diff --git a/curl-7.60.0.tar.gz b/curl-7.60.0.tar.gz deleted file mode 100644 index 1442e74..0000000 --- a/curl-7.60.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5 -size 3949173 diff --git a/curl-7.60.0.tar.gz.asc b/curl-7.60.0.tar.gz.asc deleted file mode 100644 index a800281..0000000 --- a/curl-7.60.0.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlr7zUoACgkQXMkI/bce -EsK4MAgArnvqXIdhdoXJ8iUGQgS1HOA7R2ug+KE35FdkhGeApkNgnmLkhzsPYqqF -nnwh75ZDVfHxxKtFs8xo6bH3zwFoek/fL+uVdNOzChGccFFV1HNphZuUqh8Mrr1A -tRW7FqjrfrD61dhd/arizHNbj/oo1B2ySJByFuqwW8zO9whLNX9PgtulZ9fk0D6O -P4p560qKhRSm3lw+n1ANAwnkf316EGC57fqKxF+09i/ZLXObS1PqvFArQWnL2H3P -ZfloOnVIAKnRAVO+FSOW/B7OzG3E7jKsmzOSzbKsVkXKAD4m+2FOqCcJYe0pgnJW -R4n3So9hnEVnqclaCa7hP+CkmdqHew== -=3Ago ------END PGP SIGNATURE----- diff --git a/curl-7.61.0.tar.gz b/curl-7.61.0.tar.gz new file mode 100644 index 0000000..873d92a --- /dev/null +++ b/curl-7.61.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64141f0db4945268a21b490d58806b97c615d3d0c75bf8c335bbe0efd13b45b5 +size 3964862 diff --git a/curl-7.61.0.tar.gz.asc b/curl-7.61.0.tar.gz.asc new file mode 100644 index 0000000..99efb3d --- /dev/null +++ b/curl-7.61.0.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAltFnUEACgkQXMkI/bce +EsKFUQgAml2m2W8qyDgxFApYfsd+OJYO8yx1/ogKJJrUK8SRZYPfR0aCb9klNkQu +FwwFos2B/nkxm898CBro5Lo3XiBmF3HL3schTJodb1lPP9It76yUD9J5EedrSosj +A+HzV3cPM53/pG/RUF3NhNZnye4JHwSxC92UffpMZ/HVDOhWbrJKFZLbl+lkcM2A +xMkzVDwdW6Zztze/2O3ZSvftwUoYM7u73/NQjRnhllWn/dXkc3obB2vVFfq7n0/o +zLZMoOWCbBp0Isj/sPQpUh12Q2W8KEDKm81m1IDaF0eJeA2lI3owIXsskXnqV02u +a4vLBlaRK9cSsnNPclZEix9G4I4RfA== +=Ygjy +-----END PGP SIGNATURE----- diff --git a/curl-mini.changes b/curl-mini.changes index 49a50fd..40eb40f 100644 --- a/curl-mini.changes +++ b/curl-mini.changes @@ -1,3 +1,112 @@ +------------------------------------------------------------------- +Tue Jul 17 13:56:05 UTC 2018 - pgajdos@suse.com + +- Update to version 7.62.0 + [bsc#1099793, CVE-2018-0500] + Changes: + * getinfo: add microsecond precise timers for seven intervals + * curl: show headers in bold, switch off with --no-styled-output + * httpauth: add support for Bearer tokens + * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS + * curl: --tls13-ciphers and --proxy-tls13-ciphers + * Add CURLOPT_DISALLOW_USERNAME_IN_URL + * curl: --disallow-username-in-url + Bugfixes: + * CVE-2018-0500: smtp: fix SMTP send buffer overflow + * schannel: disable client cert option if APIs not available + * schannel: disable manual verify if APIs not available + * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + * openssl: acknowledge --tls-max for default version too + * stub_gssapi: fix 'unused parameter' warnings + * examples/progressfunc: make it build on both new and old libcurls + * docs: mention it is HA Proxy protocol "version 1" + * curl_fnmatch: only allow two asterisks for matching + * docs: clarify CURLOPT_HTTPGET + * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE + * configure: do compile-time SIZEOF checks instead of run-time + * checksrc: make sure sizeof() is used *with* parentheses + * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit + * schannel: make CAinfo parsing resilient to CR/LF + * tftp: make sure error is zero terminated before printfing it + * http resume: skip body if http code 416 (range error) is ignored + * configure: add basic test of --with-ssl prefix + * cmake: set -d postfix for debug builds + * multi: provide a socket to wait for in Curl_protocol_getsock + * content_encoding: handle zlib versions too old for Z_BLOCK + * winbuild: only delete OUTFILE if it exists + * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + * schannel: add failf calls for client certificate failures + * cmake: Fix the test for fsetxattr and strerror_r + * curl.1: Fix cmdline-opts reference errors + * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options + * cmake: check for getpwuid_r + * configure: fix ssh2 linking when built with a static mbedtls + * psl: use latest psl and refresh it periodically + * fnmatch: insist on escaped bracket to match + * KNOWN_BUGS: restore text regarding #2101 + * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + * configure: override AR_FLAGS to silence warning + * os400: implement mime api EBCDIC wrappers + * curl.rc: embed manifest for correct Windows version detection + * strictness: correct {infof, failf} format specifiers + * tests: update .gitignore for libtests + * configure: check for declaration of getpwuid_r + * fnmatch: use the system one if available + * CURLOPT_RESOLVE: always purge old entry first + * multi: remove a potentially bad DEBUGF() + * curl_addrinfo: use same #ifdef conditions in source as header + * build: remove the Borland specific makefiles + * axTLS: not considered fit for use + * cmdline-opts/cert-type.d: mention "p12" as a recognized type + * system.h: add support for IBM xlc C compiler + * tests/libtest: Add lib1521 to nodist_SOURCES + * mk-ca-bundle.pl: leave certificate name untouched + * boringssl + schannel: undef X509_NAME in lib/schannel.h + * openssl: assume engine support in 1.0.1 or later + * cppcheck: fix warnings + * test 46: make test pass after year 2025 + * schannel: support selecting ciphers + * Curl_debug: remove dead printhost code + * test 1455: unflakified + * Curl_init_do: handle NULL connection pointer passed in + * progress: remove a set of unused defines + * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed + * GOVERNANCE.md: explains how this project is run + * configure: use pkg-config for c-ares detection + * configure: enhance ability to build with static openssl + * maketgz: fix sed issues on OSX + * multi: fix memory leak when stopped during name resolve + * CURLOPT_INTERFACE.3: interface names not supported on Windows + * url: fix dangling conn->data pointer + * cmake: allow multiple SSL backends + * system.h: fix for gcc on 32 bit OpenServer + * ConnectionExists: make sure conn->data is set when "taking" a connection + * multi: fix crash due to dangling entry in connect-pending list + * CURLOPT_SSL_VERIFYPEER.3: Add performance note + * netrc: use a larger buffer to support longer passwords + * url: check Curl_conncache_add_conn return code + * configure: Add dependent libraries after crypto + * easy_perform: faster local name resolves by using *multi_timeout() + * getnameinfo: not used, removed all configure checks + * travis: add a build using the synchronous name resolver + * CURLINFO_TLS_SSL_PTR.3: improve the example + * openssl: allow TLS 1.3 by default + * openssl: make the requested TLS version the *minimum* wanted + * openssl: Remove some dead code + * telnet: fix clang warnings + * DEPRECATE: new doc describing planned item removals + * example/crawler.c: simple crawler based on libxml2 + * libssh: goto DISCONNECT state on error, not SESSION_FREE + * CMake: Remove unused functions + * darwinssl: allow High Sierra users to build the code using GCC + * scripts: include _curl as part of CLEANFILES + * examples: fix -Wformat warnings + * curl_setup: include before + * schannel: make more cipher options conditional + * CMake: remove redundant and old end-of-block syntax + * post303.d: clarify that this is an RFC violation +- refreshed libcurl-ocloexec.patch + ------------------------------------------------------------------- Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com diff --git a/curl-mini.spec b/curl-mini.spec index dd60852..f4f5bd8 100644 --- a/curl-mini.spec +++ b/curl-mini.spec @@ -29,7 +29,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl-mini -Version: 7.60.0 +Version: 7.61.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -45,6 +45,7 @@ Patch2: curl-secure-getenv.patch Patch3: ignore_runtests_failure.patch # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch4: curl-disabled-redirect-protocol-message.patch +Patch5: curl-use_OPENSSL_config.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4%{?mini} = %{version} @@ -117,13 +118,14 @@ user interaction or any kind of interactivity. %prep %setup -q -n curl-%{version} -%patch0 +%patch0 -p1 %patch1 %patch2 %ifarch ppc ppc64 ppc64le %patch3 -p1 %endif %patch4 -p1 +%patch5 -p1 %build # curl complains if macro definition is contained in CFLAGS diff --git a/curl.changes b/curl.changes index 49a50fd..40eb40f 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,112 @@ +------------------------------------------------------------------- +Tue Jul 17 13:56:05 UTC 2018 - pgajdos@suse.com + +- Update to version 7.62.0 + [bsc#1099793, CVE-2018-0500] + Changes: + * getinfo: add microsecond precise timers for seven intervals + * curl: show headers in bold, switch off with --no-styled-output + * httpauth: add support for Bearer tokens + * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS + * curl: --tls13-ciphers and --proxy-tls13-ciphers + * Add CURLOPT_DISALLOW_USERNAME_IN_URL + * curl: --disallow-username-in-url + Bugfixes: + * CVE-2018-0500: smtp: fix SMTP send buffer overflow + * schannel: disable client cert option if APIs not available + * schannel: disable manual verify if APIs not available + * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + * openssl: acknowledge --tls-max for default version too + * stub_gssapi: fix 'unused parameter' warnings + * examples/progressfunc: make it build on both new and old libcurls + * docs: mention it is HA Proxy protocol "version 1" + * curl_fnmatch: only allow two asterisks for matching + * docs: clarify CURLOPT_HTTPGET + * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE + * configure: do compile-time SIZEOF checks instead of run-time + * checksrc: make sure sizeof() is used *with* parentheses + * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit + * schannel: make CAinfo parsing resilient to CR/LF + * tftp: make sure error is zero terminated before printfing it + * http resume: skip body if http code 416 (range error) is ignored + * configure: add basic test of --with-ssl prefix + * cmake: set -d postfix for debug builds + * multi: provide a socket to wait for in Curl_protocol_getsock + * content_encoding: handle zlib versions too old for Z_BLOCK + * winbuild: only delete OUTFILE if it exists + * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + * schannel: add failf calls for client certificate failures + * cmake: Fix the test for fsetxattr and strerror_r + * curl.1: Fix cmdline-opts reference errors + * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options + * cmake: check for getpwuid_r + * configure: fix ssh2 linking when built with a static mbedtls + * psl: use latest psl and refresh it periodically + * fnmatch: insist on escaped bracket to match + * KNOWN_BUGS: restore text regarding #2101 + * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + * configure: override AR_FLAGS to silence warning + * os400: implement mime api EBCDIC wrappers + * curl.rc: embed manifest for correct Windows version detection + * strictness: correct {infof, failf} format specifiers + * tests: update .gitignore for libtests + * configure: check for declaration of getpwuid_r + * fnmatch: use the system one if available + * CURLOPT_RESOLVE: always purge old entry first + * multi: remove a potentially bad DEBUGF() + * curl_addrinfo: use same #ifdef conditions in source as header + * build: remove the Borland specific makefiles + * axTLS: not considered fit for use + * cmdline-opts/cert-type.d: mention "p12" as a recognized type + * system.h: add support for IBM xlc C compiler + * tests/libtest: Add lib1521 to nodist_SOURCES + * mk-ca-bundle.pl: leave certificate name untouched + * boringssl + schannel: undef X509_NAME in lib/schannel.h + * openssl: assume engine support in 1.0.1 or later + * cppcheck: fix warnings + * test 46: make test pass after year 2025 + * schannel: support selecting ciphers + * Curl_debug: remove dead printhost code + * test 1455: unflakified + * Curl_init_do: handle NULL connection pointer passed in + * progress: remove a set of unused defines + * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed + * GOVERNANCE.md: explains how this project is run + * configure: use pkg-config for c-ares detection + * configure: enhance ability to build with static openssl + * maketgz: fix sed issues on OSX + * multi: fix memory leak when stopped during name resolve + * CURLOPT_INTERFACE.3: interface names not supported on Windows + * url: fix dangling conn->data pointer + * cmake: allow multiple SSL backends + * system.h: fix for gcc on 32 bit OpenServer + * ConnectionExists: make sure conn->data is set when "taking" a connection + * multi: fix crash due to dangling entry in connect-pending list + * CURLOPT_SSL_VERIFYPEER.3: Add performance note + * netrc: use a larger buffer to support longer passwords + * url: check Curl_conncache_add_conn return code + * configure: Add dependent libraries after crypto + * easy_perform: faster local name resolves by using *multi_timeout() + * getnameinfo: not used, removed all configure checks + * travis: add a build using the synchronous name resolver + * CURLINFO_TLS_SSL_PTR.3: improve the example + * openssl: allow TLS 1.3 by default + * openssl: make the requested TLS version the *minimum* wanted + * openssl: Remove some dead code + * telnet: fix clang warnings + * DEPRECATE: new doc describing planned item removals + * example/crawler.c: simple crawler based on libxml2 + * libssh: goto DISCONNECT state on error, not SESSION_FREE + * CMake: Remove unused functions + * darwinssl: allow High Sierra users to build the code using GCC + * scripts: include _curl as part of CLEANFILES + * examples: fix -Wformat warnings + * curl_setup: include before + * schannel: make more cipher options conditional + * CMake: remove redundant and old end-of-block syntax + * post303.d: clarify that this is an RFC violation +- refreshed libcurl-ocloexec.patch + ------------------------------------------------------------------- Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com diff --git a/curl.spec b/curl.spec index 9c82963..6665438 100644 --- a/curl.spec +++ b/curl.spec @@ -27,7 +27,7 @@ # need ssl always for python-pycurl %bcond_without openssl Name: curl -Version: 7.60.0 +Version: 7.61.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: curl @@ -116,7 +116,7 @@ user interaction or any kind of interactivity. %prep %setup -q -n curl-%{version} -%patch0 +%patch0 -p1 %patch1 %patch2 %ifarch ppc ppc64 ppc64le diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch index 243e76c..7621a6a 100644 --- a/libcurl-ocloexec.patch +++ b/libcurl-ocloexec.patch @@ -7,10 +7,10 @@ To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. -Index: lib/file.c +Index: curl-7.61.0/lib/file.c =================================================================== ---- lib/file.c.orig -+++ lib/file.c +--- curl-7.61.0.orig/lib/file.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/file.c 2018-07-17 15:47:25.259601877 +0200 @@ -190,7 +190,7 @@ static CURLcode file_connect(struct conn return CURLE_URL_MALFORMAT; } @@ -20,7 +20,7 @@ Index: lib/file.c file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -285,7 +285,7 @@ static CURLcode file_upload(struct conne +@@ -283,7 +283,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; @@ -29,10 +29,10 @@ Index: lib/file.c if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; -Index: lib/hostip6.c +Index: curl-7.61.0/lib/hostip6.c =================================================================== ---- lib/hostip6.c.orig -+++ lib/hostip6.c +--- curl-7.61.0.orig/lib/hostip6.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/hostip6.c 2018-07-17 15:47:25.259601877 +0200 @@ -44,7 +44,7 @@ #ifdef HAVE_PROCESS_H #include @@ -42,7 +42,7 @@ Index: lib/hostip6.c #include "urldata.h" #include "sendf.h" #include "hostip.h" -@@ -103,7 +103,7 @@ bool Curl_ipv6works(void) +@@ -70,7 +70,7 @@ bool Curl_ipv6works(void) static int ipv6_works = -1; if(-1 == ipv6_works) { /* probe to see if we have a working IPv6 stack */ @@ -51,10 +51,10 @@ Index: lib/hostip6.c if(s == CURL_SOCKET_BAD) /* an IPv6 address was requested but we can't get/use one */ ipv6_works = 0; -Index: lib/if2ip.c +Index: curl-7.61.0/lib/if2ip.c =================================================================== ---- lib/if2ip.c.orig -+++ lib/if2ip.c +--- curl-7.61.0.orig/lib/if2ip.c 2018-05-07 10:20:04.000000000 +0200 ++++ curl-7.61.0/lib/if2ip.c 2018-07-17 15:47:25.259601877 +0200 @@ -225,7 +225,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -64,11 +64,11 @@ Index: lib/if2ip.c if(CURL_SOCKET_BAD == dummy) return IF2IP_NOT_FOUND; -Index: lib/connect.c +Index: curl-7.61.0/lib/connect.c =================================================================== ---- lib/connect.c.orig -+++ lib/connect.c -@@ -1389,7 +1389,7 @@ CURLcode Curl_socket(struct connectdata +--- curl-7.61.0.orig/lib/connect.c 2018-07-09 08:42:12.000000000 +0200 ++++ curl-7.61.0/lib/connect.c 2018-07-17 15:47:25.259601877 +0200 +@@ -1387,7 +1387,7 @@ CURLcode Curl_socket(struct connectdata } else /* opensocket callback not set, so simply create the socket now */ @@ -77,15 +77,16 @@ Index: lib/connect.c if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ -Index: configure.ac +Index: curl-7.61.0/configure.ac =================================================================== ---- configure.ac.orig -+++ configure.ac -@@ -188,6 +188,7 @@ AC_CANONICAL_HOST - dnl Get system canonical name - AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +--- curl-7.61.0.orig/configure.ac 2018-07-17 15:47:25.263601899 +0200 ++++ curl-7.61.0/configure.ac 2018-07-17 15:49:06.252122189 +0200 +@@ -191,6 +191,8 @@ AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-m + # Silence warning: ar: 'u' modifier ignored since 'D' is the default + AC_SUBST(AR_FLAGS, [cr]) +AC_USE_SYSTEM_EXTENSIONS - dnl Checks for programs. - ++ dnl This defines _ALL_SOURCE for AIX + CURL_CHECK_AIX_ALL_SOURCE +