Accepting request 1073050 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 8.0.0:
* Security fixes:
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
- HSTS double-free [bsc#1209213, CVE-2023-27537]
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
* Changes:
- build: remove support for curl_off_t < 8 bytes
* Bugfixes:
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
- BINDINGS: add Fortran binding
- cf-socket: use port 80 when resolving name for local bind
- cookie: don't load cookies again when flushing
- curl_path: create the new path with dynbuf
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
- ftp: active mode with SSL, add the filter
- hostip: avoid sscanf and extra buffer copies
- http2: fix for http2-prior-knowledge when reusing connections
- http2: fix handling of RST and GOAWAY to recognize partial transfers
- http: don't send 100-continue for short PUT requests
- http: fix unix domain socket use in https connects
- libssh: use dynbuf instead of realloc
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
- sectransp: make read_cert() use a dynbuf when loading
- telnet: only accept option arguments in ascii
- telnet: parse telnet options without sscanf
- url: fix the SSH connection reuse check
OBS-URL: https://build.opensuse.org/request/show/1073050
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=330
This commit is contained in:
Git OBS Bridge
parent
4e4d9e6376
commit
4a9f41fa87
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
|
||||
size 2581032
|
||||
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmPzIdAACgkQXMkI/bce
|
||||
EsLgMgf9HwAPLRXj1ARTSFffsrf5eWiRpTO8dY2wVSPPAn7DXZyT5TP/+6tPJ2vf
|
||||
THbU/LzV1MH2Tyf4uWMHfPSpVsDH9MchVtqn3abXumuqczf14FTNKqsDXL/OMbkn
|
||||
9XV7qh3UOx3NuMR5TYc91fZMwo36TEYSrzU/X6cqv/e4fXNm6fX/shXQ75MJ6hic
|
||||
7rk/ilRX+L6Y43x3h0U6oBaICcLNnplJBazBY81y3EHbFmvdyDd41nik1TWgqNYL
|
||||
jIZ9LK6iUAav54/B9DxcDIKBAS0ZHMmnl1xth/KkTry1MWFi2jHJxAYccC7wTjgO
|
||||
bDNgD0z3z9mJ2rw/IALYBFBZQ3ed1A==
|
||||
=Z5N5
|
||||
-----END PGP SIGNATURE-----
|
||||
3
curl-8.0.0.tar.xz
Normal file
3
curl-8.0.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:759690f9a375a720f8bcce9f953897b0d93f31eed9649b74f846d54bbf63bbcc
|
||||
size 2576600
|
||||
11
curl-8.0.0.tar.xz.asc
Normal file
11
curl-8.0.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmQYBjcACgkQXMkI/bce
|
||||
EsJ5hwf7B6EuxhuuaXOjbJwsXkT3AJ//9JKaWVYBzouu99MT5qRVxEV1ilSumjOe
|
||||
JCIAK1hNKhI4q4ug8j/HroJAl3ts8Qp4bIUE/+KjoZAIgEZodAaLaxa3OP72mSwx
|
||||
I10kWse/zahOxveIDcAxh1WBt/viaPLxYBoeQ48D0HWEOr4dyOOrnrtfsu8+a2aX
|
||||
/7g5+/883XNNpdH2DjysoV8uvghf1fmFkditC1uM6U9Qsv1ur+NM7+Y3Ebb30hEg
|
||||
92OgaNJxiRmgPOYUptkMWZGWt/k5MsMDmklaZlSeDaxMoyEWbiKa9f9CCveUYoID
|
||||
uZj1DLZ54JFDA4cSedPV3vxZ4D74aA==
|
||||
=y0Xt
|
||||
-----END PGP SIGNATURE-----
|
||||
38
curl.changes
38
curl.changes
@ -1,3 +1,41 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 20 07:19:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to 8.0.0:
|
||||
* Security fixes:
|
||||
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
|
||||
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
|
||||
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
|
||||
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
|
||||
- HSTS double-free [bsc#1209213, CVE-2023-27537]
|
||||
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
|
||||
* Changes:
|
||||
- build: remove support for curl_off_t < 8 bytes
|
||||
* Bugfixes:
|
||||
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
|
||||
- BINDINGS: add Fortran binding
|
||||
- cf-socket: use port 80 when resolving name for local bind
|
||||
- cookie: don't load cookies again when flushing
|
||||
- curl_path: create the new path with dynbuf
|
||||
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
|
||||
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
|
||||
- ftp: active mode with SSL, add the filter
|
||||
- hostip: avoid sscanf and extra buffer copies
|
||||
- http2: fix for http2-prior-knowledge when reusing connections
|
||||
- http2: fix handling of RST and GOAWAY to recognize partial transfers
|
||||
- http: don't send 100-continue for short PUT requests
|
||||
- http: fix unix domain socket use in https connects
|
||||
- libssh: use dynbuf instead of realloc
|
||||
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
|
||||
- sectransp: make read_cert() use a dynbuf when loading
|
||||
- telnet: only accept option arguments in ascii
|
||||
- telnet: parse telnet options without sscanf
|
||||
- url: fix the SSH connection reuse check
|
||||
- url: only reuse connections with same GSS delegation
|
||||
- urlapi: '%' is illegal in host names
|
||||
- ws: keep the socket non-blocking
|
||||
* Rebase libcurl-ocloexec.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 20 10:35:11 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
# need ssl always for python-pycurl
|
||||
%bcond_without openssl
|
||||
Name: curl
|
||||
Version: 7.88.1
|
||||
Version: 8.0.0
|
||||
Release: 0
|
||||
Summary: A Tool for Transferring Data from URLs
|
||||
License: curl
|
||||
|
||||
@ -7,10 +7,10 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
|
||||
compile time is not enough.
|
||||
|
||||
|
||||
Index: curl-7.88.0/lib/file.c
|
||||
Index: curl-8.0.0/lib/file.c
|
||||
===================================================================
|
||||
--- curl-7.88.0.orig/lib/file.c
|
||||
+++ curl-7.88.0/lib/file.c
|
||||
--- curl-8.0.0.orig/lib/file.c
|
||||
+++ curl-8.0.0/lib/file.c
|
||||
@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
|
||||
}
|
||||
}
|
||||
@ -29,10 +29,10 @@ Index: curl-7.88.0/lib/file.c
|
||||
if(fd < 0) {
|
||||
failf(data, "Can't open %s for writing", file->path);
|
||||
return CURLE_WRITE_ERROR;
|
||||
Index: curl-7.88.0/lib/if2ip.c
|
||||
Index: curl-8.0.0/lib/if2ip.c
|
||||
===================================================================
|
||||
--- curl-7.88.0.orig/lib/if2ip.c
|
||||
+++ curl-7.88.0/lib/if2ip.c
|
||||
--- curl-8.0.0.orig/lib/if2ip.c
|
||||
+++ curl-8.0.0/lib/if2ip.c
|
||||
@@ -206,7 +206,7 @@ if2ip_result_t Curl_if2ip(int af,
|
||||
if(len >= sizeof(req.ifr_name))
|
||||
return IF2IP_NOT_FOUND;
|
||||
@ -42,10 +42,10 @@ Index: curl-7.88.0/lib/if2ip.c
|
||||
if(CURL_SOCKET_BAD == dummy)
|
||||
return IF2IP_NOT_FOUND;
|
||||
|
||||
Index: curl-7.88.0/configure.ac
|
||||
Index: curl-8.0.0/configure.ac
|
||||
===================================================================
|
||||
--- curl-7.88.0.orig/configure.ac
|
||||
+++ curl-7.88.0/configure.ac
|
||||
--- curl-8.0.0.orig/configure.ac
|
||||
+++ curl-8.0.0/configure.ac
|
||||
@@ -420,6 +420,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
|
||||
# Silence warning: ar: 'u' modifier ignored since 'D' is the default
|
||||
AC_SUBST(AR_FLAGS, [cr])
|
||||
@ -55,10 +55,10 @@ Index: curl-7.88.0/configure.ac
|
||||
dnl This defines _ALL_SOURCE for AIX
|
||||
CURL_CHECK_AIX_ALL_SOURCE
|
||||
|
||||
Index: curl-7.88.0/lib/hostip.c
|
||||
Index: curl-8.0.0/lib/hostip.c
|
||||
===================================================================
|
||||
--- curl-7.88.0.orig/lib/hostip.c
|
||||
+++ curl-7.88.0/lib/hostip.c
|
||||
--- curl-8.0.0.orig/lib/hostip.c
|
||||
+++ curl-8.0.0/lib/hostip.c
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <signal.h>
|
||||
#endif
|
||||
@ -67,7 +67,7 @@ Index: curl-7.88.0/lib/hostip.c
|
||||
#include "urldata.h"
|
||||
#include "sendf.h"
|
||||
#include "hostip.h"
|
||||
@@ -576,7 +577,7 @@ bool Curl_ipv6works(struct Curl_easy *da
|
||||
@@ -582,7 +583,7 @@ bool Curl_ipv6works(struct Curl_easy *da
|
||||
else {
|
||||
int ipv6_works = -1;
|
||||
/* probe to see if we have a working IPv6 stack */
|
||||
@ -76,18 +76,18 @@ Index: curl-7.88.0/lib/hostip.c
|
||||
if(s == CURL_SOCKET_BAD)
|
||||
/* an IPv6 address was requested but we can't get/use one */
|
||||
ipv6_works = 0;
|
||||
Index: curl-7.88.0/lib/cf-socket.c
|
||||
Index: curl-8.0.0/lib/cf-socket.c
|
||||
===================================================================
|
||||
--- curl-7.88.0.orig/lib/cf-socket.c
|
||||
+++ curl-7.88.0/lib/cf-socket.c
|
||||
--- curl-8.0.0.orig/lib/cf-socket.c
|
||||
+++ curl-8.0.0/lib/cf-socket.c
|
||||
@@ -252,7 +252,9 @@ static CURLcode socket_open(struct Curl_
|
||||
}
|
||||
else {
|
||||
/* opensocket callback not set, so simply create the socket now */
|
||||
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
|
||||
+ *sockfd = socket(addr->family,
|
||||
+ addr->socktype|SOCK_CLOEXEC,
|
||||
+ addr->protocol);
|
||||
if(!*sockfd && addr->socktype == SOCK_DGRAM) {
|
||||
/* This is icky and seems, at least, to happen on macOS:
|
||||
* we get sockfd == 0 and if called again, we get a valid one > 0.
|
||||
+ addr->socktype|SOCK_CLOEXEC,
|
||||
+ addr->protocol);
|
||||
}
|
||||
|
||||
if(*sockfd == CURL_SOCKET_BAD)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user