Accepting request 633271 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/633271
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=138

curl-7.61.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64141f0db4945268a21b490d58806b97c615d3d0c75bf8c335bbe0efd13b45b5
-size 3964862

curl-7.61.0.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAltFnUEACgkQXMkI/bce
-EsKFUQgAml2m2W8qyDgxFApYfsd+OJYO8yx1/ogKJJrUK8SRZYPfR0aCb9klNkQu
-FwwFos2B/nkxm898CBro5Lo3XiBmF3HL3schTJodb1lPP9It76yUD9J5EedrSosj
-A+HzV3cPM53/pG/RUF3NhNZnye4JHwSxC92UffpMZ/HVDOhWbrJKFZLbl+lkcM2A
-xMkzVDwdW6Zztze/2O3ZSvftwUoYM7u73/NQjRnhllWn/dXkc3obB2vVFfq7n0/o
-zLZMoOWCbBp0Isj/sPQpUh12Q2W8KEDKm81m1IDaF0eJeA2lI3owIXsskXnqV02u
-a4vLBlaRK9cSsnNPclZEix9G4I4RfA==
-=Ygjy
------END PGP SIGNATURE-----

curl-7.61.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eaa812e9a871ea10dbe8e1d3f8f12a64a8e3e62aeab18cb23742e2f1727458ae
+size 3986062

curl-7.61.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAluPblgACgkQXMkI/bce
+EsIhWgf/THAQX5B2B5icUfPheWyv+laMcHU1FS3RgzYu/ImIT2DqiL8kNtSebNkf
+pcZzpWmOB3OBrWJSrhkMkLUfbiWksPKgLUGSc6W4BQxkLZ9wyH/oxkfgxrzDo4a2
+TeQTmON38uICPsRtGZwWTVRu4ppHTUAAfNjrigP4LmxaLYdmtQaggF7MUnhzmJFB
+F+1Hba6N/Qxe0PLTAF4X0Kk5wqmk5pA3lhI0mfBtvJ8uoSzGvOsddNXrmMco9qzR
+st3SAd8d7i5QyNjavYptDc0sMGof0WRelezE5EvEu54xQvTI/16CkbsVe0rvgJNz
+8YmRMg4KnoY7R9qy3i11rulgBUpyVA==
+=3S8D
+-----END PGP SIGNATURE-----

curl-mini.changes

@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Wed Sep  5 07:12:59 UTC 2018 - Karol Babioch <kbabioch@suse.com>
+
+- Update to version 7.61.1
+  Bugfixes:
+   * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
+   * CURLINFO_SIZE_UPLOAD: fix missing counter update
+   * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
+   * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
+   * Curl_getoff_all_pipelines: improved for multiplexed
+   * DEPRECATE: remove release date from 7.62.0
+   * HTTP: Don't attempt to needlessly decompress redirect body
+   * INTERNALS: require GnuTLS >= 2.11.3
+   * README.md: add LGTM.com code quality grade for C/C++
+   * SSLCERTS: improve the openssl command line
+   * Silence GCC 8 cast-function-type warnings
+   * ares: check for NULL in completed-callback
+   * asyn-thread: Remove unused macro
+   * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
+   * auth: pick Bearer authentication whenever a token is available
+   * cmake: CMake config files are defining CURL_STATICLIB for static builds
+   * cmake: Respect BUILD_SHARED_LIBS
+   * cmake: Update scripts to use consistent style
+   * cmake: bumped minimum version to 3.4
+   * cmake: link curl to the OpenSSL targets instead of lib absolute paths
+   * configure: conditionally enable pedantic-errors
+   * configure: fix for -lpthread detection with OpenSSL and pkg-config
+   * conn: remove the boolean 'inuse' field
+   * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
+   * cookie tests: treat files as text
+   * cookies: support creation-time attribute for cookies
+   * curl: Fix segfault when -H @headerfile is empty
+   * curl: add http code 408 to transient list for --retry
+   * curl: fix time-of-check, time-of-use race in dir creation
+   * curl: use Content-Disposition before the "URL end" for -OJ
+   * curl: warn the user if a given file name looks like an option
+   * curl_threads: silence bad-function-cast warning
+   * darwinssl: add support for ALPN negotiation
+   * docs/CURLOPT_URL: fix indentation
+   * docs/CURLOPT_WRITEFUNCTION: size is always 1
+   * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+   * docs/examples: add hiperfifo example using linux epoll/timerfd
+   * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
+   * docs: clarify NO_PROXY env variable functionality
+   * docs: improved the manual pages of some callbacks
+   * docs: mention NULL is fine input to several functions
+   * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
+   * gopher: Do not translate `?' to `%09'
+   * header output: switch off all styles, not just unbold
+   * hostip: fix unused variable warning
+   * http2: Use correct format identifier for stream_id
+   * http2: abort the send_callback if not setup yet
+   * http2: avoid set_stream_user_data() before stream is assigned
+   * http2: check nghttp2_session_set_stream_user_data return code
+   * http2: clear the drain counter in Curl_http2_done
+   * http2: make sure to send after RST_STREAM
+   * http2: separate easy handle from connections better
+   * http: fix for tiny "HTTP/0.9" response
+   * http_proxy: Remove unused macro SELECT_TIMEOUT
+   * lib/Makefile: only do symbol hiding if told to
+   * lib1502: fix memory leak in torture test
+   * lib1522: fix curl_easy_setopt argument type
+   * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
+   * mime: check Curl_rand_hex's return code
+   * multi: always do the COMPLETED procedure/state
+   * openssl: assume engine support in 1.0.0 or later
+   * openssl: fix debug messages
+   * projects: Improve Windows perl detection in batch scripts
+   * retry: return error if rewind was necessary but didn't happen
+   * reuse_conn(): memory leak - free old_conn->options
+   * schannel: client certificate store opening fix
+   * schannel: enable CALG_TLS1PRF for w32api >= 5.1
+   * schannel: fix MinGW compile break
+   * sftp: don't send post-qoute sequence when retrying a connection
+   * smb: fix memory leak on early failure
+   * smb: fix memory-leak in URL parse error path
+   * smb_getsock: always wait for write socket too
+   * ssh-libssh: fix infinite connect loop on invalid private key
+   * ssh-libssh: reduce excessive verbose output about pubkey auth
+   * ssh-libssh: use FALLTHROUGH to silence gcc8
+   * ssl: set engine implicitly when a PKCS#11 URI is provided
+   * sws: handle EINTR when calling select()
+   * system_win32: fix version checking
+   * telnet: Remove unused macros TELOPTS and TELCMDS
+   * test1143: disable MSYS2's POSIX path conversion
+   * test1148: disable if decimal separator is not point
+   * test1307: (fnmatch testing) disabled
+   * test1422: add required file feature
+   * test1531: Add timeout
+   * test1540: Remove unused macro TEST_HANG_TIMEOUT
+   * test214: disable MSYS2's POSIX path conversion for URL
+   * test320: treat curl320.out file as binary
+   * tests/http_pipe.py: Use /usr/bin/env to find python
+   * tests: Don't use Windows path %PWD for SSH tests
+   * tests: fixes for Windows line endlings
+   * tool_operate: Fix setting proxy TLS 1.3 ciphers
+   * travis: build darwinssl on macos 10.12 to fix linker errors
+   * travis: execute "set -eo pipefail" for coverage build
+   * travis: run a 'make checksrc' too
+   * travis: update to GCC-8
+   * travis: verify that man pages can be regenerated
+   * upload: allocate upload buffer on-demand
+   * upload: change default UPLOAD_BUFSIZE to 64KB
+   * urldata: remove unused pipe_broke struct field
+   * vtls: reinstantiate engine on duplicated handles
+   * windows: implement send buffer tuning
+   * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random 
+- Remove patch included upstream:
+  * curl-switch-off-all-styles.patch
+
 -------------------------------------------------------------------
 Wed Aug 22 12:32:50 UTC 2018 - kbabioch@suse.com
 
@@ -7,7 +117,7 @@ Wed Aug 22 12:32:50 UTC 2018 - kbabioch@suse.com
 -------------------------------------------------------------------
 Tue Jul 17 13:56:05 UTC 2018 - pgajdos@suse.com
 
-- Update to version 7.62.0
+- Update to version 7.61.0
   [bsc#1099793, CVE-2018-0500]
   Changes:
    * getinfo: add microsecond precise timers for seven intervals

curl-mini.spec

@@ -29,7 +29,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl-mini
-Version:        7.61.0
+Version:        7.61.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -46,7 +46,6 @@ Patch3:         ignore_runtests_failure.patch
 # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch4:         curl-disabled-redirect-protocol-message.patch
 Patch5:         curl-use_OPENSSL_config.patch
-Patch6:         curl-switch-off-all-styles.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4%{?mini} = %{version}
@@ -127,7 +126,6 @@ user interaction or any kind of interactivity.
 %endif
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS

curl-switch-off-all-styles.patch

@@ -1,30 +0,0 @@
-From 1b62b1704581fed8cd01e18cffe6676667e3a7f4 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 12 Jul 2018 11:04:00 +0200
-Subject: [PATCH] header output: switch off all styles, not just unbold
-
-... the "unbold" sequence doesn't work on the mac Terminal.
-
-Reported-by: Zero King
-Fixes #2736
-Closes #2738
----
- src/tool_cb_hdr.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
-index 88ce5e13b8..6419b72048 100644
---- a/src/tool_cb_hdr.c
-+++ b/src/tool_cb_hdr.c
-@@ -42,7 +42,10 @@ static char *parse_filename(const char *ptr, size_t len);
- #define BOLDOFF
- #else
- #define BOLD "\x1b[1m"
--#define BOLDOFF "\x1b[21m"
-+/* Switch off bold by settting "all attributes off" since the explicit
-+   bold-off code (21) isn't supported everywhere - like in the mac
-+   Terminal. */
-+#define BOLDOFF "\x1b[0m"
- #endif
- 
- /*

curl.changes

@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Wed Sep  5 07:12:59 UTC 2018 - Karol Babioch <kbabioch@suse.com>
+
+- Update to version 7.61.1
+  Bugfixes:
+   * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
+   * CURLINFO_SIZE_UPLOAD: fix missing counter update
+   * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
+   * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
+   * Curl_getoff_all_pipelines: improved for multiplexed
+   * DEPRECATE: remove release date from 7.62.0
+   * HTTP: Don't attempt to needlessly decompress redirect body
+   * INTERNALS: require GnuTLS >= 2.11.3
+   * README.md: add LGTM.com code quality grade for C/C++
+   * SSLCERTS: improve the openssl command line
+   * Silence GCC 8 cast-function-type warnings
+   * ares: check for NULL in completed-callback
+   * asyn-thread: Remove unused macro
+   * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
+   * auth: pick Bearer authentication whenever a token is available
+   * cmake: CMake config files are defining CURL_STATICLIB for static builds
+   * cmake: Respect BUILD_SHARED_LIBS
+   * cmake: Update scripts to use consistent style
+   * cmake: bumped minimum version to 3.4
+   * cmake: link curl to the OpenSSL targets instead of lib absolute paths
+   * configure: conditionally enable pedantic-errors
+   * configure: fix for -lpthread detection with OpenSSL and pkg-config
+   * conn: remove the boolean 'inuse' field
+   * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
+   * cookie tests: treat files as text
+   * cookies: support creation-time attribute for cookies
+   * curl: Fix segfault when -H @headerfile is empty
+   * curl: add http code 408 to transient list for --retry
+   * curl: fix time-of-check, time-of-use race in dir creation
+   * curl: use Content-Disposition before the "URL end" for -OJ
+   * curl: warn the user if a given file name looks like an option
+   * curl_threads: silence bad-function-cast warning
+   * darwinssl: add support for ALPN negotiation
+   * docs/CURLOPT_URL: fix indentation
+   * docs/CURLOPT_WRITEFUNCTION: size is always 1
+   * docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+   * docs/examples: add hiperfifo example using linux epoll/timerfd
+   * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
+   * docs: clarify NO_PROXY env variable functionality
+   * docs: improved the manual pages of some callbacks
+   * docs: mention NULL is fine input to several functions
+   * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
+   * gopher: Do not translate `?' to `%09'
+   * header output: switch off all styles, not just unbold
+   * hostip: fix unused variable warning
+   * http2: Use correct format identifier for stream_id
+   * http2: abort the send_callback if not setup yet
+   * http2: avoid set_stream_user_data() before stream is assigned
+   * http2: check nghttp2_session_set_stream_user_data return code
+   * http2: clear the drain counter in Curl_http2_done
+   * http2: make sure to send after RST_STREAM
+   * http2: separate easy handle from connections better
+   * http: fix for tiny "HTTP/0.9" response
+   * http_proxy: Remove unused macro SELECT_TIMEOUT
+   * lib/Makefile: only do symbol hiding if told to
+   * lib1502: fix memory leak in torture test
+   * lib1522: fix curl_easy_setopt argument type
+   * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
+   * mime: check Curl_rand_hex's return code
+   * multi: always do the COMPLETED procedure/state
+   * openssl: assume engine support in 1.0.0 or later
+   * openssl: fix debug messages
+   * projects: Improve Windows perl detection in batch scripts
+   * retry: return error if rewind was necessary but didn't happen
+   * reuse_conn(): memory leak - free old_conn->options
+   * schannel: client certificate store opening fix
+   * schannel: enable CALG_TLS1PRF for w32api >= 5.1
+   * schannel: fix MinGW compile break
+   * sftp: don't send post-qoute sequence when retrying a connection
+   * smb: fix memory leak on early failure
+   * smb: fix memory-leak in URL parse error path
+   * smb_getsock: always wait for write socket too
+   * ssh-libssh: fix infinite connect loop on invalid private key
+   * ssh-libssh: reduce excessive verbose output about pubkey auth
+   * ssh-libssh: use FALLTHROUGH to silence gcc8
+   * ssl: set engine implicitly when a PKCS#11 URI is provided
+   * sws: handle EINTR when calling select()
+   * system_win32: fix version checking
+   * telnet: Remove unused macros TELOPTS and TELCMDS
+   * test1143: disable MSYS2's POSIX path conversion
+   * test1148: disable if decimal separator is not point
+   * test1307: (fnmatch testing) disabled
+   * test1422: add required file feature
+   * test1531: Add timeout
+   * test1540: Remove unused macro TEST_HANG_TIMEOUT
+   * test214: disable MSYS2's POSIX path conversion for URL
+   * test320: treat curl320.out file as binary
+   * tests/http_pipe.py: Use /usr/bin/env to find python
+   * tests: Don't use Windows path %PWD for SSH tests
+   * tests: fixes for Windows line endlings
+   * tool_operate: Fix setting proxy TLS 1.3 ciphers
+   * travis: build darwinssl on macos 10.12 to fix linker errors
+   * travis: execute "set -eo pipefail" for coverage build
+   * travis: run a 'make checksrc' too
+   * travis: update to GCC-8
+   * travis: verify that man pages can be regenerated
+   * upload: allocate upload buffer on-demand
+   * upload: change default UPLOAD_BUFSIZE to 64KB
+   * urldata: remove unused pipe_broke struct field
+   * vtls: reinstantiate engine on duplicated handles
+   * windows: implement send buffer tuning
+   * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random 
+- Remove patch included upstream:
+  * curl-switch-off-all-styles.patch
+
 -------------------------------------------------------------------
 Wed Aug 22 12:32:50 UTC 2018 - kbabioch@suse.com
 

curl.spec

@@ -27,7 +27,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.61.0
+Version:        7.61.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -44,7 +44,6 @@ Patch3:         ignore_runtests_failure.patch
 # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch4:         curl-disabled-redirect-protocol-message.patch
 Patch5:         curl-use_OPENSSL_config.patch
-Patch6:         curl-switch-off-all-styles.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4%{?mini} = %{version}
@@ -125,7 +124,6 @@ user interaction or any kind of interactivity.
 %endif
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS