Accepting request 856452 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 7.74.0 * Changes: hsts: add experimental support for Strict-Transport-Security * Bugfixes: - Inferior OCSP verification [bsc#1179593, CVE-2020-8286] - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285] - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284] - Revert "multi: implement wait using winsock events" - openssl: free mem_buf in error path - ntlm: avoid malloc(0) on zero length user and domain - ngtcp2: use the minimal version of QUIC supported by ngtcp2 - ngtcp2: advertise h3 ALPN unconditionally - file: avoid duplicated code sequence - openssl: guard against OOM on context creation - docs: document the 8MB input string limit for curl_easy_escape and curl_easy_setopt() - hsts: add read/write callbacks - hsts: add support for Strict-Transport-Security - alt-svc: enable by default - checksrc: warn on empty line before open brace - connect: repair build without ipv6 availability - curl.se: new home - ftp: retry getpeername for FTP with TCP_FASTOPEN - gnutls: fix memory leaks (certfields memory wasn't released) - http: pass correct header size to debug callback for chunked post - libssh2: fix transport over HTTPS proxy - openssl: guard against OOM on context creation - openssl: use OPENSSL_init_ssl() with >= 1.1.0 - Revert "multi: implement wait using winsock events" - socks: check for DNS entries with the right port number OBS-URL: https://build.opensuse.org/request/show/856452 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=288
2020-12-19 18:24:38 +00:00 · 2020-12-19 18:24:38 +00:00 · 4faea07c93
commit 4faea07c93
parent 2871dab525
9 changed files with 85 additions and 76 deletions
--- a/curl-7.73.0.tar.xz
+++ b/curl-7.73.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:7c4c7ca4ea88abe00fea4740dcf81075c031b1d0bb23aff2d5efde20a3c2408a
 size 2394228
--- a/curl-7.73.0.tar.xz.asc
+++ b/curl-7.73.0.tar.xz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl+GkkYACgkQXMkI/bce
 EsI5vwf+NwIw3Jmn9lW7/VHNgFWB1Qa0gB4KlDISM2qG9CHzeIW8K50g2JiIAuLa
 CVOfuMi/jg1r2INRLErZzdGDtD71TzjaEv6A/dxWL+k5/ieFxmH5iC80rYWi8EE9
 sv/bx8vEq8ikIqqV7KxYPlX8xMJBMfCs+TNQbzYM3WUDMLYJLpuNiWrzS6h8+mPq
 4w8qYyrNI5x/J3HSJuzyoJy0ueQOQ6CaZwV/ViGBLmFkMKgsAXJu9ImRMmJXKAk5
 MLiVUKI1KpHJNHZS5pLIP5wrjIN3z7FIRxThJ6f/IqUF1mIc6MNnqcER6lBtxeq4
 SuRq9Dx5W2en/g+I5iic8GwkDD+U6A==
 =W3Yh
 -----END PGP SIGNATURE-----
--- a/curl-7.74.0.tar.xz
+++ b/curl-7.74.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b
 size 2400972
--- a/curl-7.74.0.tar.xz.asc
+++ b/curl-7.74.0.tar.xz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl/QcZ8ACgkQXMkI/bce
 EsJYnggAs5MbJByXsUEI3LzdRvjb2s/dNS/+ubJ98GL+ed8uVsLmGxdF0fS9EPVX
 +KoaYbaZwjZJH43+UyqtoFr4GQKhxxhcyZi3477s9Ws9x60yEA21oIggkQLF6X+E
 OEymG0YmNUn/6vvWizCWZtE7TkoWAXEzPLyVbBzoFzfmgzxiQ9//usKCaDh/nCWA
 kouxubBJbpdjk8KTnVf5HMP5PJKs9LeiVh9B2F+Rq1cEvzLrxNlDYptEgH/ml5Sd
 WsWeWttngs2pnZu0pMQNGhdXp6XC5lteN21C1/3hy3KVFUnkqaA+1IHm39wBE73j
 Bmnoi36d+Ub6ZT3Va84Dp/tWJ65Xig==
 =9ka/
 -----END PGP SIGNATURE-----
--- a/curl-disabled-redirect-protocol-message.patch
+++ b/curl-disabled-redirect-protocol-message.patch
@ -10,8 +10,8 @@ Index: curl-7.63.0/lib/url.c
 +       !(data->set.redir_protocols & p->protocol)) {
       /* nope, get out */
 -      ;
-+       failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
+       failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
-+	     protostr);
+             LIBCURL_NAME, protostr);
 +
 +       return CURLE_UNSUPPORTED_PROTOCOL;
 +    }
--- a/curl-use_OPENSSL_config.patch
+++ b/curl-use_OPENSSL_config.patch
@ -1,32 +0,0 @@
 This basically reverts  https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a
 Index: curl-7.65.2/lib/vtls/openssl.c
 ===================================================================
 --- curl-7.65.2.orig/lib/vtls/openssl.c
 +++ curl-7.65.2/lib/vtls/openssl.c
@@ -1026,22 +1026,12 @@ static int Curl_ossl_init(void)
   ENGINE_load_builtin_engines();
 #endif
 -/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and
 -   0.9.8e */
 -#ifndef CONF_MFLAGS_DEFAULT_SECTION
 -#define CONF_MFLAGS_DEFAULT_SECTION 0x0
 -#endif
 -
 -#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
 -  CONF_modules_load_file(NULL, NULL,
 -                         CONF_MFLAGS_DEFAULT_SECTION|
 -                         CONF_MFLAGS_IGNORE_MISSING_FILE);
 -#endif
 -
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
     !defined(LIBRESSL_VERSION_NUMBER)
 -  /* OpenSSL 1.1.0+ takes care of initialization itself */
 +  OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else
 +  OPENSSL_config(NULL);
 +
   /* Lets get nice error messages */
   SSL_load_error_strings();
--- a/curl.changes
+++ b/curl.changes
@ -1,3 +1,55 @@
 -------------------------------------------------------------------
 Mon Dec 14 15:25:07 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
 - Update to 7.74.0 
  * Changes:
    hsts: add experimental support for Strict-Transport-Security
  * Bugfixes:
    - Inferior OCSP verification  [bsc#1179593, CVE-2020-8286]
    - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285]
    - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284]
    - Revert "multi: implement wait using winsock events"
    - openssl: free mem_buf in error path
    - ntlm: avoid malloc(0) on zero length user and domain
    - ngtcp2: use the minimal version of QUIC supported by ngtcp2
    - ngtcp2: advertise h3 ALPN unconditionally
    - file: avoid duplicated code sequence
    - openssl: guard against OOM on context creation
    - docs: document the 8MB input string limit for curl_easy_escape
      and curl_easy_setopt()
    - hsts: add read/write callbacks
    - hsts: add support for Strict-Transport-Security
    - alt-svc: enable by default
    - checksrc: warn on empty line before open brace
    - connect: repair build without ipv6 availability
    - curl.se: new home
    - ftp: retry getpeername for FTP with TCP_FASTOPEN
    - gnutls: fix memory leaks (certfields memory wasn't released)
    - http: pass correct header size to debug callback for chunked post
    - libssh2: fix transport over HTTPS proxy
    - openssl: guard against OOM on context creation
    - openssl: use OPENSSL_init_ssl() with >= 1.1.0
    - Revert "multi: implement wait using winsock events"
    - socks: check for DNS entries with the right port number
    - tool_operate: --retry for HTTP 408 responses too
    - tool_operate: bail out proper on errors during parallel transfers
    - urlapi: don't accept blank port number field without scheme
    - urlapi: URL encode a '+' in the query part
    - vquic/ngtcp2.h: define local_addr as sockaddr_storage
 - Update check section:
  * runtests now supports dynamically base64 encoded sections in tests
  * Replace env interpreter for perl and python3
 - Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization
  has been updated to use OPENSSL_init_ssl() with >= 1.1.0
 -------------------------------------------------------------------
 Tue Oct 20 10:33:34 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
 - Update patches to fix compiling warnings:
  * curl-disabled-redirect-protocol-message.patch
  * libcurl-ocloexec.patch
 - Enable test 1165
 -------------------------------------------------------------------
 Wed Oct 14 21:29:48 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
--- a/curl.spec
+++ b/curl.spec
@ -21,21 +21,20 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.73.0
+Version:        7.74.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
-URL:            https://curl.haxx.se/
+URL:            https://curl.se
-Source:         https://curl.haxx.se/download/curl-%{version}.tar.xz
+Source:         https://curl.se/download/curl-%{version}.tar.xz
-Source2:        https://curl.haxx.se/download/curl-%{version}.tar.xz.asc
+Source2:        https://curl.se/download/curl-%{version}.tar.xz.asc
 Source3:        baselibs.conf
 Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch2:         curl-secure-getenv.patch
 # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
-Patch4:         curl-disabled-redirect-protocol-message.patch
+Patch3:         curl-disabled-redirect-protocol-message.patch
 Patch5:         curl-use_OPENSSL_config.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
@ -92,18 +91,14 @@ user interaction or any kind of interactivity.
 %patch0 -p1
 %patch1
 %patch2
-%patch4 -p1
+%patch3 -p1
 %patch5 -p1
 # disable new failing test 1165
 echo "1165" >> tests/data/DISABLED
 %build
 # curl complains if macro definition is contained in CFLAGS
 # see m4/xc-val-flgs.m4
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
 CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
-export CPPFLAGS CFLAGS
+export CPPFLAGS
 export CFLAGS="$CFLAGS -fPIE"
 export LDFLAGS="$LDFLAGS -pie"
 autoreconf -fiv
@ -135,25 +130,17 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
 # if this fails, the above sed hack did not work
 ./libtool --config | grep -q link_all_deplibs=no
 # enable-hidden-symbols needs gcc4 and causes that curl exports only its API
-make %{?_smp_mflags} V=1
+%make_build
 %if %{with testsuite}
 %check
 pushd tests
-make %{?_smp_mflags} V=1
+%make_build
 # make sure the testsuite runs don't race on MP machines in autobuild
 if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
 	. /.buildenv
 fi
 if test -z "$BUILD_INCARNATION"; then
 	BUILD_INCARNATION=0
 fi
-base=$((8990 + $BUILD_INCARNATION * 20))
+find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
-# bug940009 do not run flaky tests for any architecture
+find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
 # at least test 1510 do fail for i586 and ppc64le
 perl ./runtests.pl -a -v -p -b$base '!flaky' || exit
 perl ./runtests.pl -a -v -p '!flaky' || exit
 popd
 %endif
@ -170,7 +157,7 @@ popd
 %files
 %doc README RELEASE-NOTES CHANGES
-%doc docs/{BUGS.md,FAQ,FEATURES,TODO,TheArtOfHttpScripting.md}
+%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
 %{_bindir}/curl
 %{_datadir}/zsh/site-functions/_curl
 %{_mandir}/man1/curl.1%{?ext_man}
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@ -68,12 +68,14 @@ Index: curl-7.69.0/lib/connect.c
 ===================================================================
 --- curl-7.69.0.orig/lib/connect.c
 +++ curl-7.69.0/lib/connect.c
-@@ -1529,7 +1529,7 @@ CURLcode Curl_socket(struct connectdata
+@@ -1529,7 +1529,9 @@ CURLcode Curl_socket(struct connectdata
   }
   else
     /* opensocket callback not set, so simply create the socket now */
 -    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
-+    *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
+    *sockfd = socket(addr->family,
 +                     addr->socktype | SOCK_CLOEXEC,
 +                     addr->protocol);
   if(*sockfd == CURL_SOCKET_BAD)
     /* no socket, no connection */