pool/curl
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 438231 from devel:libraries:c_c++

Browse Source 
- Update to 7.51.0
  Changes:
  * nss: additional cipher suites are now accepted by
    CURLOPT_SSL_CIPHER_LIST
  * New option: CURLOPT_KEEP_SENDING_ON_ERROR 
  Bugfixes:
  * CVE-2016-8615: cookie injection for other servers
  * CVE-2016-8616: case insensitive password comparison
  * CVE-2016-8617: OOB write via unchecked multiplication
  * CVE-2016-8618: double-free in curl_maprintf
  * CVE-2016-8619: double-free in krb5 code
  * CVE-2016-8620: glob parser write/read out of bounds
  * CVE-2016-8621: curl_getdate read out of bounds
  * CVE-2016-8622: URL unescape heap overflow via integer truncation
  * CVE-2016-8623: Use-after-free via shared cookies
  * CVE-2016-8624: invalid URL parsing with '#'
  * CVE-2016-8625: IDNA 2003 makes curl use wrong host
  * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
  * http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
  * LICENSE-MIXING.md: update with mbedTLS dual licensing
  * examples/imap-append: Set size of data to be uploaded
  * test2048: fix url
  * darwinssl: disable RC4 cipher-suite support
  * CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
  * openssl: don’t call CRYTPO_cleanup_all_ex_data
  * libressl: fix version output
  * easy: Reset all statistical session info in curl_easy_reset
  * curl_global_cleanup.3: don't unload the lib with sub threads running
  * dist: add CurlSymbolHiding.cmake to the tarball
  * docs: Remove that --proto is just used for initial retrieval

OBS-URL: https://build.opensuse.org/request/show/438231
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=119
This commit is contained in:
Dominique Leuenberger 2016-11-03 11:56:25 +00:00 committed by Git OBS Bridge
commit d2d9f6e931
7 changed files with 102 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
curl-7.50.3.tar.lzma
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8c5457e2ecfc38d7e1103bf5e0f87895222340200de9ceefd300c3420698f5ea
size 6003154

10
curl-7.50.3.tar.lzma.asc
View File

@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABCgAGBQJX2OcWAAoJEFzJCP23HhLCOUkH/A+cGespPSg0Z8DH8P+VGBf2
r4kKlx+BktOFmD9v35EGTUpLAmJ7rH573kOXXTuu4uBLN5P05Vy2Y6Pb3RJkutJA
uXPg0tvIyopGWKSEPEsffk83YkunKr0DaCfILM2XyMZpAEvS6hUf+RZmSTOqNn8Y
Yn6zO1FnhG/407w1T63eFovbfbjo4Qwh+CYkfLhzj9niGEEinocUqkni4F1AH1vj
W1iCLCEa13bcBU1lw1AuPPYz8S5hAeOmZB2PQUj/Qa9rQq5iAfwfCuVAU8u/mVo1
0LFzwh7/iV0a73GXL1KaCJ1MkiDgZwoSdtjLm+k0hcpOJR0NwU4TjLC7EyXEBrI=
=s7H5
-----END PGP SIGNATURE-----

3
curl-7.51.0.tar.lzma Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9eef5f6bbb972ffc631f4c76cfe93161bf5186926133c77267b24f5191700518
size 2061223

10
curl-7.51.0.tar.lzma.asc Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABCgAGBQJYGY4MAAoJEFzJCP23HhLCNkQH/0AjH+fRd4vuv9/AoO2CjZGf
JEXOPF2ZfKeBKc14dPfxhNj/klX3JvmLG9Z1jZLySWYl1/be0CM0LSoxh11rtioO
FiScVNNdUOUnJ6b8m0qVoX1wx9lCn3pjVKGzkfCx4pZ3eZDhtSRBbKNe+92fSOTk
nnMEDDj9q9C++yO8EMifDBfyX2u+JCpvnUu3EFa/znRjZB88Uyrc9Li+fl4aBfo1
IyH8EGmM0QkYBuGZhQBGg6mYg8LkG0JROHpk+j3lh9hZNA2An7tIEhbqoktaLW2i
Ude6R2g2/AdqfZrifY3fBXHc4d0XO4T7GIGREmo4TKDHTLDthKSNTTHt2a9dpiI=
=v+YR
-----END PGP SIGNATURE-----

71
curl.changes
View File

@ -1,3 +1,74 @@
-------------------------------------------------------------------
Wed Nov 2 07:15:44 UTC 2016 - idonmez@suse.com
- Update to 7.51.0
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: dont call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
* configure: Fixed builds with libssh2 in a custom location
* curl.1: --trace supports % for sending to stderr!
* cookies: same domain handling changed to match browser behavior
* formpost: trying to attach a directory no longer crashes
* CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
* formpost: avoid silent snprintf() truncation
* ftp: fix Curl_ftpsendf
* mprintf: return error on too many arguments
* smb: properly check incoming packet boundaries
* GIT-INFO: remove the Mac 10.1-specific details
* resolve: add error message when resolving using SIGALRM
* cmake: add nghttp2 support
* dist: remove PDF and HTML converted docs from the releases
* configure: disable poll() in macOS builds
* vtls: only re-use session-ids using the same scheme
* pipelining: skip to-be-closed connections when pipelining
* win: fix Universal Windows Platform build
* curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
* maketgz: make it support "only" generating version info
* Curl_socket_check: add extra check to avoid integer overflow
* gopher: properly return error for poll failures
* curl: set INTERLEAVEDATA too
* polarssl: clear thread array at init
* polarssl: fix unaligned SSL session-id lock
* polarssl: reduce #ifdef madness with a macro
* curl_multi_add_handle: set timeouts in closure handles
* configure: set min version flags for builds on mac
* INSTALL: converted to markdown => INSTALL.md
* curl_multi_remove_handle: fix a double-free
* multi: fix inifinte loop in curl_multi_cleanup()
* nss: fix tight loop in non-blocking TLS handhsake over proxy
* mk-ca-bundle: Change URL retrieval to HTTPS-only by default
* mbedtls: stop using deprecated include file
* docs: fix req->data in multi-uv example
* configure: Fix test syntax for monotonic clock_gettime
* CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Refresh libcurl-ocloexec.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 14 07:13:02 UTC 2016 - idonmez@suse.com Wed Sep 14 07:13:02 UTC 2016 - idonmez@suse.com

2
curl.spec
View File

@ -20,7 +20,7 @@
%bcond_with mozilla_nss %bcond_with mozilla_nss
%bcond_without testsuite %bcond_without testsuite
Name: curl Name: curl
Version: 7.50.3 Version: 7.51.0
Release: 0 Release: 0
Summary: A Tool for Transferring Data from URLs Summary: A Tool for Transferring Data from URLs
License: BSD-3-Clause and MIT License: BSD-3-Clause and MIT

34
libcurl-ocloexec.patch
View File

@ -9,9 +9,9 @@ compile time is not enough.
Index: lib/file.c Index: lib/file.c
=================================================================== ===================================================================
--- lib/file.c.orig 2016-07-21 00:31:36.000000000 +0200 --- lib/file.c.orig
+++ lib/file.c 2016-07-21 11:39:54.121170539 +0200 +++ lib/file.c
@@ -241,7 +241,7 @@ static CURLcode file_connect(struct conn @@ -242,7 +242,7 @@ static CURLcode file_connect(struct conn
return CURLE_URL_MALFORMAT; return CURLE_URL_MALFORMAT;
} }
@ -20,7 +20,7 @@ Index: lib/file.c
file->path = real_path; file->path = real_path;
#endif #endif
file->freepath = real_path; /* free this when done */ file->freepath = real_path; /* free this when done */
@@ -337,7 +337,7 @@ static CURLcode file_upload(struct conne @@ -338,7 +338,7 @@ static CURLcode file_upload(struct conne
else else
mode = MODE_DEFAULT|O_TRUNC; mode = MODE_DEFAULT|O_TRUNC;
@ -31,18 +31,18 @@ Index: lib/file.c
return CURLE_WRITE_ERROR; return CURLE_WRITE_ERROR;
Index: lib/formdata.c Index: lib/formdata.c
=================================================================== ===================================================================
--- lib/formdata.c.orig 2016-07-21 00:31:36.000000000 +0200 --- lib/formdata.c.orig
+++ lib/formdata.c 2016-07-21 11:39:54.121170539 +0200 +++ lib/formdata.c
@@ -1290,7 +1290,7 @@ CURLcode Curl_getformdata(struct Curl_ea @@ -1306,7 +1306,7 @@ CURLcode Curl_getformdata(struct Curl_ea
FILE *fileread; FILE *fileread;
fileread = strequal("-", file->contents)? fileread = !strcmp("-", file->contents)?
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */ - stdin:fopen(file->contents, "rb"); /* binary read for win32 */
+ stdin:fopen(file->contents, "rbe"); /* binary read for win32 */ + stdin:fopen(file->contents, "rbe"); /* binary read for win32 */
/* /*
* VMS: This only allows for stream files on VMS. Stream files are * VMS: This only allows for stream files on VMS. Stream files are
@@ -1450,7 +1450,7 @@ static size_t readfromfile(struct Form * @@ -1466,7 +1466,7 @@ static size_t readfromfile(struct Form *
else { else {
if(!form->fp) { if(!form->fp) {
/* this file hasn't yet been opened */ /* this file hasn't yet been opened */
@ -53,8 +53,8 @@ Index: lib/formdata.c
} }
Index: lib/hostip6.c Index: lib/hostip6.c
=================================================================== ===================================================================
--- lib/hostip6.c.orig 2016-07-21 00:31:36.000000000 +0200 --- lib/hostip6.c.orig
+++ lib/hostip6.c 2016-07-21 11:39:54.121170539 +0200 +++ lib/hostip6.c
@@ -39,7 +39,7 @@ @@ -39,7 +39,7 @@
#ifdef HAVE_PROCESS_H #ifdef HAVE_PROCESS_H
#include <process.h> #include <process.h>
@ -75,8 +75,8 @@ Index: lib/hostip6.c
ipv6_works = 0; ipv6_works = 0;
Index: lib/if2ip.c Index: lib/if2ip.c
=================================================================== ===================================================================
--- lib/if2ip.c.orig 2016-06-27 16:11:14.000000000 +0200 --- lib/if2ip.c.orig
+++ lib/if2ip.c 2016-07-21 11:39:54.121170539 +0200 +++ lib/if2ip.c
@@ -223,7 +223,7 @@ if2ip_result_t Curl_if2ip(int af, unsign @@ -223,7 +223,7 @@ if2ip_result_t Curl_if2ip(int af, unsign
if(len >= sizeof(req.ifr_name)) if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND; return IF2IP_NOT_FOUND;
@ -88,8 +88,8 @@ Index: lib/if2ip.c
Index: lib/connect.c Index: lib/connect.c
=================================================================== ===================================================================
--- lib/connect.c.orig 2016-07-21 00:31:36.000000000 +0200 --- lib/connect.c.orig
+++ lib/connect.c 2016-07-21 11:39:54.121170539 +0200 +++ lib/connect.c
@@ -1351,7 +1351,7 @@ CURLcode Curl_socket(struct connectdata @@ -1351,7 +1351,7 @@ CURLcode Curl_socket(struct connectdata
(struct curl_sockaddr *)addr); (struct curl_sockaddr *)addr);
else else
@ -101,8 +101,8 @@ Index: lib/connect.c
/* no socket, no connection */ /* no socket, no connection */
Index: configure.ac Index: configure.ac
=================================================================== ===================================================================
--- configure.ac.orig 2016-07-21 00:31:36.000000000 +0200 --- configure.ac.orig
+++ configure.ac 2016-07-21 11:39:54.125170603 +0200 +++ configure.ac
@@ -185,6 +185,7 @@ AC_CANONICAL_HOST @@ -185,6 +185,7 @@ AC_CANONICAL_HOST
dnl Get system canonical name dnl Get system canonical name
AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS])