diff --git a/curl-8.10.0.tar.xz b/curl-8.10.0.tar.xz new file mode 100644 index 0000000..7efe71a --- /dev/null +++ b/curl-8.10.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e6b142f0e85e954759d37e26a3627e2278137595be80e3a860c4353e4335e5a0 +size 2729448 diff --git a/curl-8.10.0.tar.xz.asc b/curl-8.10.0.tar.xz.asc new file mode 100644 index 0000000..8cd7265 --- /dev/null +++ b/curl-8.10.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmbhLPgACgkQXMkI/bce +EsKvcAf/X90bZOG4ufZdq0z7l1i++7tLMG9zd8MjMX14XEBlHsTSqhgqu18i/FDY +sIlK/6fQH5RJbbP9LtX68ptDnzZ31SmIpOWngyadkJTQ1n6oTa1jSUf469ALWHmX +nwEPvgX8YXdVDrNpVbAUy3EElKoSH/9JSyXGmpi5whaHb1jzTyUAcR2QbKyxwZi3 +Md+XKAbdrhXBfDicoLbWN2N8NlzyV5rt78DMh1UZPOspWo8fSMUIZeB6uSoi0Ey0 +mY1Vv+b4L0dricODFSprfN9BZNe5lv9Ciit4GJmMf28k896Zw4nV+yngUhEs9lfm +8tmBTI2oX6kPAULU+xZ2iR61MuW5ZA== +=S6zn +-----END PGP SIGNATURE----- diff --git a/curl-8.9.1.tar.xz b/curl-8.9.1.tar.xz deleted file mode 100644 index 807d384..0000000 --- a/curl-8.9.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5 -size 2782364 diff --git a/curl-8.9.1.tar.xz.asc b/curl-8.9.1.tar.xz.asc deleted file mode 100644 index bda8785..0000000 --- a/curl-8.9.1.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmap30kACgkQXMkI/bce -EsKX+wf/brccw5rGTAbmjj7WGBfbAmwrSsDexTXRiEBXT/+qhkWIplN6wdtsZ86I -tUraaapoyvRKLa3Wxlv9fSF/xXji+5lhO/W9pfWxwZNeSZFiOgKcK/Li4Fx0c7t4 -WpxkAbRvbJreA40BR32qSgnNNjKU5QX/ivf67B1EFL71kgsCW/QczB6mcuxszlkN -ro39Jb8hDtnAD3hHXrTEaW3lOEgf/Jo/a1Zii3+W3OkW+uZHwzUoqe+HLGHYM2vW -Q3hBVQaEWmNIwArA73s/kOiFATLthUTvSJO56ebLQJFHJf61cwqSsg2o07i5SqEc -QlKzV/h7ydbBWdHiSTpCMxue7tLUZw== -=EiUG ------END PGP SIGNATURE----- diff --git a/curl-secure-getenv.patch b/curl-secure-getenv.patch index c751b12..9ca9a98 100644 --- a/curl-secure-getenv.patch +++ b/curl-secure-getenv.patch @@ -1,7 +1,7 @@ -Index: curl-8.5.0/lib/getenv.c +Index: curl-8.10.0/lib/getenv.c =================================================================== ---- curl-8.5.0.orig/lib/getenv.c -+++ curl-8.5.0/lib/getenv.c +--- curl-8.10.0.orig/lib/getenv.c ++++ curl-8.10.0/lib/getenv.c @@ -29,6 +29,14 @@ #include "memdebug.h" @@ -26,16 +26,16 @@ Index: curl-8.5.0/lib/getenv.c return (env && env[0])?strdup(env):NULL; #endif } -Index: curl-8.5.0/configure.ac +Index: curl-8.10.0/configure.ac =================================================================== ---- curl-8.5.0.orig/configure.ac -+++ curl-8.5.0/configure.ac -@@ -4767,6 +4767,8 @@ if test "x$want_curldebug_assumed" = "xy +--- curl-8.10.0.orig/configure.ac ++++ curl-8.10.0/configure.ac +@@ -5213,6 +5213,8 @@ if test "x$want_curldebug_assumed" = "xy ac_configure_args="$ac_configure_args --enable-curldebug" fi +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + - AC_CONFIG_FILES([Makefile \ - docs/Makefile \ - docs/examples/Makefile \ + AC_CONFIG_FILES([\ + Makefile \ + docs/Makefile \ diff --git a/curl-sigpipe.patch b/curl-sigpipe.patch deleted file mode 100644 index ba0187a..0000000 --- a/curl-sigpipe.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 5 Aug 2024 00:17:17 +0200 -Subject: [PATCH] sigpipe: init the struct so that first apply ignores - -Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after -init ignores the signal (unless CURLOPT_NOSIGNAL) is set. - -I have read the existing code multiple times now and I think it gets the -initial state reversed this missing to ignore. - -Regression from 17e6f06ea37136c36d27 - -Reported-by: Rasmus Thomsen -Fixes #14344 -Closes #14390 ---- - lib/sigpipe.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/sigpipe.h b/lib/sigpipe.h -index b91a2f51333956..d78afd905d3414 100644 ---- a/lib/sigpipe.h -+++ b/lib/sigpipe.h -@@ -39,6 +39,7 @@ struct sigpipe_ignore { - static void sigpipe_init(struct sigpipe_ignore *ig) - { - memset(ig, 0, sizeof(*ig)); -+ ig->no_signal = TRUE; - } - - /* diff --git a/curl.changes b/curl.changes index 036d04b..348634d 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,67 @@ +------------------------------------------------------------------- +Wed Sep 11 06:36:42 UTC 2024 - Pedro Monreal + +- Update to version 8.10.0: + * Security fixes: + - [bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS + * Changes: + - curl: make --rate accept "number of units" + - curl: make --show-headers the same as --include + - curl: support --dump-header % to direct to stderr + - curl: support embedding a CA bundle and --dump-ca-embed + - curl: support repeated use of the verbose option; -vv etc + - curl: use libuv for parallel transfers with --test-event + - vtls: stop offering alpn http/1.1 for http2-prior-knowledge + * Bugfixes: + - curl: allow 500MB data URL encode strings + - curl: warn on unsupported SSL options + - Curl_rand_bytes to control env override + - curl_sha512_256: fix symbol collisions with nettle library + - dist: fix reproducible build from release tarball + - http2: fix GOAWAY message sent to server + - http2: improve rate limiting of downloads + - INSTALL.md: MultiSSL and QUIC are mutually exclusive + - lib: add eos flag to send methods + - lib: make SSPI global symbols use Curl_ prefix + - lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name + - lib: remove the final strncpy() calls + - lib: remove use of RANDOM_FILE + - Makefile.mk: fixup enabling libidn2 + - max-filesize.md: mention zero disables the limit + - mime: avoid inifite loop in client reader + - ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks + - openssl quic: fix memory leak + - openssl: certinfo errors now fail correctly + - openssl: fix the data race when sharing an SSL session between threads + - openssl: improve shutdown handling + - POP3: fix multi-line responses + - pop3: use the protocol handler ->write_resp + - progress: ratelimit/progress tweaks + - rand: only provide weak random when needed + - sectransp: fix setting tls version + - setopt: make CURLOPT_TFTP_BLKSIZE accept bad values + - sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL + - sigpipe: init the struct so that first apply ignores + - smb: convert superflous assign into assert + - smtp: add tracing feature + - spnego_gssapi: implement TLS channel bindings for openssl + - src: delete `curlx_m*printf()` aliases + - ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) + - tool_operhlp: fix "potentially uninitialized local variable 'pc' used" + - tool_paramhlp: bump maximum post data size in memory to 16GB + - transfer: skip EOS read when download done + - url: fix connection reuse for HTTP/2 upgrades + - urlapi: verify URL *decoded* hostname when set + - urldata: introduce `data->mid`, a unique identifier inside a multi + - vtls: add SSLSUPP_CIPHER_LIST + - vtls: fix static function name collisions between TLS backends + - vtls: init ssl peer only once + - websocket: introduce blocking sends + - ws: flags to opcodes should ignore CURLWS_CONT flag + - x509asn1: raise size limit for x509 certification information + * Remove curl-sigpipe.patch upstream + * Rebase curl-secure-getenv.patch + ------------------------------------------------------------------- Mon Aug 12 08:41:26 UTC 2024 - Pedro Monreal diff --git a/curl.spec b/curl.spec index 5ad327d..e68973f 100644 --- a/curl.spec +++ b/curl.spec @@ -29,7 +29,7 @@ %endif Name: curl%{?psuffix} -Version: 8.9.1 +Version: 8.10.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -43,8 +43,6 @@ Patch1: dont-mess-with-rpmoptflags.patch Patch2: curl-secure-getenv.patch #PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch3: curl-disabled-redirect-protocol-message.patch -#PATCH-FIX-UPSTREAM sigpipe: init the struct so that first apply ignores -Patch4: curl-sigpipe.patch BuildRequires: groff BuildRequires: libtool BuildRequires: pkgconfig @@ -228,7 +226,7 @@ popd %if !%{with mini} %files -%doc README RELEASE-NOTES CHANGES +%doc README RELEASE-NOTES CHANGES.md %doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md} %{_bindir}/curl %{_mandir}/man1/curl.1%{?ext_man}