Accepting request 454837 from home:AndreasStieger:branches:devel:libraries:c_c++

- build with libidn2 for IDNA2008 support
  FATE#321897 CVE-2016-8625 bsc#1005649
  add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing, 
  remove curl-disable_failing_tests.patch

OBS-URL: https://build.opensuse.org/request/show/454837
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=182

curl-7.52.1-idn-fixes.patch

@@ -0,0 +1,207 @@
+From 0bc24d6f9d15a2cc5898cae4f214487200e78f44 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 25 Dec 2016 01:13:12 +0100
+Subject: [PATCH] configure: accept --with-libidn2 instead
+
+... which the help text already implied since we switched to libidn2
+from libidn in commit 9c91ec778104ae3b back in October 2016.
+
+Reported-by: Christian Weisgerber
+Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 91028458f..65dac55bc 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2830,7 +2830,7 @@ dnl **********************************************************************
+ 
+ AC_MSG_CHECKING([whether to build with libidn2])
+ OPT_IDN="default"
+-AC_ARG_WITH(libidn,
++AC_ARG_WITH(libidn2,
+ AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage])
+ AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]),
+   [OPT_IDN=$withval])
+-- 
+2.11.1
+
+From f30cbcac11f5a627992f0c48cff91135808fa70f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 13 Jan 2017 09:36:33 +0100
+Subject: [PATCH] IDN: Use TR46 'transitional' for toASCII translations
+
+References: http://unicode.org/faq/idn.html
+            http://unicode.org/reports/tr46
+
+Closes #1206
+---
+ lib/url.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index c7a91a4f7..29beb3853 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4010,7 +4010,12 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
+ #ifdef USE_LIBIDN2
+     if(idn2_check_version(IDN2_VERSION)) {
+       char *ace_hostname = NULL;
+-      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0);
++#ifdef IDN2_TRANSITIONAL
++      int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL;
++#else
++      int flags = IDN2_NFC_INPUT;
++#endif
++      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags);
+       if(rc == IDN2_OK) {
+         host->encalloc = (char *)ace_hostname;
+         /* change the name pointer to point to the encoded hostname */
+-- 
+2.11.1
+
+From ba315745f7f4ddfedd0763833c22f019817535cb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 13 Jan 2017 11:50:01 +0100
+Subject: [PATCH] IDN: Fix compile time detection of linidn2 TR46
+
+Follow-up to f30cbcac1
+
+Closes #1207
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 1f6e5bed9..9112baee0 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4010,7 +4010,7 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
+ #ifdef USE_LIBIDN2
+     if(idn2_check_version(IDN2_VERSION)) {
+       char *ace_hostname = NULL;
+-#ifdef IDN2_TRANSITIONAL
++#if IDN2_VERSION_NUMBER >= 0x00140000
+       int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL;
+ #else
+       int flags = IDN2_NFC_INPUT;
+-- 
+2.11.1
+
+From ee357664df9bbb301e3bc1070a855e6b13303a5d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 13 Jan 2017 14:31:40 +0100
+Subject: [PATCH] IDN: revert use of the transitional option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It made the german ß get converted to ss, IDNA2003 style, and we can't
+have that for the .de TLD - a primary reason for our switch to IDNA2008.
+
+Test 165 verifies.
+---
+ lib/url.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 9112baee0..b088b61e3 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4010,12 +4010,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
+ #ifdef USE_LIBIDN2
+     if(idn2_check_version(IDN2_VERSION)) {
+       char *ace_hostname = NULL;
+-#if IDN2_VERSION_NUMBER >= 0x00140000
+-      int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL;
+-#else
+-      int flags = IDN2_NFC_INPUT;
+-#endif
+-      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags);
++      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname,
++                              IDN2_NFC_INPUT);
+       if(rc == IDN2_OK) {
+         host->encalloc = (char *)ace_hostname;
+         /* change the name pointer to point to the encoded hostname */
+-- 
+2.11.1
+
+From 7d6e3f8cfa5c8de1ecb4ab63ed0c0660cce7acdc Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 13 Jan 2017 14:49:11 +0100
+Subject: [PATCH] IDN: Use TR46 non-transitional
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Assisted-by: Tim Rühsen
+---
+ lib/url.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index b088b61e3..074289ed4 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -4010,8 +4010,15 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
+ #ifdef USE_LIBIDN2
+     if(idn2_check_version(IDN2_VERSION)) {
+       char *ace_hostname = NULL;
+-      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname,
+-                              IDN2_NFC_INPUT);
++#if IDN2_VERSION_NUMBER >= 0x00140000
++      /* IDN2_NFC_INPUT: Normalize input string using normalization form C.
++         IDN2_NONTRANSITIONAL: Perform Unicode TR46 non-transitional
++         processing. */
++      int flags = IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL;
++#else
++      int flags = IDN2_NFC_INPUT;
++#endif
++      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags);
+       if(rc == IDN2_OK) {
+         host->encalloc = (char *)ace_hostname;
+         /* change the name pointer to point to the encoded hostname */
+-- 
+2.11.1
+
+From b135cd255b6aa7d051ea906693bf67580153ed76 Mon Sep 17 00:00:00 2001
+From: Alessandro Ghedini <alessandro@ghedini.me>
+Date: Sat, 14 Jan 2017 16:16:56 +0000
+Subject: [PATCH] url: assume UTF-8 when doing idn2 lookup
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Tim Rühsen for the suggestion.
+---
+ lib/url.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index edae1e3f3..49ed4f669 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4026,7 +4026,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
+ #else
+       int flags = IDN2_NFC_INPUT;
+ #endif
+-      int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags);
++      int rc = idn2_lookup_u8((const uint8_t *)host->name,
++                              (uint8_t **)&ace_hostname, flags);
+       if(rc == IDN2_OK) {
+         host->encalloc = (char *)ace_hostname;
+         /* change the name pointer to point to the encoded hostname */
+-- 
+2.11.1
+

curl-disable_failing_tests.patch

@@ -1,14 +0,0 @@
-Index: curl-7.50.0/tests/data/DISABLED
-===================================================================
---- curl-7.50.0.orig/tests/data/DISABLED	2016-06-27 16:11:14.000000000 +0200
-+++ curl-7.50.0/tests/data/DISABLED	2016-07-21 15:15:31.134631724 +0200
-@@ -2,6 +2,9 @@
- # test cases are run by runtests.pl. Just add the plain test case numbers, one
- # per line.
- # Lines starting with '#' letters are treated as comments.
-+# man pages problems
-+1139
-+1140
- 594
- 1209
- 1211

curl.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Sun Feb  5 22:33:33 UTC 2017 - astieger@suse.com
+
+- build with libidn2 for IDNA2008 support
+  FATE#321897 CVE-2016-8625 bsc#1005649
+  add curl-7.52.1-idn-fixes.patch to fix test, among other things
+- re-enable tests that are no longer failing, 
+  remove curl-disable_failing_tests.patch
+
 -------------------------------------------------------------------
 Fri Dec 23 07:37:40 UTC 2016 - idonmez@suse.com
 

curl.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package curl
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -33,14 +33,14 @@ Source4:        https://daniel.haxx.se/mykey.asc#/%{name}.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch3:         curl-secure-getenv.patch
-Patch4:         curl-disable_failing_tests.patch
+Patch5:         curl-7.52.1-idn-fixes.patch
 BuildRequires:  groff
 BuildRequires:  krb5-mini-devel
+BuildRequires:  libidn2-devel
 BuildRequires:  libtool
 BuildRequires:  lzma
 BuildRequires:  openldap2-devel
 BuildRequires:  pkgconfig
-BuildRequires:  pkgconfig(libidn)
 BuildRequires:  pkgconfig(libmetalink)
 BuildRequires:  pkgconfig(libnghttp2)
 BuildRequires:  pkgconfig(libpsl)
@@ -98,7 +98,7 @@ user interaction or any kind of interactivity.
 %patch0
 %patch1
 %patch3
-%patch4 -p1
+%patch5 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS