Accepting request 919263 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/919263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=169

curl-7.78.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5
-size 2440640

curl-7.78.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmD3wwYACgkQXMkI/bce
-EsIFMggAt5xxRun4gxld2xZB0shI8fDhjGwMK+uQNpDnnt509j/UZ9+yfDra3Stl
-BHeQXSnTE6y4dKfXIkq4q3sSX2XZUuFRLHMhzH99FsY6bxgOSnZi/iIZv/RLLXTX
-NGlDR93OfsYg9UNkZVeZlFo9262f6rz7P5EsHa4HlCS0xpvLCU7q2dtkDu8SQSW1
-sQiEZOhsyXoiqqrLAgTIP9psHt6dE7qoYh1hS6b+7S9d87MSkL5MEnHukFkemlzC
-7d9cYD9Bah1LfAaYunvzPuC9FoF6gonGPrw3tLECdl2P9PpnrGeV1Z/Nhmu0d5mN
-E2A1BXBqLs8UVo4vUbiNLk0gB3TmHg==
-=yVDK
------END PGP SIGNATURE-----

curl-7.79.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a1420076f9ffc35c982c78e85b7a69e2ef5d532267895fdb2eac16ad9b680c9
+size 2463072

curl-7.79.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmFBj6gACgkQXMkI/bce
+EsJkpQgAuTRPniJDsiVa9yqtfgSNq2BG3u+JpcKFC3bJ/PB2DAtNVORNrTYkk3B1
+wIgfVWYBBJiCXoy5Ivof0MIfUM8kMFJXwHfy0Gs5/60GCy5mXOvVC7IEmKZ24lOU
+7cNNzNkyR69z1yWM1VFfaDNmO3+GWIvM2YJTEdHlAxABR71FfW/ARtXjSFEJ01FL
+t9IyDiH56cCkWEFFvM2YxNo0IjduvC5pLBiGfrBe5bAKV63Z0/Qtp18zoVaYgv6Y
++yLxv4jgteN/wrTHXVQ5o6FiqoTP/OEpJOLe1Zd4sJhMBkobCPwi5HHAjbavqeFc
+3zs3aRTNMaVdvv4VqFhO5o8u2kZEbg==
+=2Tq/
+-----END PGP SIGNATURE-----

curl.changes

@@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Wed Sep 15 15:08:18 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Temporarily disable flaky test 1184
+  * See https://github.com/curl/curl/issues/7725
+
+-------------------------------------------------------------------
+Wed Sep 15 06:21:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 7.79.0: [bsc#1190213, CVE-2021-22945]
+  [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947]
+  * Changes:
+    - bearssl: support CURLOPT_CAINFO_BLOB
+    - http: consider cookies over localhost to be secure
+    - secure transport: support CURLINFO_CERTINFO
+  * Bugfixes:
+    - CVE-2021-22945: clear the leftovers pointer when sending succeeds
+    - CVE-2021-22946: do not ignore --ssl-reqd
+    - CVE-2021-22947: reject STARTTLS server response pipelining
+    - auth: do not append zero-terminator to authorisation id in kerberos
+    - auth: properly handle byte order in kerberos security message
+    - auth: use sasl authzid option in kerberos
+    - auth: we do not support a security layer after kerberos authentication
+    - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
+    - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
+    - c-hyper: initial step for 100-continue support
+    - c-hyper: initial support for "dumping" 1xx HTTP responses
+    - curl-openssl.m4: show correct output for OpenSSL v3
+    - docs/MQTT: update state of username/password support
+    - docs: the security list is reached at security at curl.se now
+    - getparameter: fix the --local-port number parser
+    - hostip: Make Curl_ipv6works function independent of getaddrinfo
+    - http_proxy: fix the User-Agent inclusion in CONNECT
+    - http_proxy: fix user-agent and custom headers for CONNECT with hyper
+    - http_proxy: only wait for writable socket while sending request
+    - mailing lists: move from cool.haxx.se to lists.haxx.se
+    - mbedtls: avoid using a large buffer on the stack
+    - mbedTLS: initial 3.0.0 support
+    - ngtcp2: remove the acked_crypto_offset struct field init
+    - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
+    - ngtcp2: reset the oustanding send buffer again when drained
+    - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
+    - ngtcp2: stop buffering crypto data
+    - ngtcp2: utilize crypto API functions to simplify
+    - openssl: when creating a new context, there cannot be an old one
+    - scripts: invoke interpreters through /usr/bin/env
+    - tests/runtests.pl: cleanup copy&paste mistakes and unused code
+    - tests: be explicit about using 'python3' instead of 'python'
+    - tool/tests: fix potential year 2038 issues
+    - tool_operate: Fix --fail-early with parallel transfers
+    - x509asn1: fix heap over-read when parsing x509 certificates
+  * Rebase libcurl-ocloexec.patch
+
 -------------------------------------------------------------------
 Wed Jul 21 06:50:22 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.78.0
+Version:        7.79.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -142,6 +142,9 @@ pushd tests
 find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
 find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +
 
+# temporarily disable flaky test 1184, see https://github.com/curl/curl/issues/7725
+printf "1184\n" >> data/DISABLED
+
 perl ./runtests.pl -a -v -p '!flaky' || exit
 popd
 %endif

libcurl-ocloexec.patch

@@ -7,11 +7,11 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
 compile time is not enough.
 
 
-Index: curl-7.75.0/lib/file.c
+Index: curl-7.79.0/lib/file.c
 ===================================================================
---- curl-7.75.0.orig/lib/file.c
-+++ curl-7.75.0/lib/file.c
-@@ -193,7 +193,7 @@ static CURLcode file_connect(struct Curl
+--- curl-7.79.0.orig/lib/file.c
++++ curl-7.79.0/lib/file.c
+@@ -194,7 +194,7 @@ static CURLcode file_connect(struct Curl
      return CURLE_URL_MALFORMAT;
    }
  
@@ -20,70 +20,48 @@ Index: curl-7.75.0/lib/file.c
    file->path = real_path;
  #endif
    file->freepath = real_path; /* free this when done */
-@@ -277,7 +277,7 @@ static CURLcode file_upload(struct Curl_
+@@ -278,7 +278,7 @@ static CURLcode file_upload(struct Curl_
    else
      mode = MODE_DEFAULT|O_TRUNC;
  
 -  fd = open(file->path, mode, data->set.new_file_perms);
-+  fd = open(file->path, mode | O_CLOEXEC, data->set.new_file_perms);
++  fd = open(file->path, mode|O_CLOEXEC, data->set.new_file_perms);
    if(fd < 0) {
      failf(data, "Can't open %s for writing", file->path);
      return CURLE_WRITE_ERROR;
-Index: curl-7.75.0/lib/hostip6.c
+Index: curl-7.79.0/lib/if2ip.c
 ===================================================================
---- curl-7.75.0.orig/lib/hostip6.c
-+++ curl-7.75.0/lib/hostip6.c
-@@ -44,7 +44,7 @@
- #ifdef HAVE_PROCESS_H
- #include <process.h>
- #endif
--
-+#include <fcntl.h>
- #include "urldata.h"
- #include "sendf.h"
- #include "hostip.h"
-@@ -75,7 +75,7 @@ bool Curl_ipv6works(struct Curl_easy *da
-   else {
-     int ipv6_works = -1;
-     /* probe to see if we have a working IPv6 stack */
--    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
-+    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
-     if(s == CURL_SOCKET_BAD)
-       /* an IPv6 address was requested but we can't get/use one */
-       ipv6_works = 0;
-Index: curl-7.75.0/lib/if2ip.c
-===================================================================
---- curl-7.75.0.orig/lib/if2ip.c
-+++ curl-7.75.0/lib/if2ip.c
+--- curl-7.79.0.orig/lib/if2ip.c
++++ curl-7.79.0/lib/if2ip.c
 @@ -202,7 +202,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
    if(len >= sizeof(req.ifr_name))
      return IF2IP_NOT_FOUND;
  
 -  dummy = socket(AF_INET, SOCK_STREAM, 0);
-+  dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
++  dummy = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0);
    if(CURL_SOCKET_BAD == dummy)
      return IF2IP_NOT_FOUND;
  
-Index: curl-7.75.0/lib/connect.c
+Index: curl-7.79.0/lib/connect.c
 ===================================================================
---- curl-7.75.0.orig/lib/connect.c
-+++ curl-7.75.0/lib/connect.c
-@@ -1575,7 +1575,9 @@ CURLcode Curl_socket(struct Curl_easy *d
+--- curl-7.79.0.orig/lib/connect.c
++++ curl-7.79.0/lib/connect.c
+@@ -1598,7 +1598,9 @@ CURLcode Curl_socket(struct Curl_easy *d
    }
    else
      /* opensocket callback not set, so simply create the socket now */
 -    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
 +    *sockfd = socket(addr->family,
-+                     addr->socktype | SOCK_CLOEXEC,
++                     addr->socktype|SOCK_CLOEXEC,
 +                     addr->protocol);
  
    if(*sockfd == CURL_SOCKET_BAD)
      /* no socket, no connection */
-Index: curl-7.75.0/configure.ac
+Index: curl-7.79.0/configure.ac
 ===================================================================
---- curl-7.75.0.orig/configure.ac
-+++ curl-7.75.0/configure.ac
-@@ -189,6 +189,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-7.79.0.orig/configure.ac
++++ curl-7.79.0/configure.ac
+@@ -297,6 +297,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
  # Silence warning: ar: 'u' modifier ignored since 'D' is the default
  AC_SUBST(AR_FLAGS, [cr])
  
@@ -92,3 +70,25 @@ Index: curl-7.75.0/configure.ac
  dnl This defines _ALL_SOURCE for AIX
  CURL_CHECK_AIX_ALL_SOURCE
  
+Index: curl-7.79.0/lib/hostip.c
+===================================================================
+--- curl-7.79.0.orig/lib/hostip.c
++++ curl-7.79.0/lib/hostip.c
+@@ -49,7 +49,7 @@
+ #ifdef HAVE_PROCESS_H
+ #include <process.h>
+ #endif
+-
++#include <fcntl.h>
+ #include "urldata.h"
+ #include "sendf.h"
+ #include "hostip.h"
+@@ -549,7 +549,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+   else {
+     int ipv6_works = -1;
+     /* probe to see if we have a working IPv6 stack */
+-    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
++    curl_socket_t s = socket(PF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+     if(s == CURL_SOCKET_BAD)
+       /* an IPv6 address was requested but we can't get/use one */
+       ipv6_works = 0;