diff --git a/curl-7.52.1-idn-fixes.patch b/curl-7.52.1-idn-fixes.patch deleted file mode 100644 index c2c7064..0000000 --- a/curl-7.52.1-idn-fixes.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 0bc24d6f9d15a2cc5898cae4f214487200e78f44 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 25 Dec 2016 01:13:12 +0100 -Subject: [PATCH] configure: accept --with-libidn2 instead - -... which the help text already implied since we switched to libidn2 -from libidn in commit 9c91ec778104ae3b back in October 2016. - -Reported-by: Christian Weisgerber -Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 91028458f..65dac55bc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2830,7 +2830,7 @@ dnl ********************************************************************** - - AC_MSG_CHECKING([whether to build with libidn2]) - OPT_IDN="default" --AC_ARG_WITH(libidn, -+AC_ARG_WITH(libidn2, - AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) - AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), - [OPT_IDN=$withval]) --- -2.11.1 - -From f30cbcac11f5a627992f0c48cff91135808fa70f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Fri, 13 Jan 2017 09:36:33 +0100 -Subject: [PATCH] IDN: Use TR46 'transitional' for toASCII translations - -References: http://unicode.org/faq/idn.html - http://unicode.org/reports/tr46 - -Closes #1206 ---- - lib/url.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index c7a91a4f7..29beb3853 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4010,7 +4010,12 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) - #ifdef USE_LIBIDN2 - if(idn2_check_version(IDN2_VERSION)) { - char *ace_hostname = NULL; -- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0); -+#ifdef IDN2_TRANSITIONAL -+ int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; -+#else -+ int flags = IDN2_NFC_INPUT; -+#endif -+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); - if(rc == IDN2_OK) { - host->encalloc = (char *)ace_hostname; - /* change the name pointer to point to the encoded hostname */ --- -2.11.1 - -From ba315745f7f4ddfedd0763833c22f019817535cb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20R=C3=BChsen?= -Date: Fri, 13 Jan 2017 11:50:01 +0100 -Subject: [PATCH] IDN: Fix compile time detection of linidn2 TR46 - -Follow-up to f30cbcac1 - -Closes #1207 ---- - lib/url.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index 1f6e5bed9..9112baee0 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4010,7 +4010,7 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) - #ifdef USE_LIBIDN2 - if(idn2_check_version(IDN2_VERSION)) { - char *ace_hostname = NULL; --#ifdef IDN2_TRANSITIONAL -+#if IDN2_VERSION_NUMBER >= 0x00140000 - int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; - #else - int flags = IDN2_NFC_INPUT; --- -2.11.1 - -From ee357664df9bbb301e3bc1070a855e6b13303a5d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 13 Jan 2017 14:31:40 +0100 -Subject: [PATCH] IDN: revert use of the transitional option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It made the german ß get converted to ss, IDNA2003 style, and we can't -have that for the .de TLD - a primary reason for our switch to IDNA2008. - -Test 165 verifies. ---- - lib/url.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 9112baee0..b088b61e3 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4010,12 +4010,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) - #ifdef USE_LIBIDN2 - if(idn2_check_version(IDN2_VERSION)) { - char *ace_hostname = NULL; --#if IDN2_VERSION_NUMBER >= 0x00140000 -- int flags = IDN2_NFC_INPUT | IDN2_TRANSITIONAL; --#else -- int flags = IDN2_NFC_INPUT; --#endif -- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); -+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, -+ IDN2_NFC_INPUT); - if(rc == IDN2_OK) { - host->encalloc = (char *)ace_hostname; - /* change the name pointer to point to the encoded hostname */ --- -2.11.1 - -From 7d6e3f8cfa5c8de1ecb4ab63ed0c0660cce7acdc Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 13 Jan 2017 14:49:11 +0100 -Subject: [PATCH] IDN: Use TR46 non-transitional -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Assisted-by: Tim Rühsen ---- - lib/url.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index b088b61e3..074289ed4 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -4010,8 +4010,15 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) - #ifdef USE_LIBIDN2 - if(idn2_check_version(IDN2_VERSION)) { - char *ace_hostname = NULL; -- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, -- IDN2_NFC_INPUT); -+#if IDN2_VERSION_NUMBER >= 0x00140000 -+ /* IDN2_NFC_INPUT: Normalize input string using normalization form C. -+ IDN2_NONTRANSITIONAL: Perform Unicode TR46 non-transitional -+ processing. */ -+ int flags = IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL; -+#else -+ int flags = IDN2_NFC_INPUT; -+#endif -+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); - if(rc == IDN2_OK) { - host->encalloc = (char *)ace_hostname; - /* change the name pointer to point to the encoded hostname */ --- -2.11.1 - -From b135cd255b6aa7d051ea906693bf67580153ed76 Mon Sep 17 00:00:00 2001 -From: Alessandro Ghedini -Date: Sat, 14 Jan 2017 16:16:56 +0000 -Subject: [PATCH] url: assume UTF-8 when doing idn2 lookup -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Thanks to Tim Rühsen for the suggestion. ---- - lib/url.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/url.c b/lib/url.c -index edae1e3f3..49ed4f669 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4026,7 +4026,8 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) - #else - int flags = IDN2_NFC_INPUT; - #endif -- int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags); -+ int rc = idn2_lookup_u8((const uint8_t *)host->name, -+ (uint8_t **)&ace_hostname, flags); - if(rc == IDN2_OK) { - host->encalloc = (char *)ace_hostname; - /* change the name pointer to point to the encoded hostname */ --- -2.11.1 - diff --git a/curl-7.52.1.tar.lzma b/curl-7.52.1.tar.lzma deleted file mode 100644 index 4569746..0000000 --- a/curl-7.52.1.tar.lzma +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:44286d4b825936e2430fc44ad730ce899afb736a5d328cbb8b5d42462f3f2365 -size 2068290 diff --git a/curl-7.52.1.tar.lzma.asc b/curl-7.52.1.tar.lzma.asc deleted file mode 100644 index 902fa62..0000000 --- a/curl-7.52.1.tar.lzma.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlhc0OoACgkQXMkI/bce -EsISngf/adTW6+PCMHxPISnBqoCzO6/3YAH52WDZ1Z0A11VaCAkIbcsqXFF9K1xX -1W/cRt2ZR+eyAhm7gpulUJfxOy1ak5VuguebEY4vENmEpNg94+7iS9yldYJ4m0Q8 -t6MeYW+twMazzKarU2CvRJBHW1H+olt0G/3+K6o8LPoLyuqHhGGssvm2c24hb8RZ -Kj9m027qg3KVi89cL5eND0OeLW5mMjNr0TjokicWE7/AP7Wd181ag/jMU3BTX/yh -n5KYp562kDR34AIgV2xbHe8Rmfce9lGNAMW90+xnDbKo3Gjm8I8Cq4UkVBspazV5 -hieNGVze2dodGIh+O37iKhaoAoOJsg== -=2ZM9 ------END PGP SIGNATURE----- diff --git a/curl-7.53.0.tar.lzma b/curl-7.53.0.tar.lzma new file mode 100644 index 0000000..e63c74a --- /dev/null +++ b/curl-7.53.0.tar.lzma @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:38bf7820a72ae476a7637d55ec1e794cb3bb78b111521a0c2300ade77b1811cc +size 2076287 diff --git a/curl-7.53.0.tar.lzma.asc b/curl-7.53.0.tar.lzma.asc new file mode 100644 index 0000000..b13a093 --- /dev/null +++ b/curl-7.53.0.tar.lzma.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAliszGIACgkQXMkI/bce +EsLC6AgAsRQhShQK1jA8thL7Vmon15i56XRyilzLER8JprzD/BG/M2Up1WESd2zJ +CzqfD9i7EL7kvysfHe/U5hv7UJCgI4PBxXfo2cjwade6DaO9tcFLTJShmXFI/ccU +lVhw69cF/mzniwiNHftfOFrl+d4G4evfWB+Lvr0dg9DRTTT/sSchXsSkVwh/flX1 +97kBrv3E6RyloFZ0+2qyKI15ZXvPnwhi+agXqC2SQZ+y7rFTKpgowzVWKDI6/W/M +6gCeiC2TymxdvZkcdvQUO90zIXrOL/Tdc54L78cp8RmJg/5dMdsTU9RjYnwpoaja +Y4d1JCWXeYOx8CIC9vlb1mBotf/WVQ== +=ZmEV +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index 83e5331..0e747ca 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,112 @@ +------------------------------------------------------------------- +Wed Feb 22 09:49:12 UTC 2017 - idonmez@suse.com + +- Update to 7.53.0 + Changes: + * unix_socket: added --abstract-unix-socket and + CURLOPT_ABSTRACT_UNIX_SOCKET + * CURLOPT_BUFFERSIZE: support enlarging receive buffer + + Bugfixes: + + * CVE-2017-2629: make SSL_VERIFYSTATUS work again + * gnutls-random: check return code for failed random + * openssl-random: check return code when asking for random + * http: remove "Curl_http_done: called premature" message + * cyassl: use time_t instead of long for timeout + * build-wolfssl: Sync config with wolfSSL 3.10 + * ftp-gss: check for init before use + * configure: accept --with-libidn2 instead + * ftp: failure to resolve proxy should return that error code + * curl.1: add three more exit codes + * docs/ciphers: link to our own new page about ciphers + * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl + * darwinssl: fix iOS build + * darwinssl: fix CFArrayRef leak + * cmake: use crypt32.lib when building with OpenSSL on windows + * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked + * digest_sspi: copy terminating NUL as well + * curl: fix --remote-time incorrect times on Windows + * curl.1: several updates and corrections + * content_encoding: change return code on a failure + * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use + * docs: TCP_KEEPALIVE start and interval default to 60 + * darwinssl: --insecure overrides --cacert if both settings are in use + * TheArtOfHttpScripting: grammar + * CIPHERS.md: document GSKit ciphers + * wolfssl: support setting cipher list + * wolfssl: display negotiated SSL version and cipher + * lib506: fix build for Open Watcom + * asiohiper: improved socket handling + * examples: make the C++ examples follow our code style too + * tests/sws: retry send() on EWOULDBLOCK + * cmake: Fix passing _WINSOCKAPI_ macro to compiler + * smtp: Fix STARTTLS denied error message + * imap/pop3: don't print response character in STARTTLS denied messages + * rand: make it work without TLS backing + * url: fix parsing for when 'file' is the default protocol + * url: allow file://X:/path URLs on windows again + * gnutls: check for alpn and ocsp in configure + * IDN: Use TR46 'non-transitional' for toASCII translations + * url: Fix NO_PROXY env var to work properly with --proxy option + * CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* + * docs: Add note about libcurl copying strings to CURLOPT_* manpages + * curl: reset the easy handle at --next + * --next docs: --trace and --trace-ascii are also global + * --write-out docs: 'time_total' is not always shown with ms precision + * http: print correct HTTP string in verbose output when using HTTP/2 + * docs: improved language in README.md HISTORY.md CONTRIBUTE.md + * http2: disable server push if not requested + * nss: use the correct lock in nss_find_slot_by_name() + * usercertinmem.c: improve the short description + * CURLOPT_CONNECT_TO: Fix compile warnings + * docs: non-blocking SSL handshake is now supported with NSS + * *.rc: escape non-ASCII/non-UTF-8 character for clarity + * mbedTLS: fix multi interface non-blocking handshake + * PolarSSL: fix multi interface non-blocking handshake + * VC: remove the makefile.vc6 build infra + * telnet: fix windows compiler warnings + * cookies: do not assume a valid domain has a dot + * polarssl: fix hangs + * gnutls: disable TLS session tickets + * mbedtls: disable TLS session tickets + * mbedtls: implement CTR-DRBG and HAVEGE random generators + * openssl: Don't use certificate after transferring ownership + * cmake: Support curl --xattr when built with cmake + * OS400: Fix symbols + * docs: Add more HTTPS proxy documentation + * docs: use more HTTPS links + * cmdline-opts: Fixed build and test in out of source tree builds + * CHANGES.0: removed + * schannel: Remove incorrect SNI disabled message + * darwinssl: Avoid parsing certificates when not in verbose mode + * test552: Fix typos + * telnet: Fix typos + * transfer: only retry nobody-requests for HTTP + * http2: reset push header counter fixes crash + * nss: make FTPS work with --proxytunnel + * test1139: Added the --manual keyword since the manual is required + * polarssl, mbedtls: Fix detection of pending data + * http_proxy: Fix tiny memory leak upon edge case connecting to proxy + * URL: only accept ";options" in SMTP/POP3/IMAP URL schemes + * curl.1: ftp.sunet.se is no longer an FTP mirror + * tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT + * http2: fix memory-leak when denying push streams + * configure: Allow disabling pthreads, fall back on Win32 threads + * curl: fix typo in time condition warning message + * axtls: adapt to API changes + * tool_urlglob: Allow a glob range with the same start and stop + * winbuild: add note on auto-detection of MACHINE in Makefile.vc + * http: fix missing 'Content-Length: 0' while negotiating auth + * proxy: fix hostname resolution and IDN conversion + * docs: fix timeout handling in multi-uv example + * digest_sspi: Fix nonce-count generation in HTTP digest + * sftp: improved checks for create dir failures + * smb: use getpid replacement for windows UWP builds + * digest_sspi: Handle 'stale=TRUE' directive in HTTP digest +- Refresh curl-7.52.1-idn-fixes.patch and rename to + curl-7.53.0-idn-fixes.patch + ------------------------------------------------------------------- Sun Feb 5 22:33:33 UTC 2017 - astieger@suse.com diff --git a/curl.spec b/curl.spec index 14bab69..8cbd8c9 100644 --- a/curl.spec +++ b/curl.spec @@ -20,7 +20,7 @@ %bcond_with mozilla_nss %bcond_without testsuite Name: curl -Version: 7.52.1 +Version: 7.53.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT @@ -32,8 +32,7 @@ Source3: baselibs.conf Source4: https://daniel.haxx.se/mykey.asc#/%{name}.keyring Patch0: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff -Patch3: curl-secure-getenv.patch -Patch5: curl-7.52.1-idn-fixes.patch +Patch2: curl-secure-getenv.patch BuildRequires: groff BuildRequires: krb5-mini-devel BuildRequires: libidn2-devel @@ -97,8 +96,7 @@ user interaction or any kind of interactivity. %setup -q %patch0 %patch1 -%patch3 -%patch5 -p1 +%patch2 %build # curl complains if macro definition is contained in CFLAGS @@ -127,7 +125,8 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure %endif %endif --with-gssapi=%{_libexecdir}/mit \ - --with-libssh2\ + --with-libidn2 \ + --with-libssh2 \ --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver \ @@ -153,7 +152,7 @@ fi base=$((8990 + $BUILD_INCARNATION * 20)) # bug940009 do not run flaky tests for any architecture # at least test 1510 do fail for i586 and ppc64le -perl ./runtests.pl -a -b$base '!flaky' || exit +LANG=en_US.UTF-8 perl ./runtests.pl -a -b$base '!flaky' || exit popd %endif