pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1163135 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

Browse Source 
- Update to 8.7.1:
  * Fixed empty tool_hugehelp.c file
- Update to 8.7.0:
  * Security fixes:
    - [bsc#1221665, CVE-2024-2004] Usage of disabled protocol
    - [bsc#1221667, CVE-2024-2398] HTTP/2 push headers memory-leak
    - [bsc#1221666, CVE-2024-2379] QUIC certificate check bypass with wolfSSL
    - [bsc#1221668, CVE-2024-2466] TLS certificate check bypass with mbedTLS
  * Changes:
    - configure: add --disable-docs flag
    - CURLINFO_USED_PROXY: return bool whether the proxy was used
    - digest: support SHA-512/256
  * Bugfixes:
    - asyn-thread: use wakeup_close to close the read descriptor
    - bufq: writing into a softlimit queue cannot be partial
    - cmake: add USE_OPENSSL_QUIC support
    - cookie: if psl fails, reject the cookie
    - curl: exit on config file parser errors
    - digest: add check for hashing error
    - docs/libcurl: add TLS backend info for all TLS options
    - file: use xfer buf for file:// transfers
    - ftp: do lineend conversions in client writer
    - ftp: fix socket wait activity in ftp_domore_getsock
    - http2: memory errors in the push callbacks are fatal
    - http2: push headers better cleanup
    - libssh/libssh2: return error on too big range
    - OpenSSL QUIC: adapt to v3.3.x
    - setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
    - setopt: fix disabling all protocols
    - sha512_256: add support for GnuTLS and OpenSSL

OBS-URL: https://build.opensuse.org/request/show/1163135
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=359
This commit is contained in:
Pedro Monreal Gonzalez 2024-03-27 19:18:25 +00:00 committed by Git OBS Bridge
parent 6e41d11b09
commit 73125545f4
7 changed files with 69 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
0001-vtls-revert-receive-max-buffer-add-test-case.patch
View File

@ -1,70 +0,0 @@
From e00609fc15f5d5adaf0896b751bf2c3a74a5f6f4 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 1 Feb 2024 18:15:50 +0100
Subject: [PATCH] vtls: revert "receive max buffer" + add test case
- add test_05_04 for requests using http/1.0, http/1.1 and h2 against an
Apache resource that does an unclean TLS shutdown.
- revert special workarund in openssl.c for suppressing shutdown errors
on multiplexed connections
- vlts.c restore to its state before 9a90c9dd64d2f03601833a70786d485851bd1b53
Fixes #12885
Fixes #12844
Closes #12848
(cherry picked from commit ed09a99af57200643d5ae001e815eeab9ffe3f84)
---
lib/vtls/vtls.c | 27 +++++--------------
tests/http/test_05_errors.py | 27 +++++++++++++++++++
tests/http/testenv/httpd.py | 7 ++++-
.../http/testenv/mod_curltest/mod_curltest.c | 2 +-
4 files changed, 40 insertions(+), 23 deletions(-)
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index e928ba5d0..f654a9749 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -1715,32 +1715,17 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,
{
struct cf_call_data save;
ssize_t nread;
- size_t ntotal = 0;
CF_DATA_SAVE(save, cf, data);
*err = CURLE_OK;
- /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */
- while(!ntotal || (len - ntotal) > (4*1024)) {
+ nread = Curl_ssl->recv_plain(cf, data, buf, len, err);
+ if(nread > 0) {
+ DEBUGASSERT((size_t)nread <= len);
+ }
+ else if(nread == 0) {
+ /* eof */
*err = CURLE_OK;
- nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err);
- if(nread < 0) {
- if(*err == CURLE_AGAIN && ntotal > 0) {
- /* we EAGAINed after having reed data, return the success amount */
- *err = CURLE_OK;
- break;
- }
- /* we have a an error to report */
- goto out;
- }
- else if(nread == 0) {
- /* eof */
- break;
- }
- ntotal += (size_t)nread;
- DEBUGASSERT((size_t)ntotal <= len);
}
- nread = (ssize_t)ntotal;
-out:
CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len,
nread, *err);
CF_DATA_RESTORE(cf, save);
--
2.43.0

BIN
curl-8.6.0.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

11
curl-8.6.0.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmW58RcACgkQXMkI/bce
EsKLvgf9Em0etBEnbJzkhmCiKUOfn3sTKhIHA4y1/O+anaNfEx0E89VUQuFZRcUz
i4ENOVjTXxVy4zZUobOOWz7RXrvv6XnX9A++RYkBoEk4mmNB3A6ShsTeCR2mS4yi
dL5UfH2YEu7B6x/ONROKKuGawsqw0D6wzVgrD+J1e8Bu+1P8YOUqsQWVJmJFlYMN
2A8NP4GZHnmP3rnupx1RY3/MgJU0FjlQ428BOA7PIiYKEVto0dp6cqd4AQsLgQPy
J1RBcge1Uwqe+k/IenUx7bUaQfr+NY34ryrMxbLPghPimfeyjjsDxyr+OwoQM1aw
64WqLXBgQmhluT0STyHdD0Tc/JHYrw==
=GboB
-----END PGP SIGNATURE-----

3
curl-8.7.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd
size 2707016

11
curl-8.7.1.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmYD0u8ACgkQXMkI/bce
EsIquAgAkZkPn+TF2xrzo1jaMVN/BN1011zI3wrkbItsD2FZnYbSDQCg1WquFKlD
JlOO8NL59A5jLpQN/J6SHUlg/1ns2HNpuq1KORkUzcjF0r5ATcXPDN+qVWBZZeiS
ERatBCS044oyEWBoONFMthmT2jFYaa7eo+i/0dExFPeCRdd//MeyurKrSN2XRPIU
DPL3a99x96sckC9d7iDTyD8bnVv7EQ0ZGg0HOhO7ooKfW1wXBsyIUwPkSQmo8Wjn
NccJ3bt/Ci9sVWVqNqksAnl6NpIv2+2TYeaoeJVVdw8NXjd4JDZPgYHxWUo5FLQi
Jol6ZvHY4Rt0nk8DItBeCvOd3f8ssw==
=dTjQ
-----END PGP SIGNATURE-----

51
curl.changes
View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Wed Mar 27 09:38:34 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 8.7.1:
* Fixed empty tool_hugehelp.c file
- Update to 8.7.0:
* Security fixes:
- [bsc#1221665, CVE-2024-2004] Usage of disabled protocol
- [bsc#1221667, CVE-2024-2398] HTTP/2 push headers memory-leak
- [bsc#1221666, CVE-2024-2379] QUIC certificate check bypass with wolfSSL
- [bsc#1221668, CVE-2024-2466] TLS certificate check bypass with mbedTLS
* Changes:
- configure: add --disable-docs flag
- CURLINFO_USED_PROXY: return bool whether the proxy was used
- digest: support SHA-512/256
* Bugfixes:
- asyn-thread: use wakeup_close to close the read descriptor
- bufq: writing into a softlimit queue cannot be partial
- cmake: add USE_OPENSSL_QUIC support
- cookie: if psl fails, reject the cookie
- curl: exit on config file parser errors
- digest: add check for hashing error
- docs/libcurl: add TLS backend info for all TLS options
- file: use xfer buf for file:// transfers
- ftp: do lineend conversions in client writer
- ftp: fix socket wait activity in ftp_domore_getsock
- http2: memory errors in the push callbacks are fatal
- http2: push headers better cleanup
- libssh/libssh2: return error on too big range
- OpenSSL QUIC: adapt to v3.3.x
- setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
- setopt: fix disabling all protocols
- sha512_256: add support for GnuTLS and OpenSSL
- smtp: fix STARTTLS
- strtoofft: fix the overflow check
- TIMER_STARTTRANSFER: set the same for everyone
- TLS: start shutdown only when peer did not already close
- tool_getparam: accept a blank -w ""
- tool_getparam: handle non-existing (out of range) short-options
- tool_operate: change precedence of server Retry-After time
- transfer.c: break receive loop in speed limited transfers
- version: allow building with ancient libpsl
- vquic-tls: fix the error code returned for bad CA file
- vtls: fix tls proxy peer verification
- vtls: revert "receive max buffer" + add test case
- VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
- websocket: fix curl_ws_recv()
* Remove patch upstream:
- 0001-vtls-revert-receive-max-buffer-add-test-case.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 12 08:43:30 UTC 2024 - Pedro Monreal <pmonreal@suse.com> Tue Mar 12 08:43:30 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

9
curl.spec
View File

@ -21,7 +21,7 @@
# need ssl always for python-pycurl # need ssl always for python-pycurl
%bcond_without openssl %bcond_without openssl
Name: curl Name: curl
Version: 8.6.0 Version: 8.7.1
Release: 0 Release: 0
Summary: A Tool for Transferring Data from URLs Summary: A Tool for Transferring Data from URLs
License: curl License: curl
@ -35,8 +35,6 @@ Patch1: dont-mess-with-rpmoptflags.patch
Patch2: curl-secure-getenv.patch Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch Patch3: curl-disabled-redirect-protocol-message.patch
# PATCH-FIX-UPSTREAM
Patch4: 0001-vtls-revert-receive-max-buffer-add-test-case.patch
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig BuildRequires: pkgconfig
Requires: libcurl4 = %{version} Requires: libcurl4 = %{version}
@ -125,7 +123,9 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
--with-libssh \ --with-libssh \
--enable-symbol-hiding \ --enable-symbol-hiding \
--disable-static \ --disable-static \
--enable-threaded-resolver --enable-threaded-resolver \
--with-zsh-functions-dir=%{_datadir}/zsh/site-functions/ \
--with-fish-functions-dir=%{_datadir}/fish/vendor_completions.d
# if this fails, the above sed hack did not work # if this fails, the above sed hack did not work
./libtool --config | grep -q link_all_deplibs=no ./libtool --config | grep -q link_all_deplibs=no
@ -161,7 +161,6 @@ popd
%{_bindir}/curl %{_bindir}/curl
%{_datadir}/zsh/site-functions/_curl %{_datadir}/zsh/site-functions/_curl
%{_mandir}/man1/curl.1%{?ext_man} %{_mandir}/man1/curl.1%{?ext_man}
%{_mandir}/man1/mk-ca-bundle.1%{?ext_man}
%dir %{_datadir}/zsh %dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions %dir %{_datadir}/zsh/site-functions
%dir %{_datadir}/fish/ %dir %{_datadir}/fish/