Accepting request 609087 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.60.0 [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301] Changes: * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol * Add --haproxy-protocol for the command line tool * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses Bugfixes: * FTP: shutdown response buffer overflow CVE-2018-1000300 * RTSP: bad headers buffer over-read CVE-2018-1000301 * FTP: fix typo in recursive callback detection for seeking * test1208: marked flaky * HTTP: make header-less responses still count correct body size * user-agent.d:: mention --proxy-header as well * http2: fixes typo * cleanup: misc typos in strings and comments * rate-limit: use three second window to better handle high speeds * examples/hiperfifo.c: improved * pause: when changing pause state, update socket state * multi: improved pending transfers handling => improved performance * curl_version_info.3: fix ssl_version description * add_handle/easy_perform: clear errorbuffer on start if set * cmake: add support for brotli * parsedate: support UT timezone * vauth/ntlm.h: fix the #ifdef header guard * lib/curl_path.h: added #ifdef header guard * vauth/cleartext: fix integer overflow check * CURLINFO_COOKIELIST.3: made the example not leak memory * cookie.d: mention that "-" as filename means stdin * CURLINFO_SSL_VERIFYRESULT.3: fixed the example * http2: read pending frames (including GOAWAY) in connection-check OBS-URL: https://build.opensuse.org/request/show/609087 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=224
This commit is contained in:
parent
3b846fa6c7
commit
9232e3979e
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:099d9c32dc7b8958ca592597c9fabccdf4c08cfb7c114ff1afbbc4c6f13c9e9e
|
||||
size 3907587
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlqoxTsACgkQXMkI/bce
|
||||
EsIreAf/UH3RUVhgKPZ/83zR+tK0M3gLZQW4oNcPYqslBFxi8ETDDgzQybbIUmA9
|
||||
CWzqB0j5+OsEA7bLFig6qx0VJxJZbrbNF8rMWArWld2bUjIxAbFxh7MYYf6W+yKZ
|
||||
1EDgzFEdahlCsN2qaRGlq2eBk1qUDNQIDwrn4lI2p6RfbC0InVKUV3eVcZQZZL0F
|
||||
WBVqLORYEv9Nl9umLKLsw6GDfs4INwyUcbv3muf/SlmgJ5JNIuEyVsZfd21ZFaDm
|
||||
oN1WK4s+7IL41RUl34stE7idgUry38InR9BD11vpsbLtQA29Sb3s+74osYkaxSI/
|
||||
MPltGnxrmhldDYiPGwszWvlCiOJ7YA==
|
||||
=Di6w
|
||||
-----END PGP SIGNATURE-----
|
3
curl-7.60.0.tar.gz
Normal file
3
curl-7.60.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5
|
||||
size 3949173
|
11
curl-7.60.0.tar.gz.asc
Normal file
11
curl-7.60.0.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlr7zUoACgkQXMkI/bce
|
||||
EsK4MAgArnvqXIdhdoXJ8iUGQgS1HOA7R2ug+KE35FdkhGeApkNgnmLkhzsPYqqF
|
||||
nnwh75ZDVfHxxKtFs8xo6bH3zwFoek/fL+uVdNOzChGccFFV1HNphZuUqh8Mrr1A
|
||||
tRW7FqjrfrD61dhd/arizHNbj/oo1B2ySJByFuqwW8zO9whLNX9PgtulZ9fk0D6O
|
||||
P4p560qKhRSm3lw+n1ANAwnkf316EGC57fqKxF+09i/ZLXObS1PqvFArQWnL2H3P
|
||||
ZfloOnVIAKnRAVO+FSOW/B7OzG3E7jKsmzOSzbKsVkXKAD4m+2FOqCcJYe0pgnJW
|
||||
R4n3So9hnEVnqclaCa7hP+CkmdqHew==
|
||||
=3Ago
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,124 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Update to version 7.60.0
|
||||
[bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
|
||||
Changes:
|
||||
* Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
|
||||
* Add --haproxy-protocol for the command line tool
|
||||
* Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
|
||||
Bugfixes:
|
||||
* FTP: shutdown response buffer overflow CVE-2018-1000300
|
||||
* RTSP: bad headers buffer over-read CVE-2018-1000301
|
||||
* FTP: fix typo in recursive callback detection for seeking
|
||||
* test1208: marked flaky
|
||||
* HTTP: make header-less responses still count correct body size
|
||||
* user-agent.d:: mention --proxy-header as well
|
||||
* http2: fixes typo
|
||||
* cleanup: misc typos in strings and comments
|
||||
* rate-limit: use three second window to better handle high speeds
|
||||
* examples/hiperfifo.c: improved
|
||||
* pause: when changing pause state, update socket state
|
||||
* multi: improved pending transfers handling => improved performance
|
||||
* curl_version_info.3: fix ssl_version description
|
||||
* add_handle/easy_perform: clear errorbuffer on start if set
|
||||
* cmake: add support for brotli
|
||||
* parsedate: support UT timezone
|
||||
* vauth/ntlm.h: fix the #ifdef header guard
|
||||
* lib/curl_path.h: added #ifdef header guard
|
||||
* vauth/cleartext: fix integer overflow check
|
||||
* CURLINFO_COOKIELIST.3: made the example not leak memory
|
||||
* cookie.d: mention that "-" as filename means stdin
|
||||
* CURLINFO_SSL_VERIFYRESULT.3: fixed the example
|
||||
* http2: read pending frames (including GOAWAY) in connection-check
|
||||
* timeval: remove compilation warning by casting
|
||||
* cmake: avoid warn-as-error during config checks
|
||||
* travis-ci: enable -Werror for CMake builds
|
||||
* openldap: fix for NULL return from ldap_get_attribute_ber()
|
||||
* threaded resolver: track resolver time and set suitable timeout values
|
||||
* cmake: Add advapi32 as explicit link library for win32
|
||||
* docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
|
||||
* test1148: set a fixed locale for the test
|
||||
* cookies: when reading from a file, only remove_expired once
|
||||
* cookie: store cookies per top-level-domain-specific hash table
|
||||
* openssl: fix build with LibreSSL 2.7
|
||||
* tls: fix mbedTLS 2.7.0 build + handle sha256 failures
|
||||
* openssl: RESTORED verify locations when verifypeer==0
|
||||
* file: restore old behavior for file:////foo/bar URLs
|
||||
* FTP: allow PASV on IPv6 connections when a proxy is being used
|
||||
* build-openssl.bat: allow custom paths for VS and perl
|
||||
* winbuild: make the clean target work without build-type
|
||||
* build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
|
||||
* curl: retry on FTP 4xx, ignore other protocols
|
||||
* configure: detect (and use) sa_family_t
|
||||
* examples/sftpuploadresume: Fix Windows large file seek
|
||||
* build: cleanup to fix clang warnings/errors
|
||||
* winbuild: updated the documentation
|
||||
* lib: silence null-dereference warnings
|
||||
* travis: bump to clang 6 and gcc 7
|
||||
* travis: build libpsl and make builds use it
|
||||
* proxy: show getenv proxy use in verbose output
|
||||
* duphandle: make sure CURLOPT_RESOLVE is duplicated
|
||||
* all: Refactor malloc+memset to use calloc
|
||||
* checksrc: Fix typo
|
||||
* system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
|
||||
* vauth: Fix typo
|
||||
* ssh: show libSSH2 error code when closing fails
|
||||
* test1148: tolerate progress updates better
|
||||
* urldata: make service names unconditional
|
||||
* configure: keep LD_LIBRARY_PATH changes local
|
||||
* ntlm_sspi: fix authentication using Credential Manager
|
||||
* schannel: add client certificate authentication
|
||||
* winbuild: Support custom devel paths for each dependency
|
||||
* schannel: add support for CURLOPT_CAINFO
|
||||
* http2: handle on_begin_headers() called more than once
|
||||
* openssl: support OpenSSL 1.1.1 verbose-mode trace messages
|
||||
* openssl: fix subjectAltName check on non-ASCII platforms
|
||||
* http2: avoid strstr() on data not zero terminated
|
||||
* http2: clear the "drain counter" when a stream is closed
|
||||
* http2: handle GOAWAY properly
|
||||
* tool_help: clarify --max-time unit of time is seconds
|
||||
* curl.1: clarify that options and URLs can be mixed
|
||||
* http2: convert an assert to run-time check
|
||||
* curl_global_sslset: always provide available backends
|
||||
* ftplistparser: keep state between invokes
|
||||
* Curl_memchr: zero length input can't match
|
||||
* examples/sftpuploadresume: typecast fseek argument to long
|
||||
* examples/http2-upload: expand buffer to avoid silly warning
|
||||
* ctype: restore character classification for non-ASCII platforms
|
||||
* mime: avoid NULL pointer dereference risk
|
||||
* cookies: ensure that we have cookies before writing jar
|
||||
* os400.c: fix checksrc warnings
|
||||
* configure: provide --with-wolfssl as an alias for --with-cyassl
|
||||
* cyassl: adapt to libraries without TLS 1.0 support built-in
|
||||
* http2: get rid of another strstr
|
||||
* checksrc: force indentation of lines after an else
|
||||
* cookies: remove unused macro
|
||||
* CURLINFO_PROTOCOL.3: mention the existing defined names
|
||||
* tests: provide 'manual' as a feature to optionally require
|
||||
* travis: enable libssh2 on both macos and Linux
|
||||
* CURLOPT_URL.3: added ENCODING section
|
||||
* wolfssl: Fix non-blocking connect
|
||||
* vtls: don't define MD5_DIGEST_LENGTH for wolfssl
|
||||
* docs: remove extraneous commas in man pages
|
||||
* URL: fix ASCII dependency in strcpy_url and strlen_url
|
||||
* ssh-libssh.c: fix left shift compiler warning
|
||||
* configure: only check for CA bundle for file-using SSL backends
|
||||
* travis: add an mbedtls build
|
||||
* http: don't set the "rewind" flag when not uploading anything
|
||||
* configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
|
||||
* transfer: don't unset writesockfd on setup of multiplexed conns
|
||||
* vtls: use unified "supports" bitfield member in backends
|
||||
* URLs: fix one more http url
|
||||
* travis: add a build using WolfSSL
|
||||
* openssl: change FILE ops to BIO ops
|
||||
* travis: add build using NSS
|
||||
* smb: reject negative file sizes
|
||||
* cookies: accept parameter names as cookie name
|
||||
* http2: getsock fix for uploads
|
||||
* all over: fixed format specifiers
|
||||
* http2: use the correct function pointer typedef
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 14 14:23:22 UTC 2018 - pmonrealgonzalez@suse.com
|
||||
|
||||
|
@ -29,7 +29,7 @@
|
||||
# need ssl always for python-pycurl
|
||||
%bcond_without openssl
|
||||
Name: curl-mini
|
||||
Version: 7.59.0
|
||||
Version: 7.60.0
|
||||
Release: 0
|
||||
Summary: A Tool for Transferring Data from URLs
|
||||
License: curl
|
||||
|
121
curl.changes
121
curl.changes
@ -1,3 +1,124 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Update to version 7.60.0
|
||||
[bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
|
||||
Changes:
|
||||
* Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
|
||||
* Add --haproxy-protocol for the command line tool
|
||||
* Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
|
||||
Bugfixes:
|
||||
* FTP: shutdown response buffer overflow CVE-2018-1000300
|
||||
* RTSP: bad headers buffer over-read CVE-2018-1000301
|
||||
* FTP: fix typo in recursive callback detection for seeking
|
||||
* test1208: marked flaky
|
||||
* HTTP: make header-less responses still count correct body size
|
||||
* user-agent.d:: mention --proxy-header as well
|
||||
* http2: fixes typo
|
||||
* cleanup: misc typos in strings and comments
|
||||
* rate-limit: use three second window to better handle high speeds
|
||||
* examples/hiperfifo.c: improved
|
||||
* pause: when changing pause state, update socket state
|
||||
* multi: improved pending transfers handling => improved performance
|
||||
* curl_version_info.3: fix ssl_version description
|
||||
* add_handle/easy_perform: clear errorbuffer on start if set
|
||||
* cmake: add support for brotli
|
||||
* parsedate: support UT timezone
|
||||
* vauth/ntlm.h: fix the #ifdef header guard
|
||||
* lib/curl_path.h: added #ifdef header guard
|
||||
* vauth/cleartext: fix integer overflow check
|
||||
* CURLINFO_COOKIELIST.3: made the example not leak memory
|
||||
* cookie.d: mention that "-" as filename means stdin
|
||||
* CURLINFO_SSL_VERIFYRESULT.3: fixed the example
|
||||
* http2: read pending frames (including GOAWAY) in connection-check
|
||||
* timeval: remove compilation warning by casting
|
||||
* cmake: avoid warn-as-error during config checks
|
||||
* travis-ci: enable -Werror for CMake builds
|
||||
* openldap: fix for NULL return from ldap_get_attribute_ber()
|
||||
* threaded resolver: track resolver time and set suitable timeout values
|
||||
* cmake: Add advapi32 as explicit link library for win32
|
||||
* docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
|
||||
* test1148: set a fixed locale for the test
|
||||
* cookies: when reading from a file, only remove_expired once
|
||||
* cookie: store cookies per top-level-domain-specific hash table
|
||||
* openssl: fix build with LibreSSL 2.7
|
||||
* tls: fix mbedTLS 2.7.0 build + handle sha256 failures
|
||||
* openssl: RESTORED verify locations when verifypeer==0
|
||||
* file: restore old behavior for file:////foo/bar URLs
|
||||
* FTP: allow PASV on IPv6 connections when a proxy is being used
|
||||
* build-openssl.bat: allow custom paths for VS and perl
|
||||
* winbuild: make the clean target work without build-type
|
||||
* build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
|
||||
* curl: retry on FTP 4xx, ignore other protocols
|
||||
* configure: detect (and use) sa_family_t
|
||||
* examples/sftpuploadresume: Fix Windows large file seek
|
||||
* build: cleanup to fix clang warnings/errors
|
||||
* winbuild: updated the documentation
|
||||
* lib: silence null-dereference warnings
|
||||
* travis: bump to clang 6 and gcc 7
|
||||
* travis: build libpsl and make builds use it
|
||||
* proxy: show getenv proxy use in verbose output
|
||||
* duphandle: make sure CURLOPT_RESOLVE is duplicated
|
||||
* all: Refactor malloc+memset to use calloc
|
||||
* checksrc: Fix typo
|
||||
* system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
|
||||
* vauth: Fix typo
|
||||
* ssh: show libSSH2 error code when closing fails
|
||||
* test1148: tolerate progress updates better
|
||||
* urldata: make service names unconditional
|
||||
* configure: keep LD_LIBRARY_PATH changes local
|
||||
* ntlm_sspi: fix authentication using Credential Manager
|
||||
* schannel: add client certificate authentication
|
||||
* winbuild: Support custom devel paths for each dependency
|
||||
* schannel: add support for CURLOPT_CAINFO
|
||||
* http2: handle on_begin_headers() called more than once
|
||||
* openssl: support OpenSSL 1.1.1 verbose-mode trace messages
|
||||
* openssl: fix subjectAltName check on non-ASCII platforms
|
||||
* http2: avoid strstr() on data not zero terminated
|
||||
* http2: clear the "drain counter" when a stream is closed
|
||||
* http2: handle GOAWAY properly
|
||||
* tool_help: clarify --max-time unit of time is seconds
|
||||
* curl.1: clarify that options and URLs can be mixed
|
||||
* http2: convert an assert to run-time check
|
||||
* curl_global_sslset: always provide available backends
|
||||
* ftplistparser: keep state between invokes
|
||||
* Curl_memchr: zero length input can't match
|
||||
* examples/sftpuploadresume: typecast fseek argument to long
|
||||
* examples/http2-upload: expand buffer to avoid silly warning
|
||||
* ctype: restore character classification for non-ASCII platforms
|
||||
* mime: avoid NULL pointer dereference risk
|
||||
* cookies: ensure that we have cookies before writing jar
|
||||
* os400.c: fix checksrc warnings
|
||||
* configure: provide --with-wolfssl as an alias for --with-cyassl
|
||||
* cyassl: adapt to libraries without TLS 1.0 support built-in
|
||||
* http2: get rid of another strstr
|
||||
* checksrc: force indentation of lines after an else
|
||||
* cookies: remove unused macro
|
||||
* CURLINFO_PROTOCOL.3: mention the existing defined names
|
||||
* tests: provide 'manual' as a feature to optionally require
|
||||
* travis: enable libssh2 on both macos and Linux
|
||||
* CURLOPT_URL.3: added ENCODING section
|
||||
* wolfssl: Fix non-blocking connect
|
||||
* vtls: don't define MD5_DIGEST_LENGTH for wolfssl
|
||||
* docs: remove extraneous commas in man pages
|
||||
* URL: fix ASCII dependency in strcpy_url and strlen_url
|
||||
* ssh-libssh.c: fix left shift compiler warning
|
||||
* configure: only check for CA bundle for file-using SSL backends
|
||||
* travis: add an mbedtls build
|
||||
* http: don't set the "rewind" flag when not uploading anything
|
||||
* configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
|
||||
* transfer: don't unset writesockfd on setup of multiplexed conns
|
||||
* vtls: use unified "supports" bitfield member in backends
|
||||
* URLs: fix one more http url
|
||||
* travis: add a build using WolfSSL
|
||||
* openssl: change FILE ops to BIO ops
|
||||
* travis: add build using NSS
|
||||
* smb: reject negative file sizes
|
||||
* cookies: accept parameter names as cookie name
|
||||
* http2: getsock fix for uploads
|
||||
* all over: fixed format specifiers
|
||||
* http2: use the correct function pointer typedef
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 14 14:23:22 UTC 2018 - pmonrealgonzalez@suse.com
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user