pool/curl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1142991 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

Browse Source 
- Update to 8.6.0: [bsc#1219149, CVE-2024-0853]
  * Security fixes:
    - CVE-2024-0853: OCSP verification bypass with TLS session reuse
  * Changes:
    - add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T
  * Bugfixes:
    - altsvc: free 'as' when returning error
    - asyn-ares: with modern c-ares, use its default timeout
    - cf-socket: show errno in tcpkeepalive error messages
    - cmdline-opts: update availability for the *-ca-native options
    - configure: when enabling QUIC, check that TLS supports QUIC
    - content_encoding: change return code to typedef'ed enum
    - curl: show ipfs and ipns as supported "protocols"
    - CURLINFO_REFERER.3: clarify that it is the *request* header
    - dist: add tests/errorcodes.pl to the tarball
    - gen.pl: support ## for doing .IP in table-like lists
    - GHA: bump ngtcp2, gnutls, mod_h2, quiche
    - hostip: return error immediately when Curl_ip2addr() fails
    - http3/quiche: fix result code on a stream reset
    - http3: initial support for OpenSSL 3.2 QUIC stack
    - http: check for "Host:" case insensitively
    - http: fix off-by-one error in request method length check
    - http: only act on 101 responses when they are HTTP/1.1
    - lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
    - lib: error out on multissl + http3
    - lib: fix variable undeclared error caused by `infof` changes
    - lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
    - lib: strndup/memdup instead of malloc, memcpy and null-terminate
    - libssh2: use `libssh2_session_callback_set2()` with v1.11.1
    - ngtcp2: put h3 at the front of alpn

OBS-URL: https://build.opensuse.org/request/show/1142991
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=352
This commit is contained in:
David Anes 2024-01-31 12:17:58 +00:00 committed by Git OBS Bridge
parent 030555bd2f
commit ce6f51d0bc
9 changed files with 71 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
curl-8.5.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb
size 2658520

11
curl-8.5.0.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmVwH74ACgkQXMkI/bce
EsJTjQgApzxL4B3UzTgozV3zElM2bE1tVeAnWzBvvgBr66n8Avj3qJv0OStRTm5I
GATuiWLFBKHEzrKJbApWiH8nwsKK/ZvlrAe6SyJ5jehK1l51da1LSnI/SkFt7him
EX2R9Eq8HWD5jhiHOYETFZ9U7aqf+OOnrRevzFs+GCcZqn6M4DKXc9gJCc2qgill
y9PfHrxLELJscPCw19fw9Hoo4QkcHKP1oOy4uha4iqDUmnFW9WTexVHAGOTMrJwl
6OZ+5apsaBB7+rambVnyeOx2DfpAsScmaXtaLNIBBDfNbBPkOA3lgmDZr/6KiSP1
Pr9Y2WDkGKgodo7NeRAHJl/WE+CMmQ==
=XAIZ
-----END PGP SIGNATURE-----

BIN
curl-8.6.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

11
curl-8.6.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmW58RcACgkQXMkI/bce
EsKLvgf9Em0etBEnbJzkhmCiKUOfn3sTKhIHA4y1/O+anaNfEx0E89VUQuFZRcUz
i4ENOVjTXxVy4zZUobOOWz7RXrvv6XnX9A++RYkBoEk4mmNB3A6ShsTeCR2mS4yi
dL5UfH2YEu7B6x/ONROKKuGawsqw0D6wzVgrD+J1e8Bu+1P8YOUqsQWVJmJFlYMN
2A8NP4GZHnmP3rnupx1RY3/MgJU0FjlQ428BOA7PIiYKEVto0dp6cqd4AQsLgQPy
J1RBcge1Uwqe+k/IenUx7bUaQfr+NY34ryrMxbLPghPimfeyjjsDxyr+OwoQM1aw
64WqLXBgQmhluT0STyHdD0Tc/JHYrw==
=GboB
-----END PGP SIGNATURE-----

74
curl-adjust-pollset-fix.patch
View File

@ -1,74 +0,0 @@
From 3a24ef09af5fe7fdd672dee72ff760f871105a03 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 4 Jan 2024 10:06:17 +0100
Subject: [PATCH] adjust_pollset fix
- do not add a socket for POLLIN when the transfer does not
want to send (for example is paused).
- refs #12632
---
lib/cf-socket.c | 2 +-
lib/http2.c | 4 ++--
lib/vquic/curl_ngtcp2.c | 7 ++++---
lib/vquic/curl_quiche.c | 2 +-
4 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/lib/cf-socket.c b/lib/cf-socket.c
index bd4f0d1e97e2d3..c86aa7e7c2a969 100644
--- a/lib/cf-socket.c
+++ b/lib/cf-socket.c
@@ -1243,7 +1243,7 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf,
if(ctx->sock != CURL_SOCKET_BAD) {
if(!cf->connected)
Curl_pollset_set_out_only(data, ps, ctx->sock);
- else
+ else if(CURL_WANT_RECV(data))
Curl_pollset_add_in(data, ps, ctx->sock);
CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);
}
diff --git a/lib/http2.c b/lib/http2.c
index dcc24ea102302c..b7a08607945357 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2341,8 +2341,8 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf,
bool c_exhaust, s_exhaust;
CF_DATA_SAVE(save, cf, data);
- c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2);
- s_exhaust = stream && stream->id >= 0 &&
+ c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2);
+ s_exhaust = want_send && stream && stream->id >= 0 &&
!nghttp2_session_get_stream_remote_window_size(ctx->h2,
stream->id);
want_recv = (want_recv || c_exhaust || s_exhaust);
diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index f4edf2d636ef93..89f690462d640b 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1166,9 +1166,10 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf,
bool c_exhaust, s_exhaust;
CF_DATA_SAVE(save, cf, data);
- c_exhaust = !ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
- !ngtcp2_conn_get_max_data_left(ctx->qconn);
- s_exhaust = stream && stream->id >= 0 && stream->quic_flow_blocked;
+ c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) ||
+ !ngtcp2_conn_get_max_data_left(ctx->qconn));
+ s_exhaust = want_send && stream && stream->id >= 0 &&
+ stream->quic_flow_blocked;
want_recv = (want_recv || c_exhaust || s_exhaust);
want_send = (!s_exhaust && want_send) ||
!Curl_bufq_is_empty(&ctx->q.sendbuf);
diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
index 33c2621dc8bf63..9c4df2df0f6955 100644
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -1189,7 +1189,7 @@ static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf,
c_exhaust = FALSE; /* Have not found any call in quiche that tells
us if the connection itself is blocked */
- s_exhaust = stream && stream->id >= 0 &&
+ s_exhaust = want_send && stream && stream->id >= 0 &&
(stream->quic_flow_blocked || !stream_is_writeable(cf, data));
want_recv = (want_recv || c_exhaust || s_exhaust);
want_send = (!s_exhaust && want_send) ||

150
curl-tests-errorcodes.patch
View File

@ -1,150 +0,0 @@
From da8c1d15782c8161b455a7ee90197c16ae5edb90 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 6 Dec 2023 09:40:30 +0100
Subject: [PATCH] dist: add tests/errorcodes.pl to the tarball
Used by test 1477
Reported-by: Xi Ruoyao
Follow-up to 0ca3a4ec9a7
Fixes #12462
Closes #12463
---
tests/Makefile.am | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
Index: curl-8.5.0/tests/Makefile.am
===================================================================
--- curl-8.5.0.orig/tests/Makefile.am
+++ curl-8.5.0/tests/Makefile.am
@@ -26,15 +26,17 @@ HTMLPAGES = testcurl.html runtests.html
PDFPAGES = testcurl.pdf runtests.pdf
MANDISTPAGES = runtests.1.dist testcurl.1.dist
-EXTRA_DIST = appveyor.pm azure.pm badsymbols.pl check-deprecated.pl CMakeLists.txt \
- devtest.pl dictserver.py directories.pm disable-scan.pl error-codes.pl extern-scan.pl FILEFORMAT.md \
- processhelp.pm ftpserver.pl getpart.pm globalconfig.pm http-server.pl http2-server.pl \
- http3-server.pl manpage-scan.pl manpage-syntax.pl markdown-uppercase.pl mem-include-scan.pl \
- memanalyze.pl negtelnetserver.py nroff-scan.pl option-check.pl options-scan.pl \
- pathhelp.pm README.md rtspserver.pl runner.pm runtests.1 runtests.pl secureserver.pl \
- serverhelp.pm servers.pm smbserver.py sshhelp.pm sshserver.pl stunnel.pem symbol-scan.pl \
- testcurl.1 testcurl.pl testutil.pm tftpserver.pl util.py valgrind.pm \
- valgrind.supp version-scan.pl check-translatable-options.pl
+EXTRA_DIST = appveyor.pm azure.pm badsymbols.pl check-deprecated.pl \
+ CMakeLists.txt devtest.pl dictserver.py directories.pm disable-scan.pl \
+ error-codes.pl extern-scan.pl FILEFORMAT.md processhelp.pm ftpserver.pl \
+ getpart.pm globalconfig.pm http-server.pl http2-server.pl http3-server.pl \
+ manpage-scan.pl manpage-syntax.pl markdown-uppercase.pl mem-include-scan.pl \
+ memanalyze.pl negtelnetserver.py nroff-scan.pl option-check.pl \
+ options-scan.pl pathhelp.pm README.md rtspserver.pl runner.pm runtests.1 \
+ runtests.pl secureserver.pl serverhelp.pm servers.pm smbserver.py sshhelp.pm \
+ sshserver.pl stunnel.pem symbol-scan.pl testcurl.1 testcurl.pl testutil.pm \
+ tftpserver.pl util.py valgrind.pm valgrind.supp version-scan.pl \
+ check-translatable-options.pl errorcodes.pl
DISTCLEANFILES = configurehelp.pm
Index: curl-8.5.0/tests/errorcodes.pl
===================================================================
--- /dev/null
+++ curl-8.5.0/tests/errorcodes.pl
@@ -0,0 +1,99 @@
+#!/usr/bin/env perl
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+
+# Check that libcurl-errors.3 and the public header files have the same set of
+# error codes.
+
+use strict;
+use warnings;
+
+# we may get the dir roots pointed out
+my $root=$ARGV[0] || ".";
+my $manpge = "$root/docs/libcurl/libcurl-errors.3";
+my $curlh = "$root/include/curl";
+my $errors=0;
+
+my @hnames;
+my %wherefrom;
+my @mnames;
+my %manfrom;
+
+sub scanheader {
+ my ($file)=@_;
+ open H, "<$file";
+ my $line = 0;
+ while(<H>) {
+ $line++;
+ if($_ =~ /^ (CURL(E|UE|SHE|HE|M)_[A-Z0-9_]*)/) {
+ my ($name)=($1);
+ if(($name !~ /OBSOLETE/) && ($name !~ /_LAST\z/)) {
+ push @hnames, $name;
+ if($wherefrom{$name}) {
+ print STDERR "double: $name\n";
+ }
+ $wherefrom{$name}="$file:$line";
+ }
+ }
+ }
+ close(H);
+}
+
+sub scanmanpage {
+ my ($file)=@_;
+ open H, "<$file";
+ my $line = 0;
+ while(<H>) {
+ $line++;
+ if($_ =~ /^\.IP \"(CURL(E|UE|SHE|HE|M)_[A-Z0-9_]*)/) {
+ my ($name)=($1);
+ push @mnames, $name;
+ $manfrom{$name}="$file:$line";
+ }
+ }
+ close(H);
+}
+
+
+opendir(my $dh, $curlh) || die "Can't opendir $curlh: $!";
+my @hfiles = grep { /\.h$/ } readdir($dh);
+closedir $dh;
+
+for(sort @hfiles) {
+ scanheader("$curlh/$_");
+}
+scanmanpage($manpge);
+
+print "Result\n";
+for my $h (sort @hnames) {
+ if(!$manfrom{$h}) {
+ printf "$h from %s, not in man page\n", $wherefrom{$h};
+ }
+}
+
+for my $m (sort @mnames) {
+ if(!$wherefrom{$m}) {
+ printf "$m from %s, not in any header\n", $manfrom{$m};
+ }
+}

50
curl.changes
View File

@ -1,3 +1,53 @@
-------------------------------------------------------------------
Wed Jan 31 09:11:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 8.6.0: [bsc#1219149, CVE-2024-0853]
* Security fixes:
- CVE-2024-0853: OCSP verification bypass with TLS session reuse
* Changes:
- add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T
* Bugfixes:
- altsvc: free 'as' when returning error
- asyn-ares: with modern c-ares, use its default timeout
- cf-socket: show errno in tcpkeepalive error messages
- cmdline-opts: update availability for the *-ca-native options
- configure: when enabling QUIC, check that TLS supports QUIC
- content_encoding: change return code to typedef'ed enum
- curl: show ipfs and ipns as supported "protocols"
- CURLINFO_REFERER.3: clarify that it is the *request* header
- dist: add tests/errorcodes.pl to the tarball
- gen.pl: support ## for doing .IP in table-like lists
- GHA: bump ngtcp2, gnutls, mod_h2, quiche
- hostip: return error immediately when Curl_ip2addr() fails
- http3/quiche: fix result code on a stream reset
- http3: initial support for OpenSSL 3.2 QUIC stack
- http: check for "Host:" case insensitively
- http: fix off-by-one error in request method length check
- http: only act on 101 responses when they are HTTP/1.1
- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
- lib: error out on multissl + http3
- lib: fix variable undeclared error caused by `infof` changes
- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
- lib: strndup/memdup instead of malloc, memcpy and null-terminate
- libssh2: use `libssh2_session_callback_set2()` with v1.11.1
- ngtcp2: put h3 at the front of alpn
- openldap: fix an LDAP crash
- openldap: fix STARTTLS
- openssl: re-match LibreSSL deinit with init
- rtsp: deal with borked server responses
- sasl: make login option string override http auth
- tool: prepend output_dir in header callback
- tool_getparam: stop supporting `@filename` style for --cookie
- transfer: fix upload rate limiting, add test cases
- url: don't set default CA paths for Secure Transport backend
- url: for disabled protocols, mention if found in redirect
- vquic: extract TLS setup into own source
- websockets: check for negative payload lengths
* Remove patches fixed upstream:
- curl-adjust-pollset-fix.patch
- curl-tests-errorcodes.patch
* Rebase dont-mess-with-rpmoptflags.patch
-------------------------------------------------------------------
Fri Jan 5 17:54:08 UTC 2024 - Michael Pujos <pujos.michael@gmail.com>

7
curl.spec
View File

@ -21,7 +21,7 @@
# need ssl always for python-pycurl
%bcond_without openssl
Name: curl
Version: 8.5.0
Version: 8.6.0
Release: 0
Summary: A Tool for Transferring Data from URLs
License: curl
@ -35,10 +35,6 @@ Patch1: dont-mess-with-rpmoptflags.patch
Patch2: curl-secure-getenv.patch
#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
Patch3: curl-disabled-redirect-protocol-message.patch
#PATCH-FIX-UPSTREAM dist: add tests/errorcodes.pl to the tarball
Patch4: curl-tests-errorcodes.patch
# fix MPD http streaming: https://github.com/curl/curl/issues/12632
Patch5: curl-adjust-pollset-fix.patch
BuildRequires: libtool
BuildRequires: pkgconfig
Requires: libcurl4 = %{version}
@ -174,6 +170,7 @@ popd
%{_bindir}/curl
%{_datadir}/zsh/site-functions/_curl
%{_mandir}/man1/curl.1%{?ext_man}
%{_mandir}/man1/mk-ca-bundle.1%{?ext_man}
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%dir %{_datadir}/fish/

10
dont-mess-with-rpmoptflags.patch
View File

@ -1,11 +1,11 @@
Index: curl-7.82.0/configure.ac
Index: curl-8.6.0/configure.ac
===================================================================
--- curl-7.82.0.orig/configure.ac
+++ curl-7.82.0/configure.ac
@@ -395,10 +395,6 @@ dnl platform/compiler/architecture speci
dnl **********************************************************************
--- curl-8.6.0.orig/configure.ac
+++ curl-8.6.0/configure.ac
@@ -506,10 +506,6 @@ dnl ************************************
CURL_CHECK_COMPILER
CURL_CHECK_NATIVE_WINDOWS
-CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
-CURL_SET_COMPILER_OPTIMIZE_OPTS