diff --git a/curl-8.11.1.tar.xz b/curl-8.11.1.tar.xz new file mode 100644 index 0000000..ae8cf94 --- /dev/null +++ b/curl-8.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56 +size 2751236 diff --git a/curl-8.11.1.tar.xz.asc b/curl-8.11.1.tar.xz.asc new file mode 100644 index 0000000..824e8be --- /dev/null +++ b/curl-8.11.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmdZOq0ACgkQXMkI/bce +EsLzzQgAgcHNuFJ9GItp9dQxzcvXsnvozNy77WMmVKyprUvrUlSRXRXDMc/FTmtV +pqtTT8XyyTxh8iSY31uvH4firhfunK49Z94SK7R95yp8nCPQOKXJXKyqdzf9i8sm +MlT3W8RCiVG0wGvmatIdHCAEStjQZsdplyiTNGytgp+4C9iLmXhaxD6sw9JYZWh+ +BryeOnsC9MCjrxhtTc/vD0g+wdhhvBzd5kiqLYsxptdcBdCPlWHoK+FYsQN91oDq +25G82kpCkzz4tKRhSQmjowJ2kw+pQ3QYC9/5VEeDckaFlRM0tZNJ3TwcpAFxbYBW +Uni36T510ri+vHBpCrl9ur9mAkbTZA== +=PffT +-----END PGP SIGNATURE----- diff --git a/curl-8.12.0.tar.xz b/curl-8.12.0.tar.xz deleted file mode 100644 index 4d36e7d..0000000 --- a/curl-8.12.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d -size 2777552 diff --git a/curl-8.12.0.tar.xz.asc b/curl-8.12.0.tar.xz.asc deleted file mode 100644 index 83de2e4..0000000 --- a/curl-8.12.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmejHBkACgkQXMkI/bce -EsL+5wgAj2JdxoOAfIUzFDOuMAzNNP4tus8zwLpjIOOYqA8pe13h70fvZDLW8COQ -tGPUItuRetUp0fVxLdsvpZcBa3WnRFYB0BhvEq+pl8bWMo0QptvwxROqW4xra5m2 -+sGTzdXfcDdpbB24JTW+dbb9co6ArFuxR8bOgVaoBTuLzmtnXqXaC8mdHI8Bxb5z -UEb3LImtt+nIeijMxz8umQ4ESX4YpbdhCaRag6GQLiR+qq0rUcJYBbUSbXBGLpfW -TZpMmMzO1zHetlj3vSSgyGwAWYQGBpV2lR1jGdN9NBpwI36UUikt8fDPmSnsSu2o -uCMMVe1BwZIJopsuWg/wKNXSWfgd3w== -=n4b5 ------END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index c21dba7..ed54c5c 100644 --- a/curl.changes +++ b/curl.changes @@ -1,88 +1,3 @@ -------------------------------------------------------------------- -Thu Feb 6 07:52:21 UTC 2025 - Pedro Monreal - -- Update to 8.12.0: - * Security fixes: - - [bsc#1234068, CVE-2024-11053] curl could leak the password used - for the first host to the followed-to host under certain circumstances. - - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry - - [bsc#1236589, CVE-2025-0665] eventfd double close - * Changes: - - curl: add byte range support to --variable reading from file - - curl: make --etag-save acknowledge --create-dirs - - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var - - getinfo: provide info which auth was used for HTTP and proxy - - hyper: drop support - - openssl: add support to use keys and certificates from PKCS#11 provider - - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA - - vtls: feature ssls-export for SSL session im-/export - * Bugfixes: - - altsvc: avoid integer overflow in expire calculation - - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL - - asyn-ares: fix memory leak - - asyn-ares: initial HTTPS resolve support - - asyn-thread: use c-ares to resolve HTTPS RR - - async-thread: avoid closing eventfd twice - - cd2nroff: do not insist on quoted <> within backticks - - cd2nroff: support "none" as a TLS backend - - conncache: count shutdowns against host and max limits - - content_encoding: drop support for zlib before 1.2.0.4 - - content_encoding: namespace GZIP flag constants - - content_encoding: put the decomp buffers into the writer structs - - content_encoding: support use of custom libzstd memory functions - - cookie: cap expire times to 400 days - - cookie: parse only the exact expire date - - curl: return error if etag options are used with multiple URLs - - curl_multi_fdset: include the shutdown connections in the set - - curl_sha512_256: rename symbols to the curl namespace - - curl_url_set.md: adjust the added-in to 7.62.0 - - doh: send HTTPS RR requests for all HTTP(S) transfers - - easy: allow connect-only handle reuse with easy_perform - - easy: make curl_easy_perform() return error if connection still there - - easy_lock: use Sleep(1) for thread yield on old Windows - - ECH: update APIs to those agreed with OpenSSL maintainers - - GnuTLS: fix 'time_appconnect' for early data - - HTTP/2: strip TE request header - - http2: fix data_pending check - - http2: fix value stored to 'result' is never read - - http: ignore invalid Retry-After times - - http_aws_sigv4: Fix invalid compare function handling zero-length pairs - - https-connect: start next immediately on failure - - lib: redirect handling by protocol handler - - multi: fix curl_multi_waitfds reporting of fd_count - - netrc: 'default' with no credentials is not a match - - netrc: fix password-only entries - - netrc: restore _netrc fallback logic - - ngtcp2: fix memory leak on connect failure - - openssl: define `HAVE_KEYLOG_CALLBACK` before use - - openssl: fix ECH logic - - osslq: use SSL_poll to determine writeability of QUIC streams - - sectransp: free certificate on error - - select: avoid a NULL deref in cwfds_add_sock - - src: omit hugehelp and ca-embed from libcurltool - - ssl session cache: change cache dimensions - - system.h: add 64-bit curl_off_t definitions for NonStop - - telnet: handle single-byte input option - - TLS: check connection for SSL use, not handler - - tool_formparse.c: make curlx_uztoso a static in here - - tool_formparse: accept digits in --form type= strings - - tool_getparam: ECH param parsing refix - - tool_getparam: fail --hostpubsha256 if libssh2 is not used - - tool_getparam: fix "Ignored Return Value" - - tool_getparam: fix memory leak on error in parse_ech - - tool_getparam: fix the ECH parser - - tool_operate: make --etag-compare always accept a non-existing file - - transfer: fix CURLOPT_CURLU override logic - - urlapi: fix redirect to a new fragment or query (only) - - vquic: make vquic_send_packets not return without setting psent - - vtls: fix default SSL backend as a fallback - - vtls: only remember the expiry timestamp in session cache - - websocket: fix message send corruption - - x509asn1: add parse recursion limit - * Rebase pathes: - - libcurl-ocloexec.patch - - dont-mess-with-rpmoptflags.patch - ------------------------------------------------------------------- Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal diff --git a/curl.spec b/curl.spec index 3adeb74..a9d3d9c 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ # # spec file for package curl # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.12.0 +Version: 8.11.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl diff --git a/dont-mess-with-rpmoptflags.patch b/dont-mess-with-rpmoptflags.patch index 16035a9..cc7aa75 100644 --- a/dont-mess-with-rpmoptflags.patch +++ b/dont-mess-with-rpmoptflags.patch @@ -1,16 +1,15 @@ -Index: curl-8.12.0/configure.ac +Index: curl-8.6.0/configure.ac =================================================================== ---- curl-8.12.0.orig/configure.ac -+++ curl-8.12.0/configure.ac -@@ -502,11 +502,6 @@ if test "$curl_cv_native_windows" = "yes - esac - fi +--- curl-8.6.0.orig/configure.ac ++++ curl-8.6.0/configure.ac +@@ -506,10 +506,6 @@ dnl ************************************ + CURL_CHECK_COMPILER + CURL_CHECK_NATIVE_WINDOWS -CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS -CURL_SET_COMPILER_WARNING_OPTS -- + if test "$compiler_id" = "INTEL_UNIX_C"; then # - if test "$compiler_num" -ge "1000"; then diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch index 9cb806e..870706b 100644 --- a/libcurl-ocloexec.patch +++ b/libcurl-ocloexec.patch @@ -7,35 +7,32 @@ To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. -Index: curl-8.12.0/lib/file.c +Index: curl-8.9.0/lib/file.c =================================================================== ---- curl-8.12.0.orig/lib/file.c -+++ curl-8.12.0/lib/file.c -@@ -237,7 +237,7 @@ static CURLcode file_connect(struct Curl +--- curl-8.9.0.orig/lib/file.c ++++ curl-8.9.0/lib/file.c +@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl } } #else -- fd = open(real_path, O_RDONLY); -+ fd = open(real_path, O_RDONLY|O_CLOEXEC); +- fd = open_readonly(real_path, O_RDONLY); ++ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC); file->path = real_path; #endif #endif -@@ -321,9 +321,9 @@ static CURLcode file_upload(struct Curl_ +@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_ + else + mode = MODE_DEFAULT|O_TRUNC; - #if (defined(ANDROID) || defined(__ANDROID__)) && \ - (defined(__i386__) || defined(__arm__)) -- fd = open(file->path, mode, (mode_t)data->set.new_file_perms); -+ fd = open(file->path, mode|O_CLOEXEC, (mode_t)data->set.new_file_perms); - #else - fd = open(file->path, mode, data->set.new_file_perms); + fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms); - #endif if(fd < 0) { failf(data, "cannot open %s for writing", file->path); -Index: curl-8.12.0/lib/if2ip.c + return CURLE_WRITE_ERROR; +Index: curl-8.9.0/lib/if2ip.c =================================================================== ---- curl-8.12.0.orig/lib/if2ip.c -+++ curl-8.12.0/lib/if2ip.c +--- curl-8.9.0.orig/lib/if2ip.c ++++ curl-8.9.0/lib/if2ip.c @@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af, if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -45,11 +42,11 @@ Index: curl-8.12.0/lib/if2ip.c if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: curl-8.12.0/configure.ac +Index: curl-8.9.0/configure.ac =================================================================== ---- curl-8.12.0.orig/configure.ac -+++ curl-8.12.0/configure.ac -@@ -426,6 +426,8 @@ AC_DEFINE_UNQUOTED(CURL_OS, "${host}", [ +--- curl-8.9.0.orig/configure.ac ++++ curl-8.9.0/configure.ac +@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m # Silence warning: ar: 'u' modifier ignored since 'D' is the default AC_SUBST(AR_FLAGS, [cr]) @@ -58,10 +55,10 @@ Index: curl-8.12.0/configure.ac dnl This defines _ALL_SOURCE for AIX CURL_CHECK_AIX_ALL_SOURCE -Index: curl-8.12.0/lib/hostip.c +Index: curl-8.9.0/lib/hostip.c =================================================================== ---- curl-8.12.0.orig/lib/hostip.c -+++ curl-8.12.0/lib/hostip.c +--- curl-8.9.0.orig/lib/hostip.c ++++ curl-8.9.0/lib/hostip.c @@ -44,6 +44,7 @@ #include #include @@ -70,7 +67,7 @@ Index: curl-8.12.0/lib/hostip.c #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -624,7 +625,7 @@ bool Curl_ipv6works(struct Curl_easy *da +@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da else { int ipv6_works = -1; /* probe to see if we have a working IPv6 stack */ @@ -79,11 +76,11 @@ Index: curl-8.12.0/lib/hostip.c if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we cannot get/use one */ ipv6_works = 0; -Index: curl-8.12.0/lib/cf-socket.c +Index: curl-8.9.0/lib/cf-socket.c =================================================================== ---- curl-8.12.0.orig/lib/cf-socket.c -+++ curl-8.12.0/lib/cf-socket.c -@@ -367,7 +367,9 @@ static CURLcode socket_open(struct Curl_ +--- curl-8.9.0.orig/lib/cf-socket.c ++++ curl-8.9.0/lib/cf-socket.c +@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_ } else { /* opensocket callback not set, so simply create the socket now */