gsoap-2.8.48

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gsoap?expand=0&rev=96

gsoap-2.8.46.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17394ffa2c54c4a1983f66dc990943955f3838466d73130e965196d2de41c0c8
-size 19120476

gsoap-2.8.48.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:be1988539a4733069f1d4e0e1782207e6faca6c996f086ad5e7f4ff202eae95d
+size 18978300

gsoap-sslverify.diff

@@ -1,29 +0,0 @@
-From: Jan Engelhardt <jengelh@inai.de>
-References: https://sourceforge.net/p/gsoap2/patches/168/
-
-When verification of a certificate has failed, do not just leave soap->msgbuf
-at the default openssl message ("certificate validation failed" or so), but
-append the detailed error message from the verification stage as well.
-
----
- gsoap/stdsoap2.cpp |    7 +++++++
- 1 file changed, 7 insertions(+)
-
-Index: gsoap-2.8.43/gsoap/stdsoap2.cpp
-===================================================================
---- gsoap-2.8.43.orig/gsoap/stdsoap2.cpp
-+++ gsoap-2.8.43/gsoap/stdsoap2.cpp
-@@ -3672,6 +3672,13 @@ soap_ssl_error(struct soap *soap, int re
-     while ((r = ERR_get_error()))
-     { size_t l = strlen(soap->msgbuf);
-       ERR_error_string_n(r, soap->msgbuf + l, sizeof(soap->msgbuf) - l);
-+      l = strlen(soap->msgbuf);
-+      if (l + 1 < sizeof(soap->msgbuf))
-+        soap->msgbuf[l++] = '\n';
-+      if (ERR_GET_REASON(r) == SSL_R_CERTIFICATE_VERIFY_FAILED && l <= sizeof(soap->msgbuf)) {
-+        const char *reason = X509_verify_cert_error_string(SSL_get_verify_result(soap->ssl));
-+        (SOAP_SNPRINTF(soap->msgbuf + l, sizeof(soap->msgbuf) - l, strlen(reason)), "%s", reason);
-+      }
-     }
-   }
-   else

gsoap.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Jun 27 14:03:51 UTC 2017 - jengelh@inai.de
+
+- Update to new upstream release 2.8.48
+  * Added CURL plugin to use libcurl for gSOAP client applications.
+  * Added `soap->transfer_timeout` max transfer timeout, to use in
+    combination with `soap->send_timeout` and `soap->recv_timeout`.
+  * Fixed a potential vulnerability that may be exposed with large
+    and specific XML messages over 2 GB in size.
+- Remove gsoap-sslverify.diff (merged upstream)
+
 -------------------------------------------------------------------
 Fri May 19 10:23:02 UTC 2017 - jengelh@inai.de
 

gsoap.spec

@@ -17,8 +17,8 @@
 
 
 Name:           gsoap
-%define lname	libgsoap-2_8_46
-Version:        2.8.46
+%define lname	libgsoap-2_8_48
+Version:        2.8.48
 Release:        0
 Summary:        Toolkit for SOAP/REST-based C/C++ server and client web service applications
 License:        SUSE-GPL-2.0+-with-openssl-exception
@@ -29,7 +29,6 @@ Source:         gsoap-%version.tar.xz
 Source2:        sanitize_source.sh
 Patch1:         gsoap-automake1_13.diff
 Patch2:         gsoap-01-sharedlibs.diff
-Patch3:         gsoap-sslverify.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -85,7 +84,7 @@ This subpackage contains the documentation for the gSOAP toolkit.
 %prep
 %setup -q
 cmp gsoap/stdsoap2.cpp gsoap/stdsoap2.c
-%patch -P 1 -P 2 -P 3 -p1
+%patch -P 1 -P 2 -p1
 ln -fs stdsoap2.cpp gsoap/stdsoap2.c
 
 %build

sanitize_source.sh

@@ -13,7 +13,7 @@ if ! which hardlink >/dev/null; then
 	exit 1;
 fi;
 
-version="2.8.46"
+version="2.8.48"
 shortver="2.8" # agh...
 if [ ! -e "gsoap_$version.zip" ]; then
 	wget -c "http://downloads.sf.net/gsoap2/gsoap_$version.zip"