Commit Graph

240 Commits

Author SHA256 Message Date
9eaf7717dc Accepting request 661521 from home:seanlew:branches:devel:libraries:c_c++
Update curl to 7.63

OBS-URL: https://build.opensuse.org/request/show/661521
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=237
2018-12-27 09:25:59 +00:00
Ismail Dönmez
681d679767 Accepting request 645709 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.62.0
 Changes:
  * multiplex: enable by default
  * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
  * setopt: add CURLOPT_DOH_URL
  * curl: --doh-url added
  * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
  * imap: change from "FETCH" to "UID FETCH"
  * configure: add option to disable automatic OpenSSL config loading
  * upkeep: add a connection upkeep API: curl_easy_upkeep()
  * URL-API: added five new functions
  * vtls: MesaLink is a new TLS backend 
 Bugfixes:
  * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
  * CVE-2018-16840: use-after-free in handle close [bsc#1113029]
  * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
  * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
  * Curl_dedotdotify(): always nul terminate returned string
  * Curl_follow: Always free the passed new URL
  * Curl_http2_done: fix memleak in error path
  * Curl_retry_request: fix memory leak
  * Curl_saferealloc: Fixed typo in docblock
  * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
  * GnutTLS: TLS 1.3 support
  * SECURITY-PROCESS: mention the bountygraph program
  * VS projects: add USE_IPV6:
  * certs: generate tests certs with sha256 digest algorithm
  * checksrc: enable strict mode and warnings
  * checksrc: handle zero scoped ignore commands
  * cmake: Backport to work with CMake 3.0 again

OBS-URL: https://build.opensuse.org/request/show/645709
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=235
2018-10-31 11:23:21 +00:00
Ismail Dönmez
f4eb0b015b Accepting request 633266 from home:kbabioch:branches:devel:libraries:c_c++
- Update to version 7.61.1
  Bugfixes:
   * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
   * CURLINFO_SIZE_UPLOAD: fix missing counter update
   * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
   * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
   * Curl_getoff_all_pipelines: improved for multiplexed
   * DEPRECATE: remove release date from 7.62.0
   * HTTP: Don't attempt to needlessly decompress redirect body
   * INTERNALS: require GnuTLS >= 2.11.3
   * README.md: add LGTM.com code quality grade for C/C++
   * SSLCERTS: improve the openssl command line
   * Silence GCC 8 cast-function-type warnings
   * ares: check for NULL in completed-callback
   * asyn-thread: Remove unused macro
   * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
   * auth: pick Bearer authentication whenever a token is available
   * cmake: CMake config files are defining CURL_STATICLIB for static builds
   * cmake: Respect BUILD_SHARED_LIBS
   * cmake: Update scripts to use consistent style
   * cmake: bumped minimum version to 3.4
   * cmake: link curl to the OpenSSL targets instead of lib absolute paths
   * configure: conditionally enable pedantic-errors
   * configure: fix for -lpthread detection with OpenSSL and pkg-config
   * conn: remove the boolean 'inuse' field
   * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
   * cookie tests: treat files as text
   * cookies: support creation-time attribute for cookies
   * curl: Fix segfault when -H @headerfile is empty
   * curl: add http code 408 to transient list for --retry

OBS-URL: https://build.opensuse.org/request/show/633266
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=233
2018-09-05 07:44:03 +00:00
Vítězslav Čížek
050b9af608 Accepting request 630925 from home:vitezslav_cizek:branches:devel:libraries:c_c++
Fix version number in changelog.
7.62.0 hasn't been released yet

- Update to version 7.61.0

OBS-URL: https://build.opensuse.org/request/show/630925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=230
2018-08-22 14:01:44 +00:00
Ismail Dönmez
7970c80edd Accepting request 630909 from home:kbabioch:branches:devel:libraries:c_c++
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
  which might mess up the terminal (bsc#1105624)

OBS-URL: https://build.opensuse.org/request/show/630909
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=229
2018-08-22 12:42:47 +00:00
Tomáš Chvátal
cbfaaab1ef Accepting request 623481 from home:pgajdos
- Update to version 7.62.0
  [bsc#1099793, CVE-2018-0500]
  Changes:
   * getinfo: add microsecond precise timers for seven intervals
   * curl: show headers in bold, switch off with --no-styled-output
   * httpauth: add support for Bearer tokens 
   * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
   * curl: --tls13-ciphers and --proxy-tls13-ciphers
   * Add CURLOPT_DISALLOW_USERNAME_IN_URL
   * curl: --disallow-username-in-url 
  Bugfixes:
   * CVE-2018-0500: smtp: fix SMTP send buffer overflow 
   * schannel: disable client cert option if APIs not available
   * schannel: disable manual verify if APIs not available
   * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
   * openssl: acknowledge --tls-max for default version too 
   * stub_gssapi: fix 'unused parameter' warnings
   * examples/progressfunc: make it build on both new and old libcurls
   * docs: mention it is HA Proxy protocol "version 1"
   * curl_fnmatch: only allow two asterisks for matching  
   * docs: clarify CURLOPT_HTTPGET 
   * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
   * configure: do compile-time SIZEOF checks instead of run-time
   * checksrc: make sure sizeof() is used *with* parentheses 
   * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
   * schannel: make CAinfo parsing resilient to CR/LF 
   * tftp: make sure error is zero terminated before printfing it
   * http resume: skip body if http code 416 (range error) is ignored
   * configure: add basic test of --with-ssl prefix 
   * cmake: set -d postfix for debug builds

OBS-URL: https://build.opensuse.org/request/show/623481
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=227
2018-07-17 14:51:01 +00:00
26a26de5f7 Accepting request 610348 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
  crashes due to openssl engines conflicts (bsc#1086367)
  * add curl-use_OPENSSL_config.patch

- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
  crashes due to openssl engines conflicts (bsc#1086367)
  * add curl-use_OPENSSL_config.patch

OBS-URL: https://build.opensuse.org/request/show/610348
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=225
2018-05-18 13:17:37 +00:00
Tomáš Chvátal
9232e3979e Accepting request 609087 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.60.0
  [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
  Changes:
   * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
   * Add --haproxy-protocol for the command line tool
   * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses 
  Bugfixes:
   * FTP: shutdown response buffer overflow CVE-2018-1000300
   * RTSP: bad headers buffer over-read CVE-2018-1000301
   * FTP: fix typo in recursive callback detection for seeking
   * test1208: marked flaky
   * HTTP: make header-less responses still count correct body size
   * user-agent.d:: mention --proxy-header as well
   * http2: fixes typo
   * cleanup: misc typos in strings and comments
   * rate-limit: use three second window to better handle high speeds
   * examples/hiperfifo.c: improved
   * pause: when changing pause state, update socket state
   * multi: improved pending transfers handling => improved performance
   * curl_version_info.3: fix ssl_version description
   * add_handle/easy_perform: clear errorbuffer on start if set
   * cmake: add support for brotli
   * parsedate: support UT timezone
   * vauth/ntlm.h: fix the #ifdef header guard
   * lib/curl_path.h: added #ifdef header guard
   * vauth/cleartext: fix integer overflow check
   * CURLINFO_COOKIELIST.3: made the example not leak memory
   * cookie.d: mention that "-" as filename means stdin
   * CURLINFO_SSL_VERIFYRESULT.3: fixed the example
   * http2: read pending frames (including GOAWAY) in connection-check

OBS-URL: https://build.opensuse.org/request/show/609087
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=224
2018-05-16 09:29:48 +00:00
Tomáš Chvátal
3b846fa6c7 Accepting request 586981 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Added message about protocol redirection not supported or
  disabled to the function findprotocol() [bsc#1076446]
  * Added curl-disabled-redirect-protocol-message.patch

- Update to version 7.59.0
  [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
  [bsc#1084532, CVE-2018-1000122]
  Changes:
   * curl: add --proxy-pinnedpubkey
   * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
   * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
   * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
   * Add new tool option --happy-eyeballs-timeout-ms
   * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA 
  Bugfixes: 
   * openldap: check ldap_get_attribute_ber() results for NULL before using
   * FTP: reject path components with control codes
   * readwrite: make sure excess reads don't go beyond buffer end
   * lib555: drop text conversion and encode data as ascii codes
   * lib517: make variable static to avoid compiler warning
   * lib544: sync ascii code data with textual data
   * GSKit: restore pinnedpubkey functionality
   * darwinssl: Don't import client certificates into Keychain on macOS
   * parsedate: fix date parsing for systems with 32 bit long
   * openssl: fix pinned public key build error in FIPS mode
   * SChannel/WinSSL: Implement public key pinning
   * cookies: remove verbose "cookie size:" output
   * progress-bar: don't use stderr explicitly, use bar->out
   * build: open VC15 projects with VS 2017
   * curl_ctype: private is*() type macros and functions

OBS-URL: https://build.opensuse.org/request/show/586981
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=222
2018-03-14 16:35:07 +00:00
Tomáš Chvátal
abda1d488f - Sort a bit with spec-cleaner
- Install license with the library
  * Added patch ignore_runtests_failure.patch

- Sort a bit with spec-cleaner
- Install license with the library

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=220
2018-02-20 09:49:49 +00:00
4fd8b7bb4b Accepting request 569532 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
* Added patch ignore_runtests_failure.patch

OBS-URL: https://build.opensuse.org/request/show/569532
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=218
2018-01-25 15:18:55 +00:00
6049d2010d Accepting request 569503 from home:michel_mno:branches:devel:libraries:c_c++
- ignore all test failures for PowerPC as bypass boo#1075219
  (not only the 1501 previously skipped)

OBS-URL: https://build.opensuse.org/request/show/569503
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=217
2018-01-25 14:30:54 +00:00
Tomáš Chvátal
64310a5fef Accepting request 569261 from home:gladiac:branches:devel:libraries:c_c++
- Build curl with libssh.org
  libssh offers a lot more features than libssh2, for example:
  * Key Exchange Methods: curve25519-sha256@libssh.org
  * Hostkey Types: ssh-ed25519
  * Authentication: gssapi-with-mic

OBS-URL: https://build.opensuse.org/request/show/569261
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=216
2018-01-24 19:57:28 +00:00
Tomáš Chvátal
c73289f2c4 Accepting request 568866 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
[bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007]
  [bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007]

OBS-URL: https://build.opensuse.org/request/show/568866
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=215
2018-01-24 11:14:30 +00:00
9319d328f2 Accepting request 568861 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.58.0
  [bsc1076360, CVE-2018-1000005][bsc#1077001, CVE-2018-1000007]
  Changes:
   * new libssh-powered SSH SCP/SFTP back-end
   * curl-config: add --ssl-backends
  Bugfixes:
   * http2: fix incorrect trailer buffer size
   * http: prevent custom Authorization headers in redirects
   * travis: add boringssl build
   * examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
   * SSL: Avoid magic allocation of SSL backend specific data
   * lib: don't export all symbols, just everything curl_*
   * libssh2: send the correct CURLE error code on scp file not found
   * libssh2: return CURLE_UPLOAD_FAILED on failure to upload
   * openssl: enable pkcs12 in boringssl builds
   * libssh2: remove dead code from SSH_SFTP_QUOTE
   * sasl_getmesssage: make sure we have a long enough string to pass
   * conncache: fix several lock issues
   * threaded-shared-conn.c: new example
   * conncache: only allow multiplexing within same multi handle
   * configure: check for netinet/in6.h
   * URL: tolerate backslash after drive letter for FILE:
   * openldap: add commented out debug possibilities
   * include: get netinet/in.h before linux/tcp.h
   * CONNECT: keep close connection flag in http_connect_state struct
   * BINDINGS: another PostgreSQL client
   * curl: limit -# update frequency for unknown total size
   * configure: add AX_CODE_COVERAGE only if using gcc
   * curl.h: remove incorrect comment about ERRORBUFFER
   * openssl: improve data-pending check for https proxy

OBS-URL: https://build.opensuse.org/request/show/568861
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=214
2018-01-24 11:04:16 +00:00
Tomáš Chvátal
24ae8f1d6f Accepting request 563207 from home:michel_mno:branches:devel:libraries:c_c++
- disable 1501 test for PowerPC as bypass boo#1075219

OBS-URL: https://build.opensuse.org/request/show/563207
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=212
2018-01-10 09:42:47 +00:00
7221049c30 Accepting request 546402 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.57.0  [bsc#1069226, CVE-2017-8816]
  [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
  Changes:
   * auth: add support for RFC7616 - HTTP Digest access authentication
   * share: add support for sharing the connection cache
   * HTTP: implement Brotli content encoding
  Bugfixes:
   * CVE-2017-8816: NTLM buffer overflow via integer overflow
   * CVE-2017-8817: FTP wildcard out of bounds read
   * CVE-2017-8818: SSL out of buffer access
   * curl_mime_filedata.3: fix typos
   * libtest: Add required test libraries for lib1552 and lib1553
   * fix time diffs for systems using unsigned time_t
   * ftplistparser: memory leak fix: free temporary memory always
   * multi: allow table handle sizes to be overridden
   * wildcards: don't use with non-supported protocols
   * curl_fnmatch: return error on illegal wildcard pattern
   * transfer: Fix chunked-encoding upload too early exit
   * resolvers: only include anything if needed
   * setopt: fix CURLOPT_SSH_AUTH_TYPES option read
   * Curl_timeleft: change return type to timediff_t
   * cmake: Export libcurl and curl targets to use by other cmake projects
   * curl: in -F option arg, comma is a delimiter for files only
   * curl: improved ";type=" handling in -F option arguments
   * timeval: use mach_absolute_time() on MacOS
   * curlx: the timeval functions are no longer provided as curlx_*
   * mkhelp.pl: do not generate comment with current date
   * memdebug: use send/recv signature for curl_dosend/curl_dorecv
   * cookie: avoid NULL dereference
   * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1

OBS-URL: https://build.opensuse.org/request/show/546402
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=210
2017-11-29 11:15:27 +00:00
Tomáš Chvátal
b911b69cc2 Accepting request 535940 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to version 7.56.1 [bsc#1063824]
  Bugfixes:
   * imap: if a FETCH response has no size, don't call write
     callback [CVE-2017-1000257]
   * ftp: UBsan fixup 'pointer index expression overflowed
   * failf: skip the sprintf() if there are no consumers
   * fuzzer: move to using external curl-fuzzer
   * lib/Makefile.m32: allow customizing dll suffixes
   * docs: fix typo in curl_mime_data_cb man page
   * darwinssl: add support for TLSv1.3
   * build: fix --disable-crypto-auth
   * openssl: fix build without HAVE_OPAQUE_EVP_PKEY
   * strtoofft: Remove extraneous null check
   * multi_cleanup: call DONE on handles that never got that
   * tests: added flaky keyword to tests 587 and 644
   * pingpong: return error when trying to send without connection
   * remove_handle: call multi_done() first, then clear dns cache pointer
   * mime: be tolerant about setting the same header list twice in a part
   * mime: improve unbinding top multipart from easy handle
   * mime: avoid resetting a part's encoder when part's contents change
   * mime: refuse to add subparts to one of their own descendants
   * RTSP: avoid integer overflow on funny RTSP responses
   * curl: don't pass semicolons when parsing Content-Disposition
   * openssl: enable PKCS12 support for !BoringSSL
   * FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
   * CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
   * CURLOPT_XFERINFODATA.3: fix duplicate see also
   * test298: verify --ftp-method nowcwd with URL encoded path
   * FTP: URL decode path for dir listing in nocwd mode
   * smtp_done: fix memory leak on send failure

OBS-URL: https://build.opensuse.org/request/show/535940
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=208
2017-10-23 11:09:07 +00:00
Tomáš Chvátal
435fa2e023 Accepting request 532977 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
 Changes:
  * curl: enable compression for SCP/SFTP with --compressed-ssh
  * libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
  * vtls: added dynamic changing SSL backend with curl_global_sslset()
  * new MIME API, curl_mime_init() and friends
  * openssl: initial SSLKEYLOGFILE implementation 
 Security fixes:
  * CVE-2017-1000254 FTP PWD response parser out of bounds read
 Bugfixes:
  * FTP: zero terminate the entry path even on bad input
  * examples/ftpuploadresume.c: use portable code
  * runtests: match keywords case insensitively
  * strtoofft: reduce integer overflow risks globally
  * zsh.pl: produce a working completion script again
  * cmake: remove dead code for CURL_DISABLE_RTMP
  * progress: Track total times following redirects
  * configure: fix --disable-threaded-resolver
  * configure: fix clang version detection
  * darwinssi: fix error: variable length array used
  * configure: check for __builtin_available() availability
  * http_proxy: fix build error for CURL_DOES_CONVERSIONS
  * examples/ftpuploadresume: checksrc compliance
  * ftp: fix CWD when doing multicwd then nocwd on same connection
  * system.h: remove all CURL_SIZEOF_* defines
  * http: Don't wait on CONNECT when there is no proxy
  * system.h: check for __ppc__ as well
  * http2_recv: return error better on fatal h2 errors
  * tftp: fix memory leak on too long filename
  * system.h: fix build for hppa

OBS-URL: https://build.opensuse.org/request/show/532977
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=206
2017-10-10 10:18:27 +00:00
Tomáš Chvátal
8ef60e6c2a Accepting request 519550 from home:Zaitor:branches:devel:libraries:c_c++
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
  Fix NetworkManagers connectivity test.
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
  Fix NetworkManagers connectivity test.

OBS-URL: https://build.opensuse.org/request/show/519550
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=204
2017-08-30 08:02:52 +00:00
Ismail Dönmez
83de91c70c Accepting request 519178 from home:Andreas_Schwab:Factory
- ppc-build.patch: Fix build for powerpc

OBS-URL: https://build.opensuse.org/request/show/519178
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=203
2017-08-29 11:44:45 +00:00
Tomáš Chvátal
fc76886d57 Accepting request 515937 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Upstream fix to build libcurl man3 pages
  * Added patch curl-man3.patch

- Disabled test1425 that fails in i586 architecture
  * Added patch curl-disable-test1427-i586.patch

- Update to 7.55.0
 Changes:
  * curl: allow --header and --proxy-header read from file
  * getinfo: provide sizes as curl_off_t
  * curl: prevent binary output spewed to terminal
  * curl: added --request-target
  * curl: added --socks5-{basic,gssapi}: control socks5 auth
  * libcurl: added CURLOPT_REQUEST_TARGET
  * libcurl: added CURLOPT_SOCKS5_AUTH
 Bugfixes:
  * Security Fixes:
    - glob: do not parse after a strtoul() overflow range 
      (CVE-2017-1000101, bsc#1051643)
    - tftp: reject file name lengths that don't fit
      (CVE-2017-1000100, bsc#1051644)
    - file: output the correct buffer to the user
      (CVE-2017-1000099, bsc#1051645)
  * includes: remove curl/curlbuild.h and curl/curlrules.h
  * dist: make the hugehelp.c not get regenerated unnecessarily
  * timers: store internal time stamps as time_t instead of doubles
  * progress: let "current speed" be UL + DL speeds combined
  * http-proxy: do the HTTP CONNECT process entirely non-blocking
  * lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
  * fuzz: bring oss-fuzz initial code converted to C89

OBS-URL: https://build.opensuse.org/request/show/515937
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=201
2017-08-10 16:25:31 +00:00
Tomáš Chvátal
90d1cc3471 Accepting request 506825 from home:dimstar:Factory
- Update License to 'curl' as per review on OBS sr#505976.

OBS-URL: https://build.opensuse.org/request/show/506825
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=199
2017-06-28 19:20:16 +00:00
Dominique Leuenberger
23f5c07637 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=198 2017-06-23 22:15:13 +00:00
Dominique Leuenberger
ea0515e751 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=197 2017-06-23 22:14:51 +00:00
Ismail Dönmez
2853b8ab5a Accepting request 505942 from home:dimstar:Factory
Add conflicts to the mini packages

OBS-URL: https://build.opensuse.org/request/show/505942
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=196
2017-06-23 19:46:51 +00:00
Ismail Dönmez
608c95630e - Add curl-invalid-free.patch to fix an invalid free in
curl_multi_setopt function.

- Add curl-invalid-free.patch to fix an invalid free in
  curl_multi_setopt function.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=195
2017-06-20 11:37:20 +00:00
Ismail Dönmez
7887378be5 -
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=194
2017-06-14 11:20:58 +00:00
Ismail Dönmez
494659827d - Update to 7.54.1
Changes:
  * curl now shows release date in --version output
  Bugfixes:
  * Fixes CVE-2017-9502: default protocol drive letter
    buffer overflow bsc#1044243
  * openssl: fix memory leak in servercert
  * curl: set a 100K buffer size by default
  * nss: do not leak PKCS #11 slot while loading a key
  * nss: load libnssckbi.so if no other trust is specified
  * curl: use utimes instead of obsolescent utime when available
  * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
  * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
  * curl: non-boolean command line args reject --no- prefixes
  * telnet: Write full buffer instead of byte-by-byte
  * curl: remove --environment and tool_writeenv.c
  * curl: generate the --help output
  * curl.1: clarify --config
  * curl.1: mention --oauth2-bearer's argument
  * ssh: fix memory leak in disconnect due to timeout
  * redirect: store the "would redirect to" URL when max redirs is reached
  * file: make speedcheck use current time for checks
  * urlglob: fix division by zero 

- Update to 7.54.1
  Changes:
  * curl now shows release date in --version output
  Bugfixes:
  * Fixes CVE-2017-9502: default protocol drive letter
    buffer overflow bsc#1044243

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=193
2017-06-14 11:20:49 +00:00
9587b7daf9 Accepting request 503381 from openSUSE:Leap:15.0:Rings:1-MinimalX
- Create curl-mini for bootstrapping (boo#1042919)

OBS-URL: https://build.opensuse.org/request/show/503381
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=192
2017-06-14 09:42:26 +00:00
Ismail Dönmez
cb94451b5b - Update to 7.54.1
Changes:
  * curl now shows release date in --version output
  Bugfixes:
  * Fixes CVE-2017-9502: default protocol drive letter buffer overflow
  * openssl: fix memory leak in servercert
  * curl: set a 100K buffer size by default
  * nss: do not leak PKCS #11 slot while loading a key
  * nss: load libnssckbi.so if no other trust is specified
  * curl: use utimes instead of obsolescent utime when available
  * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
  * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
  * curl: non-boolean command line args reject --no- prefixes
  * telnet: Write full buffer instead of byte-by-byte
  * curl: remove --environment and tool_writeenv.c
  * curl: generate the --help output
  * curl.1: clarify --config
  * curl.1: mention --oauth2-bearer's argument
  * ssh: fix memory leak in disconnect due to timeout
  * redirect: store the "would redirect to" URL when max redirs is reached
  * file: make speedcheck use current time for checks
  * urlglob: fix division by zero

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=191
2017-06-14 08:46:57 +00:00
Tomáš Chvátal
e8631bf9d1 Accepting request 489260 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
* bsc#1033413

OBS-URL: https://build.opensuse.org/request/show/489260
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=189
2017-04-19 09:22:55 +00:00
Ismail Dönmez
8163a4f5cc - Update to 7.54.0
Changes:
  * Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
  * Add --max-tls
  * Add CURLOPT_SUPPRESS_CONNECT_HEADERS
  * Add --suppress-connect-headers
  Bugfixes:
  * CVE-2017-7468: switch off SSL session id when client cert is used
  * tests: use consistent environment variables for setting charset
  * proxy: fixed a memory leak on OOM
  * ftp: removed an erroneous free in an OOM path
  * ftp: fixed a NULL pointer dereference on OOM
  * gopher: fixed detection of an error condition from Curl_urldecode
  * url: fix unix-socket support for proxy-disabled builds
  * fix potential use of uninitialized variables
  * ares: return error at once if timed out before name resolve starts
  * URL: return error on malformed URLs with junk after port number
  * http2: Fix assertion error on redirect with CL=0
  * --insecure: clarify that this option is for server connections
  * authneg: clear auth.multi flag at http_done
  * curl_easy_reset: Also reset the authentication state
  * proxy: skip SSL initialization for closed connections
  * http_proxy: ignore TE and CL in CONNECT 2xx responses
  * multi: fix streamclose() crash in debug mode
  * openssl: fall back on SSL_ERROR_* string when no error detail
  * asiohiper: make sure socket is open in event_cb
  * curl: check for end of input in writeout backslash handling
  * openssl: exclude DSA code when OPENSSL_NO_DSA is defined
  * http: Fix proxy connection reuse with basic-auth
  * pause: handle mixed types of data when paused

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=188
2017-04-19 08:28:13 +00:00
Ismail Dönmez
667e492a23 - Update to 7.53.1
Bugfixes:
  * url: Improve CURLOPT_PROXY_CAPATH error handling
  * urldata: include curl_sspi.h when Windows SSPI is enabled
  * formdata: check for EOF when reading from stdin
  * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
  * url: Default the proxy CA bundle location to CURL_CA_BUNDLE
  * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=186
2017-02-24 11:53:47 +00:00
Ismail Dönmez
1856c7c477 -
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=185
2017-02-22 13:27:23 +00:00
Ismail Dönmez
bf1e67fa8b - Update to 7.53.0
Changes:
  * unix_socket: added --abstract-unix-socket and
    CURLOPT_ABSTRACT_UNIX_SOCKET
  * CURLOPT_BUFFERSIZE: support enlarging receive buffer
  Bugfixes:
  * CVE-2017-2629: make SSL_VERIFYSTATUS work again
  * gnutls-random: check return code for failed random
  * openssl-random: check return code when asking for random
  * http: remove "Curl_http_done: called premature" message
  * cyassl: use time_t instead of long for timeout
  * build-wolfssl: Sync config with wolfSSL 3.10
  * ftp-gss: check for init before use
  * configure: accept --with-libidn2 instead
  * ftp: failure to resolve proxy should return that error code
  * curl.1: add three more exit codes
  * docs/ciphers: link to our own new page about ciphers
  * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
  * darwinssl: fix iOS build
  * darwinssl: fix CFArrayRef leak
  * cmake: use crypt32.lib when building with OpenSSL on windows
  * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
  * digest_sspi: copy terminating NUL as well
  * curl: fix --remote-time incorrect times on Windows
  * curl.1: several updates and corrections
  * content_encoding: change return code on a failure
  * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
  * docs: TCP_KEEPALIVE start and interval default to 60
  * darwinssl: --insecure overrides --cacert if both settings are in use
  * TheArtOfHttpScripting: grammar

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=184
2017-02-22 13:26:22 +00:00
Ismail Dönmez
1002a66bcb Accepting request 454837 from home:AndreasStieger:branches:devel:libraries:c_c++
- build with libidn2 for IDNA2008 support
  FATE#321897 CVE-2016-8625 bsc#1005649
  add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing, 
  remove curl-disable_failing_tests.patch

OBS-URL: https://build.opensuse.org/request/show/454837
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=182
2017-02-06 09:07:18 +00:00
Ismail Dönmez
6af540439e -
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=180
2016-12-23 07:48:39 +00:00
Ismail Dönmez
bd259165c7 - Update to 7.52.1
Bugfixes:
  * CVE-2016-9594: unititialized random bsc#1016738

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=179
2016-12-23 07:39:42 +00:00
Ismail Dönmez
509550b5a8 - Update to 7.52.0
Changes:
  * nss: map CURL_SSLVERSION_DEFAULT to NSS default
  * vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
  * curl: introduce the --tlsv1.3 option to force TLS 1.3
  * curl: Add --retry-connrefused
  * proxy: Support HTTPS proxy and SOCKS+HTTP(s)
  * add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
  * curl: add --fail-early 
  Bugfixes:
  * CVE-2016-9586: printf floating point buffer overflow
  * curl -w: added more decimal digits to timing counters
  * easy: Initialize info variables on easy init and duphandle
  * http2: Don't send header fields prohibited by HTTP/2 spec
  * ssh: check md5 fingerprints case insensitively (regression)
  * openssl: initial TLS 1.3 adaptions
  * SPNEGO: Fix memory leak when authentication fails
  * realloc: use Curl_saferealloc to avoid common mistakes
  * openssl: make sure to fail in the unlikely event that PRNG
    seeding fails
  * URL-parser: for file://[host]/ URLs, the [host] must be localhost
  * timeval: prefer time_t to hold seconds instead of long
  * glob: fix [a-c] globbing regression
  * curl.1: Clarify --dump-header only writes received headers
  * http2: Fix address sanitizer memcpy warning
  * http2: Use huge HTTP/2 windows
  * connects: Don't mix unix domain sockets with regular ones
  * url: Fix conn reuse for local ports and interfaces
  * x509: Limit ASN.1 structure sizes to 256K
  * http2: check nghttp2_session_set_local_window_size exists

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=178
2016-12-21 07:25:57 +00:00
Ismail Dönmez
c7dbf5559a - Update to 7.51.0
Changes:
  * nss: additional cipher suites are now accepted by
    CURLOPT_SSL_CIPHER_LIST
  * New option: CURLOPT_KEEP_SENDING_ON_ERROR 
  Bugfixes:
  * CVE-2016-8615: cookie injection for other servers
  * CVE-2016-8616: case insensitive password comparison
  * CVE-2016-8617: OOB write via unchecked multiplication
  * CVE-2016-8618: double-free in curl_maprintf
  * CVE-2016-8619: double-free in krb5 code
  * CVE-2016-8620: glob parser write/read out of bounds
  * CVE-2016-8621: curl_getdate read out of bounds
  * CVE-2016-8622: URL unescape heap overflow via integer truncation
  * CVE-2016-8623: Use-after-free via shared cookies
  * CVE-2016-8624: invalid URL parsing with '#'
  * CVE-2016-8625: IDNA 2003 makes curl use wrong host
  * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
  * http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
  * LICENSE-MIXING.md: update with mbedTLS dual licensing
  * examples/imap-append: Set size of data to be uploaded
  * test2048: fix url
  * darwinssl: disable RC4 cipher-suite support
  * CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
  * openssl: don’t call CRYTPO_cleanup_all_ex_data
  * libressl: fix version output
  * easy: Reset all statistical session info in curl_easy_reset
  * curl_global_cleanup.3: don't unload the lib with sub threads running
  * dist: add CurlSymbolHiding.cmake to the tarball
  * docs: Remove that --proto is just used for initial retrieval

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=176
2016-11-02 08:22:48 +00:00
Ismail Dönmez
bde7f7c470 - update to 7.50.3
Bugfixes:
   * CVE-2016-7167: escape and unescape integer overflows
   * mk-ca-bundle.pl: use SHA256 instead of SHA1
   * checksrc: detect strtok() use
   * errors: new alias CURLE_WEIRD_SERVER_REPLY
   * http2: support > 64bit sized uploads
   * openssl: fix bad memory free (regression)
   * CMake: hide private library symbols
   * http: refuse to pass on response body when NO_NODY is set
   * cmake: fix curl-config --static-libs
   * mbedtls: switch off NTLM in build if md4 isn't available
   * curl: --create-dirs on windows groks both forward and
     backward slashes

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=174
2016-09-14 07:41:51 +00:00
Ismail Dönmez
2204f88cb5 -
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=172
2016-09-08 08:56:16 +00:00
Ismail Dönmez
302b721dfa - update to 7.50.2
Bugfixes:
  * mbedtls: Added support for NTLM
  * SSH: fixed SFTP/SCP transfer problems
  * multi: make Curl_expire() work with 0 ms timeouts
  * mk-ca-bundle.pl: -m keeps ca cert meta data in output
  * TFTP: Fix upload problem with piped input
  * CURLOPT_TCP_NODELAY: now enabled by default
  * mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
  * http2: always wait for readable socket
  * cmake: Enable win32 large file support by default
  * cmake: Enable win32 threaded resolver by default
  * winbuild: Avoid setting redundant CFLAGS to compile commands
  * curl.h: make CURL_NO_OLDIES define CURL_STRICTER
  * docs: make more markdown files use .md extension
  * docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
  * winbuild: Allow changing C compiler via environment variable CC
  * rtsp: accept any RTSP session id
  * HTTP: retry failed HEAD requests on reused connections too
  * configure: add zlib search with pkg-config
  * openssl: accept subjectAltName iPAddress if no dNSName match
  * MANUAL: Remove invalid link to LDAP documentation
  * socks: improved connection procedure
  * proxy: reject attempts to use unsupported proxy schemes
  * proxy: bring back use of "Proxy-Connection:"
  * curl: allow "pkcs11:" prefix for client certificates
  * spnego_sspi: fix memory leak in case *outlen is zero
  * SOCKS: improve verbose output of SOCKS5 connection sequence
  * SOCKS: display the hostname returned by the SOCKS5 proxy server
  * http/sasl: Query authentication mechanism supported by SSPI before using

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=171
2016-09-08 08:54:43 +00:00
P. Janouch
a8f615150b - update to 7.50.1
Bugfixes:
  * TLS: switch off SSL session id when client cert is used
  * TLS: only reuse connections with the same client cert
  * curl_multi_cleanup: clear connection pointer for easy handles
  * include the CURLINFO_HTTP_VERSION man page into the release tarball
  * include the http2-server.pl script in the release tarball
  * test558: fix test by stripping file paths from FD lines
  * spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
  * tests: Fix for http/2 feature
  * cmake: Fix for schannel support
  * curl.h: make public types void * again
  * win32: fix a potential memory leak in Curl_load_library
  * travis: fix OSX build by re-installing libtool
  * mbedtls: Fix debug function name 
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=169
2016-08-05 12:52:17 +00:00
e971992d56 Accepting request 412565 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- update to 7.50.0
  Changes:
  * http: add CURLINFO_HTTP_VERSION and %{http_version}
  Bugfixes:
  * openssl: fix build with OPENSSL_NO_COMP
  * cmake: Added missing mbedTLS support
  * URL parser: allow URLs to use one, two or three slashes
  * curl: fix -q [regression]
  * openssl: Use correct buffer sizes for error messages
  * curl: fix SIGSEGV while parsing URL with too many globs
  * vtls: fix ssl session cache race condition
  * http: Fix HTTP/2 connection reuse [regression]
  * checksrc: Add LoadLibrary to the banned functions list
  * configure: occasional ignorance of --enable-symbol-hiding with GCC
  * http2: test17xx are the first real HTTP/2 tests
  * resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
  * curl_multi_socket_action.3: rewording
  * CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
  * cmake: Fix build with winldap
  * openssl: fix cert check with non-DNS name fields present
  * curl.1: mention the units for the progress meter
  * openssl: use more 'const' to fix build warnings with 1.1.0 branch
  * cmake: now using BUILD_TESTING=ON/OFF
  * vtls: Only call add/getsession if session id is enabled
  * headers: forward declare CURL, CURLM and CURLSH as structs
  * configure: improve detection of CA bundle path on FreeBSD
  * SFTP: set a generic error when no SFTP one exists
  * curl_global_init.3: expand on the SSL and WIN32 bits purpose
  * conn: don't free easy handle data in handler->disconnect
  * cookie.c: Fix misleading indentation

OBS-URL: https://build.opensuse.org/request/show/412565
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=168
2016-07-21 18:40:30 +00:00
P. Janouch
f0b8ef2d59 Accepting request 402804 from home:AndreasStieger:branches:devel:libraries:c_c++
curl 7.49.1

OBS-URL: https://build.opensuse.org/request/show/402804
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=166
2016-06-17 13:15:20 +00:00
Ismail Dönmez
197fcdad71 - Depend on libssh2 >= 1.6.0 since curl depends on the
libssh2_scp_recv2 symbol now. Fixes boo#983170

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=164
2016-06-06 10:22:45 +00:00
P. Janouch
e5356c8cdc Accepting request 394233 from home:alarrosa:branches:devel:libraries:c_c++
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
  Fixes "Network is unreachable" errors in valid situations when ipv6
  is not available but ipv4 is working fine. This also fixes the same
  error from happening in applications using libcurl4 (like zypper).
  (bsc#915846)

OBS-URL: https://build.opensuse.org/request/show/394233
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=162
2016-05-09 07:57:49 +00:00
Ismail Dönmez
15d9fc8ebf - Update to 7.48.0
* configure: --with-ca-fallback: use built-in TLS CA fallback
  * TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
  * getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
  * Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
  superseded by --with-ca-fallback configure option.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=160
2016-03-31 17:36:23 +00:00