Sync from SUSE:SLFO:Main curl revision 9c988e5f1d3c61b002b390b177a443f4
This commit is contained in:
parent
69417f5875
commit
88cdf1703b
BIN
curl-8.11.0.tar.xz
(Stored with Git LFS)
Normal file
BIN
curl-8.11.0.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
11
curl-8.11.0.tar.xz.asc
Normal file
11
curl-8.11.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmcrFoYACgkQXMkI/bce
|
||||
EsIHCAf/fcpnxxtl7XTgSXF3V2tntKZJskiiTuXsJtBCJoDWiOOjrM3gnafXC3Bt
|
||||
CcncdGHIubKuUTc+JeuQowr6e+oXWPX5k45SF35U9n1EvWgF/s8uxAF8vJdDQme9
|
||||
z30M6UjMkEB7tbADUt1Q7Dyh8ZWWsFC5emekYnMQVDvzmad76Z3o4ZeQAly7xUhd
|
||||
V++5Il3Ql44nyMeTDTlHOuOc3jiA5rCmoLr4mMbRqAO8wF+Y2KCDYd5BaNvXZOln
|
||||
snEM496m3p0S1sliiEnRwDeccepUpkAyHPQgESS/ATCIvFZb4/MDrLSc5HSr5K+8
|
||||
MNYxBV03wmfR5QUqihbH8KXZKpYDnw==
|
||||
=9DLI
|
||||
-----END PGP SIGNATURE-----
|
BIN
curl-8.9.1.tar.xz
(Stored with Git LFS)
BIN
curl-8.9.1.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce
|
||||
EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I
|
||||
tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4
|
||||
WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN
|
||||
ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW
|
||||
Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc
|
||||
QlKzV/h7ydbBWdHiSTpCMxue7tLUZw==
|
||||
=EiUG
|
||||
-----END PGP SIGNATURE-----
|
@ -1,7 +1,7 @@
|
||||
Index: curl-8.5.0/lib/getenv.c
|
||||
Index: curl-8.11.0/lib/getenv.c
|
||||
===================================================================
|
||||
--- curl-8.5.0.orig/lib/getenv.c
|
||||
+++ curl-8.5.0/lib/getenv.c
|
||||
--- curl-8.11.0.orig/lib/getenv.c
|
||||
+++ curl-8.11.0/lib/getenv.c
|
||||
@@ -29,6 +29,14 @@
|
||||
|
||||
#include "memdebug.h"
|
||||
@ -16,26 +16,26 @@ Index: curl-8.5.0/lib/getenv.c
|
||||
+
|
||||
static char *GetEnv(const char *variable)
|
||||
{
|
||||
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \
|
||||
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) || \
|
||||
@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
|
||||
/* else rc is bytes needed, try again */
|
||||
}
|
||||
#else
|
||||
- char *env = getenv(variable);
|
||||
+ char *env = secure_getenv(variable);
|
||||
return (env && env[0])?strdup(env):NULL;
|
||||
return (env && env[0]) ? strdup(env) : NULL;
|
||||
#endif
|
||||
}
|
||||
Index: curl-8.5.0/configure.ac
|
||||
Index: curl-8.11.0/configure.ac
|
||||
===================================================================
|
||||
--- curl-8.5.0.orig/configure.ac
|
||||
+++ curl-8.5.0/configure.ac
|
||||
@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy
|
||||
ac_configure_args="$ac_configure_args --enable-curldebug"
|
||||
fi
|
||||
--- curl-8.11.0.orig/configure.ac
|
||||
+++ curl-8.11.0/configure.ac
|
||||
@@ -5370,6 +5370,8 @@ fi
|
||||
|
||||
CURL_PREPARE_CONFIGUREHELP_PM
|
||||
|
||||
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
|
||||
+
|
||||
AC_CONFIG_FILES([Makefile \
|
||||
docs/Makefile \
|
||||
docs/examples/Makefile \
|
||||
AC_CONFIG_FILES([\
|
||||
Makefile \
|
||||
docs/Makefile \
|
||||
|
@ -1,32 +0,0 @@
|
||||
From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 5 Aug 2024 00:17:17 +0200
|
||||
Subject: [PATCH] sigpipe: init the struct so that first apply ignores
|
||||
|
||||
Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
|
||||
init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
|
||||
|
||||
I have read the existing code multiple times now and I think it gets the
|
||||
initial state reversed this missing to ignore.
|
||||
|
||||
Regression from 17e6f06ea37136c36d27
|
||||
|
||||
Reported-by: Rasmus Thomsen
|
||||
Fixes #14344
|
||||
Closes #14390
|
||||
---
|
||||
lib/sigpipe.h | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/sigpipe.h b/lib/sigpipe.h
|
||||
index b91a2f51333956..d78afd905d3414 100644
|
||||
--- a/lib/sigpipe.h
|
||||
+++ b/lib/sigpipe.h
|
||||
@@ -39,6 +39,7 @@ struct sigpipe_ignore {
|
||||
static void sigpipe_init(struct sigpipe_ignore *ig)
|
||||
{
|
||||
memset(ig, 0, sizeof(*ig));
|
||||
+ ig->no_signal = TRUE;
|
||||
}
|
||||
|
||||
/*
|
149
curl.changes
149
curl.changes
@ -1,3 +1,152 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 6 08:43:16 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to 8.11.0:
|
||||
* Security fixes: [bsc#1232528, CVE-2024-9681]
|
||||
* curl: HSTS subdomain overwrites parent cache entry
|
||||
* Changes:
|
||||
- curl: --create-dirs works for --dump-header as well
|
||||
- gtls: Add P12 format support
|
||||
- ipfs: add options to disable
|
||||
- TLS: TLSv1.3 earlydata support for curl
|
||||
- WebSockets: make support official (non-experimental)
|
||||
* Bugfixes:
|
||||
- build: clarify CA embed is for curl tool, mark default, improve summary
|
||||
- build: show if CA bundle to embed was found
|
||||
- build: tidy up and improve versioned-symbols options
|
||||
- cmake/FindNGTCP2: use library path as hint for finding crypto module
|
||||
- cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
|
||||
- cmake: rename LDAP dependency config variables to match Find modules
|
||||
- cmake: replace 'check_include_file_concat()' for LDAP and GSS detection
|
||||
- cmake: use OpenSSL for LDAP detection only if available
|
||||
- curl: add build options for safe/no CA bundle search (Windows)
|
||||
- curl: detect ECH support dynamically, not at build time
|
||||
- curl_addrinfo: support operating systems with only getaddrinfo(3)
|
||||
- ftp: fix 0-length last write on upload from stdin
|
||||
- gnutls: use session cache for QUIC
|
||||
- hsts: improve subdomain handling
|
||||
- hsts: support "implied LWS" properly around max-age
|
||||
- http2: auto reset stream on server eos
|
||||
- json.md: cli-option '--json' is an alias of '--data-binary'
|
||||
- lib: move curl_path.[ch] into vssh/
|
||||
- lib: remove function pointer typecasts for hmac/sha256/md5
|
||||
- libssh.c: handle EGAINS during proto-connect correctly
|
||||
- libssh2: use the filename buffer when getting the homedir
|
||||
- multi.c: warn/assert on stall only without timer
|
||||
- negotiate: conditional check around GSS & SSL specific code
|
||||
- netrc: cache the netrc file in memory
|
||||
- ngtcp2: do not loop on recv
|
||||
- ngtcp2: set max window size to 10x of initial (128KB)
|
||||
- openssl quic: populate x509 store before handshake
|
||||
- openssl: extend the OpenSSL error messages
|
||||
- openssl: improve retries on shutdown
|
||||
- quic: use send/recvmmsg when available
|
||||
- schannel: fix TLS cert verification by IP SAN
|
||||
- schannel: ignore error on recv beyond close notify
|
||||
- select: use poll() if existing, avoid poll() with no sockets
|
||||
- sendf: add condition to max-filesize check
|
||||
- server/mqttd: fix two memory leaks
|
||||
- setopt: return error for bad input to CURLOPT_RTSP_REQUEST
|
||||
- setopt_cptr: make overflow check only done when needed
|
||||
- tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED
|
||||
- tool: support --show-headers AND --remote-header-name
|
||||
- tool_operate: make --skip-existing work for --parallel
|
||||
- url: connection reuse on h3 connections
|
||||
- url: use same credentials on redirect
|
||||
- urlapi: normalize the IPv6 address
|
||||
- version: say quictls in MSH3 builds
|
||||
- vquic: fix compiler warning with gcc + MUSL
|
||||
- vquic: recv_mmsg, use fewer, but larger buffers
|
||||
- vtls: convert Curl_pin_peer_pubkey to use dynbuf
|
||||
- vtls: convert pubkey_pem_to_der to use dynbuf
|
||||
* Rebase curl-secure-getenv.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 24 09:42:35 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to 8.10.1:
|
||||
* Bugfixes:
|
||||
- autotools: fix `--with-ca-embed` build rule
|
||||
- cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
|
||||
- cmake: fix MSH3 to appear on the feature list
|
||||
- connect: store connection info when really done
|
||||
- FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
|
||||
- http2: when uploading data from stdin, fix eos forwarding
|
||||
- http: make max-filesize check not count ignored bodies
|
||||
- lib: fix AF_INET6 use outside of USE_IPV6
|
||||
- multi: check that the multi handle is valid in curl_multi_assign
|
||||
- QUIC: on connect, keep on trying on draining server
|
||||
- request: correctly reset the eos_sent flag
|
||||
- setopt: remove superfluous use of ternary expressions
|
||||
- singleuse: drop `Curl_memrchr()` for no-HTTP builds
|
||||
- tool_cb_wrt: use "curl_response" if no file name in URL
|
||||
- transfer: fix sendrecv() without interim poll
|
||||
- vtls: fix `Curl_ssl_conn_config_match` doc param
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 11 06:36:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to version 8.10.0:
|
||||
* Security fixes:
|
||||
- [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS
|
||||
* Changes:
|
||||
- curl: make --rate accept "number of units"
|
||||
- curl: make --show-headers the same as --include
|
||||
- curl: support --dump-header % to direct to stderr
|
||||
- curl: support embedding a CA bundle and --dump-ca-embed
|
||||
- curl: support repeated use of the verbose option; -vv etc
|
||||
- curl: use libuv for parallel transfers with --test-event
|
||||
- vtls: stop offering alpn http/1.1 for http2-prior-knowledge
|
||||
* Bugfixes:
|
||||
- curl: allow 500MB data URL encode strings
|
||||
- curl: warn on unsupported SSL options
|
||||
- Curl_rand_bytes to control env override
|
||||
- curl_sha512_256: fix symbol collisions with nettle library
|
||||
- dist: fix reproducible build from release tarball
|
||||
- http2: fix GOAWAY message sent to server
|
||||
- http2: improve rate limiting of downloads
|
||||
- INSTALL.md: MultiSSL and QUIC are mutually exclusive
|
||||
- lib: add eos flag to send methods
|
||||
- lib: make SSPI global symbols use Curl_ prefix
|
||||
- lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name
|
||||
- lib: remove the final strncpy() calls
|
||||
- lib: remove use of RANDOM_FILE
|
||||
- Makefile.mk: fixup enabling libidn2
|
||||
- max-filesize.md: mention zero disables the limit
|
||||
- mime: avoid inifite loop in client reader
|
||||
- ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks
|
||||
- openssl quic: fix memory leak
|
||||
- openssl: certinfo errors now fail correctly
|
||||
- openssl: fix the data race when sharing an SSL session between threads
|
||||
- openssl: improve shutdown handling
|
||||
- POP3: fix multi-line responses
|
||||
- pop3: use the protocol handler ->write_resp
|
||||
- progress: ratelimit/progress tweaks
|
||||
- rand: only provide weak random when needed
|
||||
- sectransp: fix setting tls version
|
||||
- setopt: make CURLOPT_TFTP_BLKSIZE accept bad values
|
||||
- sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL
|
||||
- sigpipe: init the struct so that first apply ignores
|
||||
- smb: convert superflous assign into assert
|
||||
- smtp: add tracing feature
|
||||
- spnego_gssapi: implement TLS channel bindings for openssl
|
||||
- src: delete `curlx_m*printf()` aliases
|
||||
- ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)
|
||||
- tool_operhlp: fix "potentially uninitialized local variable 'pc' used"
|
||||
- tool_paramhlp: bump maximum post data size in memory to 16GB
|
||||
- transfer: skip EOS read when download done
|
||||
- url: fix connection reuse for HTTP/2 upgrades
|
||||
- urlapi: verify URL *decoded* hostname when set
|
||||
- urldata: introduce `data->mid`, a unique identifier inside a multi
|
||||
- vtls: add SSLSUPP_CIPHER_LIST
|
||||
- vtls: fix static function name collisions between TLS backends
|
||||
- vtls: init ssl peer only once
|
||||
- websocket: introduce blocking sends
|
||||
- ws: flags to opcodes should ignore CURLWS_CONT flag
|
||||
- x509asn1: raise size limit for x509 certification information
|
||||
* Remove curl-sigpipe.patch upstream
|
||||
* Rebase curl-secure-getenv.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
@ -29,7 +29,7 @@
|
||||
%endif
|
||||
|
||||
Name: curl%{?psuffix}
|
||||
Version: 8.9.1
|
||||
Version: 8.11.0
|
||||
Release: 0
|
||||
Summary: A Tool for Transferring Data from URLs
|
||||
License: curl
|
||||
@ -43,8 +43,6 @@ Patch1: dont-mess-with-rpmoptflags.patch
|
||||
Patch2: curl-secure-getenv.patch
|
||||
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
|
||||
Patch3: curl-disabled-redirect-protocol-message.patch
|
||||
#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores
|
||||
Patch4: curl-sigpipe.patch
|
||||
BuildRequires: groff
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
@ -228,7 +226,7 @@ popd
|
||||
|
||||
%if !%{with mini}
|
||||
%files
|
||||
%doc README RELEASE-NOTES CHANGES
|
||||
%doc README RELEASE-NOTES CHANGES.md
|
||||
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
|
||||
%{_bindir}/curl
|
||||
%{_mandir}/man1/curl.1%{?ext_man}
|
||||
|
Loading…
Reference in New Issue
Block a user