Accepting request 973058 from home:david.anes:branches:devel:libraries:c_c++

- Patches rework:
  * Refreshed all patches as -p1.
  * Use autopatch macro.
  * Renamed: 
    - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
  * Removed (already upstream):
    - curl-fix-verifyhost.patch
- Update to 7.83.0:
  * Security fixes:
    - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
    - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
    - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
    - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
  * Changes:
    - curl: add %header{name} experimental support in -w handling
    - curl: add %{header_json} experimental support in -w handling
    - curl: add --no-clobber
    - curl: add --remove-on-error
    - header api: add curl_easy_header and curl_easy_nextheader
    - msh3: add support for QUIC and HTTP/3 using msh3 
  * Bugfixes:
    - appveyor: add Cygwin build
    - appveyor: only add MSYS2 to PATH where required
    - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
    - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
    - BINDINGS.md: add Hollywood binding
    - CI: Do not use buildconf. Instead, just use: autoreconf -fi
    - CI: install Python package impacket to run SMB test 1451
    - configure.ac: move -pthread CFLAGS setting back where it used to be
    - configure: bump the copyright year range int the generated output

OBS-URL: https://build.opensuse.org/request/show/973058
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=310

curl-7.82.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c
-size 2446764

curl-7.82.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmIjIysACgkQXMkI/bce
-EsK2qQf/bcLm7LXO+Cvh0gbbIS9S5uT2/8g8AJ3/dFijs/BvqW85ajsfSCx9Z4+4
-Bad/CfZvuHoBMKKsSC9uSyBzv3UmupEHxYlIw0oik97Q0NDml5czsLJznGEtRiwh
-DzOSl8hwLg3OhHXD/G239oSPk2b7ys1P7KQsdxadaxHaoVjFMT4qI0/1DQBKBb/C
-AnzXcQUii3HEsPwnS7OmTvbXcDR6HS0Pq4b0Usop1YVppUlP5rG/gV6o7ogA13Cv
-yssbfL8fGN3pSgJWtCLoxbIyZbRUROvR74u0ymlf5oLs4bCWzLR9pGKt+oM9YBGq
-m9LkqrxKUEOp36vdLN4UgqGdWLa5zQ==
-=/k1v
------END PGP SIGNATURE-----

curl-7.83.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a
+size 2472560

curl-7.83.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmJo38QACgkQXMkI/bce
+EsL1Uwf/Xg8Prwzathb3KeW0GJl3nvXrsxVgiZ8dKN/21GlYVmDAJqKW9ZvY/z43
+uihaO9OI8p7D7ZAM4JxqOWmYf6e9PadMdCP4nNN00GrZaktV54H7yrdcS7UJrFL8
+ASG0Cjg/gRlZS9O7HtIBVikKaugGc9X2j0n7UbuDlgY8eyUL98dxDxuAHf5QOYCX
+8xvIDQrfHb5y3ZrPJDuxHyeyWUh9lnxv35L6SVFxhaXqxZdFZOWddFsQX4/6xgJ2
+JSOpafG3bGB6YsTZ8fFUgu/5CivEORr4jYMWnnYaruCCCFLbIwXr3a5jOrMmg0Hj
+U7YBDim0fx4Hs1th03Myqkq5QAUXxQ==
+=LoEG
+-----END PGP SIGNATURE-----

curl-disabled-redirect-protocol-message.patch

@@ -1,8 +1,8 @@
-Index: curl-7.63.0/lib/url.c
+Index: curl-7.82.0/lib/url.c
 ===================================================================
---- curl-7.63.0.orig/lib/url.c
-+++ curl-7.63.0/lib/url.c
-@@ -1976,9 +1976,13 @@ static CURLcode findprotocol(struct Curl
+--- curl-7.82.0.orig/lib/url.c
++++ curl-7.82.0/lib/url.c
+@@ -1832,9 +1832,13 @@ static CURLcode findprotocol(struct Curl
      /* it is allowed for "normal" request, now do an extra check if this is
         the result of a redirect */
      if(data->state.this_is_a_follow &&

curl-fix-verifyhost.patch

@@ -1,30 +0,0 @@
-From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 8 Mar 2022 13:38:13 +0100
-Subject: [PATCH] openssl: fix CN check error code
-
-Due to a missing 'else' this returns error too easily.
-
-Regressed in: d15692ebb
-
-Reported-by: Kristoffer Gleditsch
-Fixes #8559
-Closes #8560
----
- lib/vtls/openssl.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
-index 0b79fc50a9c5..4618beeb3867 100644
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
-               memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
-               peer_CN[peerlen] = '\0';
-             }
--            result = CURLE_OUT_OF_MEMORY;
-+            else
-+              result = CURLE_OUT_OF_MEMORY;
-           }
-         }
-         else /* not a UTF8 name */

curl-secure-getenv.patch

@@ -1,7 +1,7 @@
-Index: lib/getenv.c
+Index: curl-7.82.0/lib/getenv.c
 ===================================================================
---- lib/getenv.c.orig
-+++ lib/getenv.c
+--- curl-7.82.0.orig/lib/getenv.c
++++ curl-7.82.0/lib/getenv.c
 @@ -27,6 +27,14 @@
  
  #include "memdebug.h"
@@ -26,11 +26,11 @@ Index: lib/getenv.c
    return (env && env[0])?strdup(env):NULL;
  #endif
  }
-Index: configure.ac
+Index: curl-7.82.0/configure.ac
 ===================================================================
---- configure.ac.orig
-+++ configure.ac
-@@ -4836,6 +4836,8 @@ if test "x$want_curldebug_assumed" = "xy
+--- curl-7.82.0.orig/configure.ac
++++ curl-7.82.0/configure.ac
+@@ -4271,6 +4271,8 @@ if test "x$want_curldebug_assumed" = "xy
    ac_configure_args="$ac_configure_args --enable-curldebug"
  fi
  

curl.changes

@@ -1,3 +1,154 @@
+-------------------------------------------------------------------
+Fri Apr 22 11:39:46 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Patches rework:
+  * Refreshed all patches as -p1.
+  * Use autopatch macro.
+  * Renamed: 
+    - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
+  * Removed (already upstream):
+    - curl-fix-verifyhost.patch
+
+- Update to 7.83.0:
+  * Security fixes:
+    - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
+    - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
+    - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
+    - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
+  * Changes:
+    - curl: add %header{name} experimental support in -w handling
+    - curl: add %{header_json} experimental support in -w handling
+    - curl: add --no-clobber
+    - curl: add --remove-on-error
+    - header api: add curl_easy_header and curl_easy_nextheader
+    - msh3: add support for QUIC and HTTP/3 using msh3 
+  * Bugfixes:
+    - appveyor: add Cygwin build
+    - appveyor: only add MSYS2 to PATH where required
+    - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
+    - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
+    - BINDINGS.md: add Hollywood binding
+    - CI: Do not use buildconf. Instead, just use: autoreconf -fi
+    - CI: install Python package impacket to run SMB test 1451
+    - configure.ac: move -pthread CFLAGS setting back where it used to be
+    - configure: bump the copyright year range int the generated output
+    - conncache: include the zone id in the "bundle" hashkey
+    - connecache: remove duplicate connc->closure_handle check
+    - connect: make Curl_getconnectinfo work with conn cache from share handle
+    - connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
+    - cookie.d: clarify when cookies are sent
+    - cookies: improve errorhandling for reading cookiefile
+    - curl/system.h: update ifdef condition for MCST-LCC compiler
+    - curl: error out if -T and -d are used for the same URL
+    - curl: error out when options need features not present in libcurl
+    - curl: escape '?' in generated --libcurl code
+    - curl: fix segmentation fault for empty output file names.
+    - curl_easy_header: fix typos in documentation
+    - CURLINFO_PRIMARY_PORT.3: clarify which port this is
+    - CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
+    - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
+    - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
+    - CURLOPT_PROGRESSFUNCTION.3: fix typo in example
+    - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
+    - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
+    - docs/HYPER.md: updated to reflect current hyper build needs
+    - docs/opts: Mention Schannel client cert type is P12
+    - docs: Fix missing semicolon in example code
+    - docs: lots of minor language polish
+    - English: use American spelling consistently
+    - fail.d: tweak the description
+    - firefox-db2pem.sh: make the shell script safer
+    - ftp: fix error message for partial file upload
+    - gen.pl: change wording for mutexed options
+    - GHA: add openssl3 jobs moved over from zuul
+    - GHA: build hyper with nightly rustc
+    - GHA: move bearssl jobs over from zuul
+    - gha: move the event-based test over from Zuul
+    - gtls: fix build for disabled TLS-SRP
+    - http2: handle DONE called for the paused stream
+    - http2: RST the stream if we stop it on our own will
+    - http: avoid auth/cookie on redirects same host diff port
+    - http: close the stream (not connection) on time condition abort
+    - http: reject header contents with nul bytes
+    - http: return error on colon-less HTTP headers
+    - http: streamclose "already downloaded"
+    - hyper: fix status_line() return code
+    - hyper: fix tests 580 and 581 for hyper
+    - hyper: no h2c support
+    - infof: consistent capitalization of warning messages
+    - ipv4/6.d: clarify that they are about using IP addresses
+    - json.d: fix typo (overriden -> overridden)
+    - keepalive-time.d: It takes many probes to detect brokenness
+    - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
+    - lib670: avoid double check result
+    - lib: #ifdef on USE_HTTP2 better
+    - lib: fix some misuse of curlx_convert_wchar_to_UTF8
+    - lib: remove exclamation marks
+    - libssh2: compare sha256 strings case sensitively
+    - libssh2: make the md5 comparison fail if wrong length
+    - libssh: fix build with old libssh versions
+    - libssh: fix double close
+    - libssh: Improve fix for missing SSH_S_ stat macros
+    - libssh: unstick SFTP transfers when done event-based
+    - macos: set .plist version in autoconf
+    - mbedtls: remove 'protocols' array from backend when ALPN is not used
+    - mbedtls: remove server_fd from backend
+    - mk-ca-bundle.pl: Use stricter logic to process the certificates
+    - mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
+    - mlc_config.json: add file to ignore known troublesome URLs
+    - mqtt: better handling of TCP disconnect mid-message
+    - ngtcp2: add client certificate authentication for OpenSSL
+    - ngtcp2: avoid busy loop in low CWND situation
+    - ngtcp2: deal with sub-millisecond timeout
+    - ngtcp2: disconnect the QUIC connection proper
+    - ngtcp2: enlarge H3_SEND_SIZE
+    - ngtcp2: fix HTTP/3 upload stall and avoid busy loop
+    - ngtcp2: fix memory leak
+    - ngtcp2: fix QUIC_IDLE_TIMEOUT
+    - ngtcp2: make curl 1ms faster
+    - ngtcp2: remove remote_addr which is not used in a meaningful way
+    - ngtcp2: update to work after recent ngtcp2 updates
+    - ngtcp2: use token when detecting :status header field
+    - nonblock: restore setsockopt method to curlx_nonblock
+    - openssl: check SSL_get_peer_cert_chain return value
+    - openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
+    - openssl: fix CN check error code
+    - options: remove mistaken space before paren in prototype
+    - perl: removed a double semicolon at end of line
+    - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
+    - projects/README: converted to markdown
+    - projects: Update VC version names for VS2017, VS2022
+    - rtsp: don't let CSeq error override earlier errors
+    - runtests: add 'bearssl' as testable feature
+    - runtests: make 'oldlibssh' be before 0.9.4
+    - schannel: remove dead code that will never run
+    - scripts/copyright.pl: ignore the new mlc_config.json file
+    - scripts: move three scripts from lib/ to scripts/
+    - test1135: sync with recent API updates
+    - test1459: disable for oldlibssh
+    - test375: fix line endings on Windows
+    - test386: Fix an incorrect test markup tag
+    - test718: edited slightly to return better HTTP
+    - tests/server/util.h: align WIN32 condition with util.c
+    - tests: refactor server/socksd.c to support --unix-socket
+    - timediff.[ch]: add curlx helper functions for timeval conversions
+    - tls: make mbedtls and NSS check for h2, not nghttp2
+    - tool and tests: force flush of all buffers at end of program
+    - tool_cb_hdr: Turn the Location: into a terminal hyperlink
+    - tool_getparam: error out on missing -K file
+    - tool_listhelp.c: uppercase URL
+    - tool_operate: fix a scan-build warning
+    - tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
+    - transfer: redirects to other protocols or ports clear auth
+    - unit1620: call global_init before calling Curl_open
+    - url: check sasl additional parameters for connection reuse.
+    - vtls: provide a unified APLN-disagree string for all backends
+    - vtls: use a backend standard message for "ALPN: offers %s"
+    - vtls: use a generic "ALPN, server accepted" message
+    - winbuild/README.md: fixup dead link
+    - winbuild: Add a Visual Studio example to the README
+    - wolfssl: fix compiler error without IPv6 
+
 -------------------------------------------------------------------
 Fri Mar 11 16:36:50 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

curl.spec

@@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.82.0
+Version:        7.83.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -31,12 +31,10 @@ Source2:        https://curl.se/download/curl-%{version}.tar.xz.asc
 Source3:        baselibs.conf
 Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
-Patch1:         dont-mess-with-rpmoptflags.diff
+Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
-#PATCH-FIX-UPSTREAM Fix: openssl: fix CN check error code
-Patch4:         curl-fix-verifyhost.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
@@ -93,11 +91,7 @@ user interaction or any kind of interactivity.
 
 %prep
 %setup -q -n curl-%{version}
-%patch0 -p1
-%patch1
-%patch2
-%patch3 -p1
-%patch4 -p1
+%autopatch -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS

dont-mess-with-rpmoptflags.patch

@@ -1,8 +1,8 @@
-Index: configure.ac
+Index: curl-7.82.0/configure.ac
 ===================================================================
---- configure.ac.orig	2013-02-07 11:55:15.150276599 +0100
-+++ configure.ac	2013-02-07 11:55:15.167277116 +0100
-@@ -288,10 +288,6 @@ dnl platform/compiler/architecture speci
+--- curl-7.82.0.orig/configure.ac
++++ curl-7.82.0/configure.ac
+@@ -395,10 +395,6 @@ dnl platform/compiler/architecture speci
  dnl **********************************************************************
  
  CURL_CHECK_COMPILER

libcurl-ocloexec.patch

@@ -7,10 +7,10 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
 compile time is not enough.
 
 
-Index: curl-7.79.0/lib/file.c
+Index: curl-7.82.0/lib/file.c
 ===================================================================
---- curl-7.79.0.orig/lib/file.c
-+++ curl-7.79.0/lib/file.c
+--- curl-7.82.0.orig/lib/file.c
++++ curl-7.82.0/lib/file.c
 @@ -194,7 +194,7 @@ static CURLcode file_connect(struct Curl
      return CURLE_URL_MALFORMAT;
    }
@@ -29,11 +29,11 @@ Index: curl-7.79.0/lib/file.c
    if(fd < 0) {
      failf(data, "Can't open %s for writing", file->path);
      return CURLE_WRITE_ERROR;
-Index: curl-7.79.0/lib/if2ip.c
+Index: curl-7.82.0/lib/if2ip.c
 ===================================================================
---- curl-7.79.0.orig/lib/if2ip.c
-+++ curl-7.79.0/lib/if2ip.c
-@@ -202,7 +202,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
+--- curl-7.82.0.orig/lib/if2ip.c
++++ curl-7.82.0/lib/if2ip.c
+@@ -204,7 +204,7 @@ if2ip_result_t Curl_if2ip(int af,
    if(len >= sizeof(req.ifr_name))
      return IF2IP_NOT_FOUND;
  
@@ -42,11 +42,11 @@ Index: curl-7.79.0/lib/if2ip.c
    if(CURL_SOCKET_BAD == dummy)
      return IF2IP_NOT_FOUND;
  
-Index: curl-7.79.0/lib/connect.c
+Index: curl-7.82.0/lib/connect.c
 ===================================================================
---- curl-7.79.0.orig/lib/connect.c
-+++ curl-7.79.0/lib/connect.c
-@@ -1598,7 +1598,9 @@ CURLcode Curl_socket(struct Curl_easy *d
+--- curl-7.82.0.orig/lib/connect.c
++++ curl-7.82.0/lib/connect.c
+@@ -1622,7 +1622,9 @@ CURLcode Curl_socket(struct Curl_easy *d
    }
    else
      /* opensocket callback not set, so simply create the socket now */
@@ -57,11 +57,11 @@ Index: curl-7.79.0/lib/connect.c
  
    if(*sockfd == CURL_SOCKET_BAD)
      /* no socket, no connection */
-Index: curl-7.79.0/configure.ac
+Index: curl-7.82.0/configure.ac
 ===================================================================
---- curl-7.79.0.orig/configure.ac
-+++ curl-7.79.0/configure.ac
-@@ -297,6 +297,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
+--- curl-7.82.0.orig/configure.ac
++++ curl-7.82.0/configure.ac
+@@ -320,6 +320,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
  # Silence warning: ar: 'u' modifier ignored since 'D' is the default
  AC_SUBST(AR_FLAGS, [cr])
  
@@ -70,10 +70,10 @@ Index: curl-7.79.0/configure.ac
  dnl This defines _ALL_SOURCE for AIX
  CURL_CHECK_AIX_ALL_SOURCE
  
-Index: curl-7.79.0/lib/hostip.c
+Index: curl-7.82.0/lib/hostip.c
 ===================================================================
---- curl-7.79.0.orig/lib/hostip.c
-+++ curl-7.79.0/lib/hostip.c
+--- curl-7.82.0.orig/lib/hostip.c
++++ curl-7.82.0/lib/hostip.c
 @@ -49,7 +49,7 @@
  #ifdef HAVE_PROCESS_H
  #include <process.h>