Accepting request 645709 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to version 7.62.0
 Changes:
  * multiplex: enable by default
  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
  * setopt: add CURLOPT_DOH_URL
  * curl: --doh-url added
  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
  * imap: change from "FETCH" to "UID FETCH"
  * configure: add option to disable automatic OpenSSL config loading
  * upkeep: add a connection upkeep API: curl_easy_upkeep()
  * URL-API: added five new functions
  * vtls: MesaLink is a new TLS backend 
 Bugfixes:
  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
  * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
  * Curl_dedotdotify(): always nul terminate returned string
  * Curl_follow: Always free the passed new URL
  * Curl_http2_done: fix memleak in error path
  * Curl_retry_request: fix memory leak
  * Curl_saferealloc: Fixed typo in docblock
  * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
  * GnutTLS: TLS 1.3 support
  * SECURITY-PROCESS: mention the bountygraph program
  * VS projects: add USE_IPV6:
  * certs: generate tests certs with sha256 digest algorithm
  * checksrc: enable strict mode and warnings
  * checksrc: handle zero scoped ignore commands
  * cmake: Backport to work with CMake 3.0 again

OBS-URL: https://build.opensuse.org/request/show/645709
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=235

curl-7.61.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eaa812e9a871ea10dbe8e1d3f8f12a64a8e3e62aeab18cb23742e2f1727458ae
-size 3986062

curl-7.61.1.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAluPblgACgkQXMkI/bce
-EsIhWgf/THAQX5B2B5icUfPheWyv+laMcHU1FS3RgzYu/ImIT2DqiL8kNtSebNkf
-pcZzpWmOB3OBrWJSrhkMkLUfbiWksPKgLUGSc6W4BQxkLZ9wyH/oxkfgxrzDo4a2
-TeQTmON38uICPsRtGZwWTVRu4ppHTUAAfNjrigP4LmxaLYdmtQaggF7MUnhzmJFB
-F+1Hba6N/Qxe0PLTAF4X0Kk5wqmk5pA3lhI0mfBtvJ8uoSzGvOsddNXrmMco9qzR
-st3SAd8d7i5QyNjavYptDc0sMGof0WRelezE5EvEu54xQvTI/16CkbsVe0rvgJNz
-8YmRMg4KnoY7R9qy3i11rulgBUpyVA==
-=3S8D
------END PGP SIGNATURE-----

curl-7.62.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:55ccd5b5209f8cc53d4250e2a9fd87e6f67dd323ae8bd7d06b072cfcbb7836cb
+size 4045208

curl-7.62.0.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlvZT5sACgkQXMkI/bce
+EsKCDQf/R6zItdEu4ZcmrfsQQcMBpwfHJgqJa2G5ozy3ztNSbENHpuvNU+YYGGdv
+G+YdTWhY9WFnYUkU02U/hT5AmwXqK7u/X65cJIEkAJddIimNjHwhmfhdsxalNAfo
+brdRicnj2J0cEcbCCnNKHnqxigQXshn68s1O1IRDrsUU2YtkLvp/jzbbU6K5vDUI
+93sOjVkb/sLb2/slgIQaAL/NzxSFPCP0Oo1PzVA1Nbaogd9yiHQPmLt8k9DnzduX
+bChxjufO0vGSeCjHCTPepHMQ/7Q+ZyKiW/+VjbsMTyswkbQoGFNiCj+UFa25bmlH
+iJl0KCaGIWOVhGoQ/ln8fONNgcXvZA==
+=ATDv
+-----END PGP SIGNATURE-----

curl-disabled-redirect-protocol-message.patch

@@ -1,18 +1,20 @@
---- a/lib/url.c	
-+++ a/lib/url.c	
-@@ -1955,9 +1955,13 @@ static CURLcode findprotocol(struct Curl_easy *data,
-       /* it is allowed for "normal" request, now do an extra check if this is
-          the result of a redirect */
-       if(data->state.this_is_a_follow &&
--         !(data->set.redir_protocols & p->protocol))
-+         !(data->set.redir_protocols & p->protocol)) {
-         /* nope, get out */
--        break;
-+        failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
-+              protostr);
+Index: curl-7.62.0/lib/url.c
+===================================================================
+--- curl-7.62.0.orig/lib/url.c
++++ curl-7.62.0/lib/url.c
+@@ -1976,9 +1976,13 @@ static CURLcode findprotocol(struct Curl
+     /* it is allowed for "normal" request, now do an extra check if this is
+        the result of a redirect */
+     if(data->state.this_is_a_follow &&
+-       !(data->set.redir_protocols & p->protocol))
++       !(data->set.redir_protocols & p->protocol)) {
+       /* nope, get out */
+-      ;
++       failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
++	     protostr);
 +
-+        return CURLE_UNSUPPORTED_PROTOCOL;
-+      }
- 
++       return CURLE_UNSUPPORTED_PROTOCOL;
++    }
+     else {
        /* Perform setup complement if some. */
        conn->handler = conn->given = p;

curl-mini.changes

@@ -1,3 +1,123 @@
+-------------------------------------------------------------------
+Wed Oct 31 09:23:37 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to version 7.62.0
+ Changes:
+  * multiplex: enable by default
+  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
+  * setopt: add CURLOPT_DOH_URL
+  * curl: --doh-url added
+  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
+  * imap: change from "FETCH" to "UID FETCH"
+  * configure: add option to disable automatic OpenSSL config loading
+  * upkeep: add a connection upkeep API: curl_easy_upkeep()
+  * URL-API: added five new functions
+  * vtls: MesaLink is a new TLS backend 
+ Bugfixes:
+  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
+  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
+  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
+  * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
+  * Curl_dedotdotify(): always nul terminate returned string
+  * Curl_follow: Always free the passed new URL
+  * Curl_http2_done: fix memleak in error path
+  * Curl_retry_request: fix memory leak
+  * Curl_saferealloc: Fixed typo in docblock
+  * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
+  * GnutTLS: TLS 1.3 support
+  * SECURITY-PROCESS: mention the bountygraph program
+  * VS projects: add USE_IPV6:
+  * certs: generate tests certs with sha256 digest algorithm
+  * checksrc: enable strict mode and warnings
+  * checksrc: handle zero scoped ignore commands
+  * cmake: Backport to work with CMake 3.0 again
+  * cmake: Improve config installation
+  * cmake: add support for transitive ZLIB target
+  * cmake: disable -Wpedantic-ms-format
+  * cmake: don't require OpenSSL if USE_OPENSSL=OFF
+  * cmake: fixed path used in generation of docs/tests
+  * cmake: remove unused *SOCKLEN_T variables
+  * cmake: suppress MSVC warning C4127 for libtest
+  * cmake: test and set missed defines during configuration
+  * config: Remove unused SIZEOF_VOIDP
+  * configure: force-use -lpthreads on HPUX
+  * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
+  * configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
+  * cookies: Remove redundant expired check
+  * cookies: fix leak when writing cookies to file
+  * curl-config.in: remove dependency on bc
+  * curl.1: --ipv6 mutexes ipv4 (fixed typo)
+  * curl: update the documentation of --tlsv1.0
+  * curl_multi_wait: call getsock before figuring out timeout
+  * curl_ntlm_wb: check aprintf() return codes
+  * data-binary.d: clarify default content-type is x-www-form-urlencoded
+  * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
+  * docs/CIPHERS: fix the TLS 1.3 cipher names
+  * docs/CIPHERS: mention the colon separation for OpenSSL
+  * docs/examples: URL updates
+  * docs: add "see also" links for SSL options
+  * example/asiohiper: insert warning comment about its status
+  * example/htmltidy: fix include paths of tidy libraries
+  * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
+  * examples/parseurl.c: show off the URL API
+  * examples: Fix memory leaks from realloc errors
+  * examples: do not wait when no transfers are running
+  * ftp: include command in Curl_ftpsend sendbuffer
+  * gskit: make sure to terminate version string
+  * gtls: Values stored to but never read
+  * hostip: fix check on Curl_shuffle_addr return value
+  * http2: fix memory leaks on error-path
+  * http: fix memleak in rewind error path
+  * krb5: fix memory leak in krb_auth
+  * memory: add missing curl_printf header
+  * memory: ensure to check allocation results
+  * multi: Fix error handling in the SENDPROTOCONNECT state
+  * multi: fix memory leak in content encoding related error path
+  * multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
+  * netrc: free temporary strings if memory allocation fails
+  * nss: try to connect even if libnssckbi.so fails to load
+  * ntlm_wb: Fix memory leaks in ntlm_wb_response
+  * ntlm_wb: bail out if the response gets overly large
+  * openssl: assume engine support in 0.9.8 or later
+  * openssl: enable TLS 1.3 post-handshake auth
+  * openssl: fix gcc8 warning
+  * openssl: load built-in engines too
+  * openssl: make 'done' a proper boolean
+  * openssl: output the correct cipher list on TLS 1.3 error
+  * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
+  * openssl: show "proper" version number for libressl builds
+  * pipelining: deprecated
+  * rand: add comment to skip a clang-tidy false positive
+  * rtmp: fix for compiling with lwIP
+  * runtests: ignore disabled even when ranges are given
+  * schannel: unified error code handling
+  * sendf: Fix whitespace in infof/failf concatenation
+  * ssh: free the session on init failures
+  * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
+  * system.h: use proper setting with Sun C++ as well
+  * test1299: use single quotes around asterisk
+  * test1452: mark as flaky
+  * test1651: unit test Curl_extract_certinfo()
+  * test320: strip out more HTML when comparing
+  * tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
+  * tests: add unit tests for url.c
+  * tool_cb_hdr: handle failure of rename()
+  * travis: add a "make tidy" build that runs clang-tidy
+  * travis: add build for "configure --disable-verbose"
+  * travis: bump the Secure Transport build to use xcode
+  * travis: make distcheck scan for BOM markers
+  * unit1300: fix stack-use-after-scope AddressSanitizer warning
+  * urldata: Fix "connecting" comment
+  * urlglob: improve error message on bad globs
+  * vtls: fix ssl version "or later" behavior change for many backends
+  * x509asn1: Fix SAN IP address verification
+  * x509asn1: always check return code from getASN1Element()
+  * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
+  * x509asn1: suppress left shift on signed value
+- Rebased patches after update:
+  * curl-disabled-redirect-protocol-message.patch
+  * curl-use_OPENSSL_config.patch
+
 -------------------------------------------------------------------
 Wed Sep  5 07:12:59 UTC 2018 - Karol Babioch <kbabioch@suse.com>
 

curl-mini.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -29,7 +29,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl-mini
-Version:        7.61.1
+Version:        7.62.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl

curl-use_OPENSSL_config.patch

@@ -1,10 +1,10 @@
 This basically reverts  https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a
 
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 80e9bf940..ba227891f 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -925,26 +925,12 @@ static int Curl_ossl_init(void)
+Index: curl-7.62.0/lib/vtls/openssl.c
+===================================================================
+--- curl-7.62.0.orig/lib/vtls/openssl.c
++++ curl-7.62.0/lib/vtls/openssl.c
+@@ -982,28 +982,12 @@ static int Curl_ossl_init(void)
    ENGINE_load_builtin_engines();
  #endif
  
@@ -20,9 +20,11 @@ index 80e9bf940..ba227891f 100644
 -#define CONF_MFLAGS_DEFAULT_SECTION 0x0
 -#endif
 -
+-#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
 -  CONF_modules_load_file(NULL, NULL,
 -                         CONF_MFLAGS_DEFAULT_SECTION|
 -                         CONF_MFLAGS_IGNORE_MISSING_FILE);
+-#endif
 -
  #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
      !defined(LIBRESSL_VERSION_NUMBER)

curl.changes

@@ -1,3 +1,123 @@
+-------------------------------------------------------------------
+Wed Oct 31 09:23:37 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to version 7.62.0
+ Changes:
+  * multiplex: enable by default
+  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
+  * setopt: add CURLOPT_DOH_URL
+  * curl: --doh-url added
+  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
+  * imap: change from "FETCH" to "UID FETCH"
+  * configure: add option to disable automatic OpenSSL config loading
+  * upkeep: add a connection upkeep API: curl_easy_upkeep()
+  * URL-API: added five new functions
+  * vtls: MesaLink is a new TLS backend 
+ Bugfixes:
+  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
+  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
+  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
+  * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
+  * Curl_dedotdotify(): always nul terminate returned string
+  * Curl_follow: Always free the passed new URL
+  * Curl_http2_done: fix memleak in error path
+  * Curl_retry_request: fix memory leak
+  * Curl_saferealloc: Fixed typo in docblock
+  * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
+  * GnutTLS: TLS 1.3 support
+  * SECURITY-PROCESS: mention the bountygraph program
+  * VS projects: add USE_IPV6:
+  * certs: generate tests certs with sha256 digest algorithm
+  * checksrc: enable strict mode and warnings
+  * checksrc: handle zero scoped ignore commands
+  * cmake: Backport to work with CMake 3.0 again
+  * cmake: Improve config installation
+  * cmake: add support for transitive ZLIB target
+  * cmake: disable -Wpedantic-ms-format
+  * cmake: don't require OpenSSL if USE_OPENSSL=OFF
+  * cmake: fixed path used in generation of docs/tests
+  * cmake: remove unused *SOCKLEN_T variables
+  * cmake: suppress MSVC warning C4127 for libtest
+  * cmake: test and set missed defines during configuration
+  * config: Remove unused SIZEOF_VOIDP
+  * configure: force-use -lpthreads on HPUX
+  * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
+  * configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
+  * cookies: Remove redundant expired check
+  * cookies: fix leak when writing cookies to file
+  * curl-config.in: remove dependency on bc
+  * curl.1: --ipv6 mutexes ipv4 (fixed typo)
+  * curl: update the documentation of --tlsv1.0
+  * curl_multi_wait: call getsock before figuring out timeout
+  * curl_ntlm_wb: check aprintf() return codes
+  * data-binary.d: clarify default content-type is x-www-form-urlencoded
+  * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
+  * docs/CIPHERS: fix the TLS 1.3 cipher names
+  * docs/CIPHERS: mention the colon separation for OpenSSL
+  * docs/examples: URL updates
+  * docs: add "see also" links for SSL options
+  * example/asiohiper: insert warning comment about its status
+  * example/htmltidy: fix include paths of tidy libraries
+  * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
+  * examples/parseurl.c: show off the URL API
+  * examples: Fix memory leaks from realloc errors
+  * examples: do not wait when no transfers are running
+  * ftp: include command in Curl_ftpsend sendbuffer
+  * gskit: make sure to terminate version string
+  * gtls: Values stored to but never read
+  * hostip: fix check on Curl_shuffle_addr return value
+  * http2: fix memory leaks on error-path
+  * http: fix memleak in rewind error path
+  * krb5: fix memory leak in krb_auth
+  * memory: add missing curl_printf header
+  * memory: ensure to check allocation results
+  * multi: Fix error handling in the SENDPROTOCONNECT state
+  * multi: fix memory leak in content encoding related error path
+  * multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
+  * netrc: free temporary strings if memory allocation fails
+  * nss: try to connect even if libnssckbi.so fails to load
+  * ntlm_wb: Fix memory leaks in ntlm_wb_response
+  * ntlm_wb: bail out if the response gets overly large
+  * openssl: assume engine support in 0.9.8 or later
+  * openssl: enable TLS 1.3 post-handshake auth
+  * openssl: fix gcc8 warning
+  * openssl: load built-in engines too
+  * openssl: make 'done' a proper boolean
+  * openssl: output the correct cipher list on TLS 1.3 error
+  * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
+  * openssl: show "proper" version number for libressl builds
+  * pipelining: deprecated
+  * rand: add comment to skip a clang-tidy false positive
+  * rtmp: fix for compiling with lwIP
+  * runtests: ignore disabled even when ranges are given
+  * schannel: unified error code handling
+  * sendf: Fix whitespace in infof/failf concatenation
+  * ssh: free the session on init failures
+  * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
+  * system.h: use proper setting with Sun C++ as well
+  * test1299: use single quotes around asterisk
+  * test1452: mark as flaky
+  * test1651: unit test Curl_extract_certinfo()
+  * test320: strip out more HTML when comparing
+  * tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
+  * tests: add unit tests for url.c
+  * tool_cb_hdr: handle failure of rename()
+  * travis: add a "make tidy" build that runs clang-tidy
+  * travis: add build for "configure --disable-verbose"
+  * travis: bump the Secure Transport build to use xcode
+  * travis: make distcheck scan for BOM markers
+  * unit1300: fix stack-use-after-scope AddressSanitizer warning
+  * urldata: Fix "connecting" comment
+  * urlglob: improve error message on bad globs
+  * vtls: fix ssl version "or later" behavior change for many backends
+  * x509asn1: Fix SAN IP address verification
+  * x509asn1: always check return code from getASN1Element()
+  * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
+  * x509asn1: suppress left shift on signed value
+- Rebased patches after update:
+  * curl-disabled-redirect-protocol-message.patch
+  * curl-use_OPENSSL_config.patch
+
 -------------------------------------------------------------------
 Wed Sep  5 07:12:59 UTC 2018 - Karol Babioch <kbabioch@suse.com>
 

curl.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -27,7 +27,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.61.1
+Version:        7.62.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl