pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to 8.12.0:

Browse Source 
* Security fixes:
    - [bsc#1234068, CVE-2024-11053] curl could leak the password used
      for the first host to the followed-to host under certain circumstances.
    - [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry
    - [bsc#1236589, CVE-2025-0665] eventfd double close
  * Changes:
    - curl: add byte range support to --variable reading from file
    - curl: make --etag-save acknowledge --create-dirs
    - getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
    - getinfo: provide info which auth was used for HTTP and proxy
    - hyper: drop support
    - openssl: add support to use keys and certificates from PKCS#11 provider
    - QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
    - vtls: feature ssls-export for SSL session im-/export
  * Bugfixes:
    - altsvc: avoid integer overflow in expire calculation
    - asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
    - asyn-ares: fix memory leak
    - asyn-ares: initial HTTPS resolve support
    - asyn-thread: use c-ares to resolve HTTPS RR
    - async-thread: avoid closing eventfd twice
    - cd2nroff: do not insist on quoted <> within backticks
    - cd2nroff: support "none" as a TLS backend
    - conncache: count shutdowns against host and max limits
    - content_encoding: drop support for zlib before 1.2.0.4
    - content_encoding: namespace GZIP flag constants
    - content_encoding: put the decomp buffers into the writer structs
    - content_encoding: support use of custom libzstd memory functions
    - cookie: cap expire times to 400 days

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=387
This commit is contained in:
Pedro Monreal Gonzalez 2025-02-06 09:58:18 +00:00 committed by Git OBS Bridge
parent d0ee3ff81d
commit 38189aa2cc
8 changed files with 137 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
curl-8.11.1.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

11
curl-8.11.1.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmdZOq0ACgkQXMkI/bce
EsLzzQgAgcHNuFJ9GItp9dQxzcvXsnvozNy77WMmVKyprUvrUlSRXRXDMc/FTmtV
pqtTT8XyyTxh8iSY31uvH4firhfunK49Z94SK7R95yp8nCPQOKXJXKyqdzf9i8sm
MlT3W8RCiVG0wGvmatIdHCAEStjQZsdplyiTNGytgp+4C9iLmXhaxD6sw9JYZWh+
BryeOnsC9MCjrxhtTc/vD0g+wdhhvBzd5kiqLYsxptdcBdCPlWHoK+FYsQN91oDq
25G82kpCkzz4tKRhSQmjowJ2kw+pQ3QYC9/5VEeDckaFlRM0tZNJ3TwcpAFxbYBW
Uni36T510ri+vHBpCrl9ur9mAkbTZA==
=PffT
-----END PGP SIGNATURE-----

3
curl-8.12.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d
size 2777552

11
curl-8.12.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmejHBkACgkQXMkI/bce
EsL+5wgAj2JdxoOAfIUzFDOuMAzNNP4tus8zwLpjIOOYqA8pe13h70fvZDLW8COQ
tGPUItuRetUp0fVxLdsvpZcBa3WnRFYB0BhvEq+pl8bWMo0QptvwxROqW4xra5m2
+sGTzdXfcDdpbB24JTW+dbb9co6ArFuxR8bOgVaoBTuLzmtnXqXaC8mdHI8Bxb5z
UEb3LImtt+nIeijMxz8umQ4ESX4YpbdhCaRag6GQLiR+qq0rUcJYBbUSbXBGLpfW
TZpMmMzO1zHetlj3vSSgyGwAWYQGBpV2lR1jGdN9NBpwI36UUikt8fDPmSnsSu2o
uCMMVe1BwZIJopsuWg/wKNXSWfgd3w==
=n4b5
-----END PGP SIGNATURE-----

85
curl.changes
View File

@ -1,3 +1,88 @@
-------------------------------------------------------------------
Thu Feb 6 07:52:21 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
- Update to 8.12.0:
* Security fixes:
- [bsc#1234068, CVE-2024-11053] curl could leak the password used
for the first host to the followed-to host under certain circumstances.
- [bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry
- [bsc#1236589, CVE-2025-0665] eventfd double close
* Changes:
- curl: add byte range support to --variable reading from file
- curl: make --etag-save acknowledge --create-dirs
- getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
- getinfo: provide info which auth was used for HTTP and proxy
- hyper: drop support
- openssl: add support to use keys and certificates from PKCS#11 provider
- QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
- vtls: feature ssls-export for SSL session im-/export
* Bugfixes:
- altsvc: avoid integer overflow in expire calculation
- asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL
- asyn-ares: fix memory leak
- asyn-ares: initial HTTPS resolve support
- asyn-thread: use c-ares to resolve HTTPS RR
- async-thread: avoid closing eventfd twice
- cd2nroff: do not insist on quoted <> within backticks
- cd2nroff: support "none" as a TLS backend
- conncache: count shutdowns against host and max limits
- content_encoding: drop support for zlib before 1.2.0.4
- content_encoding: namespace GZIP flag constants
- content_encoding: put the decomp buffers into the writer structs
- content_encoding: support use of custom libzstd memory functions
- cookie: cap expire times to 400 days
- cookie: parse only the exact expire date
- curl: return error if etag options are used with multiple URLs
- curl_multi_fdset: include the shutdown connections in the set
- curl_sha512_256: rename symbols to the curl namespace
- curl_url_set.md: adjust the added-in to 7.62.0
- doh: send HTTPS RR requests for all HTTP(S) transfers
- easy: allow connect-only handle reuse with easy_perform
- easy: make curl_easy_perform() return error if connection still there
- easy_lock: use Sleep(1) for thread yield on old Windows
- ECH: update APIs to those agreed with OpenSSL maintainers
- GnuTLS: fix 'time_appconnect' for early data
- HTTP/2: strip TE request header
- http2: fix data_pending check
- http2: fix value stored to 'result' is never read
- http: ignore invalid Retry-After times
- http_aws_sigv4: Fix invalid compare function handling zero-length pairs
- https-connect: start next immediately on failure
- lib: redirect handling by protocol handler
- multi: fix curl_multi_waitfds reporting of fd_count
- netrc: 'default' with no credentials is not a match
- netrc: fix password-only entries
- netrc: restore _netrc fallback logic
- ngtcp2: fix memory leak on connect failure
- openssl: define `HAVE_KEYLOG_CALLBACK` before use
- openssl: fix ECH logic
- osslq: use SSL_poll to determine writeability of QUIC streams
- sectransp: free certificate on error
- select: avoid a NULL deref in cwfds_add_sock
- src: omit hugehelp and ca-embed from libcurltool
- ssl session cache: change cache dimensions
- system.h: add 64-bit curl_off_t definitions for NonStop
- telnet: handle single-byte input option
- TLS: check connection for SSL use, not handler
- tool_formparse.c: make curlx_uztoso a static in here
- tool_formparse: accept digits in --form type= strings
- tool_getparam: ECH param parsing refix
- tool_getparam: fail --hostpubsha256 if libssh2 is not used
- tool_getparam: fix "Ignored Return Value"
- tool_getparam: fix memory leak on error in parse_ech
- tool_getparam: fix the ECH parser
- tool_operate: make --etag-compare always accept a non-existing file
- transfer: fix CURLOPT_CURLU override logic
- urlapi: fix redirect to a new fragment or query (only)
- vquic: make vquic_send_packets not return without setting psent
- vtls: fix default SSL backend as a fallback
- vtls: only remember the expiry timestamp in session cache
- websocket: fix message send corruption
- x509asn1: add parse recursion limit
* Rebase pathes:
- libcurl-ocloexec.patch
- dont-mess-with-rpmoptflags.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com> Wed Dec 11 07:42:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

4
curl.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package curl # spec file for package curl
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,7 +29,7 @@
%endif %endif
Name: curl%{?psuffix} Name: curl%{?psuffix}
Version: 8.11.1 Version: 8.12.0
Release: 0 Release: 0
Summary: A Tool for Transferring Data from URLs Summary: A Tool for Transferring Data from URLs
License: curl License: curl

15
dont-mess-with-rpmoptflags.patch
View File

@ -1,15 +1,16 @@
Index: curl-8.6.0/configure.ac Index: curl-8.12.0/configure.ac
=================================================================== ===================================================================
--- curl-8.6.0.orig/configure.ac --- curl-8.12.0.orig/configure.ac
+++ curl-8.6.0/configure.ac +++ curl-8.12.0/configure.ac
@@ -506,10 +506,6 @@ dnl ************************************ @@ -502,11 +502,6 @@ if test "$curl_cv_native_windows" = "yes
esac
fi
CURL_CHECK_COMPILER
CURL_CHECK_NATIVE_WINDOWS
-CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_DEBUG_OPTS
-CURL_SET_COMPILER_OPTIMIZE_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS
-CURL_SET_COMPILER_WARNING_OPTS -CURL_SET_COMPILER_WARNING_OPTS
-
if test "$compiler_id" = "INTEL_UNIX_C"; then if test "$compiler_id" = "INTEL_UNIX_C"; then
# #
if test "$compiler_num" -ge "1000"; then

53
libcurl-ocloexec.patch
View File

@ -7,32 +7,35 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
compile time is not enough. compile time is not enough.
Index: curl-8.9.0/lib/file.c Index: curl-8.12.0/lib/file.c
=================================================================== ===================================================================
--- curl-8.9.0.orig/lib/file.c --- curl-8.12.0.orig/lib/file.c
+++ curl-8.9.0/lib/file.c +++ curl-8.12.0/lib/file.c
@@ -242,7 +242,7 @@ static CURLcode file_connect(struct Curl @@ -237,7 +237,7 @@ static CURLcode file_connect(struct Curl
} }
} }
#else #else
- fd = open_readonly(real_path, O_RDONLY); - fd = open(real_path, O_RDONLY);
+ fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC); + fd = open(real_path, O_RDONLY|O_CLOEXEC);
file->path = real_path; file->path = real_path;
#endif #endif
#endif #endif
@@ -329,7 +329,7 @@ static CURLcode file_upload(struct Curl_ @@ -321,9 +321,9 @@ static CURLcode file_upload(struct Curl_
else
mode = MODE_DEFAULT|O_TRUNC;
#if (defined(ANDROID) || defined(__ANDROID__)) && \
(defined(__i386__) || defined(__arm__))
- fd = open(file->path, mode, (mode_t)data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, (mode_t)data->set.new_file_perms);
#else
- fd = open(file->path, mode, data->set.new_file_perms); - fd = open(file->path, mode, data->set.new_file_perms);
+ fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms); + fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
#endif
if(fd < 0) { if(fd < 0) {
failf(data, "cannot open %s for writing", file->path); failf(data, "cannot open %s for writing", file->path);
return CURLE_WRITE_ERROR; Index: curl-8.12.0/lib/if2ip.c
Index: curl-8.9.0/lib/if2ip.c
=================================================================== ===================================================================
--- curl-8.9.0.orig/lib/if2ip.c --- curl-8.12.0.orig/lib/if2ip.c
+++ curl-8.9.0/lib/if2ip.c +++ curl-8.12.0/lib/if2ip.c
@@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af, @@ -208,7 +208,7 @@ if2ip_result_t Curl_if2ip(int af,
if(len >= sizeof(req.ifr_name)) if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND; return IF2IP_NOT_FOUND;
@ -42,11 +45,11 @@ Index: curl-8.9.0/lib/if2ip.c
if(CURL_SOCKET_BAD == dummy) if(CURL_SOCKET_BAD == dummy)
return IF2IP_NOT_FOUND; return IF2IP_NOT_FOUND;
Index: curl-8.9.0/configure.ac Index: curl-8.12.0/configure.ac
=================================================================== ===================================================================
--- curl-8.9.0.orig/configure.ac --- curl-8.12.0.orig/configure.ac
+++ curl-8.9.0/configure.ac +++ curl-8.12.0/configure.ac
@@ -441,6 +441,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m @@ -426,6 +426,8 @@ AC_DEFINE_UNQUOTED(CURL_OS, "${host}", [
# Silence warning: ar: 'u' modifier ignored since 'D' is the default # Silence warning: ar: 'u' modifier ignored since 'D' is the default
AC_SUBST(AR_FLAGS, [cr]) AC_SUBST(AR_FLAGS, [cr])
@ -55,10 +58,10 @@ Index: curl-8.9.0/configure.ac
dnl This defines _ALL_SOURCE for AIX dnl This defines _ALL_SOURCE for AIX
CURL_CHECK_AIX_ALL_SOURCE CURL_CHECK_AIX_ALL_SOURCE
Index: curl-8.9.0/lib/hostip.c Index: curl-8.12.0/lib/hostip.c
=================================================================== ===================================================================
--- curl-8.9.0.orig/lib/hostip.c --- curl-8.12.0.orig/lib/hostip.c
+++ curl-8.9.0/lib/hostip.c +++ curl-8.12.0/lib/hostip.c
@@ -44,6 +44,7 @@ @@ -44,6 +44,7 @@
#include <setjmp.h> #include <setjmp.h>
#include <signal.h> #include <signal.h>
@ -67,7 +70,7 @@ Index: curl-8.9.0/lib/hostip.c
#include "urldata.h" #include "urldata.h"
#include "sendf.h" #include "sendf.h"
#include "hostip.h" #include "hostip.h"
@@ -616,7 +617,7 @@ bool Curl_ipv6works(struct Curl_easy *da @@ -624,7 +625,7 @@ bool Curl_ipv6works(struct Curl_easy *da
else { else {
int ipv6_works = -1; int ipv6_works = -1;
/* probe to see if we have a working IPv6 stack */ /* probe to see if we have a working IPv6 stack */
@ -76,11 +79,11 @@ Index: curl-8.9.0/lib/hostip.c
if(s == CURL_SOCKET_BAD) if(s == CURL_SOCKET_BAD)
/* an IPv6 address was requested but we cannot get/use one */ /* an IPv6 address was requested but we cannot get/use one */
ipv6_works = 0; ipv6_works = 0;
Index: curl-8.9.0/lib/cf-socket.c Index: curl-8.12.0/lib/cf-socket.c
=================================================================== ===================================================================
--- curl-8.9.0.orig/lib/cf-socket.c --- curl-8.12.0.orig/lib/cf-socket.c
+++ curl-8.9.0/lib/cf-socket.c +++ curl-8.12.0/lib/cf-socket.c
@@ -360,7 +360,9 @@ static CURLcode socket_open(struct Curl_ @@ -367,7 +367,9 @@ static CURLcode socket_open(struct Curl_
} }
else { else {
/* opensocket callback not set, so simply create the socket now */ /* opensocket callback not set, so simply create the socket now */