diff --git a/curl-7.50.3.tar.lzma b/curl-7.50.3.tar.lzma deleted file mode 100644 index 4ff9660..0000000 --- a/curl-7.50.3.tar.lzma +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8c5457e2ecfc38d7e1103bf5e0f87895222340200de9ceefd300c3420698f5ea -size 6003154 diff --git a/curl-7.50.3.tar.lzma.asc b/curl-7.50.3.tar.lzma.asc deleted file mode 100644 index 8ca7e40..0000000 --- a/curl-7.50.3.tar.lzma.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABCgAGBQJX2OcWAAoJEFzJCP23HhLCOUkH/A+cGespPSg0Z8DH8P+VGBf2 -r4kKlx+BktOFmD9v35EGTUpLAmJ7rH573kOXXTuu4uBLN5P05Vy2Y6Pb3RJkutJA -uXPg0tvIyopGWKSEPEsffk83YkunKr0DaCfILM2XyMZpAEvS6hUf+RZmSTOqNn8Y -Yn6zO1FnhG/407w1T63eFovbfbjo4Qwh+CYkfLhzj9niGEEinocUqkni4F1AH1vj -W1iCLCEa13bcBU1lw1AuPPYz8S5hAeOmZB2PQUj/Qa9rQq5iAfwfCuVAU8u/mVo1 -0LFzwh7/iV0a73GXL1KaCJ1MkiDgZwoSdtjLm+k0hcpOJR0NwU4TjLC7EyXEBrI= -=s7H5 ------END PGP SIGNATURE----- diff --git a/curl-7.51.0.tar.lzma b/curl-7.51.0.tar.lzma new file mode 100644 index 0000000..c63ed7b --- /dev/null +++ b/curl-7.51.0.tar.lzma @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9eef5f6bbb972ffc631f4c76cfe93161bf5186926133c77267b24f5191700518 +size 2061223 diff --git a/curl-7.51.0.tar.lzma.asc b/curl-7.51.0.tar.lzma.asc new file mode 100644 index 0000000..9bf5185 --- /dev/null +++ b/curl-7.51.0.tar.lzma.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- + +iQEcBAABCgAGBQJYGY4MAAoJEFzJCP23HhLCNkQH/0AjH+fRd4vuv9/AoO2CjZGf +JEXOPF2ZfKeBKc14dPfxhNj/klX3JvmLG9Z1jZLySWYl1/be0CM0LSoxh11rtioO +FiScVNNdUOUnJ6b8m0qVoX1wx9lCn3pjVKGzkfCx4pZ3eZDhtSRBbKNe+92fSOTk +nnMEDDj9q9C++yO8EMifDBfyX2u+JCpvnUu3EFa/znRjZB88Uyrc9Li+fl4aBfo1 +IyH8EGmM0QkYBuGZhQBGg6mYg8LkG0JROHpk+j3lh9hZNA2An7tIEhbqoktaLW2i +Ude6R2g2/AdqfZrifY3fBXHc4d0XO4T7GIGREmo4TKDHTLDthKSNTTHt2a9dpiI= +=v+YR +-----END PGP SIGNATURE----- diff --git a/curl.changes b/curl.changes index ee42980..896df71 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,74 @@ +------------------------------------------------------------------- +Wed Nov 2 07:15:44 UTC 2016 - idonmez@suse.com + +- Update to 7.51.0 + Changes: + * nss: additional cipher suites are now accepted by + CURLOPT_SSL_CIPHER_LIST + * New option: CURLOPT_KEEP_SENDING_ON_ERROR + Bugfixes: + * CVE-2016-8615: cookie injection for other servers + * CVE-2016-8616: case insensitive password comparison + * CVE-2016-8617: OOB write via unchecked multiplication + * CVE-2016-8618: double-free in curl_maprintf + * CVE-2016-8619: double-free in krb5 code + * CVE-2016-8620: glob parser write/read out of bounds + * CVE-2016-8621: curl_getdate read out of bounds + * CVE-2016-8622: URL unescape heap overflow via integer truncation + * CVE-2016-8623: Use-after-free via shared cookies + * CVE-2016-8624: invalid URL parsing with '#' + * CVE-2016-8625: IDNA 2003 makes curl use wrong host + * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 + * http: accept "Transfer-Encoding: chunked" for HTTP/2 as well + * LICENSE-MIXING.md: update with mbedTLS dual licensing + * examples/imap-append: Set size of data to be uploaded + * test2048: fix url + * darwinssl: disable RC4 cipher-suite support + * CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting + * openssl: don’t call CRYTPO_cleanup_all_ex_data + * libressl: fix version output + * easy: Reset all statistical session info in curl_easy_reset + * curl_global_cleanup.3: don't unload the lib with sub threads running + * dist: add CurlSymbolHiding.cmake to the tarball + * docs: Remove that --proto is just used for initial retrieval + * configure: Fixed builds with libssh2 in a custom location + * curl.1: --trace supports % for sending to stderr! + * cookies: same domain handling changed to match browser behavior + * formpost: trying to attach a directory no longer crashes + * CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning + * formpost: avoid silent snprintf() truncation + * ftp: fix Curl_ftpsendf + * mprintf: return error on too many arguments + * smb: properly check incoming packet boundaries + * GIT-INFO: remove the Mac 10.1-specific details + * resolve: add error message when resolving using SIGALRM + * cmake: add nghttp2 support + * dist: remove PDF and HTML converted docs from the releases + * configure: disable poll() in macOS builds + * vtls: only re-use session-ids using the same scheme + * pipelining: skip to-be-closed connections when pipelining + * win: fix Universal Windows Platform build + * curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically + * maketgz: make it support "only" generating version info + * Curl_socket_check: add extra check to avoid integer overflow + * gopher: properly return error for poll failures + * curl: set INTERLEAVEDATA too + * polarssl: clear thread array at init + * polarssl: fix unaligned SSL session-id lock + * polarssl: reduce #ifdef madness with a macro + * curl_multi_add_handle: set timeouts in closure handles + * configure: set min version flags for builds on mac + * INSTALL: converted to markdown => INSTALL.md + * curl_multi_remove_handle: fix a double-free + * multi: fix inifinte loop in curl_multi_cleanup() + * nss: fix tight loop in non-blocking TLS handhsake over proxy + * mk-ca-bundle: Change URL retrieval to HTTPS-only by default + * mbedtls: stop using deprecated include file + * docs: fix req->data in multi-uv example + * configure: Fix test syntax for monotonic clock_gettime + * CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 +- Refresh libcurl-ocloexec.patch + ------------------------------------------------------------------- Wed Sep 14 07:13:02 UTC 2016 - idonmez@suse.com diff --git a/curl.spec b/curl.spec index fd6ca0a..b556873 100644 --- a/curl.spec +++ b/curl.spec @@ -20,7 +20,7 @@ %bcond_with mozilla_nss %bcond_without testsuite Name: curl -Version: 7.50.3 +Version: 7.51.0 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT diff --git a/libcurl-ocloexec.patch b/libcurl-ocloexec.patch index 75d2d5e..f8d632e 100644 --- a/libcurl-ocloexec.patch +++ b/libcurl-ocloexec.patch @@ -9,9 +9,9 @@ compile time is not enough. Index: lib/file.c =================================================================== ---- lib/file.c.orig 2016-07-21 00:31:36.000000000 +0200 -+++ lib/file.c 2016-07-21 11:39:54.121170539 +0200 -@@ -241,7 +241,7 @@ static CURLcode file_connect(struct conn +--- lib/file.c.orig ++++ lib/file.c +@@ -242,7 +242,7 @@ static CURLcode file_connect(struct conn return CURLE_URL_MALFORMAT; } @@ -20,7 +20,7 @@ Index: lib/file.c file->path = real_path; #endif file->freepath = real_path; /* free this when done */ -@@ -337,7 +337,7 @@ static CURLcode file_upload(struct conne +@@ -338,7 +338,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; @@ -31,18 +31,18 @@ Index: lib/file.c return CURLE_WRITE_ERROR; Index: lib/formdata.c =================================================================== ---- lib/formdata.c.orig 2016-07-21 00:31:36.000000000 +0200 -+++ lib/formdata.c 2016-07-21 11:39:54.121170539 +0200 -@@ -1290,7 +1290,7 @@ CURLcode Curl_getformdata(struct Curl_ea +--- lib/formdata.c.orig ++++ lib/formdata.c +@@ -1306,7 +1306,7 @@ CURLcode Curl_getformdata(struct Curl_ea FILE *fileread; - fileread = strequal("-", file->contents)? + fileread = !strcmp("-", file->contents)? - stdin:fopen(file->contents, "rb"); /* binary read for win32 */ + stdin:fopen(file->contents, "rbe"); /* binary read for win32 */ /* * VMS: This only allows for stream files on VMS. Stream files are -@@ -1450,7 +1450,7 @@ static size_t readfromfile(struct Form * +@@ -1466,7 +1466,7 @@ static size_t readfromfile(struct Form * else { if(!form->fp) { /* this file hasn't yet been opened */ @@ -53,8 +53,8 @@ Index: lib/formdata.c } Index: lib/hostip6.c =================================================================== ---- lib/hostip6.c.orig 2016-07-21 00:31:36.000000000 +0200 -+++ lib/hostip6.c 2016-07-21 11:39:54.121170539 +0200 +--- lib/hostip6.c.orig ++++ lib/hostip6.c @@ -39,7 +39,7 @@ #ifdef HAVE_PROCESS_H #include @@ -75,8 +75,8 @@ Index: lib/hostip6.c ipv6_works = 0; Index: lib/if2ip.c =================================================================== ---- lib/if2ip.c.orig 2016-06-27 16:11:14.000000000 +0200 -+++ lib/if2ip.c 2016-07-21 11:39:54.121170539 +0200 +--- lib/if2ip.c.orig ++++ lib/if2ip.c @@ -223,7 +223,7 @@ if2ip_result_t Curl_if2ip(int af, unsign if(len >= sizeof(req.ifr_name)) return IF2IP_NOT_FOUND; @@ -88,8 +88,8 @@ Index: lib/if2ip.c Index: lib/connect.c =================================================================== ---- lib/connect.c.orig 2016-07-21 00:31:36.000000000 +0200 -+++ lib/connect.c 2016-07-21 11:39:54.121170539 +0200 +--- lib/connect.c.orig ++++ lib/connect.c @@ -1351,7 +1351,7 @@ CURLcode Curl_socket(struct connectdata (struct curl_sockaddr *)addr); else @@ -101,8 +101,8 @@ Index: lib/connect.c /* no socket, no connection */ Index: configure.ac =================================================================== ---- configure.ac.orig 2016-07-21 00:31:36.000000000 +0200 -+++ configure.ac 2016-07-21 11:39:54.125170603 +0200 +--- configure.ac.orig ++++ configure.ac @@ -185,6 +185,7 @@ AC_CANONICAL_HOST dnl Get system canonical name AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])