diff --git a/curl-8.11.1.tar.xz b/curl-8.11.1.tar.xz deleted file mode 100644 index ae8cf94..0000000 --- a/curl-8.11.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56 -size 2751236 diff --git a/curl-8.11.1.tar.xz.asc b/curl-8.11.1.tar.xz.asc deleted file mode 100644 index 824e8be..0000000 --- a/curl-8.11.1.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmdZOq0ACgkQXMkI/bce -EsLzzQgAgcHNuFJ9GItp9dQxzcvXsnvozNy77WMmVKyprUvrUlSRXRXDMc/FTmtV -pqtTT8XyyTxh8iSY31uvH4firhfunK49Z94SK7R95yp8nCPQOKXJXKyqdzf9i8sm -MlT3W8RCiVG0wGvmatIdHCAEStjQZsdplyiTNGytgp+4C9iLmXhaxD6sw9JYZWh+ -BryeOnsC9MCjrxhtTc/vD0g+wdhhvBzd5kiqLYsxptdcBdCPlWHoK+FYsQN91oDq -25G82kpCkzz4tKRhSQmjowJ2kw+pQ3QYC9/5VEeDckaFlRM0tZNJ3TwcpAFxbYBW -Uni36T510ri+vHBpCrl9ur9mAkbTZA== -=PffT ------END PGP SIGNATURE----- diff --git a/curl-8.12.0.tar.xz b/curl-8.12.0.tar.xz new file mode 100644 index 0000000..4d36e7d --- /dev/null +++ b/curl-8.12.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d +size 2777552 diff --git a/curl-8.12.0.tar.xz.asc b/curl-8.12.0.tar.xz.asc new file mode 100644 index 0000000..83de2e4 --- /dev/null +++ b/curl-8.12.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmejHBkACgkQXMkI/bce +EsL+5wgAj2JdxoOAfIUzFDOuMAzNNP4tus8zwLpjIOOYqA8pe13h70fvZDLW8COQ +tGPUItuRetUp0fVxLdsvpZcBa3WnRFYB0BhvEq+pl8bWMo0QptvwxROqW4xra5m2 ++sGTzdXfcDdpbB24JTW+dbb9co6ArFuxR8bOgVaoBTuLzmtnXqXaC8mdHI8Bxb5z +UEb3LImtt+nIeijMxz8umQ4ESX4YpbdhCaRag6GQLiR+qq0rUcJYBbUSbXBGLpfW +TZpMmMzO1zHetlj3vSSgyGwAWYQGBpV2lR1jGdN9NBpwI36UUikt8fDPmSnsSu2o +uCMMVe1BwZIJopsuWg/wKNXSWfgd3w== +=n4b5 +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index ed54c5c..c21dba7 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,88 @@ +------------------------------------------------------------------- +Thu Feb 6 07:52:21 UTC 2025 - Pedro Monreal + +- Update to 8.12.0: + * Security fixes: + - [bsc#1234068, CVE-2024-11053] curl could leak the password used + for the first host to the followed-to host under certain circumstances. + - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry + - [bsc#1236589, CVE-2025-0665] eventfd double close + * Changes: + - curl: add byte range support to --variable reading from file + - curl: make --etag-save acknowledge --create-dirs + - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var + - getinfo: provide info which auth was used for HTTP and proxy + - hyper: drop support + - openssl: add support to use keys and certificates from PKCS#11 provider + - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA + - vtls: feature ssls-export for SSL session im-/export + * Bugfixes: + - altsvc: avoid integer overflow in expire calculation + - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL + - asyn-ares: fix memory leak + - asyn-ares: initial HTTPS resolve support + - asyn-thread: use c-ares to resolve HTTPS RR + - async-thread: avoid closing eventfd twice + - cd2nroff: do not insist on quoted <> within backticks + - cd2nroff: support "none" as a TLS backend + - conncache: count shutdowns against host and max limits + - content_encoding: drop support for zlib before 1.2.0.4 + - content_encoding: namespace GZIP flag constants + - content_encoding: put the decomp buffers into the writer structs + - content_encoding: support use of custom libzstd memory functions + - cookie: cap expire times to 400 days + - cookie: parse only the exact expire date + - curl: return error if etag options are used with multiple URLs + - curl_multi_fdset: include the shutdown connections in the set + - curl_sha512_256: rename symbols to the curl namespace + - curl_url_set.md: adjust the added-in to 7.62.0 + - doh: send HTTPS RR requests for all HTTP(S) transfers + - easy: allow connect-only handle reuse with easy_perform + - easy: make curl_easy_perform() return error if connection still there + - easy_lock: use Sleep(1) for thread yield on old Windows + - ECH: update APIs to those agreed with OpenSSL maintainers + - GnuTLS: fix 'time_appconnect' for early data + - HTTP/2: strip TE request header + - http2: fix data_pending check + - http2: fix value stored to 'result' is never read + - http: ignore invalid Retry-After times + - http_aws_sigv4: Fix invalid compare function handling zero-length pairs + - https-connect: start next immediately on failure + - lib: redirect handling by protocol handler + - multi: fix curl_multi_waitfds reporting of fd_count + - netrc: 'default' with no credentials is not a match + - netrc: fix password-only entries + - netrc: restore _netrc fallback logic + - ngtcp2: fix memory leak on connect failure + - openssl: define `HAVE_KEYLOG_CALLBACK` before use + - openssl: fix ECH logic + - osslq: use SSL_poll to determine writeability of QUIC streams + - sectransp: free certificate on error + - select: avoid a NULL deref in cwfds_add_sock + - src: omit hugehelp and ca-embed from libcurltool + - ssl session cache: change cache dimensions + - system.h: add 64-bit curl_off_t definitions for NonStop + - telnet: handle single-byte input option + - TLS: check connection for SSL use, not handler + - tool_formparse.c: make curlx_uztoso a static in here + - tool_formparse: accept digits in --form type= strings + - tool_getparam: ECH param parsing refix + - tool_getparam: fail --hostpubsha256 if libssh2 is not used + - tool_getparam: fix "Ignored Return Value" + - tool_getparam: fix memory leak on error in parse_ech + - tool_getparam: fix the ECH parser + - tool_operate: make --etag-compare always accept a non-existing file + - transfer: fix CURLOPT_CURLU override logic + - urlapi: fix redirect to a new fragment or query (only) + - vquic: make vquic_send_packets not return without setting psent + - vtls: fix default SSL backend as a fallback + - vtls: only remember the expiry timestamp in session cache + - websocket: fix message send corruption + - x509asn1: add parse recursion limit + * Rebase pathes: + - libcurl-ocloexec.patch + - dont-mess-with-rpmoptflags.patch + ------------------------------------------------------------------- Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal diff --git a/curl.spec b/curl.spec index a9d3d9c..3adeb74 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ # # spec file for package curl # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.11.1 +Version: 8.12.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl diff --git a/dont-mess-with-rpmoptflags.patch b/dont-mess-with-rpmoptflags.patch index cc7aa75..16035a9 100644 --- a/dont-mess-with-rpmoptflags.patch +++ b/dont-mess-with-rpmoptflags.patch @@ -1,15 +1,16 @@ -Index: curl-8.6.0/configure.ac +Index: curl-8.12.0/configure.ac =================================================================== ---- curl-8.6.0.orig/configure.ac -+++ curl-8.6.0/configure.ac -@@ -506,10 +506,6 @@ dnl ************************************ +--- curl-8.12.0.orig/configure.ac ++++ curl-8.12.0/configure.ac +@@ -502,11 +502,6 @@ if test "$curl_cv_native_windows" = "yes + esac + fi - CURL_CHECK_COMPILER - CURL_CHECK_NATIVE_WINDOWS -CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS -CURL_SET_COMPILER_WARNING_OPTS - +- if test "$compiler_id" = "INTEL_UNIX_C"; then # + if test "$compiler_num" -ge "1000"; then diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch index 870706b..9cb806e 100644 --- a/libcurl-ocloexec.patch +++ b/libcurl-ocloexec.patch @@ -7,32 +7,35 @@ To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. -Index: curl-8.9.0/lib/file.c +Index: curl-8.12.0/lib/file.c =================================================================== ---- curl-8.9.0.orig/lib/file.c -+++ curl-8.9.0/lib/file.c -@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl +--- curl-8.12.0.orig/lib/file.c ++++ curl-8.12.0/lib/file.c +@@ -237,7 +237,7 @@ static CURLcode file_connect(struct Curl } } #else -- fd = open_readonly(real_path, O_RDONLY); -+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC); +- fd = open(real_path, O_RDONLY); ++ fd = open(real_path, O_RDONLY|O_CLOEXEC); file->path = real_path; #endif #endif -@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_ - else - mode = MODE_DEFAULT|O_TRUNC; +@@ -321,9 +321,9 @@ static CURLcode file_upload(struct Curl_ + #if (defined(ANDROID) || defined(__ANDROID__)) && \ + (defined(__i386__) || defined(__arm__)) +- fd = open(file->path, mode, (mode_t)data->set.new_file_perms); ++ fd = open(file->path, mode|O_CLOEXEC, (mode_t)data->set.new_file_perms); + #else - fd = open(file->path, mode, data->set.new_file_perms); + fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms); + #endif if(fd < 0) { failf(data, "cannot open %s for writing", file->path); - return CURLE_WRITE_ERROR; -Index: curl-8.9.0/lib/if2ip.c +Index: curl-8.12.0/lib/if2ip.c =================================================================== ---- curl-8.9.0.orig/lib/if2ip.c -+++ curl-8.9.0/lib/if2ip.c +--- curl-8.12.0.orig/lib/if2ip.c ++++ curl-8.12.0/lib/if2ip.c @@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af, if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -42,11 +45,11 @@ Index: curl-8.9.0/lib/if2ip.c if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: curl-8.9.0/configure.ac +Index: curl-8.12.0/configure.ac =================================================================== ---- curl-8.9.0.orig/configure.ac -+++ curl-8.9.0/configure.ac -@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m +--- curl-8.12.0.orig/configure.ac ++++ curl-8.12.0/configure.ac +@@ -426,6 +426,8 @@ AC_DEFINE_UNQUOTED(CURL_OS, "${host}", [ # Silence warning: ar: 'u' modifier ignored since 'D' is the default AC_SUBST(AR_FLAGS, [cr]) @@ -55,10 +58,10 @@ Index: curl-8.9.0/configure.ac dnl This defines _ALL_SOURCE for AIX CURL_CHECK_AIX_ALL_SOURCE -Index: curl-8.9.0/lib/hostip.c +Index: curl-8.12.0/lib/hostip.c =================================================================== ---- curl-8.9.0.orig/lib/hostip.c -+++ curl-8.9.0/lib/hostip.c +--- curl-8.12.0.orig/lib/hostip.c ++++ curl-8.12.0/lib/hostip.c @@ -44,6 +44,7 @@ #include #include @@ -67,7 +70,7 @@ Index: curl-8.9.0/lib/hostip.c #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da +@@ -624,7 +625,7 @@ bool Curl_ipv6works(struct Curl_easy *da else { int ipv6_works = -1; /* probe to see if we have a working IPv6 stack */ @@ -76,11 +79,11 @@ Index: curl-8.9.0/lib/hostip.c if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we cannot get/use one */ ipv6_works = 0; -Index: curl-8.9.0/lib/cf-socket.c +Index: curl-8.12.0/lib/cf-socket.c =================================================================== ---- curl-8.9.0.orig/lib/cf-socket.c -+++ curl-8.9.0/lib/cf-socket.c -@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_ +--- curl-8.12.0.orig/lib/cf-socket.c ++++ curl-8.12.0/lib/cf-socket.c +@@ -367,7 +367,9 @@ static CURLcode socket_open(struct Curl_ } else { /* opensocket callback not set, so simply create the socket now */