Accepting request 1073492 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1073492 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=183
2023-03-24 14:15:50 +00:00 · 2023-03-24 14:15:50 +00:00 · b13f5cfcf1
commit b13f5cfcf1
parent 9d7141f187 1175ea57d1
7 changed files with 81 additions and 36 deletions
--- a/curl-7.88.1.tar.xz
+++ b/curl-7.88.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f
-size 2581032
--- a/curl-7.88.1.tar.xz.asc
+++ b/curl-7.88.1.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmPzIdAACgkQXMkI/bce
-EsLgMgf9HwAPLRXj1ARTSFffsrf5eWiRpTO8dY2wVSPPAn7DXZyT5TP/+6tPJ2vf
-THbU/LzV1MH2Tyf4uWMHfPSpVsDH9MchVtqn3abXumuqczf14FTNKqsDXL/OMbkn
-9XV7qh3UOx3NuMR5TYc91fZMwo36TEYSrzU/X6cqv/e4fXNm6fX/shXQ75MJ6hic
-7rk/ilRX+L6Y43x3h0U6oBaICcLNnplJBazBY81y3EHbFmvdyDd41nik1TWgqNYL
-jIZ9LK6iUAav54/B9DxcDIKBAS0ZHMmnl1xth/KkTry1MWFi2jHJxAYccC7wTjgO
-bDNgD0z3z9mJ2rw/IALYBFBZQ3ed1A==
-=Z5N5
-----END PGP SIGNATURE-----
--- a/curl-8.0.1.tar.xz
+++ b/curl-8.0.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0
+size 2575544
--- a/curl-8.0.1.tar.xz.asc
+++ b/curl-8.0.1.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmQYZbIACgkQXMkI/bce
+EsIBhQf/WBWHXCc2+NoyjY/AOO0iGhx6ulp1u57AzDCiIpBSbzJYfk6LpmlUcAo+
+urAje0GbgTBIjs4oG+Hnr8nSqo05TWuQK43g/4BFcFv3Q8aFX2w3i6x/at9zKULy
+yRTAvhyhTXcJsZR+MKWHltHhiO5g/d4P46+OBG7f1sY93ztBiFLdrZhMu5v27RjX
+G8sgysXDzZP/VEGEuQsRPNjlQPMsO3ZyOCcUsj+L6u1nWW2Ru1c/7vvGzZtQEONi
+fB3X2dX2QUdG7vR1t02aFgjzws01TmBvN0XW2EbDT36IEtngTGlgIXMWGcXQlVyG
+6J0DqzOrXntl6HTLHIfHAorrzWvV3A==
+=mEwS
+-----END PGP SIGNATURE-----
--- a/curl.changes
+++ b/curl.changes
@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Tue Mar 21 08:44:52 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.0.1:
+  * Bugfixes:
+    - fix crash in curl_easy_cleanup
+
+-------------------------------------------------------------------
+Mon Mar 20 07:19:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 8.0.0:
+  * Security fixes:
+    - TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
+    - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
+    - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
+    - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
+    - HSTS double-free [bsc#1209213, CVE-2023-27537]
+    - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
+  * Changes:
+    - build: remove support for curl_off_t < 8 bytes 
+  * Bugfixes:
+    - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
+    - BINDINGS: add Fortran binding
+    - cf-socket: use port 80 when resolving name for local bind
+    - cookie: don't load cookies again when flushing
+    - curl_path: create the new path with dynbuf
+    - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
+    - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
+    - ftp: active mode with SSL, add the filter
+    - hostip: avoid sscanf and extra buffer copies
+    - http2: fix for http2-prior-knowledge when reusing connections
+    - http2: fix handling of RST and GOAWAY to recognize partial transfers
+    - http: don't send 100-continue for short PUT requests
+    - http: fix unix domain socket use in https connects
+    - libssh: use dynbuf instead of realloc
+    - ngtcp2-gnutls.yml: bump to gnutls 3.8.0
+    - sectransp: make read_cert() use a dynbuf when loading
+    - telnet: only accept option arguments in ascii
+    - telnet: parse telnet options without sscanf
+    - url: fix the SSH connection reuse check
+    - url: only reuse connections with same GSS delegation
+    - urlapi: '%' is illegal in host names
+    - ws: keep the socket non-blocking
+  * Rebase libcurl-ocloexec.patch
+
 -------------------------------------------------------------------
 Mon Feb 20 10:35:11 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/curl.spec
+++ b/curl.spec
@ -21,7 +21,7 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.88.1
+Version:        8.0.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@ -7,10 +7,10 @@ To make it portable you have to test O_CLOEXEC support at *runtime*
 compile time is not enough.


-Index: curl-7.88.0/lib/file.c
+Index: curl-8.0.0/lib/file.c
 ===================================================================
--- curl-7.88.0.orig/lib/file.c
-+++ curl-7.88.0/lib/file.c
+--- curl-8.0.0.orig/lib/file.c
+++ curl-8.0.0/lib/file.c
@@ -232,7 +232,7 @@ static CURLcode file_connect(struct Curl
     }
   }
@ -29,10 +29,10 @@ Index: curl-7.88.0/lib/file.c
   if(fd < 0) {
     failf(data, "Can't open %s for writing", file->path);
     return CURLE_WRITE_ERROR;
-Index: curl-7.88.0/lib/if2ip.c
+Index: curl-8.0.0/lib/if2ip.c
 ===================================================================
--- curl-7.88.0.orig/lib/if2ip.c
-+++ curl-7.88.0/lib/if2ip.c
+--- curl-8.0.0.orig/lib/if2ip.c
+++ curl-8.0.0/lib/if2ip.c
@@ -206,7 +206,7 @@ if2ip_result_t Curl_if2ip(int af,
   if(len >= sizeof(req.ifr_name))
     return IF2IP_NOT_FOUND;
@ -42,10 +42,10 @@ Index: curl-7.88.0/lib/if2ip.c
   if(CURL_SOCKET_BAD == dummy)
     return IF2IP_NOT_FOUND;
 
-Index: curl-7.88.0/configure.ac
+Index: curl-8.0.0/configure.ac
 ===================================================================
--- curl-7.88.0.orig/configure.ac
-+++ curl-7.88.0/configure.ac
+--- curl-8.0.0.orig/configure.ac
+++ curl-8.0.0/configure.ac
@@ -420,6 +420,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m
 # Silence warning: ar: 'u' modifier ignored since 'D' is the default
 AC_SUBST(AR_FLAGS, [cr])
@ -55,10 +55,10 @@ Index: curl-7.88.0/configure.ac
 dnl This defines _ALL_SOURCE for AIX
 CURL_CHECK_AIX_ALL_SOURCE
 
-Index: curl-7.88.0/lib/hostip.c
+Index: curl-8.0.0/lib/hostip.c
 ===================================================================
--- curl-7.88.0.orig/lib/hostip.c
-+++ curl-7.88.0/lib/hostip.c
+--- curl-8.0.0.orig/lib/hostip.c
+++ curl-8.0.0/lib/hostip.c
@@ -48,6 +48,7 @@
 #include <signal.h>
 #endif
@ -67,7 +67,7 @@ Index: curl-7.88.0/lib/hostip.c
 #include "urldata.h"
 #include "sendf.h"
 #include "hostip.h"
-@@ -576,7 +577,7 @@ bool Curl_ipv6works(struct Curl_easy *da
+@@ -582,7 +583,7 @@ bool Curl_ipv6works(struct Curl_easy *da
   else {
     int ipv6_works = -1;
     /* probe to see if we have a working IPv6 stack */
@ -76,18 +76,18 @@ Index: curl-7.88.0/lib/hostip.c
     if(s == CURL_SOCKET_BAD)
       /* an IPv6 address was requested but we can't get/use one */
       ipv6_works = 0;
-Index: curl-7.88.0/lib/cf-socket.c
+Index: curl-8.0.0/lib/cf-socket.c
 ===================================================================
--- curl-7.88.0.orig/lib/cf-socket.c
-+++ curl-7.88.0/lib/cf-socket.c
+--- curl-8.0.0.orig/lib/cf-socket.c
+++ curl-8.0.0/lib/cf-socket.c
@@ -252,7 +252,9 @@ static CURLcode socket_open(struct Curl_
   }
   else {
     /* opensocket callback not set, so simply create the socket now */
 -    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
 +    *sockfd = socket(addr->family,
-+                     addr->socktype|SOCK_CLOEXEC,
-+                     addr->protocol);
-     if(!*sockfd && addr->socktype == SOCK_DGRAM) {
-       /* This is icky and seems, at least, to happen on macOS:
-        * we get sockfd == 0 and if called again, we get a valid one > 0.
+		     addr->socktype|SOCK_CLOEXEC,
+		     addr->protocol);
+   }
+ 
+   if(*sockfd == CURL_SOCKET_BAD)