Sync from SUSE:SLFO:Main curl revision 9c988e5f1d3c61b002b390b177a443f4

This commit is contained in:
Adrian Schröter 2024-11-12 15:39:22 +01:00
parent 69417f5875
commit 88cdf1703b
8 changed files with 179 additions and 64 deletions

BIN
curl-8.11.0.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

11
curl-8.11.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmcrFoYACgkQXMkI/bce
EsIHCAf/fcpnxxtl7XTgSXF3V2tntKZJskiiTuXsJtBCJoDWiOOjrM3gnafXC3Bt
CcncdGHIubKuUTc+JeuQowr6e+oXWPX5k45SF35U9n1EvWgF/s8uxAF8vJdDQme9
z30M6UjMkEB7tbADUt1Q7Dyh8ZWWsFC5emekYnMQVDvzmad76Z3o4ZeQAly7xUhd
V++5Il3Ql44nyMeTDTlHOuOc3jiA5rCmoLr4mMbRqAO8wF+Y2KCDYd5BaNvXZOln
snEM496m3p0S1sliiEnRwDeccepUpkAyHPQgESS/ATCIvFZb4/MDrLSc5HSr5K+8
MNYxBV03wmfR5QUqihbH8KXZKpYDnw==
=9DLI
-----END PGP SIGNATURE-----

BIN
curl-8.9.1.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce
EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I
tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4
WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN
ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW
Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc
QlKzV/h7ydbBWdHiSTpCMxue7tLUZw==
=EiUG
-----END PGP SIGNATURE-----

View File

@ -1,7 +1,7 @@
Index: curl-8.5.0/lib/getenv.c
Index: curl-8.11.0/lib/getenv.c
===================================================================
--- curl-8.5.0.orig/lib/getenv.c
+++ curl-8.5.0/lib/getenv.c
--- curl-8.11.0.orig/lib/getenv.c
+++ curl-8.11.0/lib/getenv.c
@@ -29,6 +29,14 @@
#include "memdebug.h"
@ -16,26 +16,26 @@ Index: curl-8.5.0/lib/getenv.c
+
static char *GetEnv(const char *variable)
{
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \
#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) || \
@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
/* else rc is bytes needed, try again */
}
#else
- char *env = getenv(variable);
+ char *env = secure_getenv(variable);
return (env && env[0])?strdup(env):NULL;
return (env && env[0]) ? strdup(env) : NULL;
#endif
}
Index: curl-8.5.0/configure.ac
Index: curl-8.11.0/configure.ac
===================================================================
--- curl-8.5.0.orig/configure.ac
+++ curl-8.5.0/configure.ac
@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy
ac_configure_args="$ac_configure_args --enable-curldebug"
fi
--- curl-8.11.0.orig/configure.ac
+++ curl-8.11.0/configure.ac
@@ -5370,6 +5370,8 @@ fi
CURL_PREPARE_CONFIGUREHELP_PM
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
AC_CONFIG_FILES([Makefile \
docs/Makefile \
docs/examples/Makefile \
AC_CONFIG_FILES([\
Makefile \
docs/Makefile \

View File

@ -1,32 +0,0 @@
From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 5 Aug 2024 00:17:17 +0200
Subject: [PATCH] sigpipe: init the struct so that first apply ignores
Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
I have read the existing code multiple times now and I think it gets the
initial state reversed this missing to ignore.
Regression from 17e6f06ea37136c36d27
Reported-by: Rasmus Thomsen
Fixes #14344
Closes #14390
---
lib/sigpipe.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/sigpipe.h b/lib/sigpipe.h
index b91a2f51333956..d78afd905d3414 100644
--- a/lib/sigpipe.h
+++ b/lib/sigpipe.h
@@ -39,6 +39,7 @@ struct sigpipe_ignore {
static void sigpipe_init(struct sigpipe_ignore *ig)
{
memset(ig, 0, sizeof(*ig));
+ ig->no_signal = TRUE;
}
/*

View File

@ -1,3 +1,152 @@
-------------------------------------------------------------------
Wed Nov 6 08:43:16 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 8.11.0:
* Security fixes: [bsc#1232528, CVE-2024-9681]
* curl: HSTS subdomain overwrites parent cache entry
* Changes:
- curl: --create-dirs works for --dump-header as well
- gtls: Add P12 format support
- ipfs: add options to disable
- TLS: TLSv1.3 earlydata support for curl
- WebSockets: make support official (non-experimental)
* Bugfixes:
- build: clarify CA embed is for curl tool, mark default, improve summary
- build: show if CA bundle to embed was found
- build: tidy up and improve versioned-symbols options
- cmake/FindNGTCP2: use library path as hint for finding crypto module
- cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
- cmake: rename LDAP dependency config variables to match Find modules
- cmake: replace 'check_include_file_concat()' for LDAP and GSS detection
- cmake: use OpenSSL for LDAP detection only if available
- curl: add build options for safe/no CA bundle search (Windows)
- curl: detect ECH support dynamically, not at build time
- curl_addrinfo: support operating systems with only getaddrinfo(3)
- ftp: fix 0-length last write on upload from stdin
- gnutls: use session cache for QUIC
- hsts: improve subdomain handling
- hsts: support "implied LWS" properly around max-age
- http2: auto reset stream on server eos
- json.md: cli-option '--json' is an alias of '--data-binary'
- lib: move curl_path.[ch] into vssh/
- lib: remove function pointer typecasts for hmac/sha256/md5
- libssh.c: handle EGAINS during proto-connect correctly
- libssh2: use the filename buffer when getting the homedir
- multi.c: warn/assert on stall only without timer
- negotiate: conditional check around GSS & SSL specific code
- netrc: cache the netrc file in memory
- ngtcp2: do not loop on recv
- ngtcp2: set max window size to 10x of initial (128KB)
- openssl quic: populate x509 store before handshake
- openssl: extend the OpenSSL error messages
- openssl: improve retries on shutdown
- quic: use send/recvmmsg when available
- schannel: fix TLS cert verification by IP SAN
- schannel: ignore error on recv beyond close notify
- select: use poll() if existing, avoid poll() with no sockets
- sendf: add condition to max-filesize check
- server/mqttd: fix two memory leaks
- setopt: return error for bad input to CURLOPT_RTSP_REQUEST
- setopt_cptr: make overflow check only done when needed
- tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED
- tool: support --show-headers AND --remote-header-name
- tool_operate: make --skip-existing work for --parallel
- url: connection reuse on h3 connections
- url: use same credentials on redirect
- urlapi: normalize the IPv6 address
- version: say quictls in MSH3 builds
- vquic: fix compiler warning with gcc + MUSL
- vquic: recv_mmsg, use fewer, but larger buffers
- vtls: convert Curl_pin_peer_pubkey to use dynbuf
- vtls: convert pubkey_pem_to_der to use dynbuf
* Rebase curl-secure-getenv.patch
-------------------------------------------------------------------
Tue Sep 24 09:42:35 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 8.10.1:
* Bugfixes:
- autotools: fix `--with-ca-embed` build rule
- cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
- cmake: fix MSH3 to appear on the feature list
- connect: store connection info when really done
- FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
- http2: when uploading data from stdin, fix eos forwarding
- http: make max-filesize check not count ignored bodies
- lib: fix AF_INET6 use outside of USE_IPV6
- multi: check that the multi handle is valid in curl_multi_assign
- QUIC: on connect, keep on trying on draining server
- request: correctly reset the eos_sent flag
- setopt: remove superfluous use of ternary expressions
- singleuse: drop `Curl_memrchr()` for no-HTTP builds
- tool_cb_wrt: use "curl_response" if no file name in URL
- transfer: fix sendrecv() without interim poll
- vtls: fix `Curl_ssl_conn_config_match` doc param
-------------------------------------------------------------------
Wed Sep 11 06:36:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to version 8.10.0:
* Security fixes:
- [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS
* Changes:
- curl: make --rate accept "number of units"
- curl: make --show-headers the same as --include
- curl: support --dump-header % to direct to stderr
- curl: support embedding a CA bundle and --dump-ca-embed
- curl: support repeated use of the verbose option; -vv etc
- curl: use libuv for parallel transfers with --test-event
- vtls: stop offering alpn http/1.1 for http2-prior-knowledge
* Bugfixes:
- curl: allow 500MB data URL encode strings
- curl: warn on unsupported SSL options
- Curl_rand_bytes to control env override
- curl_sha512_256: fix symbol collisions with nettle library
- dist: fix reproducible build from release tarball
- http2: fix GOAWAY message sent to server
- http2: improve rate limiting of downloads
- INSTALL.md: MultiSSL and QUIC are mutually exclusive
- lib: add eos flag to send methods
- lib: make SSPI global symbols use Curl_ prefix
- lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name
- lib: remove the final strncpy() calls
- lib: remove use of RANDOM_FILE
- Makefile.mk: fixup enabling libidn2
- max-filesize.md: mention zero disables the limit
- mime: avoid inifite loop in client reader
- ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks
- openssl quic: fix memory leak
- openssl: certinfo errors now fail correctly
- openssl: fix the data race when sharing an SSL session between threads
- openssl: improve shutdown handling
- POP3: fix multi-line responses
- pop3: use the protocol handler ->write_resp
- progress: ratelimit/progress tweaks
- rand: only provide weak random when needed
- sectransp: fix setting tls version
- setopt: make CURLOPT_TFTP_BLKSIZE accept bad values
- sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL
- sigpipe: init the struct so that first apply ignores
- smb: convert superflous assign into assert
- smtp: add tracing feature
- spnego_gssapi: implement TLS channel bindings for openssl
- src: delete `curlx_m*printf()` aliases
- ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)
- tool_operhlp: fix "potentially uninitialized local variable 'pc' used"
- tool_paramhlp: bump maximum post data size in memory to 16GB
- transfer: skip EOS read when download done
- url: fix connection reuse for HTTP/2 upgrades
- urlapi: verify URL *decoded* hostname when set
- urldata: introduce `data->mid`, a unique identifier inside a multi
- vtls: add SSLSUPP_CIPHER_LIST
- vtls: fix static function name collisions between TLS backends
- vtls: init ssl peer only once
- websocket: introduce blocking sends
- ws: flags to opcodes should ignore CURLWS_CONT flag
- x509asn1: raise size limit for x509 certification information
* Remove curl-sigpipe.patch upstream
* Rebase curl-secure-getenv.patch
-------------------------------------------------------------------
Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

View File

@ -29,7 +29,7 @@
%endif
Name: curl%{?psuffix}
Version: 8.9.1
Version: 8.11.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@ -43,8 +43,6 @@ Patch1: dont-mess-with-rpmoptflags.patch
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores
Patch4: curl-sigpipe.patch
BuildRequires: groff
BuildRequires: libtool
BuildRequires: pkgconfig
@ -228,7 +226,7 @@ popd
%if !%{with mini}
%files
%doc README RELEASE-NOTES CHANGES
%doc README RELEASE-NOTES CHANGES.md
%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
%{_bindir}/curl
%{_mandir}/man1/curl.1%{?ext_man}