Accepting request 515937 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Upstream fix to build libcurl man3 pages
* Added patch curl-man3.patch
- Disabled test1425 that fails in i586 architecture
* Added patch curl-disable-test1427-i586.patch
- Update to 7.55.0
Changes:
* curl: allow --header and --proxy-header read from file
* getinfo: provide sizes as curl_off_t
* curl: prevent binary output spewed to terminal
* curl: added --request-target
* curl: added --socks5-{basic,gssapi}: control socks5 auth
* libcurl: added CURLOPT_REQUEST_TARGET
* libcurl: added CURLOPT_SOCKS5_AUTH
Bugfixes:
* Security Fixes:
- glob: do not parse after a strtoul() overflow range
(CVE-2017-1000101, bsc#1051643)
- tftp: reject file name lengths that don't fit
(CVE-2017-1000100, bsc#1051644)
- file: output the correct buffer to the user
(CVE-2017-1000099, bsc#1051645)
* includes: remove curl/curlbuild.h and curl/curlrules.h
* dist: make the hugehelp.c not get regenerated unnecessarily
* timers: store internal time stamps as time_t instead of doubles
* progress: let "current speed" be UL + DL speeds combined
* http-proxy: do the HTTP CONNECT process entirely non-blocking
* lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
* fuzz: bring oss-fuzz initial code converted to C89
OBS-URL: https://build.opensuse.org/request/show/515937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=201
This commit is contained in:
Tomáš Chvátal
committed by
Git OBS Bridge
Git OBS Bridge
parent
90d1cc3471
commit
fc76886d57
@@ -1,3 +1,128 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 10 11:08:46 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Upstream fix to build libcurl man3 pages
|
||||
* Added patch curl-man3.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 10 10:53:23 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Disabled test1425 that fails in i586 architecture
|
||||
* Added patch curl-disable-test1427-i586.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 9 09:34:25 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Update to 7.55.0
|
||||
Changes:
|
||||
* curl: allow --header and --proxy-header read from file
|
||||
* getinfo: provide sizes as curl_off_t
|
||||
* curl: prevent binary output spewed to terminal
|
||||
* curl: added --request-target
|
||||
* curl: added --socks5-{basic,gssapi}: control socks5 auth
|
||||
* libcurl: added CURLOPT_REQUEST_TARGET
|
||||
* libcurl: added CURLOPT_SOCKS5_AUTH
|
||||
Bugfixes:
|
||||
* Security Fixes:
|
||||
- glob: do not parse after a strtoul() overflow range
|
||||
(CVE-2017-1000101, bsc#1051643)
|
||||
- tftp: reject file name lengths that don't fit
|
||||
(CVE-2017-1000100, bsc#1051644)
|
||||
- file: output the correct buffer to the user
|
||||
(CVE-2017-1000099, bsc#1051645)
|
||||
* includes: remove curl/curlbuild.h and curl/curlrules.h
|
||||
* dist: make the hugehelp.c not get regenerated unnecessarily
|
||||
* timers: store internal time stamps as time_t instead of doubles
|
||||
* progress: let "current speed" be UL + DL speeds combined
|
||||
* http-proxy: do the HTTP CONNECT process entirely non-blocking
|
||||
* lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
|
||||
* fuzz: bring oss-fuzz initial code converted to C89
|
||||
* configure: disable nghttp2 too if HTTP has been disabled
|
||||
* mk-ca-bundle.pl: Check curl's exit code after certdata download
|
||||
* test1148: verify the -# progressbar
|
||||
* tests: stabilize test 2032 and 2033
|
||||
* HTTPS-Proxy: don't offer h2 for https proxy connections
|
||||
* http-proxy: only attempt FTP over HTTP proxy
|
||||
* curl-compilers.m4: enable vla warning for clang
|
||||
* curl-compilers.m4: enable double-promotion warning
|
||||
* curl-compilers.m4: enable missing-variable-declarations clang
|
||||
warning
|
||||
* curl-compilers.m4: enable comma clang warning
|
||||
* CURLOPT_PREQUOTE: not supported for SFTP
|
||||
* http2: fix OOM crash
|
||||
* PIPELINING_SERVER_BL: cleanup the internal list use
|
||||
* mkhelp.pl: fix script name in usage text
|
||||
* lib1521: add curl_easy_getinfo calls to the test set
|
||||
* travis: do the distcheck test build out-of-tree as well
|
||||
* if2ip: fix compiler warning in ISO C90 mode
|
||||
* lib: fix the djgpp build
|
||||
* typecheck-gcc: add support for CURLINFO_OFF_T
|
||||
* travis: enable typecheck-gcc warnings
|
||||
* maketgz: switch to xz instead of lzma
|
||||
* CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
|
||||
* curl/system.h: add check for XTENSA for 32bit gcc
|
||||
* test1537: fixed memory leak on OOM
|
||||
* test1521: fix compiler warnings
|
||||
* curl: fix memory leak on test 1147 OOM
|
||||
* libtest/make: generate lib1521.c dynamically at build-time
|
||||
* curl_strequal.3: fix typo in SYNOPSIS
|
||||
* progress: prevent resetting t_starttransfer
|
||||
* openssl: improve fallback seed of PRNG with a time based hash
|
||||
* http2: improved PING frame handling
|
||||
* test1450: add simple testing for DICT
|
||||
* make: build the docs subdir only from within src
|
||||
* gtls: fix build when sizeof(long) < sizeof(void *)
|
||||
* url: make the original string get used on subsequent transfers
|
||||
* timeval.c: Use long long constant type for timeval assignment
|
||||
* tool_sleep: typecast to avoid macos compiler warning
|
||||
* travis.yml: use --enable-werror on debug builds
|
||||
* test1451: add SMB support to the testbed
|
||||
* configure: remove checks for 5 functions never used
|
||||
* configure: try ldap/lber in reversed order first
|
||||
* smb: fix build for djgpp/MSDOS
|
||||
* travis: install nghttp2 on linux builds
|
||||
* smb: add support for CURLOPT_FILETIME
|
||||
* select.h: avoid macro redefinition harder
|
||||
* runtests: support "threaded-resolver" as a feature
|
||||
* test506: skip if threaded-resolver
|
||||
* cmake: remove spurious "-l" from linker flags
|
||||
* cmake: add CURL_WERROR for enabling "warning as errors"
|
||||
* memdebug: don't setbuf() if the file open failed
|
||||
* curl_easy_escape.3: mention the (lack of) encoding
|
||||
* test1452: add telnet negotiation
|
||||
* CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
|
||||
* cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
|
||||
* tests/valgrind.supp: supress OpenSSL false positive seen on
|
||||
travis
|
||||
* curl_setup_once: Remove ERRNO/SET_ERRNO macros
|
||||
* rtspd: fix MSVC level 4 warning
|
||||
* sockfilt: suppress conversion warning with explicit cast
|
||||
* libtest: fix MSVC warning C4706
|
||||
* tests/server/resolve.c: fix deprecation warning
|
||||
* nss: fix a possible use-after-free in SelectClientCert()
|
||||
* checksrc: escape open brace in regex
|
||||
* multi: mention integer overflow risk if using > 500 million
|
||||
sockets
|
||||
* timeval: struct curltime is a struct timeval replacement
|
||||
* curl_rtmp: fix a compiler warning
|
||||
* include.d: clarify that it concerns the response headers
|
||||
* cmake: support make uninstall
|
||||
* include.d: clarify --include is only for response headers
|
||||
* libcurl: Stop using error codes defined under CURL_NO_OLDIES
|
||||
* http: fix response code parser to avoid integer overflow
|
||||
* configure: fix the check for IdnToUnicode
|
||||
* multi: fix request timer management
|
||||
* curl_threads: fix MSVC compiler warning
|
||||
* cmake: set MSVC warning level to 4
|
||||
* netrc: skip lines starting with '#'
|
||||
* FTP: skip unnecessary CWD when in nocwd mode
|
||||
* gssapi: fix memory leak of output token in multi round context
|
||||
* getparameter: avoid returning uninitialized 'usedarg'
|
||||
* curl (debug build) easy_events: make event data static
|
||||
* curl: detect and bail out early on parameter integer overflows
|
||||
|
||||
- Removed patch curl-invalid-free.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 28 13:50:08 UTC 2017 - dimstar@opensuse.org
|
||||
|
||||
|
||||
Reference in New Issue
Block a user