Accepting request 1200087 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1200087
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=202

curl-8.10.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6b142f0e85e954759d37e26a3627e2278137595be80e3a860c4353e4335e5a0
+size 2729448

curl-8.10.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmbhLPgACgkQXMkI/bce
+EsKvcAf/X90bZOG4ufZdq0z7l1i++7tLMG9zd8MjMX14XEBlHsTSqhgqu18i/FDY
+sIlK/6fQH5RJbbP9LtX68ptDnzZ31SmIpOWngyadkJTQ1n6oTa1jSUf469ALWHmX
+nwEPvgX8YXdVDrNpVbAUy3EElKoSH/9JSyXGmpi5whaHb1jzTyUAcR2QbKyxwZi3
+Md+XKAbdrhXBfDicoLbWN2N8NlzyV5rt78DMh1UZPOspWo8fSMUIZeB6uSoi0Ey0
+mY1Vv+b4L0dricODFSprfN9BZNe5lv9Ciit4GJmMf28k896Zw4nV+yngUhEs9lfm
+8tmBTI2oX6kPAULU+xZ2iR61MuW5ZA==
+=S6zn
+-----END PGP SIGNATURE-----

curl-8.9.1.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce
-EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I
-tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4
-WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN
-ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW
-Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc
-QlKzV/h7ydbBWdHiSTpCMxue7tLUZw==
-=EiUG
------END PGP SIGNATURE-----

curl-secure-getenv.patch

@@ -1,7 +1,7 @@
-Index: curl-8.5.0/lib/getenv.c
+Index: curl-8.10.0/lib/getenv.c
 ===================================================================
---- curl-8.5.0.orig/lib/getenv.c
-+++ curl-8.5.0/lib/getenv.c
+--- curl-8.10.0.orig/lib/getenv.c
++++ curl-8.10.0/lib/getenv.c
 @@ -29,6 +29,14 @@
  
  #include "memdebug.h"
@@ -26,16 +26,16 @@ Index: curl-8.5.0/lib/getenv.c
    return (env && env[0])?strdup(env):NULL;
  #endif
  }
-Index: curl-8.5.0/configure.ac
+Index: curl-8.10.0/configure.ac
 ===================================================================
---- curl-8.5.0.orig/configure.ac
-+++ curl-8.5.0/configure.ac
-@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy
+--- curl-8.10.0.orig/configure.ac
++++ curl-8.10.0/configure.ac
+@@ -5213,6 +5213,8 @@ if test "x$want_curldebug_assumed" = "xy
    ac_configure_args="$ac_configure_args --enable-curldebug"
  fi
  
 +AC_CHECK_FUNCS([__secure_getenv secure_getenv])
 +
- AC_CONFIG_FILES([Makefile \
-            docs/Makefile \
-            docs/examples/Makefile \
+ AC_CONFIG_FILES([\
+   Makefile \
+   docs/Makefile \

curl-sigpipe.patch

@@ -1,32 +0,0 @@
-From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 5 Aug 2024 00:17:17 +0200
-Subject: [PATCH] sigpipe: init the struct so that first apply ignores
-
-Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after
-init ignores the signal (unless CURLOPT_NOSIGNAL) is set.
-
-I have read the existing code multiple times now and I think it gets the
-initial state reversed this missing to ignore.
-
-Regression from 17e6f06ea37136c36d27
-
-Reported-by: Rasmus Thomsen
-Fixes #14344
-Closes #14390
----
- lib/sigpipe.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/sigpipe.h b/lib/sigpipe.h
-index b91a2f51333956..d78afd905d3414 100644
---- a/lib/sigpipe.h
-+++ b/lib/sigpipe.h
-@@ -39,6 +39,7 @@ struct sigpipe_ignore {
- static void sigpipe_init(struct sigpipe_ignore *ig)
- {
-   memset(ig, 0, sizeof(*ig));
-+  ig->no_signal = TRUE;
- }
- 
- /*

curl.changes

@@ -1,3 +1,67 @@
+-------------------------------------------------------------------
+Wed Sep 11 06:36:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 8.10.0:
+  * Security fixes:
+    - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS
+  * Changes:
+    - curl: make --rate accept "number of units"
+    - curl: make --show-headers the same as --include
+    - curl: support --dump-header % to direct to stderr
+    - curl: support embedding a CA bundle and --dump-ca-embed
+    - curl: support repeated use of the verbose option; -vv etc
+    - curl: use libuv for parallel transfers with --test-event
+    - vtls: stop offering alpn http/1.1 for http2-prior-knowledge
+  * Bugfixes:
+    - curl: allow 500MB data URL encode strings
+    - curl: warn on unsupported SSL options
+    - Curl_rand_bytes to control env override
+    - curl_sha512_256: fix symbol collisions with nettle library
+    - dist: fix reproducible build from release tarball
+    - http2: fix GOAWAY message sent to server
+    - http2: improve rate limiting of downloads
+    - INSTALL.md: MultiSSL and QUIC are mutually exclusive
+    - lib: add eos flag to send methods
+    - lib: make SSPI global symbols use Curl_ prefix
+    - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name
+    - lib: remove the final strncpy() calls
+    - lib: remove use of RANDOM_FILE
+    - Makefile.mk: fixup enabling libidn2
+    - max-filesize.md: mention zero disables the limit
+    - mime: avoid inifite loop in client reader
+    - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks
+    - openssl quic: fix memory leak
+    - openssl: certinfo errors now fail correctly
+    - openssl: fix the data race when sharing an SSL session between threads
+    - openssl: improve shutdown handling
+    - POP3: fix multi-line responses
+    - pop3: use the protocol handler ->write_resp
+    - progress: ratelimit/progress tweaks
+    - rand: only provide weak random when needed
+    - sectransp: fix setting tls version
+    - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values
+    - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL
+    - sigpipe: init the struct so that first apply ignores
+    - smb: convert superflous assign into assert
+    - smtp: add tracing feature
+    - spnego_gssapi: implement TLS channel bindings for openssl
+    - src: delete `curlx_m*printf()` aliases
+    - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)
+    - tool_operhlp: fix "potentially uninitialized local variable 'pc' used"
+    - tool_paramhlp: bump maximum post data size in memory to 16GB
+    - transfer: skip EOS read when download done
+    - url: fix connection reuse for HTTP/2 upgrades
+    - urlapi: verify URL *decoded* hostname when set
+    - urldata: introduce `data->mid`, a unique identifier inside a multi
+    - vtls: add SSLSUPP_CIPHER_LIST
+    - vtls: fix static function name collisions between TLS backends
+    - vtls: init ssl peer only once
+    - websocket: introduce blocking sends
+    - ws: flags to opcodes should ignore CURLWS_CONT flag
+    - x509asn1: raise size limit for x509 certification information
+  * Remove curl-sigpipe.patch upstream
+  * Rebase curl-secure-getenv.patch
+
 -------------------------------------------------------------------
 Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 

curl.spec

@@ -29,7 +29,7 @@
 %endif
 
 Name:           curl%{?psuffix}
-Version:        8.9.1
+Version:        8.10.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
@@ -43,8 +43,6 @@ Patch1:         dont-mess-with-rpmoptflags.patch
 Patch2:         curl-secure-getenv.patch
 #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
-#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores
-Patch4:         curl-sigpipe.patch
 BuildRequires:  groff
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -228,7 +226,7 @@ popd
 
 %if !%{with mini}
 %files
-%doc README RELEASE-NOTES CHANGES
+%doc README RELEASE-NOTES CHANGES.md
 %doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
 %{_bindir}/curl
 %{_mandir}/man1/curl.1%{?ext_man}