Accepting request 1163135 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 8.7.1: * Fixed empty tool_hugehelp.c file - Update to 8.7.0: * Security fixes: - [bsc#1221665, CVE-2024-2004] Usage of disabled protocol - [bsc#1221667, CVE-2024-2398] HTTP/2 push headers memory-leak - [bsc#1221666, CVE-2024-2379] QUIC certificate check bypass with wolfSSL - [bsc#1221668, CVE-2024-2466] TLS certificate check bypass with mbedTLS * Changes: - configure: add --disable-docs flag - CURLINFO_USED_PROXY: return bool whether the proxy was used - digest: support SHA-512/256 * Bugfixes: - asyn-thread: use wakeup_close to close the read descriptor - bufq: writing into a softlimit queue cannot be partial - cmake: add USE_OPENSSL_QUIC support - cookie: if psl fails, reject the cookie - curl: exit on config file parser errors - digest: add check for hashing error - docs/libcurl: add TLS backend info for all TLS options - file: use xfer buf for file:// transfers - ftp: do lineend conversions in client writer - ftp: fix socket wait activity in ftp_domore_getsock - http2: memory errors in the push callbacks are fatal - http2: push headers better cleanup - libssh/libssh2: return error on too big range - OpenSSL QUIC: adapt to v3.3.x - setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value - setopt: fix disabling all protocols - sha512_256: add support for GnuTLS and OpenSSL OBS-URL: https://build.opensuse.org/request/show/1163135 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=359
2024-03-27 19:18:25 +00:00 · 2024-03-27 19:18:25 +00:00 · 73125545f4
commit 73125545f4
parent 6e41d11b09
7 changed files with 69 additions and 89 deletions
--- a/0001-vtls-revert-receive-max-buffer-add-test-case.patch
+++ b/0001-vtls-revert-receive-max-buffer-add-test-case.patch
@ -1,70 +0,0 @@
-From e00609fc15f5d5adaf0896b751bf2c3a74a5f6f4 Mon Sep 17 00:00:00 2001
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 1 Feb 2024 18:15:50 +0100
-Subject: [PATCH] vtls: revert "receive max buffer" + add test case
-
- add test_05_04 for requests using http/1.0, http/1.1 and h2 against an
-  Apache resource that does an unclean TLS shutdown.
- revert special workarund in openssl.c for suppressing shutdown errors
-  on multiplexed connections
- vlts.c restore to its state before 9a90c9dd64d2f03601833a70786d485851bd1b53
-
-Fixes #12885
-Fixes #12844
-
-Closes #12848
-
-(cherry picked from commit ed09a99af57200643d5ae001e815eeab9ffe3f84)
---
- lib/vtls/vtls.c                               | 27 +++++--------------
- tests/http/test_05_errors.py                  | 27 +++++++++++++++++++
- tests/http/testenv/httpd.py                   |  7 ++++-
- .../http/testenv/mod_curltest/mod_curltest.c  |  2 +-
- 4 files changed, 40 insertions(+), 23 deletions(-)
-
-diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
-index e928ba5d0..f654a9749 100644
--- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-@@ -1715,32 +1715,17 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,
- {
-   struct cf_call_data save;
-   ssize_t nread;
-  size_t ntotal = 0;
- 
-   CF_DATA_SAVE(save, cf, data);
-   *err = CURLE_OK;
-  /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */
-  while(!ntotal || (len - ntotal) > (4*1024)) {
-+  nread = Curl_ssl->recv_plain(cf, data, buf, len, err);
-+  if(nread > 0) {
-+    DEBUGASSERT((size_t)nread <= len);
-+  }
-+  else if(nread == 0) {
-+    /* eof */
-     *err = CURLE_OK;
-    nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);
-    if(nread < 0) {
-      if(*err == CURLE_AGAIN && ntotal > 0) {
-        /* we EAGAINed after having reed data, return the success amount */
-        *err = CURLE_OK;
-        break;
-      }
-      /* we have a an error to report */
-      goto out;
-    }
-    else if(nread == 0) {
-      /* eof */
-      break;
-    }
-    ntotal += (size_t)nread;
-    DEBUGASSERT((size_t)ntotal <= len);
-   }
-  nread = (ssize_t)ntotal;
-out:
-   CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,
-               nread, *err);
-   CF_DATA_RESTORE(cf, save);
-- 
-2.43.0
-
--- a/curl-8.6.0.tar.xz
+++ b/curl-8.6.0.tar.xz
--- a/curl-8.6.0.tar.xz.asc
+++ b/curl-8.6.0.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmW58RcACgkQXMkI/bce
-EsKLvgf9Em0etBEnbJzkhmCiKUOfn3sTKhIHA4y1/O+anaNfEx0E89VUQuFZRcUz
-i4ENOVjTXxVy4zZUobOOWz7RXrvv6XnX9A++RYkBoEk4mmNB3A6ShsTeCR2mS4yi
-dL5UfH2YEu7B6x/ONROKKuGawsqw0D6wzVgrD+J1e8Bu+1P8YOUqsQWVJmJFlYMN
-2A8NP4GZHnmP3rnupx1RY3/MgJU0FjlQ428BOA7PIiYKEVto0dp6cqd4AQsLgQPy
-J1RBcge1Uwqe+k/IenUx7bUaQfr+NY34ryrMxbLPghPimfeyjjsDxyr+OwoQM1aw
-64WqLXBgQmhluT0STyHdD0Tc/JHYrw==
-=GboB
-----END PGP SIGNATURE-----
--- a/curl-8.7.1.tar.xz
+++ b/curl-8.7.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd
+size 2707016
--- a/curl-8.7.1.tar.xz.asc
+++ b/curl-8.7.1.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmYD0u8ACgkQXMkI/bce
+EsIquAgAkZkPn+TF2xrzo1jaMVN/BN1011zI3wrkbItsD2FZnYbSDQCg1WquFKlD
+JlOO8NL59A5jLpQN/J6SHUlg/1ns2HNpuq1KORkUzcjF0r5ATcXPDN+qVWBZZeiS
+ERatBCS044oyEWBoONFMthmT2jFYaa7eo+i/0dExFPeCRdd//MeyurKrSN2XRPIU
+DPL3a99x96sckC9d7iDTyD8bnVv7EQ0ZGg0HOhO7ooKfW1wXBsyIUwPkSQmo8Wjn
+NccJ3bt/Ci9sVWVqNqksAnl6NpIv2+2TYeaoeJVVdw8NXjd4JDZPgYHxWUo5FLQi
+Jol6ZvHY4Rt0nk8DItBeCvOd3f8ssw==
+=dTjQ
+-----END PGP SIGNATURE-----
--- a/curl.changes
+++ b/curl.changes
@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Wed Mar 27 09:38:34 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.7.1:
+  * Fixed empty tool_hugehelp.c file
+
+- Update to 8.7.0:
+  * Security fixes:
+    - [bsc#1221665, CVE-2024-2004] Usage of disabled protocol
+    - [bsc#1221667, CVE-2024-2398] HTTP/2 push headers memory-leak
+    - [bsc#1221666, CVE-2024-2379] QUIC certificate check bypass with wolfSSL
+    - [bsc#1221668, CVE-2024-2466] TLS certificate check bypass with mbedTLS
+  * Changes:
+    - configure: add --disable-docs flag
+    - CURLINFO_USED_PROXY: return bool whether the proxy was used
+    - digest: support SHA-512/256
+  * Bugfixes:
+    - asyn-thread: use wakeup_close to close the read descriptor
+    - bufq: writing into a softlimit queue cannot be partial
+    - cmake: add USE_OPENSSL_QUIC support
+    - cookie: if psl fails, reject the cookie
+    - curl: exit on config file parser errors
+    - digest: add check for hashing error
+    - docs/libcurl: add TLS backend info for all TLS options
+    - file: use xfer buf for file:// transfers
+    - ftp: do lineend conversions in client writer
+    - ftp: fix socket wait activity in ftp_domore_getsock
+    - http2: memory errors in the push callbacks are fatal
+    - http2: push headers better cleanup
+    - libssh/libssh2: return error on too big range
+    - OpenSSL QUIC: adapt to v3.3.x
+    - setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
+    - setopt: fix disabling all protocols
+    - sha512_256: add support for GnuTLS and OpenSSL
+    - smtp: fix STARTTLS
+    - strtoofft: fix the overflow check
+    - TIMER_STARTTRANSFER: set the same for everyone
+    - TLS: start shutdown only when peer did not already close
+    - tool_getparam: accept a blank -w ""
+    - tool_getparam: handle non-existing (out of range) short-options
+    - tool_operate: change precedence of server Retry-After time
+    - transfer.c: break receive loop in speed limited transfers
+    - version: allow building with ancient libpsl
+    - vquic-tls: fix the error code returned for bad CA file
+    - vtls: fix tls proxy peer verification
+    - vtls: revert "receive max buffer" + add test case
+    - VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
+    - websocket: fix curl_ws_recv()
+  * Remove patch upstream:
+    - 0001-vtls-revert-receive-max-buffer-add-test-case.patch
+
 -------------------------------------------------------------------
 Tue Mar 12 08:43:30 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

--- a/curl.spec
+++ b/curl.spec
@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        8.6.0
+Version:        8.7.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@ -35,8 +35,6 @@ Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
-# PATCH-FIX-UPSTREAM
-Patch4:         0001-vtls-revert-receive-max-buffer-add-test-case.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
@ -125,7 +123,9 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
    --with-libssh \
    --enable-symbol-hiding \
    --disable-static \
-    --enable-threaded-resolver
+    --enable-threaded-resolver \
+    --with-zsh-functions-dir=%{_datadir}/zsh/site-functions/ \
+    --with-fish-functions-dir=%{_datadir}/fish/vendor_completions.d

 # if this fails, the above sed hack did not work
 ./libtool --config | grep -q link_all_deplibs=no
@ -161,7 +161,6 @@ popd
 %{_bindir}/curl
 %{_datadir}/zsh/site-functions/_curl
 %{_mandir}/man1/curl.1%{?ext_man}
-%{_mandir}/man1/mk-ca-bundle.1%{?ext_man}
 %dir %{_datadir}/zsh
 %dir %{_datadir}/zsh/site-functions
 %dir %{_datadir}/fish/