From 509550b5a8e689421d99e28245dea16269b7f083d3ab8aa1d84d5f90b144f77a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Wed, 21 Dec 2016 07:25:57 +0000
Subject: [PATCH 1/3] - Update to 7.52.0   Changes:   * nss: map
 CURL_SSLVERSION_DEFAULT to NSS default   * vtls: support TLS 1.3 via
 CURL_SSLVERSION_TLSv1_3   * curl: introduce the --tlsv1.3 option to force TLS
 1.3   * curl: Add --retry-connrefused   * proxy: Support HTTPS proxy and
 SOCKS+HTTP(s)   * add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}   *
 curl: add --fail-early   Bugfixes:   * CVE-2016-9586: printf floating point
 buffer overflow   * curl -w: added more decimal digits to timing counters   *
 easy: Initialize info variables on easy init and duphandle   * http2: Don't
 send header fields prohibited by HTTP/2 spec   * ssh: check md5 fingerprints
 case insensitively (regression)   * openssl: initial TLS 1.3 adaptions   *
 SPNEGO: Fix memory leak when authentication fails   * realloc: use
 Curl_saferealloc to avoid common mistakes   * openssl: make sure to fail in
 the unlikely event that PRNG     seeding fails   * URL-parser: for
 file://[host]/ URLs, the [host] must be localhost   * timeval: prefer time_t
 to hold seconds instead of long   * glob: fix [a-c] globbing regression   *
 curl.1: Clarify --dump-header only writes received headers   * http2: Fix
 address sanitizer memcpy warning   * http2: Use huge HTTP/2 windows   *
 connects: Don't mix unix domain sockets with regular ones   * url: Fix conn
 reuse for local ports and interfaces   * x509: Limit ASN.1 structure sizes to
 256K   * http2: check nghttp2_session_set_local_window_size exists

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=178
---
 curl-7.51.0.tar.lzma     |  3 ---
 curl-7.51.0.tar.lzma.asc | 10 ---------
 curl-7.52.0.tar.lzma     |  3 +++
 curl-7.52.0.tar.lzma.asc | 11 ++++++++++
 curl.changes             | 45 ++++++++++++++++++++++++++++++++++++++++
 curl.spec                |  2 +-
 6 files changed, 60 insertions(+), 14 deletions(-)
 delete mode 100644 curl-7.51.0.tar.lzma
 delete mode 100644 curl-7.51.0.tar.lzma.asc
 create mode 100644 curl-7.52.0.tar.lzma
 create mode 100644 curl-7.52.0.tar.lzma.asc

diff --git a/curl-7.51.0.tar.lzma b/curl-7.51.0.tar.lzma
deleted file mode 100644
index c63ed7b..0000000
--- a/curl-7.51.0.tar.lzma
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9eef5f6bbb972ffc631f4c76cfe93161bf5186926133c77267b24f5191700518
-size 2061223
diff --git a/curl-7.51.0.tar.lzma.asc b/curl-7.51.0.tar.lzma.asc
deleted file mode 100644
index 9bf5185..0000000
--- a/curl-7.51.0.tar.lzma.asc
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEcBAABCgAGBQJYGY4MAAoJEFzJCP23HhLCNkQH/0AjH+fRd4vuv9/AoO2CjZGf
-JEXOPF2ZfKeBKc14dPfxhNj/klX3JvmLG9Z1jZLySWYl1/be0CM0LSoxh11rtioO
-FiScVNNdUOUnJ6b8m0qVoX1wx9lCn3pjVKGzkfCx4pZ3eZDhtSRBbKNe+92fSOTk
-nnMEDDj9q9C++yO8EMifDBfyX2u+JCpvnUu3EFa/znRjZB88Uyrc9Li+fl4aBfo1
-IyH8EGmM0QkYBuGZhQBGg6mYg8LkG0JROHpk+j3lh9hZNA2An7tIEhbqoktaLW2i
-Ude6R2g2/AdqfZrifY3fBXHc4d0XO4T7GIGREmo4TKDHTLDthKSNTTHt2a9dpiI=
-=v+YR
------END PGP SIGNATURE-----
diff --git a/curl-7.52.0.tar.lzma b/curl-7.52.0.tar.lzma
new file mode 100644
index 0000000..6dd3fdd
--- /dev/null
+++ b/curl-7.52.0.tar.lzma
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c8f0114c7c72c8627d716416326593d061274b208cdf123c418c20c6dbe009c2
+size 2069931
diff --git a/curl-7.52.0.tar.lzma.asc b/curl-7.52.0.tar.lzma.asc
new file mode 100644
index 0000000..0aa9881
--- /dev/null
+++ b/curl-7.52.0.tar.lzma.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlhaJmoACgkQXMkI/bce
+EsJISQf/TWWBZ3BvRliEAPOqrlEIfRHnz5YE1IeC2sI+npKUZfz3QAo/0/6m7VcW
+101alcK6Gc/8GhQYYJLAZEqOVivSL1ZDD9qvc/0eExQTVpi1JKAq1RNTXRkLJuwr
+0UtEN9B+O4Z7yOD4upiZajniBLo8g71Q3vbIG97u25PaXheO9NzGxEeiIhJCibQl
+mS+1/se9U3sefuaUhHx73tq5Bg/mzZDKJWpj+ROevb3DisT1wgpYbZqzm+pElM8v
+V06O9ORwaR7xC/5Qbz4QOaAVMVg/GIc+Gx46ALisxq5v+BkwhqpEV4XBKh9yy8ee
+O5iXSb6ZzHfg5vwHRAi3F7YXNVsliw==
+=4HeD
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 896df71..743c91c 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Wed Dec 21 07:10:10 UTC 2016 - idonmez@suse.com
+
+- Update to 7.52.0
+  Changes:
+  * nss: map CURL_SSLVERSION_DEFAULT to NSS default
+  * vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
+  * curl: introduce the --tlsv1.3 option to force TLS 1.3
+  * curl: Add --retry-connrefused
+  * proxy: Support HTTPS proxy and SOCKS+HTTP(s)
+  * add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
+  * curl: add --fail-early 
+  Bugfixes:
+  * CVE-2016-9586: printf floating point buffer overflow
+  * curl -w: added more decimal digits to timing counters
+  * easy: Initialize info variables on easy init and duphandle
+  * http2: Don't send header fields prohibited by HTTP/2 spec
+  * ssh: check md5 fingerprints case insensitively (regression)
+  * openssl: initial TLS 1.3 adaptions
+  * SPNEGO: Fix memory leak when authentication fails
+  * realloc: use Curl_saferealloc to avoid common mistakes
+  * openssl: make sure to fail in the unlikely event that PRNG
+    seeding fails
+  * URL-parser: for file://[host]/ URLs, the [host] must be localhost
+  * timeval: prefer time_t to hold seconds instead of long
+  * glob: fix [a-c] globbing regression
+  * curl.1: Clarify --dump-header only writes received headers
+  * http2: Fix address sanitizer memcpy warning
+  * http2: Use huge HTTP/2 windows
+  * connects: Don't mix unix domain sockets with regular ones
+  * url: Fix conn reuse for local ports and interfaces
+  * x509: Limit ASN.1 structure sizes to 256K
+  * http2: check nghttp2_session_set_local_window_size exists
+  * http2: Fix crashes when parent stream gets aborted
+  * CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
+  * URL parser: reject non-numerical port numbers
+  * CONNECT: reject TE or CL in 2xx responses
+  * CONNECT: read responses one byte at a time
+  * curl: support zero-length argument strings in config files
+  * openssl: don't use OpenSSL's ERR_PACK
+  * curl.1: generated with the new man page system
+  * curl_easy_recv: Improve documentation and example program
+  * Curl_getconnectinfo: avoid checking if the connection is closed
+  * CIPHERS.md: attempt to document TLS cipher names
+
 -------------------------------------------------------------------
 Wed Nov  2 07:15:44 UTC 2016 - idonmez@suse.com
 
diff --git a/curl.spec b/curl.spec
index b556873..cdd8e78 100644
--- a/curl.spec
+++ b/curl.spec
@@ -20,7 +20,7 @@
 %bcond_with mozilla_nss
 %bcond_without testsuite
 Name:           curl
-Version:        7.51.0
+Version:        7.52.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        BSD-3-Clause and MIT

From bd259165c7b3d3f36b15f42f7d4a53a3d3f755bbb0ab3900a02dc9060ff03ea9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Fri, 23 Dec 2016 07:39:42 +0000
Subject: [PATCH 2/3] - Update to 7.52.1   Bugfixes:   * CVE-2016-9594:
 unititialized random bsc#1016738

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=179
---
 curl-7.52.0.tar.lzma     |  3 ---
 curl-7.52.0.tar.lzma.asc | 11 -----------
 curl-7.52.1.tar.lzma     |  3 +++
 curl-7.52.1.tar.lzma.asc | 11 +++++++++++
 curl.changes             |  7 +++++++
 curl.spec                |  4 ++--
 6 files changed, 23 insertions(+), 16 deletions(-)
 delete mode 100644 curl-7.52.0.tar.lzma
 delete mode 100644 curl-7.52.0.tar.lzma.asc
 create mode 100644 curl-7.52.1.tar.lzma
 create mode 100644 curl-7.52.1.tar.lzma.asc

diff --git a/curl-7.52.0.tar.lzma b/curl-7.52.0.tar.lzma
deleted file mode 100644
index 6dd3fdd..0000000
--- a/curl-7.52.0.tar.lzma
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c8f0114c7c72c8627d716416326593d061274b208cdf123c418c20c6dbe009c2
-size 2069931
diff --git a/curl-7.52.0.tar.lzma.asc b/curl-7.52.0.tar.lzma.asc
deleted file mode 100644
index 0aa9881..0000000
--- a/curl-7.52.0.tar.lzma.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlhaJmoACgkQXMkI/bce
-EsJISQf/TWWBZ3BvRliEAPOqrlEIfRHnz5YE1IeC2sI+npKUZfz3QAo/0/6m7VcW
-101alcK6Gc/8GhQYYJLAZEqOVivSL1ZDD9qvc/0eExQTVpi1JKAq1RNTXRkLJuwr
-0UtEN9B+O4Z7yOD4upiZajniBLo8g71Q3vbIG97u25PaXheO9NzGxEeiIhJCibQl
-mS+1/se9U3sefuaUhHx73tq5Bg/mzZDKJWpj+ROevb3DisT1wgpYbZqzm+pElM8v
-V06O9ORwaR7xC/5Qbz4QOaAVMVg/GIc+Gx46ALisxq5v+BkwhqpEV4XBKh9yy8ee
-O5iXSb6ZzHfg5vwHRAi3F7YXNVsliw==
-=4HeD
------END PGP SIGNATURE-----
diff --git a/curl-7.52.1.tar.lzma b/curl-7.52.1.tar.lzma
new file mode 100644
index 0000000..4569746
--- /dev/null
+++ b/curl-7.52.1.tar.lzma
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44286d4b825936e2430fc44ad730ce899afb736a5d328cbb8b5d42462f3f2365
+size 2068290
diff --git a/curl-7.52.1.tar.lzma.asc b/curl-7.52.1.tar.lzma.asc
new file mode 100644
index 0000000..902fa62
--- /dev/null
+++ b/curl-7.52.1.tar.lzma.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlhc0OoACgkQXMkI/bce
+EsISngf/adTW6+PCMHxPISnBqoCzO6/3YAH52WDZ1Z0A11VaCAkIbcsqXFF9K1xX
+1W/cRt2ZR+eyAhm7gpulUJfxOy1ak5VuguebEY4vENmEpNg94+7iS9yldYJ4m0Q8
+t6MeYW+twMazzKarU2CvRJBHW1H+olt0G/3+K6o8LPoLyuqHhGGssvm2c24hb8RZ
+Kj9m027qg3KVi89cL5eND0OeLW5mMjNr0TjokicWE7/AP7Wd181ag/jMU3BTX/yh
+n5KYp562kDR34AIgV2xbHe8Rmfce9lGNAMW90+xnDbKo3Gjm8I8Cq4UkVBspazV5
+hieNGVze2dodGIh+O37iKhaoAoOJsg==
+=2ZM9
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 743c91c..70c7c34 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Dec 23 07:37:40 UTC 2016 - idonmez@suse.com
+
+- Update to 7.52.1
+  Bugfixes:
+  * CVE-2016-9594: unititialized random bsc#1016738
+
 -------------------------------------------------------------------
 Wed Dec 21 07:10:10 UTC 2016 - idonmez@suse.com
 
diff --git a/curl.spec b/curl.spec
index cdd8e78..d1d9c32 100644
--- a/curl.spec
+++ b/curl.spec
@@ -20,7 +20,7 @@
 %bcond_with mozilla_nss
 %bcond_without testsuite
 Name:           curl
-Version:        7.52.0
+Version:        7.52.1
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        BSD-3-Clause and MIT
@@ -171,7 +171,7 @@ popd
 
 %files
 %defattr(-,root,root)
-%doc README RELEASE-NOTES
+%doc CIPHERS.md README RELEASE-NOTES
 %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting}
 %{_bindir}/curl
 %{_datadir}/zsh/site-functions/_curl

From 6af540439ea254b62cc183911ce129f281cbee7b5cb99e0090c14bb30463adbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Fri, 23 Dec 2016 07:48:39 +0000
Subject: [PATCH 3/3] -

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=180
---
 curl.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/curl.spec b/curl.spec
index d1d9c32..def3ef9 100644
--- a/curl.spec
+++ b/curl.spec
@@ -171,7 +171,7 @@ popd
 
 %files
 %defattr(-,root,root)
-%doc CIPHERS.md README RELEASE-NOTES
+%doc README RELEASE-NOTES
 %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting}
 %{_bindir}/curl
 %{_datadir}/zsh/site-functions/_curl