.h>
#include <signal.h>
+#include <fcntl.h>
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -609,7 +610,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else {
int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */
- curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
+ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we can't get/use one */
ipv6_works = 0;
Index: curl-8.4.0/lib/cf-socket.c
===================================================================
--- curl-8.4.0.orig/lib/cf-socket.c
+++ curl-8.4.0/lib/cf-socket.c
@@ -274,7 +274,9 @@ static CURLcode socket_open(struct Curl_
}
else {
/* opensocket callback not set, so simply create the socket now */
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+ *sockfd = socket(addr->family,
+ addr->socktype|SOCK_CLOEXEC,
+ addr->protocol);
}
if(*sockfd == CURL_SOCKET_BAD)