From 78a9b1c33359219300f3cb1f5bb780027276b5b7d68ac9bedc339b4ab0be4090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 18 Feb 2020 14:31:05 +0000 Subject: [PATCH] Accepting request 775220 from home:dimstar:Factory - Eliminate curl-mini: The reason for this to exist was that cmake pulled in curl into too many places, causing build cycles. A new cmake-mini was generated, eliminating that need. - openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains OBS-URL: https://build.opensuse.org/request/show/775220 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=268 --- curl-mini.changes | 3974 --------------------------------------------- curl-mini.spec | 232 --- curl.changes | 9 +- curl.spec | 47 +- pre_checkin.sh | 15 - 5 files changed, 18 insertions(+), 4259 deletions(-) delete mode 100644 curl-mini.changes delete mode 100644 curl-mini.spec delete mode 100644 pre_checkin.sh diff --git a/curl-mini.changes b/curl-mini.changes deleted file mode 100644 index 49279a5..0000000 --- a/curl-mini.changes +++ /dev/null @@ -1,3974 +0,0 @@ -------------------------------------------------------------------- -Wed Jan 8 09:54:50 UTC 2020 - Pedro Monreal Gonzalez - -- Update to 7.68.0 - * Changes: - - TLS: add BearSSL vtls implementation - - XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE - - curl: add --etag-compare and --etag-save - - curl: add --parallel-immediate - - multi: add curl_multi_wakeup() - - openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains - * Bugfixes: - - CVE-2019-15601: file: on Windows, refuse paths that start with \\ - - Azure Pipelines: add several builds - - CMake: add support for building with the NSS vtls backend - - CURL-DISABLE: initial docs for the CURL_DISABLE_* defines - - CURLOPT_HEADERFUNCTION.3: Document that size is always 1 - - CURLOPT_QUOTE.3: fix typos - - CURLOPT_READFUNCTION.3: fix the example - - CURLOPT_URL.3: "curl supports SMB version 1 (only)" - - CURLOPT_VERBOSE.3: see also ERRORBUFFER - - HISTORY: added cmake, HTTP/3 and parallel downloads with curl - - HISTORY: the SMB(S) support landed in 2014 - - INSTALL.md: provide Android build instructions - - KNOWN_BUGS: Connection information when using TCP Fast Open - - KNOWN_BUGS: LDAP on Windows doesn't work correctly - - KNOWN_BUGS: TLS session cache doesn't work with TFO - - OPENSOCKETFUNCTION.3: correct the purpose description - - TrackMemory tests: always remove CR before LF - - altsvc: bump to h3-24 - - altsvc: make the save function ignore NULL filenames - - build: Disable Visual Studio warning "conditional expression is constant" - - build: fix for CURL_DISABLE_DOH - - checksrc.bat: Add a check for vquic and vssh directories - - checksrc: repair the copyrightyear check - - cirrus-ci: enable clang sanitizers on freebsd 13 - - cirrus: Drop the FreeBSD 10.4 build - - config-win32: cpu-machine-OS for Windows on ARM - - configure: avoid unportable `==' test(1) operator - - configure: enable IPv6 support without `getaddrinfo` - - configure: fix typo in help text - - conncache: CONNECT_ONLY connections assumed always in-use - - conncache: fix multi-thread use of shared connection cache - - copyrights: fix copyright year range - - create_conn: prefer multiplexing to using new connections - - curl -w: handle a blank input file correctly - - curl.h: add two missing defines for "pre ISO C" compilers - - curl/parseconfig: fix mem-leak - - curl/parseconfig: use curl_free() to free memory allocated by libcurl - - curl: cleanup multi handle on failure - - curl: fix --upload-file . hangs if delay in STDIN - - curl: fix -T globbing - - curl: improved cleanup in upload error path - - curl: make a few char pointers point to const char instead - - curl: properly free mimepost data - - curl: show better error message when no homedir is found - - curl: show error for --http3 if libcurl lacks support - - curl_setup_once: consistently use WHILE_FALSE in macros - - define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore - - docs: Change 'experiemental' to 'experimental' - - docs: TLS SRP doesn't work with TLS 1.3 - - docs: fix several typos - - docs: mention CURL_MAX_INPUT_LENGTH restrictions - - doh: improved both encoding and decoding - - doh: make it behave when built without proxy support - - examples/postinmemory.c: Call curl_global_cleanup always - - examples/url2file.c: corrected erroneous comment - - examples: add multi-poll.c - - global_init: undo the "intialized" bump in case of failure - - hostip: suppress compiler warning - - http_ntlm: Remove duplicate NSS initialisation - - lib: Move lib/ssh.h -> lib/vssh/ssh.h - - lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS` - - lib: fix warnings found when porting to NuttX - - lib: remove ASSIGNWITHINCONDITION exceptions, use our code style - - lib: remove erroneous +x file permission on some c files - - libssh2: add support for ECDSA and ed25519 knownhost keys - - multi.h: remove INITIAL_MAX_CONCURRENT_STREAMS from public header - - multi: free sockhash on OOM - - multi_poll: avoid busy-loop when called without easy handles attached - - ngtcp2: Support the latest update key callback type - - ngtcp2: fix thread-safety bug in error-handling - - ngtcp2: free used resources on disconnect - - ngtcp2: handle key updates as ngtcp2 master branch tells us - - ngtcp2: increase QUIC window size when data is consumed - - ngtcp2: use overflow buffer for extra HTTP/3 data - - ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set - - ntlm_wb: fix double-free in OOM - - openssl: Revert to less sensitivity for SYSCALL errors - - openssl: improve error message for SYSCALL during connect - - openssl: prevent recursive function calls from ctx callbacks - - openssl: retrieve reported LibreSSL version at runtime - - openssl: set X509_V_FLAG_PARTIAL_CHAIN by default - - parsedate: offer a getdate_capped() alternative - - pause: avoid updating socket if done was already called - - projects: Fix Visual Studio projects SSH builds - - projects: Fix Visual Studio wolfSSL configurations - - quiche: reject HTTP/3 headers in the wrong order - - remove_handle: clear expire timers after multi_done() - - runtests: --repeat=[num] to repeat tests - - runtests: introduce --shallow to reduce huge torture tests - - schannel: fix --tls-max for when min is --tlsv1 or default - - setopt: Fix ALPN / NPN user option when built without HTTP2 - - strerror: Add Curl_winapi_strerror for Win API specific errors - - strerror: Fix an error looking up some Windows error strings - - strerror: Fix compiler warning "empty expression" - - system.h: fix for MCST lcc compiler - - test/sws: search for "Testno:" header unconditionally if no testno - - test1175: verify symbols-in-versions and libcurl-errors.3 in sync - - test1270: a basic -w redirect_url test - - test1456: remove the use of a fixed local port number - - test1558: use double slash after file: - - test1560: require IPv6 for IPv6 aware URL parsing - - tests/lib1557: fix mem-leak in OOM - - tests/lib1559: fix mem-leak in OOM - - tests/lib1591: free memory properly on OOM, in the trailers callback - - tests/unit1607: fix mem-leak in OOM - - tests/unit1609: fix mem-leak in OOM - - tests/unit1620: fix bad free in OOM - - tests: Change NTLM tests to require SSL - - tests: Fix bounce requests with truncated writes - - tests: fix build with `CURL_DISABLE_DOH` - - tests: fix permissions of ssh keys in WSL - - tests: make it possible to set executable extensions - - tests: make sure checksrc runs on header files too - - tests: set LC_ALL=en_US.UTF-8 instead of blank in several tests - - tests: use DoH feature for DoH tests - - tests: use \r\n for log messages in WSL - - tool_operate: fix mem leak when failed config parse - - travis: Fix error detection - - travis: abandon coveralls, it is not reliable - - travis: build ngtcp2 with --enable-lib-only - - travis: export the CC/CXX variables when set - - vtls: make BearSSL possible to set with CURL_SSL_BACKEND - - winbuild: Define CARES_STATICLIB when WITH_CARES=static - - winbuild: Document CURL_STATICLIB requirement for static libcurl -- Remove curl-expire-clear.patch - -------------------------------------------------------------------- -Thu Nov 14 16:55:18 UTC 2019 - Pedro Monreal Gonzalez - -- Fix segfault in zypper ref: [bsc#1156481] - * remove_handle: clear expire timers after multi_done() - * Add patch curl-expire-clear.patch - -------------------------------------------------------------------- -Wed Nov 6 15:52:24 UTC 2019 - Pedro Monreal Gonzalez - -- Update spec file with spec-cleaner - -------------------------------------------------------------------- -Wed Nov 6 09:36:43 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.67.0 - * Changes: - - curl: added --no-progress-meter - - setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new - - urlapi: CURLU_NO_AUTHORITY allows empty authority/host part - * Bugfixes: - - BINDINGS: five new bindings addded - - CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time - - CURLOPT_TIMEOUT.3: remove the mention of "minutes" - - ESNI: initial build/setup support - - FTP: FTPFILE_NOCWD: avoid redundant CWDs - - FTP: allow "rubbish" prepended to the SIZE response - - FTP: remove trailing slash from path for LIST/MLSD - - FTP: skip CWD to entry dir when target is absolute - - FTP: url-decode path before evaluation - - HTTP3.md: move -p for mkdir, remove -j for make - - HTTP3: fix invalid use of sendto for connected UDP socket - - HTTP3: fix prefix parameter for ngtcp2 build - - HTTP3: show an --alt-svc using example too - - INSTALL: add missing space for configure commands - - INSTALL: add vcpkg installation instructions - - altsvc: accept quoted ma and persist values - - altsvc: both backends run h3-23 now - - appveyor: Add MSVC ARM64 build - - appveyor: Use two parallel compilation on appveyor with CMake - - appveyor: add --disable-proxy autotools build - - appveyor: publish artifacts on appveyor - - appveyor: upgrade VS2017 to VS2019 - - asyn-thread: make use of Curl_socketpair() where available - - asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris - - build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines - - checksrc: fix uninitialized variable warning - - chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error - - cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build - - cirrus: switch off blackhole status on the freebsd CI machines - - cleanups: 21 various PVS-Studio warnings - - configure: only say ipv6 enabled when the variable is set - - configure: remove all cyassl references - - conn-reuse: requests wanting NTLM can reuse non-NTLM connections - - connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT - - connect: silence sign-compare warning - - cookie: avoid harmless use after free - - cookie: pass in the correct cookie amount to qsort() - - cookies: change argument type for Curl_flush_cookies - - cookies: using a share with cookies shouldn't enable the cookie engine - - copyrights: update copyright notices to 2019 - - curl: create easy handles on-demand and not ahead of time - - curl: ensure HTTP 429 triggers --retry - - curl: exit the create_transfers loop on errors - - curl: fix memory leaked by parse_metalink() - - curl: load large files with -d @ much faster - - docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag - - docs: added multi-event.c example - - docs: disambiguate CURLUPART_HOST is for host name (ie no port) - - docs: note on failed handles not being counted by curl_multi_perform - - doh: allow only http and https in debug mode - - doh: avoid truncating DNS QTYPE to lower octet - - doh: clean up dangling DOH memory on easy close - - doh: fix (harmless) buffer overrun - - doh: fix undefined behaviour and open up for gcc and clang optimization - - doh: return early if there is no time left - - examples/sslbackend: fix -Wchar-subscripts warning - - gnutls: make gnutls_bye() not wait for response on shutdown - - http2: expire a timeout at end of stream - - http2: prevent dup'ed handles to send dummy PRIORITY frames - - http2: relax verification of :authority in push promise requests - - http2_recv: a closed stream trumps pause state - - http: lowercase headernames for HTTP/2 and HTTP/3 - - ldap: Stop using wide char version of ldapp_err2string - - ldap: fix OOM error on missing query string - - mbedtls: add error message for cert validity starting in the future - - mime: when disabled, avoid C99 macro - - ngtcp2: adapt to API change - - ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23 - - ngtcp2: remove fprintf() calls - - openssl: close_notify on the FTP data connection doesn't mean closure - - openssl: use strerror on SSL_ERROR_SYSCALL - - os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr - - parsedate: fix date parsing disabled builds - - quiche: don't close connection at end of stream - - quiche: persist connection details (fixes -I with --http3) - - quiche: set 'drain' when returning without having drained the queues - - quiche: update HTTP/3 config creation to new API - - redirect: handle redirects to absolute URLs containing spaces - - runtests: get textaware info from curl instead of perl - - schannel: reverse the order of certinfo insertions - - schannel_verify: Fix concurrent openings of CA file - - security: silence conversion warning - - setopt: handle ALTSVC set to NULL - - setopt: make it easier to add new enum values - - setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly - - smb: check for full size message before reading message details - - smbserver: fix Python 3 compatibility - - socks: Fix destination host shown on SOCKS5 error - - test1162: disable MSYS2's POSIX path conversion - - test1591: fix spelling of http feature - - tests: add 'connect to non-listen' keywords - - tests: fix narrowing conversion warnings - - tests: fix the test 3001 cert failures - - tests: makes tests succeed when using --disable-proxy - - tests: use %FILE_PWD for file:// URLs - - tests: use port 2 instead of 60000 for a safer non-listening port - - tool_operate: Fix retry sleep time shown to user when Retry-After - - url: Curl_free_request_state() should also free doh handles - - url: don't set appconnect time for non-ssl/non-ssh connections - - url: fix the NULL hostname compiler warning - - url: normalize CURLINFO_EFFECTIVE_URL - - url: only reuse TLS connections with matching pinning - - urlapi: avoid index underflow for short ipv6 hostnames - - urlapi: fix URL encoding when setting a full URL - - urlapi: question mark within fragment is still fragment - - urldata: use 'bool' for the bit type on MSVC compilers - - vtls: fix narrowing conversion warnings - -------------------------------------------------------------------- -Wed Sep 11 08:17:06 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481] - * Changes: - - CURLINFO_RETRY_AFTER: parse the Retry-After header value - - HTTP3: initial (experimental still not working) support - - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool - - curl: support parallel transfers with -Z - - curl_multi_poll: a sister to curl_multi_wait() that waits more - - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID - * Bugfixes: - - CVE-2019-5481: FTP-KRB double-free - - CVE-2019-5482: TFTP small blocksize heap buffer overflow - - CMake: remove needless newlines at end of gss variables - - CMake: use platform dependent name for dlopen() library - - CURLINFO docs: mention that in redirects times are added - - CURLOPT_ALTSVC.3: use a "" file name to not load from a file - - CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED - - CURLOPT_HEADERFUNCTION.3: clarify - - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly - - CURLOPT_READFUNCTION.3: provide inline example - - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 - - Curl_addr2string: take an addrlen argument too - - Curl_fillreadbuffer: avoid double-free trailer buf on error - - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown - - alt-svc: add protocol version selection masking - - alt-svc: fix removal of expired cache entry - - alt-svc: make it use h3-22 with ngtcp2 as well - - alt-svc: more liberal ALPN name parsing - - alt-svc: send Alt-Used: in redirected requests - - alt-svc: with quiche, use the quiche h3 alpn string - - asyn-thread: create a socketpair to wait on - - cleanup: move functions out of url.c and make them static - - cleanup: remove the 'numsocks' argument used in many places - - configure: avoid undefined check_for_ca_bundle - - curl.h: add CURL_HTTP_VERSION_3 to the version enum - - curl: cap the maximum allowed values for retry time arguments - - curl: handle a libcurl build without netrc support - - curl: make use of CURLINFO_RETRY_AFTER when retrying - - curl: use CURLINFO_PROTOCOL to check for HTTP(s) - - curl_global_init_mem.3: mention it was added in 7.12.0 - - curl_version: bump string buffer size to 250 - - curl_version_info.3: mentioned ALTSVC and HTTP3 - - curl_version_info: offer quic (and h3) library info - - curl_version_info: provide nghttp2 details - - defines: avoid underscore-prefixed defines - - docs/ALTSVC: remove what works and the experimental explanation - - docs/EXPERIMENTAL: explain what it means and what's experimental now - - docs/MANUAL.md: converted to markdown from plain text - - docs/examples/curlx: fix errors - - docs: s/curl_debug/curl_dbg_debug in comments and docs - - easy: resize receive buffer on easy handle reset - - examples: Avoid reserved names in hiperfifo examples - - examples: add http3.c, altsvc.c and http3-present.c - - http09: disable HTTP/0.9 by default in both tool and library - - http2: when marked for closure and wanted to close == OK - - http2_recv: trigger another read when the last data is returned - - http: fix use of credentials from URL when using HTTP proxy - - http_negotiate: improve handling of gss_init_sec_context() failures - - md4: Use our own MD4 when no crypto libraries are available - - multi: call detach_connection before Curl_disconnect - - nss: use TLSv1.3 as default if supported - - openssl: build warning free with boringssl - - openssl: use SSL_CTX_set__proto_version() when available - - plan9: add support for running on Plan 9 - - progress: reset download/uploaded counter between transfers - - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp - - scp: fix directory name length used in memcpy - - smb: init *msg to NULL in smb_send_and_recv() - - smtp: check for and bail out on too short EHLO response - - source: remove names from source comments - - spnego_sspi: add typecast to fix build warning - - src/makefile: fix uncompressed hugehelp.c generation - - ssh-libssh: do not specify O_APPEND when not in append mode - - ssh: move code into vssh for SSH backends - - sspi: fix memory leaks - - tests: Replace outdated test case numbering documentation - - tftp: return error when packet is too small for options - - timediff: make it 64 bit (if possible) even with 32 bit time_t - - travis: reduce number of torture tests in 'coverage' - - url: make use of new HTTP version if alt-svc has one - - urlapi: verify the IPv6 numerical address - - urldata: avoid 'generic', use dedicated pointers - - vauth: Use CURLE_AUTH_ERROR for auth function errors - -------------------------------------------------------------------- -Fri Jul 19 13:51:15 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.65.3 - * progress: make the progress meter appear again - -------------------------------------------------------------------- -Wed Jul 17 09:07:25 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.65.2 - * Bugfixes: - - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH - - CMake: Fix finding Brotli on case-sensitive file systems - - CURLOPT_RANGE.3: Caution against using it for HTTP PUT - - CURLOPT_SEEKDATA.3: fix variable name - - bindlocal: detect and avoid IP version mismatches in bind() - - build: fix Codacy warnings - - c-ares: honor port numbers in CURLOPT_DNS_SERVERS - - config-os400: add getpeername and getsockname defines - - configure: --disable-progress-meter - - configure: fix --disable-code-coverage - - configure: more --disable switches to toggle off individual features - - configure: remove CURL_DISABLE_TLS_SRP - - conn_maxage: move the check to prune_dead_connections() - - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds - - docs: Explain behavior change in --tlsv1. options since 7.54 - - docs: Fix links to OpenSSL docs - - docs: fix string suggesting HTTP/2 is not the default - - headers: Remove no longer exported functions - - http2: call done_sending on end of upload - - http2: don't call stream-close on already closed streams - - http2: remove CURL_DISABLE_TYPECHECK define - - http: allow overriding timecond with custom header - - http: clarify header buffer size calculation - - krb5: fix compiler warning - - lib: Use UTF-8 encoding in comments - - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS - - multi: enable multiplexing by default (again) - - multi: fix the transfer hashes in the socket hash entries - - multi: make sure 'data' can present in several sockhash entries - - netrc: Return the correct error code when out of memory - - nss: don't set unused parameter - - nss: inspect returnvalue of token check - - nss: only cache valid CRL entries - - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number - - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined - - openssl: fix pubkey/signature algorithm detection in certinfo - - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support - - quote.d: asterisk prefix works for SFTP as well - - runtests: keep logfiles around by default - - runtests: report single test time + total duration - - test1165: verify that CURL_DISABLE_ symbols are in sync - - test1521: adapt to SLISTPOINT - - test1523: test CURLOPT_LOW_SPEED_LIMIT - - test153: fix content-length to avoid occasional hang - - test188/189: fix Content-Length - - tests: have runtests figure out disabled features - - tests: support non-localhost HOSTIP for dict/smb servers - - tests: update fixed IP for hostip/clientip split - - tool_cb_prg: Fix integer overflow in progress bar - - typecheck: CURLOPT_CONNECT_TO takes an slist too - - typecheck: add 3 missing strings and a callback data pointer - - unit1654: cleanup on memory failure - - unpause: trigger a timeout for event-based transfers - - url: Fix CURLOPT_MAXAGE_CONN time comparison -- Rebased patch curl-use_OPENSSL_config.patch -- Disable new added failing test1165 - -------------------------------------------------------------------- -Wed Jun 5 15:34:01 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.65.1 - * Bugfixes: - - CURLOPT_LOW_SPEED_* repaired - - NTLM: reset proxy "multipass" state when CONNECT request is done - - PolarSSL: deprecate support step 1. Removed from configure - - cmake: check for if_nametoindex() - - cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables - - conncache: Remove the DEBUGASSERT on length check - - conncache: make "bundles" per host name when doing proxy tunnels - - curl_share_setopt.3: improve wording - - dump-header.d: spell out that no headers == empty file - - example/http2-download: fix format specifier - - examples: cleanups and compiler warning fixes - - http2: Stop drain from being permanently set - - http: don't parse body-related headers in bodyless responses - - md4: build correctly with openssl without MD4 - - md4: include the mbedtls config.h to get the MD4 info - - multi: track users of a socket better - - nss: allow to specify TLS 1.3 ciphers if supported by NSS - - parse_proxy: make sure portptr is initialized - - parse_proxy: use the IPv6 zone id if given - - sectransp: handle errSSLPeerAuthCompleted from SSLRead() - - singlesocket: use separate variable for inner loop - - ssl: Update outdated "openssl-only" comments for supported backends - - tests: add HAProxy keywords - - tests: make test 1420 and 1406 work with rtsp-disabled libcurl - - tls13-docs: mention it is only for OpenSSL >= 1.1.1 - - tool_setopt: for builds with disabled-proxy, skip all proxy setopts() - - url: fix bad feature-disable #ifdef - - url: use correct port in ConnectionExists() - -------------------------------------------------------------------- -Wed May 22 11:41:49 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436] - * Changes: - - CURLOPT_DNS_USE_GLOBAL_CACHE: removed - - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse - - pipelining: removed - * Bugfixes: - - CVE-2019-5435: Integer overflows in curl_url_set - - CVE-2019-5436: tftp: use the current blksize for recvfrom() - - --config: clarify that initial : and = might need quoting - - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk - - CURLOPT_ADDRESS_SCOPE: fix range check and more - - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value - - CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE - - CURL_MAX_INPUT_LENGTH: largest acceptable string input size - - Curl_disconnect: treat all CONNECT_ONLY connections as "dead" - - OS400/ccsidcurl: replace use of Curl_vsetopt - - OpenSSL: Report -fips in version if OpenSSL is built with FIPS - - WRITEFUNCTION: add missing set_in_callback around callback - - altsvc: Fix building with cookies disabled - - auth: Rename the various authentication clean up functions - - base64: build conditionally if there are users - - cmake: avoid linking executable for some tests with cmake 3.6+ - - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use - - cmake: set SSL_BACKENDS - - configure: avoid unportable '==' test(1) operator - - configure: error out if OpenSSL wasn't detected when asked for - - configure: fix default location for fish completions - - cookie: Guard against possible NULL ptr deref - - curl: make code work with protocol-disabled libcurl - - curl: report error for "--no-" on non-boolean options - - curlver.h: use parenthesis in CURL_VERSION_BITS macro - - docs/INSTALL: fix broken link - - doh: acknowledge CURL_DISABLE_DOH - - doh: disable DOH for the cases it doesn't work - - examples: remove unused variables - - ftplistparser: fix LGTM alert "Empty block without comment" - - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS - - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies - - http: acknowledge CURL_DISABLE_HTTP_AUTH - - http: mark bundle as not for multiuse on < HTTP/2 response - - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled - - http_negotiate: do not treat failure of gss_init_sec_context() as fatal - - http_ntlm: Corrected the name of the include guard - - http_ntlm_wb: Handle auth for only a single request - - http_ntlm_wb: Return the correct error on receiving an empty auth message - - lib509: add missing include for strdup - - lib557: initialize variables - - mbedtls: enable use of EC keys - - mime: acknowledge CURL_DISABLE_MIME - - multi: improved HTTP_1_1_REQUIRED handling - - netrc: acknowledge CURL_DISABLE_NETRC - - nss: allow fifos and character devices for certificates - - nss: provide more specific error messages on failed init - - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup - - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 - - openssl: mark connection for close on TLS close_notify - - openvms: Remove pre-processor for SecureTransport - - parse_proxy: use the URL parser API - - parsedate: disabled on CURL_DISABLE_PARSEDATE - - pingpong: disable more when no pingpong protocols are enabled - - polarssl_threadlock: remove conditionally unused code - - progress: acknowledge CURL_DISABLE_PROGRESS_METER - - proxy: acknowledge DISABLE_PROXY more - - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries - - revert "multi: support verbose conncache closure handle" - - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 - - sasl: only enable if there's a protocol enabled using it - - singleipconnect: show port in the verbose "Trying ..." message - - socks5: user name and passwords must be shorter than 256 - - socks: fix error message - - socksd: new SOCKS 4+5 server for tests - - spnego_gssapi: fix return code on gss_init_sec_context() failure - - ssh-libssh: remove unused variable - - ssh: define USE_SSH if SSH is enabled (any backend) - - ssh: move variable declaration to where it's used - - test1002: correct the name - - test2100: Fix typos in test description - - tests: Run global cleanup at end of tests - - tests: make Impacket (SMB server) Python 3 compatible - - tool_cb_wrt: fix bad-function-cast warning - - tool_formparse: remove redundant assignment - - tool_help: Warn if curl and libcurl versions do not match - - tool_help: include for strcasecmp - - url: always clone the CUROPT_CURLU handle - - url: convert the zone id from a IPv6 URL to correct scope id - - urlapi: add CURLUPART_ZONEID to set and get - - urlapi: increase supported scheme length to 40 bytes - - urlapi: require a non-zero host name length when parsing URL - - urlapi: stricter CURLUPART_PORT parsing - - urlapi: strip off zone id from numerical IPv6 addresses - - urlapi: urlencode characters above 0x7f correctly - - vauth/cleartext: update the PLAIN login to match RFC 4616 - - vauth/oauth2: Fix OAUTHBEARER token generation - - vauth: Fix incorrect function description for Curl_auth_user_contains_domain - - vtls: fix potential ssl_buffer stack overflow - - wildcard: disable from build when FTP isn't present - - xattr: skip unittest on unsupported platforms - -------------------------------------------------------------------- -Tue Apr 9 12:11:46 UTC 2019 - Pedro Monreal Gonzalez - -- Install curl.fish completions file from curl rather than from the fish package - -------------------------------------------------------------------- -Tue Apr 9 11:41:07 UTC 2019 - Pedro Monreal Gonzalez - -- update to version 7.64.1 - * Changes: - - alt-svc: experiemental support added - - configure: add --with-amissl - * Bugfixes: - - AppVeyor: switch VS 2015 builds to VS 2017 image - - CURLU: fix NULL dereference when used over proxy - - Curl_easy: remove req.maxfd - never used! - - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning - - DoH: inherit some SSL options from user's easy handle - - Secure Transport: no more "darwinssl" - - Secure Transport: tvOS 11 is required for ALPN support - - cirrus: Added FreeBSD builds using Cirrus CI - - cleanup: make local functions static - - cli tool: do not use mime.h private structures - - cmdline-opts/proxytunnel.d: the option tunnnels all protocols - - configure: add additional libraries to check for LDAP support - - configure: remove the unused fdopen macro - - configure: show features as well in the final summary - - conncache: use conn->data to know if a transfer owns it - - connection: never reuse CONNECT_ONLY connections - - connection_check: restore original conn->data after the check - - connection_check: set ->data to the transfer doing the check - - cookie: Add support for cookie prefixes - - cookies: dotless names can set cookies again - - cookies: fix NULL dereference if flushing cookies with no CookieInfo set - - curl.1: --user and --proxy-user are hidden from ps output - - curl.1: mark the argument to --cookie as - - curl.h: use __has_declspec_attribute for shared builds - - curl: display --version features sorted alphabetically - - curl: fix FreeBSD compiler warning in the --xattr code - - curl: remove MANUAL from -M output - - curl_easy_duphandle.3: clarify that a duped handle has no shares - - curl_multi_remove_handle.3: use at any time, just not from within callbacks - - curl_url.3: this API is not experimental anymore - - dns: release sharelock as soon as possible - - docs: update max-redirs.d phrasing - - examples/10-at-a-time.c: improve readability and simplify - - examples/cacertinmem.c: use multiple certificates for loading CA-chain - - examples/crawler: Fix the Accept-Encoding setting - - examples/ephiperfifo.c: various fixes - - examples/externalsocket: add missing close socket calls - - examples/http2-download: cleaned up - - examples/http2-serverpush: add some sensible error checks - - examples/http2-upload: cleaned up - - examples/httpcustomheader: Value stored to 'res' is never read - - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' - - examples/sftpuploadresume: Value stored to 'result' is never read - - examples: only include - - examples: remove recursive calls to curl_multi_socket_action - - examples: remove superfluous null-pointer checks - - file: fix "Checking if unsigned variable 'readcount' is less than zero." - - fnmatch: disable if FTP is disabled - - gnutls: remove call to deprecated gnutls_compression_get_name - - gopher: remove check for path == NULL - - gssapi: fix deprecated header warnings - - hostip: make create_hostcache_id avoid alloc + free - - http2: multi_connchanged() moved from multi.c, only used for h2 - - http2: verify :athority in push promise requests - - http: make adding a blank header thread-safe - - http: send payload when (proxy) authentication is done - - http: set state.infilesize when sending multipart formposts - - makefile: make checksrc and hugefile commands "silent" - - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set - - mbedtls: release sessionid resources on error - - memdebug: log pointer before freeing its data - - memdebug: make debug-specific functions use curl_dbg_ prefix - - mime: put the boundary buffer into the curl_mime struct - - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME - - multi: remove verbose "Expire in" ... messages - - multi: removed unused code for request retries - - multi: support verbose conncache closure handle - - negotiate: fix for HTTP POST with Negotiate - - openssl: add support for TLS ASYNC state - - openssl: if cert type is ENG and no key specified, key is ENG too - - pretransfer: don't strlen() POSTFIELDS set for GET requests - - rand: Fix a mismatch between comments in source and header - - runtests: detect "schannel" as an alias for "winssl" - - schannel: be quiet - remove verbose output - - schannel: close TLS before removing conn from cache - - schannel: support CALG_ECDH_EPHEM algorithm - - scripts/completion.pl: also generate fish completion file - - singlesocket: fix the 'sincebefore' placement - - source: fix two 'nread' may be used uninitialized warnings - - ssh: fix Condition '!status' is always true - - ssh: loop the state machine if not done and not blocking - - strerror: make the strerror function use local buffers - - test578: make it read data from the correct test - - tests: Fixed XML validation errors in some test files - - tests: add stderr comparison to the test suite - - tests: fix multiple may be used uninitialized warnings - - threaded-resolver: shutdown the resolver thread without error message - - tool_cb_wrt: fix writing to Windows null device NUL - - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr - - tool_operate: build on AmigaOS - - tool_operate: fix typecheck warning - - transfer.c: do not compute length of undefined hex buffer - - travis: add build using gnutls - - travis: add scan-build - - travis: bump the used wolfSSL version to 4.0.0 - - travis: enable valgrind for the iconv tests - - travis: use updated compiler versions: clang 7 and gcc 8 - - unit1307: require FTP support - - unit1651: survive curl_easy_init() fails - - url/idnconvert: remove scan for <= 32 ascii values - - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks - - urlapi: reduce variable scope, remove unreachable 'break' - - urldata: convert bools to bitfields and move to end - - urldata: simplify bytecounters - - urlglob: Argument with 'nonnull' attribute passed null - - version.c: silent scan-build even when librtmp is not enabled - - vtls: rename some of the SSL functions - - wolfssl: stop custom-adding curves - - x509asn1: "Dereference of null pointer" - - x509asn1: cleanup and unify code layout - - zsh.pl: escape ':' character - - zsh.pl: update regex to better match curl -h output -- Dropped patches fixed upstream: - * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch - * 0002-connection_check-restore-original-conn-data-after-th.patch - * curl-singlesocket-sincebefore-placement.patch - -------------------------------------------------------------------- -Mon Mar 18 10:34:14 UTC 2019 - Pedro Monreal Gonzalez - -- Fix variable placement that wasn't properly reset within a loop - missing to notify sockets. [bsc#1129083, bsc#1129470] - * Added curl-singlesocket-sincebefore-placement.patch - -------------------------------------------------------------------- -Fri Mar 8 16:10:39 UTC 2019 - Fabian Vogt - -- Add patches to fix use-after-free (boo#1127849): - * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch - * 0002-connection_check-restore-original-conn-data-after-th.patch - -------------------------------------------------------------------- -Wed Feb 27 08:53:31 UTC 2019 - Stephan Kulow - -- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles - due to cmake pulling libcurl4 - -------------------------------------------------------------------- -Wed Feb 6 09:16:58 UTC 2019 - Pedro Monreal Gonzalez - -- update to version 7.64.0 - [bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822] - [bcs#1123378, CVE-2019-3823] - * Changes: - - cookies: leave secure cookies alone - - hostip: support wildcard hosts - - http: Implement trailing headers for chunked transfers - - http: added options for allowing HTTP/0.9 responses - - timeval: Use high resolution timestamps on Windows - * Bugfixes: - - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read - - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow - - CVE-2019-3823: SMTP end-of-response out-of-bounds read - - FAQ: remove mention of sourceforge for github - - OS400: handle memory error in list conversion - - OS400: upgrade ILE/RPG binding. - - README: add codacy code quality badge - - Revert http_negotiate: do not close connection - - THANKS: added several missing names from year <= 2000 - - build: make 'tidy' target work for metalink builds - - cmake: added checks for variadic macros - - cmake: updated check for HAVE_POLL_FINE to match autotools - - cmake: use lowercase for function name like the rest of the code - - configure: detect xlclang separately from clang - - configure: fix recv/send/select detection on Android - - configure: rewrite --enable-code-coverage - - conncache_unlock: avoid indirection by changing input argument type - - cookie: fix comment typo - - cookies: allow secure override when done over HTTPS - - cookies: extend domain checks to non psl builds - - cookies: skip custom cookies when redirecting cross-site - - curl --xattr: strip credentials from any URL that is stored - - curl -J: refuse to append to the destination file - - curl/urlapi.h: include "curl.h" first - - curl_multi_remove_handle() don't block terminating c-ares requests - - darwinssl: accept setting max-tls with default min-tls - - disconnect: separate connections and easy handles better - - disconnect: set conn->data for protocol disconnect - - docs/version.d: mention MultiSSL - - docs: fix the --tls-max description - - docs: use $(INSTALL_DATA) to install man page - - docs: use meaningless port number in CURLOPT_LOCALPORT example - - gopher: always include the entire gopher-path in request - - http2: clear pause stream id if it gets closed - - if2ip: remove unused function Curl_if_is_interface_name - - libssh: do not let libssh create socket - - libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh - - libssh: free sftp_canonicalize_path() data correctly - - libtest/stub_gssapi: use "real" snprintf - - mbedtls: use VERIFYHOST - - multi: multiplexing improvements - - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time - - ntlm: fix NTMLv2 compliance - - ntlm_sspi: add support for channel binding - - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated - - openssl: fix the SSL_get_tlsext_status_ocsp_resp call - - openvms: fix OpenSSL discovery on VAX - - openvms: fix typos in documentation - - os400: add a missing closing bracket - - os400: fix extra parameter syntax error - - pingpong: change default response timeout to 120 seconds - - pingpong: ignore regular timeout in disconnect phase - - printf: fix format specifiers - - runtests.pl: Fix perl call to include srcdir - - schannel: fix compiler warning - - schannel: preserve original certificate path parameter - - schannel: stop calling it "winssl" - - sigpipe: if mbedTLS is used, ignore SIGPIPE - - smb: fix incorrect path in request if connection reused - - ssh: log the libssh2 error message when ssh session startup fails - - test1558: verify CURLINFO_PROTOCOL on file:// transfer - - test1561: improve test name - - test1653: make it survive torture tests - - tests: allow tests to pass by 2037-02-12 - - tests: move objnames-* from lib into tests - - timediff: fix math for unsigned time_t - - timeval: Disable MSVC Analyzer GetTickCount warning - - tool_cb_prg: avoid integer overflow - - travis: added cmake build for osx - - urlapi: Fix port parsing of eol colon - - urlapi: distinguish possibly empty query - - urlapi: fix parsing ipv6 with zone index - - urldata: rename easy_conn to just conn - - winbuild: conditionally use /DZLIB_WINAPI - - wolfssl: fix memory-leak in threaded use - - spnego_sspi: add support for channel binding - -------------------------------------------------------------------- -Mon Jan 28 18:47:00 UTC 2019 - Jan Engelhardt - -- Fix wrong summary, curl is at version 7, not 4. - -------------------------------------------------------------------- -Fri Jan 18 15:18:57 UTC 2019 - Vítězslav Čížek - -- Provide libcurl4 = %version in the mini library package - -------------------------------------------------------------------- -Thu Dec 27 04:44:48 UTC 2018 - sean@suspend.net - -- Update to version 7.63.0 - Changes: - * curl: add %{stderr} and %{stdout} for --write-out - * curl: add undocumented option --dump-module-paths for w32 - * setopt: add CURLOPT_CURLU - - Bugfixes: - * (lib)curl.rc: fixup for minor bugs - * CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated - * CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc - * CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times - * Curl_follow: accept non-supported schemes for "fake" redirects - * KNOWN_BUGS: add --proxy-any connection issue - * NTLM: Remove redundant ifdef USE_OPENSSL - * NTLM: force the connection to HTTP/1.1 - * OS400: add URL API ccsid wrappers and sync ILE/RPG bindings - * SECURITY-PROCESS: bountygraph shuts down again - * TODO: Have the URL API offer IDN decoding - * ares: remove fd from multi fd set when ares is about to close the fd - * axtls: removed - * checksrc: add COPYRIGHTYEAR check - * cmake: fix MIT/Heimdal Kerberos detection - * configure: include all libraries in ssl-libs fetch - * configure: show CFLAGS, LDFLAGS etc in summary - * connect: fix building for recent versions of Minix - * cookies: create the cookiejar even if no cookies to save - * cookies: expire "Max-Age=0" immediately - * curl: --local-port range was not "including" - * curl: fix --local-port integer overflow - * curl: fix memory leak reading --writeout from file - * curl: fixed UTF-8 in current console code page (Win) - * curl_easy_perform: fix timeout handling - * curl_global_sslset(): id == -1 is not necessarily an error - * curl_multibyte: fix a malloc overcalculation - * curle: move deprecated error code to ifndef block - * docs: curl_formadd field and file names are now escaped - * docs: escape "\n" codes - * doh: fix memory leak in OOM situation - * doh: make it work for h2-disabled builds too - * examples/ephiperfifo: report error when epoll_ctl fails - * ftp: avoid unsigned int overflows in FTP listing parser - * host names: allow trailing dot in name resolve, then strip it - * http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 - * http: don't set CURLINFO_CONDIITON_UNMET for http status code 204 - * http: fix HTTP DIgest auth to include query in URI - * http_negotiate: do not close connection until negotiation is completed - * impacket: add LICENSE - * infof: clearly indicate truncation - * ldap: fix LDAP URL parsing regressions - * libcurl: stop reading from paused transfers - * mprintf: avoid unsigned integer overflow warning - * netrc: don't ignore the login name specified with "--user" - * nss: Fall back to latest supported SSL version - * nss: Fix compatibility with nss versions 3.14 to 3.15 - * nss: fix fallthrough comment to fix picky compiler warning - * nss: remove version selecting dead code - * nss: set default max-tls to 1.3/1.2 - * openssl: Remove SSLEAY leftovers - * openssl: do not log excess "TLS app data" lines for TLS 1.3 - * openssl: do not use file BIOs if not requested - * openssl: fix unused variable compiler warning with old openssl - * openssl: support session resume with TLS 1.3 - * openvms: fix example name - * os400: Add curl_easy_conn_upkeep() to ILE/RPG binding - * os400: add CURLOPT_CURLU to ILE/RPG binding - * os400: fix return type of curl_easy_pause() in ILE/RPG binding - * packages: remove old leftover files and dirs - * pop3: only do APOP with a valid timestamp - * runtests: use the local curl for verifying - * schannel: be consistent in Schannel capitalization - * schannel: better CURLOPT_CERTINFO support - * schannel: use Curl_prefix for global private symbols - * snprintf: renamed and now we only use msnprintf() - * ssl: fix compilation with OpenSSL 0.9.7 - * ssl: replace all internal uses of CURLE_SSL_CACERT - * symbols-in-versions: add missing CURLU_symbols - * test328: verify Content-Encoding: none - * tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win - * tests: drop http_pipe.py script no longer used - * tests: drop http_pipe.py script no longer used - * tool_cb_wrt: Silence function cast compiler warning - * tool_doswin: Fix uninitialized field warning - * travis: build with clang sanitizers - * travis: remove curl before a normal build - * url: a short host name + port is not a scheme - * url: fix IPv6 numeral address parser - * urlapi: only skip encoding the first '=' with APPENDQUERY set -- refreshed curl-disabled-redirect-protocol-message.patch - -------------------------------------------------------------------- -Wed Oct 31 09:23:37 UTC 2018 - Pedro Monreal Gonzalez - -- Update to version 7.62.0 - Changes: - * multiplex: enable by default - * url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled - * setopt: add CURLOPT_DOH_URL - * curl: --doh-url added - * setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size - * imap: change from "FETCH" to "UID FETCH" - * configure: add option to disable automatic OpenSSL config loading - * upkeep: add a connection upkeep API: curl_easy_upkeep() - * URL-API: added five new functions - * vtls: MesaLink is a new TLS backend - Bugfixes: - * CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758] - * CVE-2018-16840: use-after-free in handle close [bsc#1113029] - * CVE-2018-16842: warning message out-of-buffer read [bsc#1113660] - * CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated - * Curl_dedotdotify(): always nul terminate returned string - * Curl_follow: Always free the passed new URL - * Curl_http2_done: fix memleak in error path - * Curl_retry_request: fix memory leak - * Curl_saferealloc: Fixed typo in docblock - * FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output - * GnutTLS: TLS 1.3 support - * SECURITY-PROCESS: mention the bountygraph program - * VS projects: add USE_IPV6: - * certs: generate tests certs with sha256 digest algorithm - * checksrc: enable strict mode and warnings - * checksrc: handle zero scoped ignore commands - * cmake: Backport to work with CMake 3.0 again - * cmake: Improve config installation - * cmake: add support for transitive ZLIB target - * cmake: disable -Wpedantic-ms-format - * cmake: don't require OpenSSL if USE_OPENSSL=OFF - * cmake: fixed path used in generation of docs/tests - * cmake: remove unused *SOCKLEN_T variables - * cmake: suppress MSVC warning C4127 for libtest - * cmake: test and set missed defines during configuration - * config: Remove unused SIZEOF_VOIDP - * configure: force-use -lpthreads on HPUX - * configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T - * configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE - * cookies: Remove redundant expired check - * cookies: fix leak when writing cookies to file - * curl-config.in: remove dependency on bc - * curl.1: --ipv6 mutexes ipv4 (fixed typo) - * curl: update the documentation of --tlsv1.0 - * curl_multi_wait: call getsock before figuring out timeout - * curl_ntlm_wb: check aprintf() return codes - * data-binary.d: clarify default content-type is x-www-form-urlencoded - * docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers - * docs/CIPHERS: fix the TLS 1.3 cipher names - * docs/CIPHERS: mention the colon separation for OpenSSL - * docs/examples: URL updates - * docs: add "see also" links for SSL options - * example/asiohiper: insert warning comment about its status - * example/htmltidy: fix include paths of tidy libraries - * examples/http2-pushinmemory: receive HTTP/2 pushed files in memory - * examples/parseurl.c: show off the URL API - * examples: Fix memory leaks from realloc errors - * examples: do not wait when no transfers are running - * ftp: include command in Curl_ftpsend sendbuffer - * gskit: make sure to terminate version string - * gtls: Values stored to but never read - * hostip: fix check on Curl_shuffle_addr return value - * http2: fix memory leaks on error-path - * http: fix memleak in rewind error path - * krb5: fix memory leak in krb_auth - * memory: add missing curl_printf header - * memory: ensure to check allocation results - * multi: Fix error handling in the SENDPROTOCONNECT state - * multi: fix memory leak in content encoding related error path - * multi: make the closure handle "inherit" CURLOPT_NOSIGNAL - * netrc: free temporary strings if memory allocation fails - * nss: try to connect even if libnssckbi.so fails to load - * ntlm_wb: Fix memory leaks in ntlm_wb_response - * ntlm_wb: bail out if the response gets overly large - * openssl: assume engine support in 0.9.8 or later - * openssl: enable TLS 1.3 post-handshake auth - * openssl: fix gcc8 warning - * openssl: load built-in engines too - * openssl: make 'done' a proper boolean - * openssl: output the correct cipher list on TLS 1.3 error - * openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer - * openssl: show "proper" version number for libressl builds - * pipelining: deprecated - * rand: add comment to skip a clang-tidy false positive - * rtmp: fix for compiling with lwIP - * runtests: ignore disabled even when ranges are given - * schannel: unified error code handling - * sendf: Fix whitespace in infof/failf concatenation - * ssh: free the session on init failures - * ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code - * system.h: use proper setting with Sun C++ as well - * test1299: use single quotes around asterisk - * test1452: mark as flaky - * test1651: unit test Curl_extract_certinfo() - * test320: strip out more HTML when comparing - * tests/negtelnetserver.py: fix Python2-ism in neg TELNET server - * tests: add unit tests for url.c - * tool_cb_hdr: handle failure of rename() - * travis: add a "make tidy" build that runs clang-tidy - * travis: add build for "configure --disable-verbose" - * travis: bump the Secure Transport build to use xcode - * travis: make distcheck scan for BOM markers - * unit1300: fix stack-use-after-scope AddressSanitizer warning - * urldata: Fix "connecting" comment - * urlglob: improve error message on bad globs - * vtls: fix ssl version "or later" behavior change for many backends - * x509asn1: Fix SAN IP address verification - * x509asn1: always check return code from getASN1Element() - * x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert - * x509asn1: suppress left shift on signed value -- Rebased patches after update: - * curl-disabled-redirect-protocol-message.patch - * curl-use_OPENSSL_config.patch - -------------------------------------------------------------------- -Wed Sep 5 07:12:59 UTC 2018 - Karol Babioch - -- Update to version 7.61.1 - Bugfixes: - * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019) - * CURLINFO_SIZE_UPLOAD: fix missing counter update - * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated - * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse - * Curl_getoff_all_pipelines: improved for multiplexed - * DEPRECATE: remove release date from 7.62.0 - * HTTP: Don't attempt to needlessly decompress redirect body - * INTERNALS: require GnuTLS >= 2.11.3 - * README.md: add LGTM.com code quality grade for C/C++ - * SSLCERTS: improve the openssl command line - * Silence GCC 8 cast-function-type warnings - * ares: check for NULL in completed-callback - * asyn-thread: Remove unused macro - * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token - * auth: pick Bearer authentication whenever a token is available - * cmake: CMake config files are defining CURL_STATICLIB for static builds - * cmake: Respect BUILD_SHARED_LIBS - * cmake: Update scripts to use consistent style - * cmake: bumped minimum version to 3.4 - * cmake: link curl to the OpenSSL targets instead of lib absolute paths - * configure: conditionally enable pedantic-errors - * configure: fix for -lpthread detection with OpenSSL and pkg-config - * conn: remove the boolean 'inuse' field - * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data - * cookie tests: treat files as text - * cookies: support creation-time attribute for cookies - * curl: Fix segfault when -H @headerfile is empty - * curl: add http code 408 to transient list for --retry - * curl: fix time-of-check, time-of-use race in dir creation - * curl: use Content-Disposition before the "URL end" for -OJ - * curl: warn the user if a given file name looks like an option - * curl_threads: silence bad-function-cast warning - * darwinssl: add support for ALPN negotiation - * docs/CURLOPT_URL: fix indentation - * docs/CURLOPT_WRITEFUNCTION: size is always 1 - * docs/SECURITY-PROCESS: mention bounty, drop pre-notify - * docs/examples: add hiperfifo example using linux epoll/timerfd - * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist - * docs: clarify NO_PROXY env variable functionality - * docs: improved the manual pages of some callbacks - * docs: mention NULL is fine input to several functions - * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT - * gopher: Do not translate `?' to `%09' - * header output: switch off all styles, not just unbold - * hostip: fix unused variable warning - * http2: Use correct format identifier for stream_id - * http2: abort the send_callback if not setup yet - * http2: avoid set_stream_user_data() before stream is assigned - * http2: check nghttp2_session_set_stream_user_data return code - * http2: clear the drain counter in Curl_http2_done - * http2: make sure to send after RST_STREAM - * http2: separate easy handle from connections better - * http: fix for tiny "HTTP/0.9" response - * http_proxy: Remove unused macro SELECT_TIMEOUT - * lib/Makefile: only do symbol hiding if told to - * lib1502: fix memory leak in torture test - * lib1522: fix curl_easy_setopt argument type - * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation - * mime: check Curl_rand_hex's return code - * multi: always do the COMPLETED procedure/state - * openssl: assume engine support in 1.0.0 or later - * openssl: fix debug messages - * projects: Improve Windows perl detection in batch scripts - * retry: return error if rewind was necessary but didn't happen - * reuse_conn(): memory leak - free old_conn->options - * schannel: client certificate store opening fix - * schannel: enable CALG_TLS1PRF for w32api >= 5.1 - * schannel: fix MinGW compile break - * sftp: don't send post-qoute sequence when retrying a connection - * smb: fix memory leak on early failure - * smb: fix memory-leak in URL parse error path - * smb_getsock: always wait for write socket too - * ssh-libssh: fix infinite connect loop on invalid private key - * ssh-libssh: reduce excessive verbose output about pubkey auth - * ssh-libssh: use FALLTHROUGH to silence gcc8 - * ssl: set engine implicitly when a PKCS#11 URI is provided - * sws: handle EINTR when calling select() - * system_win32: fix version checking - * telnet: Remove unused macros TELOPTS and TELCMDS - * test1143: disable MSYS2's POSIX path conversion - * test1148: disable if decimal separator is not point - * test1307: (fnmatch testing) disabled - * test1422: add required file feature - * test1531: Add timeout - * test1540: Remove unused macro TEST_HANG_TIMEOUT - * test214: disable MSYS2's POSIX path conversion for URL - * test320: treat curl320.out file as binary - * tests/http_pipe.py: Use /usr/bin/env to find python - * tests: Don't use Windows path %PWD for SSH tests - * tests: fixes for Windows line endlings - * tool_operate: Fix setting proxy TLS 1.3 ciphers - * travis: build darwinssl on macos 10.12 to fix linker errors - * travis: execute "set -eo pipefail" for coverage build - * travis: run a 'make checksrc' too - * travis: update to GCC-8 - * travis: verify that man pages can be regenerated - * upload: allocate upload buffer on-demand - * upload: change default UPLOAD_BUFSIZE to 64KB - * urldata: remove unused pipe_broke struct field - * vtls: reinstantiate engine on duplicated handles - * windows: implement send buffer tuning - * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random -- Remove patch included upstream: - * curl-switch-off-all-styles.patch - -------------------------------------------------------------------- -Wed Aug 22 12:32:50 UTC 2018 - kbabioch@suse.com - -- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences, - which might mess up the terminal (bsc#1105624) - -------------------------------------------------------------------- -Tue Jul 17 13:56:05 UTC 2018 - pgajdos@suse.com - -- Update to version 7.61.0 - [bsc#1099793, CVE-2018-0500] - Changes: - * getinfo: add microsecond precise timers for seven intervals - * curl: show headers in bold, switch off with --no-styled-output - * httpauth: add support for Bearer tokens - * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS - * curl: --tls13-ciphers and --proxy-tls13-ciphers - * Add CURLOPT_DISALLOW_USERNAME_IN_URL - * curl: --disallow-username-in-url - Bugfixes: - * CVE-2018-0500: smtp: fix SMTP send buffer overflow - * schannel: disable client cert option if APIs not available - * schannel: disable manual verify if APIs not available - * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags - * openssl: acknowledge --tls-max for default version too - * stub_gssapi: fix 'unused parameter' warnings - * examples/progressfunc: make it build on both new and old libcurls - * docs: mention it is HA Proxy protocol "version 1" - * curl_fnmatch: only allow two asterisks for matching - * docs: clarify CURLOPT_HTTPGET - * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE - * configure: do compile-time SIZEOF checks instead of run-time - * checksrc: make sure sizeof() is used *with* parentheses - * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit - * schannel: make CAinfo parsing resilient to CR/LF - * tftp: make sure error is zero terminated before printfing it - * http resume: skip body if http code 416 (range error) is ignored - * configure: add basic test of --with-ssl prefix - * cmake: set -d postfix for debug builds - * multi: provide a socket to wait for in Curl_protocol_getsock - * content_encoding: handle zlib versions too old for Z_BLOCK - * winbuild: only delete OUTFILE if it exists - * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST - * schannel: add failf calls for client certificate failures - * cmake: Fix the test for fsetxattr and strerror_r - * curl.1: Fix cmdline-opts reference errors - * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options - * cmake: check for getpwuid_r - * configure: fix ssh2 linking when built with a static mbedtls - * psl: use latest psl and refresh it periodically - * fnmatch: insist on escaped bracket to match - * KNOWN_BUGS: restore text regarding #2101 - * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib - * configure: override AR_FLAGS to silence warning - * os400: implement mime api EBCDIC wrappers - * curl.rc: embed manifest for correct Windows version detection - * strictness: correct {infof, failf} format specifiers - * tests: update .gitignore for libtests - * configure: check for declaration of getpwuid_r - * fnmatch: use the system one if available - * CURLOPT_RESOLVE: always purge old entry first - * multi: remove a potentially bad DEBUGF() - * curl_addrinfo: use same #ifdef conditions in source as header - * build: remove the Borland specific makefiles - * axTLS: not considered fit for use - * cmdline-opts/cert-type.d: mention "p12" as a recognized type - * system.h: add support for IBM xlc C compiler - * tests/libtest: Add lib1521 to nodist_SOURCES - * mk-ca-bundle.pl: leave certificate name untouched - * boringssl + schannel: undef X509_NAME in lib/schannel.h - * openssl: assume engine support in 1.0.1 or later - * cppcheck: fix warnings - * test 46: make test pass after year 2025 - * schannel: support selecting ciphers - * Curl_debug: remove dead printhost code - * test 1455: unflakified - * Curl_init_do: handle NULL connection pointer passed in - * progress: remove a set of unused defines - * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed - * GOVERNANCE.md: explains how this project is run - * configure: use pkg-config for c-ares detection - * configure: enhance ability to build with static openssl - * maketgz: fix sed issues on OSX - * multi: fix memory leak when stopped during name resolve - * CURLOPT_INTERFACE.3: interface names not supported on Windows - * url: fix dangling conn->data pointer - * cmake: allow multiple SSL backends - * system.h: fix for gcc on 32 bit OpenServer - * ConnectionExists: make sure conn->data is set when "taking" a connection - * multi: fix crash due to dangling entry in connect-pending list - * CURLOPT_SSL_VERIFYPEER.3: Add performance note - * netrc: use a larger buffer to support longer passwords - * url: check Curl_conncache_add_conn return code - * configure: Add dependent libraries after crypto - * easy_perform: faster local name resolves by using *multi_timeout() - * getnameinfo: not used, removed all configure checks - * travis: add a build using the synchronous name resolver - * CURLINFO_TLS_SSL_PTR.3: improve the example - * openssl: allow TLS 1.3 by default - * openssl: make the requested TLS version the *minimum* wanted - * openssl: Remove some dead code - * telnet: fix clang warnings - * DEPRECATE: new doc describing planned item removals - * example/crawler.c: simple crawler based on libxml2 - * libssh: goto DISCONNECT state on error, not SESSION_FREE - * CMake: Remove unused functions - * darwinssl: allow High Sierra users to build the code using GCC - * scripts: include _curl as part of CLEANFILES - * examples: fix -Wformat warnings - * curl_setup: include before - * schannel: make more cipher options conditional - * CMake: remove redundant and old end-of-block syntax - * post303.d: clarify that this is an RFC violation -- refreshed libcurl-ocloexec.patch - -------------------------------------------------------------------- -Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com - -- Use OPENSSL_config instead of CONF_modules_load_file() to avoid - crashes due to openssl engines conflicts (bsc#1086367) - * add curl-use_OPENSSL_config.patch - -------------------------------------------------------------------- -Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com - -- Update to version 7.60.0 - [bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301] - Changes: - * Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol - * Add --haproxy-protocol for the command line tool - * Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses - Bugfixes: - * FTP: shutdown response buffer overflow CVE-2018-1000300 - * RTSP: bad headers buffer over-read CVE-2018-1000301 - * FTP: fix typo in recursive callback detection for seeking - * test1208: marked flaky - * HTTP: make header-less responses still count correct body size - * user-agent.d:: mention --proxy-header as well - * http2: fixes typo - * cleanup: misc typos in strings and comments - * rate-limit: use three second window to better handle high speeds - * examples/hiperfifo.c: improved - * pause: when changing pause state, update socket state - * multi: improved pending transfers handling => improved performance - * curl_version_info.3: fix ssl_version description - * add_handle/easy_perform: clear errorbuffer on start if set - * cmake: add support for brotli - * parsedate: support UT timezone - * vauth/ntlm.h: fix the #ifdef header guard - * lib/curl_path.h: added #ifdef header guard - * vauth/cleartext: fix integer overflow check - * CURLINFO_COOKIELIST.3: made the example not leak memory - * cookie.d: mention that "-" as filename means stdin - * CURLINFO_SSL_VERIFYRESULT.3: fixed the example - * http2: read pending frames (including GOAWAY) in connection-check - * timeval: remove compilation warning by casting - * cmake: avoid warn-as-error during config checks - * travis-ci: enable -Werror for CMake builds - * openldap: fix for NULL return from ldap_get_attribute_ber() - * threaded resolver: track resolver time and set suitable timeout values - * cmake: Add advapi32 as explicit link library for win32 - * docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T - * test1148: set a fixed locale for the test - * cookies: when reading from a file, only remove_expired once - * cookie: store cookies per top-level-domain-specific hash table - * openssl: fix build with LibreSSL 2.7 - * tls: fix mbedTLS 2.7.0 build + handle sha256 failures - * openssl: RESTORED verify locations when verifypeer==0 - * file: restore old behavior for file:////foo/bar URLs - * FTP: allow PASV on IPv6 connections when a proxy is being used - * build-openssl.bat: allow custom paths for VS and perl - * winbuild: make the clean target work without build-type - * build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 - * curl: retry on FTP 4xx, ignore other protocols - * configure: detect (and use) sa_family_t - * examples/sftpuploadresume: Fix Windows large file seek - * build: cleanup to fix clang warnings/errors - * winbuild: updated the documentation - * lib: silence null-dereference warnings - * travis: bump to clang 6 and gcc 7 - * travis: build libpsl and make builds use it - * proxy: show getenv proxy use in verbose output - * duphandle: make sure CURLOPT_RESOLVE is duplicated - * all: Refactor malloc+memset to use calloc - * checksrc: Fix typo - * system.h: Add sparcv8plus to oracle/sunpro 32-bit detection - * vauth: Fix typo - * ssh: show libSSH2 error code when closing fails - * test1148: tolerate progress updates better - * urldata: make service names unconditional - * configure: keep LD_LIBRARY_PATH changes local - * ntlm_sspi: fix authentication using Credential Manager - * schannel: add client certificate authentication - * winbuild: Support custom devel paths for each dependency - * schannel: add support for CURLOPT_CAINFO - * http2: handle on_begin_headers() called more than once - * openssl: support OpenSSL 1.1.1 verbose-mode trace messages - * openssl: fix subjectAltName check on non-ASCII platforms - * http2: avoid strstr() on data not zero terminated - * http2: clear the "drain counter" when a stream is closed - * http2: handle GOAWAY properly - * tool_help: clarify --max-time unit of time is seconds - * curl.1: clarify that options and URLs can be mixed - * http2: convert an assert to run-time check - * curl_global_sslset: always provide available backends - * ftplistparser: keep state between invokes - * Curl_memchr: zero length input can't match - * examples/sftpuploadresume: typecast fseek argument to long - * examples/http2-upload: expand buffer to avoid silly warning - * ctype: restore character classification for non-ASCII platforms - * mime: avoid NULL pointer dereference risk - * cookies: ensure that we have cookies before writing jar - * os400.c: fix checksrc warnings - * configure: provide --with-wolfssl as an alias for --with-cyassl - * cyassl: adapt to libraries without TLS 1.0 support built-in - * http2: get rid of another strstr - * checksrc: force indentation of lines after an else - * cookies: remove unused macro - * CURLINFO_PROTOCOL.3: mention the existing defined names - * tests: provide 'manual' as a feature to optionally require - * travis: enable libssh2 on both macos and Linux - * CURLOPT_URL.3: added ENCODING section - * wolfssl: Fix non-blocking connect - * vtls: don't define MD5_DIGEST_LENGTH for wolfssl - * docs: remove extraneous commas in man pages - * URL: fix ASCII dependency in strcpy_url and strlen_url - * ssh-libssh.c: fix left shift compiler warning - * configure: only check for CA bundle for file-using SSL backends - * travis: add an mbedtls build - * http: don't set the "rewind" flag when not uploading anything - * configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h - * transfer: don't unset writesockfd on setup of multiplexed conns - * vtls: use unified "supports" bitfield member in backends - * URLs: fix one more http url - * travis: add a build using WolfSSL - * openssl: change FILE ops to BIO ops - * travis: add build using NSS - * smb: reject negative file sizes - * cookies: accept parameter names as cookie name - * http2: getsock fix for uploads - * all over: fixed format specifiers - * http2: use the correct function pointer typedef - -------------------------------------------------------------------- -Wed Mar 14 14:23:22 UTC 2018 - pmonrealgonzalez@suse.com - -- Added message about protocol redirection not supported or - disabled to the function findprotocol() [bsc#1076446] - * Added curl-disabled-redirect-protocol-message.patch - -------------------------------------------------------------------- -Wed Mar 14 13:08:33 UTC 2018 - pmonrealgonzalez@suse.com - -- Update to version 7.59.0 - [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121] - [bsc#1084532, CVE-2018-1000122] - Changes: - * curl: add --proxy-pinnedpubkey - * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T - * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry - * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS - * Add new tool option --happy-eyeballs-timeout-ms - * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA - Bugfixes: - * openldap: check ldap_get_attribute_ber() results for NULL before using - * FTP: reject path components with control codes - * readwrite: make sure excess reads don't go beyond buffer end - * lib555: drop text conversion and encode data as ascii codes - * lib517: make variable static to avoid compiler warning - * lib544: sync ascii code data with textual data - * GSKit: restore pinnedpubkey functionality - * darwinssl: Don't import client certificates into Keychain on macOS - * parsedate: fix date parsing for systems with 32 bit long - * openssl: fix pinned public key build error in FIPS mode - * SChannel/WinSSL: Implement public key pinning - * cookies: remove verbose "cookie size:" output - * progress-bar: don't use stderr explicitly, use bar->out - * build: open VC15 projects with VS 2017 - * curl_ctype: private is*() type macros and functions - * configure: set PATH_SEPARATOR to colon for PATH w/o separator - * curl_easy_reset: clear digest auth state - * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 - * range: commonize FTP and FILE range handling - * progress-bar docs: update to match implementation - * fnmatch: do not match the empty string with a character set - * fnmatch: accept an alphanum to be followed by a non-alphanum in char set - * build: fix termios issue on android cross-compile - * getdate: return -1 for out of range - * formdata: use the mime-content type function - * openssl: Don't add verify locations when verifypeer==0 - * fnmatch: optimize processing of consecutive *s and ?s pattern characters - * schannel: fix compiler warnings - * content_encoding: Add "none" alias to "identity" - * get_posix_time: only check for overflows if they can happen - * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING - * README: language fix - * sha256: build with OpenSSL < 0.9.8 - * smtp: fix processing of initial dot in data - * --tlsauthtype: works only if libcurl is built with TLS-SRP support - * tests: new tests for http raw mode - * libcurl-security.3: man page discussion security concerns when using libcurl - * curl_gssapi: make sure this file too uses our *printf() - * BINDINGS: fix curb link (and remove ruby-curl-multi) - * nss: use PK11_CreateManagedGenericObject() if available - * travis: add build with iconv enabled - * ssh: add two missing state names - * CURLOPT_HEADERFUNCTION.3: mention folded headers - * http: fix the max header length detection logic - * header callback: don't chop headers into smaller pieces - * CURLOPT_HEADER.3: clarify problems with different data sizes - * curl --version: show PSL if the run-time lib has it enabled - * examples/sftpuploadresume: resume upload via CURLOPT_APPEND - * Return error if called recursively from within callbacks - * sasl: prefer PLAIN mechanism over LOGIN - * winbuild: Use CALL to run batch scripts - * curl_share_setopt.3: connection cache is shared within multi handles - * projects/README: remove reference to dead IDN link/package - * lib655: silence compiler warning - * configure: Fix version check for OpenSSL 1.1.1 - * docs/MANUAL: formfind.pl is not accessible on the site anymore - * unit1307: proper cleanup on OOM to fix torture tests - * curl_ctype: fix macro redefinition warnings - * build: get CFLAGS (including -werror) used for examples and tests - * NO_PROXY: fix for IPv6 numericals in the URL - * krb5: use nondeprecated functions - * http2: mark the connection for close on GOAWAY - * limit-rate: kick in even before "limit" data has been received - * HTTP: allow "header;" to replace an internal header with a blank one - * http2: verbose output new MAX_CONCURRENT_STREAMS values - * SECURITY: distros' max embargo time is 14 days - * curl tool: accept --compressed also if Brotli is enabled and zlib is not - * WolfSSL: adding TLSv1.3 - * checksrc.pl: add -i and -m options - * CURLOPT_COOKIEFILE.3: "-" as file name means stdin - -- Refreshed patch libcurl-ocloexec.patch - -------------------------------------------------------------------- -Tue Feb 20 09:48:49 UTC 2018 - tchvatal@suse.com - -- Sort a bit with spec-cleaner -- Install license with the library - -------------------------------------------------------------------- -Thu Jan 25 12:23:48 UTC 2018 - normand@linux.vnet.ibm.com - -- ignore all test failures for PowerPC as bypass boo#1075219 - (not only the 1501 previously skipped) - * Added patch ignore_runtests_failure.patch - -------------------------------------------------------------------- -Wed Jan 24 11:41:36 UTC 2018 - asn@cryptomilk.org - -- Build curl with libssh.org - libssh offers a lot more features than libssh2, for example: - * Key Exchange Methods: curve25519-sha256@libssh.org - * Hostkey Types: ssh-ed25519 - * Authentication: gssapi-with-mic - -------------------------------------------------------------------- -Wed Jan 24 10:31:58 UTC 2018 - pmonrealgonzalez@suse.com - -- Update to version 7.58.0 - [bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007] - Changes: - * new libssh-powered SSH SCP/SFTP back-end - * curl-config: add --ssl-backends - Bugfixes: - * http2: fix incorrect trailer buffer size - * http: prevent custom Authorization headers in redirects - * travis: add boringssl build - * examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL - * SSL: Avoid magic allocation of SSL backend specific data - * lib: don't export all symbols, just everything curl_* - * libssh2: send the correct CURLE error code on scp file not found - * libssh2: return CURLE_UPLOAD_FAILED on failure to upload - * openssl: enable pkcs12 in boringssl builds - * libssh2: remove dead code from SSH_SFTP_QUOTE - * sasl_getmesssage: make sure we have a long enough string to pass - * conncache: fix several lock issues - * threaded-shared-conn.c: new example - * conncache: only allow multiplexing within same multi handle - * configure: check for netinet/in6.h - * URL: tolerate backslash after drive letter for FILE: - * openldap: add commented out debug possibilities - * include: get netinet/in.h before linux/tcp.h - * CONNECT: keep close connection flag in http_connect_state struct - * BINDINGS: another PostgreSQL client - * curl: limit -# update frequency for unknown total size - * configure: add AX_CODE_COVERAGE only if using gcc - * curl.h: remove incorrect comment about ERRORBUFFER - * openssl: improve data-pending check for https proxy - * curl: remove __EMX__ #ifdefs - * CURLOPT_PRIVATE.3: fix grammar - * sftp: allow quoted commands to use relative paths - * CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE - * RESOLVE: output verbose text when trying to set a duplicate name - * multi_done: prune DNS cache - * tests: update .gitignore for libtests - * tests: mark data files as non-executable in git - * CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference - * curl.1: documented two missing valid exit codes - * curl.1: mention http:// and https:// as valid proxy prefixes - * vtls: replaced getenv() with curl_getenv() - * setopt: less *or equal* than INT_MAX/1000 should be fine - * examples/smtp-mail.c: use separate defines for options and mail - * curl: support >256 bytes warning messsages - * conncache: fix a return code - * krb5: fix a potential access of uninitialized memory - * rand: add a clang-analyzer work-around - * CURLOPT_READFUNCTION.3: refer to argument with correct name - * brotli: allow compiling with version 0.6.0 - * content_encoding: rework zlib_inflate - * curl_easy_reset: release mime-related data - * examples/rtsp: fix error handling macros - * curl: Support size modifiers for --max-filesize - * examples/cacertinmem: ignore cert-already-exists error - * brotli: data at the end of content can be lost - * curl_version_info.3: call the argument 'age' - * openssl: fix memory leak of SSLKEYLOGFILE filename - * build: remove HAVE_LIMITS_H check - * --mail-rcpt: fix short-text description - * scripts: allow all perl scripts to be run directly - * progress: calculate transfer speed on milliseconds if possible - * system.h: check __LONG_MAX__ for defining curl_off_t - * easy: fix connection ownership in curl_easy_pause - * setopt: reintroduce non-static Curl_vsetopt() for OS400 support - * setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values - * configure.ac: append extra linker flags instead of prepending them - * HTTP: bail out on negative Content-Length: values - * docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata - * mime: clone mime tree upon easy handle duplication - * openssl: enable SSLKEYLOGFILE support by default - * smtp/pop3/imap_get_message: decrease the data length too... - * CURLOPT_TCP_NODELAY.3: fix typo - * SMB: fix numeric constant suffix and variable types - * ftp-wildcard: fix matching an empty string with "*[^a]" - * curl_fnmatch: only allow 5 '*' sections in a single pattern - * openssl: fix potential memory leak in SSLKEYLOGFILE logic - * SSH: Fix state machine for ssh-agent authentication - * examples/url2file.c: add missing curl_global_cleanup() call - * http2: don't close connection when single transfer is stopped - * libcurl-env.3: first version - * curl: progress bar refresh, get width using ioctl() - * CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support - -------------------------------------------------------------------- -Tue Jan 9 17:55:14 UTC 2018 - normand@linux.vnet.ibm.com - -- disable 1501 test for PowerPC as byass boo#1075219 - -------------------------------------------------------------------- -Wed Nov 29 10:43:55 UTC 2017 - pmonrealgonzalez@suse.com - -- Update to version 7.57.0 [bsc#1069226, CVE-2017-8816] - [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818] - Changes: - * auth: add support for RFC7616 - HTTP Digest access authentication - * share: add support for sharing the connection cache - * HTTP: implement Brotli content encoding - Bugfixes: - * CVE-2017-8816: NTLM buffer overflow via integer overflow - * CVE-2017-8817: FTP wildcard out of bounds read - * CVE-2017-8818: SSL out of buffer access - * curl_mime_filedata.3: fix typos - * libtest: Add required test libraries for lib1552 and lib1553 - * fix time diffs for systems using unsigned time_t - * ftplistparser: memory leak fix: free temporary memory always - * multi: allow table handle sizes to be overridden - * wildcards: don't use with non-supported protocols - * curl_fnmatch: return error on illegal wildcard pattern - * transfer: Fix chunked-encoding upload too early exit - * resolvers: only include anything if needed - * setopt: fix CURLOPT_SSH_AUTH_TYPES option read - * Curl_timeleft: change return type to timediff_t - * cmake: Export libcurl and curl targets to use by other cmake projects - * curl: in -F option arg, comma is a delimiter for files only - * curl: improved ";type=" handling in -F option arguments - * timeval: use mach_absolute_time() on MacOS - * curlx: the timeval functions are no longer provided as curlx_* - * mkhelp.pl: do not generate comment with current date - * memdebug: use send/recv signature for curl_dosend/curl_dorecv - * cookie: avoid NULL dereference - * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 - * include: remove conncache.h inclusion from where its not needed - * CURLOPT_MAXREDIRS: allow -1 as a value - * tests: Fixed torture tests on tests 556 and 650 - * http2: Fixed OOM handling in upgrade request - * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 - * CURLOPT_INFILESIZE: accept -1 - * curl: pass through [] in URLs instead of calling globbing error - * curl: speed up handling of many URLs - * ntlm: avoid malloc(0) for zero length passwords - * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES - * HTTP: support multiple Content-Encodings - * travis: add a job with brotli enabled - * url: remove unncessary NULL-check - * fnmatch: remove dead code - * connect: store IPv6 connection status after valid connection - * imap: deal with commands case insensitively - * --interface: add support for Linux VRF - * content_encoding: fix inflate_stream for no bytes available - * cmake: Add missing setmode check - * connect.c: remove executable bit on file - * SMB: fix uninitialized local variable - * zlib/brotli: only include header files in modules needing them - * URL: return error on malformed URLs with junk after IPv6 bracket - * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY - * macOS: Fix missing connectx function with Xcode version older than 9.0 - * --resolve: allow IP address within [] brackets - * examples/curlx: Fix code style - * ntlm: remove unnecessary NULL-check to please scan-build - * Curl_llist_remove: fix potential NULL pointer deref - * mime: fix "Value stored to 'sz' is never read" scan-build error - * openssl: fix "Value stored to 'rc' is never read" scan-build error - * http2: fix "Value stored to 'hdbuf' is never read" scan-build error - * http2: fix "Value stored to 'end' is never read" scan-build error - * Curl_open: fix OOM return error correctly - * url: reject ASCII control characters and space in host names - * examples/rtsp: clear RANGE again after use - * connect: improve the bind error message - * make: fix "make distclean" - * connect: add support for new TCP Fast Open API on Linux - * metalink: fix memory-leak and NULL pointer dereference - * URL: update "file:" URL handling - * ssh: remove check for a NULL pointer - * global_init: ignore CURL_GLOBAL_SSL's absense - -------------------------------------------------------------------- -Mon Oct 23 09:12:11 UTC 2017 - pmonrealgonzalez@suse.com - -- Update to version 7.56.1 [bsc#1063824] - Bugfixes: - * imap: if a FETCH response has no size, don't call write - callback [CVE-2017-1000257] - * ftp: UBsan fixup 'pointer index expression overflowed - * failf: skip the sprintf() if there are no consumers - * fuzzer: move to using external curl-fuzzer - * lib/Makefile.m32: allow customizing dll suffixes - * docs: fix typo in curl_mime_data_cb man page - * darwinssl: add support for TLSv1.3 - * build: fix --disable-crypto-auth - * openssl: fix build without HAVE_OPAQUE_EVP_PKEY - * strtoofft: Remove extraneous null check - * multi_cleanup: call DONE on handles that never got that - * tests: added flaky keyword to tests 587 and 644 - * pingpong: return error when trying to send without connection - * remove_handle: call multi_done() first, then clear dns cache pointer - * mime: be tolerant about setting the same header list twice in a part - * mime: improve unbinding top multipart from easy handle - * mime: avoid resetting a part's encoder when part's contents change - * mime: refuse to add subparts to one of their own descendants - * RTSP: avoid integer overflow on funny RTSP responses - * curl: don't pass semicolons when parsing Content-Disposition - * openssl: enable PKCS12 support for !BoringSSL - * FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION - * CURLOPT_NOPROGRESS.3: also refer to xferinfofunction - * CURLOPT_XFERINFODATA.3: fix duplicate see also - * test298: verify --ftp-method nowcwd with URL encoded path - * FTP: URL decode path for dir listing in nocwd mode - * smtp_done: fix memory leak on send failure - * ftpserver: support case insensitive commands - * test950; verify SMTP with custom request - * openssl: don't use old BORINGSSL_YYYYMM macros - * setopt: update current connection SSL verify params - * curl: reimplement stdin buffering in -F option - * mime: keep "text/plain" content type if user-specified - * mime: fix the content reader to handle >16K data properly - * configure: remove the C++ compiler check - * memdebug: trace send, recv and socket - * runtests: use valgrind for torture as well - * ldap: silence clang warning - * makefile.m32: allow to override gcc, ar and ranlib - * setopt: avoid integer overflows when setting millsecond values - * setopt: range check most long options - * ftp: reject illegal IP/port in PASV 227 response - * mime: do not reuse previously computed multipart size - * vtls: change struct Curl_ssl `close' field name to `close_one' - * os400: add missing symbols in config file - * mime: limit bas64-encoded lines length to 76 characters - * mk-ca-bundle: Remove URL for aurora - * mk-ca-bundle: Fix URL for NSS - -------------------------------------------------------------------- -Thu Oct 5 16:15:04 UTC 2017 - pmonrealgonzalez@suse.com - -- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254] - Changes: - * curl: enable compression for SCP/SFTP with --compressed-ssh - * libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION - * vtls: added dynamic changing SSL backend with curl_global_sslset() - * new MIME API, curl_mime_init() and friends - * openssl: initial SSLKEYLOGFILE implementation - Security fixes: - * CVE-2017-1000254 FTP PWD response parser out of bounds read - Bugfixes: - * FTP: zero terminate the entry path even on bad input - * examples/ftpuploadresume.c: use portable code - * runtests: match keywords case insensitively - * strtoofft: reduce integer overflow risks globally - * zsh.pl: produce a working completion script again - * cmake: remove dead code for CURL_DISABLE_RTMP - * progress: Track total times following redirects - * configure: fix --disable-threaded-resolver - * configure: fix clang version detection - * darwinssi: fix error: variable length array used - * configure: check for __builtin_available() availability - * http_proxy: fix build error for CURL_DOES_CONVERSIONS - * examples/ftpuploadresume: checksrc compliance - * ftp: fix CWD when doing multicwd then nocwd on same connection - * system.h: remove all CURL_SIZEOF_* defines - * http: Don't wait on CONNECT when there is no proxy - * system.h: check for __ppc__ as well - * http2_recv: return error better on fatal h2 errors - * tftp: fix memory leak on too long filename - * system.h: fix build for hppa - * cmake: enable picky compiler options with clang and gcc - * makefile.m32: add support for libidn2 - * curl: shorten and clean up CA cert verification error message - * imap: support PREAUTH - * CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD - * examples/threaded-ssl: mention that this is for openssl before 1.1 - * tests: Make sure libtests & unittests call curl_global_cleanup() - * system.h: include sys/poll.h for AIX - * darwinssl: handle long strings in TLS certs - * strtooff: fix build for systems with long long but no strtoll - * asyn-thread: Improved cleanup after OOM situations - * curl.h: CURLSSLBACKEND_WOLFSSL used wrong value - * unit1301: fix error message on first test - * ossfuzz: moving towards the ideal integration - * http: fix a memory leakage in checkrtspprefix() - * examples/post-callback: stop returning one byte at a time - * schannel: return CURLE_SSL_CACERT on failed verification - * http-proxy: treat all 2xx as CONNECT success - * openssl: use OpenSSL's default ciphers by default - * runtests.pl: support attribute "nonewline" in part verify/upload - * configure: remove --enable-soname-bump and SONAME_BUMP - * vtls: fix WolfSSL 3.12 build problems - * http-proxy: when not doing CONNECT, that phase is done immediately - * configure: fix curl_off_t check's include order - * configure: use -Wno-varargs on clang 3.9[.X] debug builds - * rtsp: do not call fwrite() with NULL pointer FILE * - * mbedtls: enable CA path processing - * checksrc: verify more code style rules - * HTTP proxy: on connection re-use, still use the new remote port - * tests: add initial gssapi test using stub implementation - * rtsp: Segfault when using WRITEDATA - * docs: clarify the CURLOPT_INTERLEAVE* options behavior - * non-ascii: use iconv() with 'char **' argument - * server/getpart: provide dummy function to build conversion enabled - * conversions: fix several compiler warnings - * openssl: add missing includes - * schannel: Support partial send for when data is too large - * socks: fix incorrect port number in SOCKS4 error message - * curl: fix integer overflow in timeout options - * cookies: reject oversized cookies instead of truncating - * cookies: use lock when using CURLINFO_COOKIELIST - * curl: check fseek() return code and bail on error - * examples/post-callback: use long for CURLOPT_POSTFIELDSIZE - * openssl: only verify RSA private key if supported - * tests: make the imap server not verify user+password - * imap: quote atoms properly when escaping characters - * tests: fix a compiler warning in test 643 - * file_range: avoid integer overflow when figuring out byte range - * reuse_conn: don't copy flags that are known to be equal - * http: fix adding custom empty headers to repeated requests - * docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS - * connect: fix race condition with happy eyeballs timeout - * cookie: fix memory leak if path was set twice in header - * vtls: compare and clone ssl configs properly - * proxy: read the "no_proxy" variable only if necessary - -- Refreshed patches: - * libcurl-ocloexec.patch - -- Removed patches fixed upstream: - * curl-man3.patch - * ppc-build.patch - * curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch - * curl-disable-test1427-i586.patch - -------------------------------------------------------------------- -Tue Aug 29 17:33:29 UTC 2017 - zaitor@opensuse.org - -- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch: - Fix NetworkManagers connectivity test. - -------------------------------------------------------------------- -Mon Aug 28 16:15:30 UTC 2017 - schwab@suse.de - -- ppc-build.patch: Fix build for powerpc - -------------------------------------------------------------------- -Thu Aug 10 11:08:46 UTC 2017 - pmonrealgonzalez@suse.com - -- Upstream fix to build libcurl man3 pages - * Added patch curl-man3.patch - -------------------------------------------------------------------- -Thu Aug 10 10:53:23 UTC 2017 - pmonrealgonzalez@suse.com - -- Disabled test1425 that fails in i586 architecture - * Added patch curl-disable-test1427-i586.patch - -------------------------------------------------------------------- -Wed Aug 9 09:34:25 UTC 2017 - pmonrealgonzalez@suse.com - -- Update to 7.55.0 - Changes: - * curl: allow --header and --proxy-header read from file - * getinfo: provide sizes as curl_off_t - * curl: prevent binary output spewed to terminal - * curl: added --request-target - * curl: added --socks5-{basic,gssapi}: control socks5 auth - * libcurl: added CURLOPT_REQUEST_TARGET - * libcurl: added CURLOPT_SOCKS5_AUTH - Bugfixes: - * Security Fixes: - - glob: do not parse after a strtoul() overflow range - (CVE-2017-1000101, bsc#1051643) - - tftp: reject file name lengths that don't fit - (CVE-2017-1000100, bsc#1051644) - - file: output the correct buffer to the user - (CVE-2017-1000099, bsc#1051645) - * includes: remove curl/curlbuild.h and curl/curlrules.h - * dist: make the hugehelp.c not get regenerated unnecessarily - * timers: store internal time stamps as time_t instead of doubles - * progress: let "current speed" be UL + DL speeds combined - * http-proxy: do the HTTP CONNECT process entirely non-blocking - * lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV - * fuzz: bring oss-fuzz initial code converted to C89 - * configure: disable nghttp2 too if HTTP has been disabled - * mk-ca-bundle.pl: Check curl's exit code after certdata download - * test1148: verify the -# progressbar - * tests: stabilize test 2032 and 2033 - * HTTPS-Proxy: don't offer h2 for https proxy connections - * http-proxy: only attempt FTP over HTTP proxy - * curl-compilers.m4: enable vla warning for clang - * curl-compilers.m4: enable double-promotion warning - * curl-compilers.m4: enable missing-variable-declarations clang - warning - * curl-compilers.m4: enable comma clang warning - * CURLOPT_PREQUOTE: not supported for SFTP - * http2: fix OOM crash - * PIPELINING_SERVER_BL: cleanup the internal list use - * mkhelp.pl: fix script name in usage text - * lib1521: add curl_easy_getinfo calls to the test set - * travis: do the distcheck test build out-of-tree as well - * if2ip: fix compiler warning in ISO C90 mode - * lib: fix the djgpp build - * typecheck-gcc: add support for CURLINFO_OFF_T - * travis: enable typecheck-gcc warnings - * maketgz: switch to xz instead of lzma - * CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case - * curl/system.h: add check for XTENSA for 32bit gcc - * test1537: fixed memory leak on OOM - * test1521: fix compiler warnings - * curl: fix memory leak on test 1147 OOM - * libtest/make: generate lib1521.c dynamically at build-time - * curl_strequal.3: fix typo in SYNOPSIS - * progress: prevent resetting t_starttransfer - * openssl: improve fallback seed of PRNG with a time based hash - * http2: improved PING frame handling - * test1450: add simple testing for DICT - * make: build the docs subdir only from within src - * gtls: fix build when sizeof(long) < sizeof(void *) - * url: make the original string get used on subsequent transfers - * timeval.c: Use long long constant type for timeval assignment - * tool_sleep: typecast to avoid macos compiler warning - * travis.yml: use --enable-werror on debug builds - * test1451: add SMB support to the testbed - * configure: remove checks for 5 functions never used - * configure: try ldap/lber in reversed order first - * smb: fix build for djgpp/MSDOS - * travis: install nghttp2 on linux builds - * smb: add support for CURLOPT_FILETIME - * select.h: avoid macro redefinition harder - * runtests: support "threaded-resolver" as a feature - * test506: skip if threaded-resolver - * cmake: remove spurious "-l" from linker flags - * cmake: add CURL_WERROR for enabling "warning as errors" - * memdebug: don't setbuf() if the file open failed - * curl_easy_escape.3: mention the (lack of) encoding - * test1452: add telnet negotiation - * CURLOPT_POSTFIELDS.3: explain the 100-continue magic better - * cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC - * tests/valgrind.supp: supress OpenSSL false positive seen on - travis - * curl_setup_once: Remove ERRNO/SET_ERRNO macros - * rtspd: fix MSVC level 4 warning - * sockfilt: suppress conversion warning with explicit cast - * libtest: fix MSVC warning C4706 - * tests/server/resolve.c: fix deprecation warning - * nss: fix a possible use-after-free in SelectClientCert() - * checksrc: escape open brace in regex - * multi: mention integer overflow risk if using > 500 million - sockets - * timeval: struct curltime is a struct timeval replacement - * curl_rtmp: fix a compiler warning - * include.d: clarify that it concerns the response headers - * cmake: support make uninstall - * include.d: clarify --include is only for response headers - * libcurl: Stop using error codes defined under CURL_NO_OLDIES - * http: fix response code parser to avoid integer overflow - * configure: fix the check for IdnToUnicode - * multi: fix request timer management - * curl_threads: fix MSVC compiler warning - * cmake: set MSVC warning level to 4 - * netrc: skip lines starting with '#' - * FTP: skip unnecessary CWD when in nocwd mode - * gssapi: fix memory leak of output token in multi round context - * getparameter: avoid returning uninitialized 'usedarg' - * curl (debug build) easy_events: make event data static - * curl: detect and bail out early on parameter integer overflows - -- Removed patch curl-invalid-free.patch - -------------------------------------------------------------------- -Wed Jun 28 13:50:08 UTC 2017 - dimstar@opensuse.org - -- Update License to 'curl' as per review on OBS sr#505976. - -------------------------------------------------------------------- -Fri Jun 23 10:49:11 UTC 2017 - dimstar@opensuse.org - -- Have the -mini packages conflict the real ones. - -------------------------------------------------------------------- -Tue Jun 20 11:30:01 UTC 2017 - idonmez@suse.com - -- Add curl-invalid-free.patch to fix an invalid free in - curl_multi_setopt function. - -------------------------------------------------------------------- -Wed Jun 14 11:19:16 UTC 2017 - idonmez@suse.com - -- Update to 7.54.1 - Changes: - * curl now shows release date in --version output - Bugfixes: - * Fixes CVE-2017-9502: default protocol drive letter - buffer overflow bsc#1044243 - * openssl: fix memory leak in servercert - * curl: set a 100K buffer size by default - * nss: do not leak PKCS #11 slot while loading a key - * nss: load libnssckbi.so if no other trust is specified - * curl: use utimes instead of obsolescent utime when available - * url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE - * CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size - * curl: non-boolean command line args reject --no- prefixes - * telnet: Write full buffer instead of byte-by-byte - * curl: remove --environment and tool_writeenv.c - * curl: generate the --help output - * curl.1: clarify --config - * curl.1: mention --oauth2-bearer's argument - * ssh: fix memory leak in disconnect due to timeout - * redirect: store the "would redirect to" URL when max redirs is reached - * file: make speedcheck use current time for checks - * urlglob: fix division by zero - -------------------------------------------------------------------- -Tue Jun 13 13:08:21 UTC 2017 - lnussel@suse.de - -- Create curl-mini for bootstrapping (boo#1042919) - -------------------------------------------------------------------- -Wed Apr 19 08:17:17 UTC 2017 - idonmez@suse.com - -- Update to 7.54.0 - Changes: - * Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION - * Add --max-tls - * Add CURLOPT_SUPPRESS_CONNECT_HEADERS - * Add --suppress-connect-headers - Bugfixes: - * CVE-2017-7468: switch off SSL session id when client cert is used - * bsc#1033413 - * tests: use consistent environment variables for setting charset - * proxy: fixed a memory leak on OOM - * ftp: removed an erroneous free in an OOM path - * ftp: fixed a NULL pointer dereference on OOM - * gopher: fixed detection of an error condition from Curl_urldecode - * url: fix unix-socket support for proxy-disabled builds - * fix potential use of uninitialized variables - * ares: return error at once if timed out before name resolve starts - * URL: return error on malformed URLs with junk after port number - * http2: Fix assertion error on redirect with CL=0 - * --insecure: clarify that this option is for server connections - * authneg: clear auth.multi flag at http_done - * curl_easy_reset: Also reset the authentication state - * proxy: skip SSL initialization for closed connections - * http_proxy: ignore TE and CL in CONNECT 2xx responses - * multi: fix streamclose() crash in debug mode - * openssl: fall back on SSL_ERROR_* string when no error detail - * asiohiper: make sure socket is open in event_cb - * curl: check for end of input in writeout backslash handling - * openssl: exclude DSA code when OPENSSL_NO_DSA is defined - * http: Fix proxy connection reuse with basic-auth - * pause: handle mixed types of data when paused - * http: do not treat FTPS over CONNECT as HTTPS - * conncache: make hashkey avoid malloc - * multi: fix queueing of pending easy handles - * low_speed_limit: improved function for longer time periods - * nss: load CA certificates even with --insecure - * Curl_expire_latest: ignore already expired timers - * http2: fix handle leak in error path - * openssl: make SSL_ERROR_to_str more future-proof - * openssl: fix thread-safety bugs in error-handling - * openssl: don't try to print nonexistant peer private keys - -------------------------------------------------------------------- -Fri Feb 24 11:42:10 UTC 2017 - idonmez@suse.com - -- Update to 7.53.1 - Bugfixes: - * url: Improve CURLOPT_PROXY_CAPATH error handling - * urldata: include curl_sspi.h when Windows SSPI is enabled - * formdata: check for EOF when reading from stdin - * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 - * url: Default the proxy CA bundle location to CURL_CA_BUNDLE - * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header - -------------------------------------------------------------------- -Wed Feb 22 09:49:12 UTC 2017 - idonmez@suse.com - -- Update to 7.53.0 - Changes: - * unix_socket: added --abstract-unix-socket and - CURLOPT_ABSTRACT_UNIX_SOCKET - * CURLOPT_BUFFERSIZE: support enlarging receive buffer - - Bugfixes: - * CVE-2017-2629: make SSL_VERIFYSTATUS work again - * gnutls-random: check return code for failed random - * openssl-random: check return code when asking for random - * http: remove "Curl_http_done: called premature" message - * cyassl: use time_t instead of long for timeout - * build-wolfssl: Sync config with wolfSSL 3.10 - * ftp-gss: check for init before use - * configure: accept --with-libidn2 instead - * ftp: failure to resolve proxy should return that error code - * curl.1: add three more exit codes - * docs/ciphers: link to our own new page about ciphers - * vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl - * darwinssl: fix iOS build - * darwinssl: fix CFArrayRef leak - * cmake: use crypt32.lib when building with OpenSSL on windows - * curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked - * digest_sspi: copy terminating NUL as well - * curl: fix --remote-time incorrect times on Windows - * curl.1: several updates and corrections - * content_encoding: change return code on a failure - * curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use - * docs: TCP_KEEPALIVE start and interval default to 60 - * darwinssl: --insecure overrides --cacert if both settings are in use - * TheArtOfHttpScripting: grammar - * CIPHERS.md: document GSKit ciphers - * wolfssl: support setting cipher list - * wolfssl: display negotiated SSL version and cipher - * lib506: fix build for Open Watcom - * asiohiper: improved socket handling - * examples: make the C++ examples follow our code style too - * tests/sws: retry send() on EWOULDBLOCK - * cmake: Fix passing _WINSOCKAPI_ macro to compiler - * smtp: Fix STARTTLS denied error message - * imap/pop3: don't print response character in STARTTLS denied messages - * rand: make it work without TLS backing - * url: fix parsing for when 'file' is the default protocol - * url: allow file://X:/path URLs on windows again - * gnutls: check for alpn and ocsp in configure - * IDN: Use TR46 'non-transitional' for toASCII translations - * url: Fix NO_PROXY env var to work properly with --proxy option - * CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* - * docs: Add note about libcurl copying strings to CURLOPT_* manpages - * curl: reset the easy handle at --next - * --next docs: --trace and --trace-ascii are also global - * --write-out docs: 'time_total' is not always shown with ms precision - * http: print correct HTTP string in verbose output when using HTTP/2 - * docs: improved language in README.md HISTORY.md CONTRIBUTE.md - * http2: disable server push if not requested - * nss: use the correct lock in nss_find_slot_by_name() - * usercertinmem.c: improve the short description - * CURLOPT_CONNECT_TO: Fix compile warnings - * docs: non-blocking SSL handshake is now supported with NSS - * *.rc: escape non-ASCII/non-UTF-8 character for clarity - * mbedTLS: fix multi interface non-blocking handshake - * PolarSSL: fix multi interface non-blocking handshake - * VC: remove the makefile.vc6 build infra - * telnet: fix windows compiler warnings - * cookies: do not assume a valid domain has a dot - * polarssl: fix hangs - * gnutls: disable TLS session tickets - * mbedtls: disable TLS session tickets - * mbedtls: implement CTR-DRBG and HAVEGE random generators - * openssl: Don't use certificate after transferring ownership - * cmake: Support curl --xattr when built with cmake - * OS400: Fix symbols - * docs: Add more HTTPS proxy documentation - * docs: use more HTTPS links - * cmdline-opts: Fixed build and test in out of source tree builds - * CHANGES.0: removed - * schannel: Remove incorrect SNI disabled message - * darwinssl: Avoid parsing certificates when not in verbose mode - * test552: Fix typos - * telnet: Fix typos - * transfer: only retry nobody-requests for HTTP - * http2: reset push header counter fixes crash - * nss: make FTPS work with --proxytunnel - * test1139: Added the --manual keyword since the manual is required - * polarssl, mbedtls: Fix detection of pending data - * http_proxy: Fix tiny memory leak upon edge case connecting to proxy - * URL: only accept ";options" in SMTP/POP3/IMAP URL schemes - * curl.1: ftp.sunet.se is no longer an FTP mirror - * tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT - * http2: fix memory-leak when denying push streams - * configure: Allow disabling pthreads, fall back on Win32 threads - * curl: fix typo in time condition warning message - * axtls: adapt to API changes - * tool_urlglob: Allow a glob range with the same start and stop - * winbuild: add note on auto-detection of MACHINE in Makefile.vc - * http: fix missing 'Content-Length: 0' while negotiating auth - * proxy: fix hostname resolution and IDN conversion - * docs: fix timeout handling in multi-uv example - * digest_sspi: Fix nonce-count generation in HTTP digest - * sftp: improved checks for create dir failures - * smb: use getpid replacement for windows UWP builds - * digest_sspi: Handle 'stale=TRUE' directive in HTTP digest -- Remove curl-7.52.1-idn-fixes.patch, fixed upstream. - -------------------------------------------------------------------- -Sun Feb 5 22:33:33 UTC 2017 - astieger@suse.com - -- build with libidn2 for IDNA2008 support - FATE#321897 CVE-2016-8625 bsc#1005649 - add curl-7.52.1-idn-fixes.patch to fix test, among other things -- re-enable tests that are no longer failing, - remove curl-disable_failing_tests.patch - -------------------------------------------------------------------- -Fri Dec 23 07:37:40 UTC 2016 - idonmez@suse.com - -- Update to 7.52.1 - Bugfixes: - * CVE-2016-9594: unititialized random bsc#1016738 - -------------------------------------------------------------------- -Wed Dec 21 07:10:10 UTC 2016 - idonmez@suse.com - -- Update to 7.52.0 - Changes: - * nss: map CURL_SSLVERSION_DEFAULT to NSS default - * vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3 - * curl: introduce the --tlsv1.3 option to force TLS 1.3 - * curl: Add --retry-connrefused - * proxy: Support HTTPS proxy and SOCKS+HTTP(s) - * add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme} - * curl: add --fail-early - Bugfixes: - * CVE-2016-9586: printf floating point buffer overflow - * curl -w: added more decimal digits to timing counters - * easy: Initialize info variables on easy init and duphandle - * http2: Don't send header fields prohibited by HTTP/2 spec - * ssh: check md5 fingerprints case insensitively (regression) - * openssl: initial TLS 1.3 adaptions - * SPNEGO: Fix memory leak when authentication fails - * realloc: use Curl_saferealloc to avoid common mistakes - * openssl: make sure to fail in the unlikely event that PRNG - seeding fails - * URL-parser: for file://[host]/ URLs, the [host] must be localhost - * timeval: prefer time_t to hold seconds instead of long - * glob: fix [a-c] globbing regression - * curl.1: Clarify --dump-header only writes received headers - * http2: Fix address sanitizer memcpy warning - * http2: Use huge HTTP/2 windows - * connects: Don't mix unix domain sockets with regular ones - * url: Fix conn reuse for local ports and interfaces - * x509: Limit ASN.1 structure sizes to 256K - * http2: check nghttp2_session_set_local_window_size exists - * http2: Fix crashes when parent stream gets aborted - * CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries - * URL parser: reject non-numerical port numbers - * CONNECT: reject TE or CL in 2xx responses - * CONNECT: read responses one byte at a time - * curl: support zero-length argument strings in config files - * openssl: don't use OpenSSL's ERR_PACK - * curl.1: generated with the new man page system - * curl_easy_recv: Improve documentation and example program - * Curl_getconnectinfo: avoid checking if the connection is closed - * CIPHERS.md: attempt to document TLS cipher names - -------------------------------------------------------------------- -Wed Nov 2 07:15:44 UTC 2016 - idonmez@suse.com - -- Update to 7.51.0 - Changes: - * nss: additional cipher suites are now accepted by - CURLOPT_SSL_CIPHER_LIST - * New option: CURLOPT_KEEP_SENDING_ON_ERROR - Bugfixes: - * CVE-2016-8615: cookie injection for other servers - * CVE-2016-8616: case insensitive password comparison - * CVE-2016-8617: OOB write via unchecked multiplication - * CVE-2016-8618: double-free in curl_maprintf - * CVE-2016-8619: double-free in krb5 code - * CVE-2016-8620: glob parser write/read out of bounds - * CVE-2016-8621: curl_getdate read out of bounds - * CVE-2016-8622: URL unescape heap overflow via integer truncation - * CVE-2016-8623: Use-after-free via shared cookies - * CVE-2016-8624: invalid URL parsing with '#' - * CVE-2016-8625: IDNA 2003 makes curl use wrong host - * openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 - * http: accept "Transfer-Encoding: chunked" for HTTP/2 as well - * LICENSE-MIXING.md: update with mbedTLS dual licensing - * examples/imap-append: Set size of data to be uploaded - * test2048: fix url - * darwinssl: disable RC4 cipher-suite support - * CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting - * openssl: don’t call CRYTPO_cleanup_all_ex_data - * libressl: fix version output - * easy: Reset all statistical session info in curl_easy_reset - * curl_global_cleanup.3: don't unload the lib with sub threads running - * dist: add CurlSymbolHiding.cmake to the tarball - * docs: Remove that --proto is just used for initial retrieval - * configure: Fixed builds with libssh2 in a custom location - * curl.1: --trace supports % for sending to stderr! - * cookies: same domain handling changed to match browser behavior - * formpost: trying to attach a directory no longer crashes - * CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning - * formpost: avoid silent snprintf() truncation - * ftp: fix Curl_ftpsendf - * mprintf: return error on too many arguments - * smb: properly check incoming packet boundaries - * GIT-INFO: remove the Mac 10.1-specific details - * resolve: add error message when resolving using SIGALRM - * cmake: add nghttp2 support - * dist: remove PDF and HTML converted docs from the releases - * configure: disable poll() in macOS builds - * vtls: only re-use session-ids using the same scheme - * pipelining: skip to-be-closed connections when pipelining - * win: fix Universal Windows Platform build - * curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically - * maketgz: make it support "only" generating version info - * Curl_socket_check: add extra check to avoid integer overflow - * gopher: properly return error for poll failures - * curl: set INTERLEAVEDATA too - * polarssl: clear thread array at init - * polarssl: fix unaligned SSL session-id lock - * polarssl: reduce #ifdef madness with a macro - * curl_multi_add_handle: set timeouts in closure handles - * configure: set min version flags for builds on mac - * INSTALL: converted to markdown => INSTALL.md - * curl_multi_remove_handle: fix a double-free - * multi: fix inifinte loop in curl_multi_cleanup() - * nss: fix tight loop in non-blocking TLS handhsake over proxy - * mk-ca-bundle: Change URL retrieval to HTTPS-only by default - * mbedtls: stop using deprecated include file - * docs: fix req->data in multi-uv example - * configure: Fix test syntax for monotonic clock_gettime - * CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 -- Refresh libcurl-ocloexec.patch - -------------------------------------------------------------------- -Wed Sep 14 07:13:02 UTC 2016 - idonmez@suse.com - -- update to 7.50.3 - Bugfixes: - * CVE-2016-7167: escape and unescape integer overflows - * mk-ca-bundle.pl: use SHA256 instead of SHA1 - * checksrc: detect strtok() use - * errors: new alias CURLE_WEIRD_SERVER_REPLY - * http2: support > 64bit sized uploads - * openssl: fix bad memory free (regression) - * CMake: hide private library symbols - * http: refuse to pass on response body when NO_NODY is set - * cmake: fix curl-config --static-libs - * mbedtls: switch off NTLM in build if md4 isn't available - * curl: --create-dirs on windows groks both forward and - backward slashes - -------------------------------------------------------------------- -Thu Sep 8 08:31:40 UTC 2016 - idonmez@suse.com - -- update to 7.50.2 - Bugfixes: - * mbedtls: Added support for NTLM - * SSH: fixed SFTP/SCP transfer problems - * multi: make Curl_expire() work with 0 ms timeouts - * mk-ca-bundle.pl: -m keeps ca cert meta data in output - * TFTP: Fix upload problem with piped input - * CURLOPT_TCP_NODELAY: now enabled by default - * mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined - * http2: always wait for readable socket - * cmake: Enable win32 large file support by default - * cmake: Enable win32 threaded resolver by default - * winbuild: Avoid setting redundant CFLAGS to compile commands - * curl.h: make CURL_NO_OLDIES define CURL_STRICTER - * docs: make more markdown files use .md extension - * docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown - * winbuild: Allow changing C compiler via environment variable CC - * rtsp: accept any RTSP session id - * HTTP: retry failed HEAD requests on reused connections too - * configure: add zlib search with pkg-config - * openssl: accept subjectAltName iPAddress if no dNSName match - * MANUAL: Remove invalid link to LDAP documentation - * socks: improved connection procedure - * proxy: reject attempts to use unsupported proxy schemes - * proxy: bring back use of "Proxy-Connection:" - * curl: allow "pkcs11:" prefix for client certificates - * spnego_sspi: fix memory leak in case *outlen is zero - * SOCKS: improve verbose output of SOCKS5 connection sequence - * SOCKS: display the hostname returned by the SOCKS5 proxy server - * http/sasl: Query authentication mechanism supported by SSPI before using - * sasl: Don't use GSSAPI authentication when domain name not specified - * win: Basic support for Universal Windows Platform apps - * nss: fix incorrect use of a previously loaded certificate from file, - https://curl.haxx.se/docs/adv_20160907.html - * nss: work around race condition in PK11_FindSlotByName() - * ftp: fix wrong poll on the secondary socket - * openssl: build warning-free with 1.1.0 (again) - * HTTP: stop parsing headers when switching to unknown protocols - * test219: Add http as a required feature - * TLS: random file/egd doesn't have to match for conn reuse - * schannel: Disable ALPN for Wine since it is causing problems - * http2: make sure stream errors don't needlessly close the connection - * http2: return CURLE_HTTP2_STREAM for unexpected stream close - * darwinssl: --cainfo is intended for backward compatibility only - * speed caps: not based on average speeds anymore - * configure: make the cpp -P detection not clobber CPPFLAGS - * http2: use named define instead of magic constant in read callback - * http2: skip the content-length parsing, detect unknown size - * http2: return EOF when done uploading without known size - * darwinssl: test for errSecSuccess in PKCS12 import rather than noErr - * openssl: fix CURLINFO_SSL_VERIFYRESULT - -------------------------------------------------------------------- -Fri Aug 5 12:41:43 UTC 2016 - pjanouch@suse.de - -- update to 7.50.1 - Bugfixes: - * TLS: switch off SSL session id when client cert is used - * TLS: only reuse connections with the same client cert - * curl_multi_cleanup: clear connection pointer for easy handles - * include the CURLINFO_HTTP_VERSION man page into the release tarball - * include the http2-server.pl script in the release tarball - * test558: fix test by stripping file paths from FD lines - * spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration - * tests: Fix for http/2 feature - * cmake: Fix for schannel support - * curl.h: make public types void * again - * win32: fix a potential memory leak in Curl_load_library - * travis: fix OSX build by re-installing libtool - * mbedtls: Fix debug function name -- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch - -------------------------------------------------------------------- -Thu Jul 21 09:30:30 UTC 2016 - vcizek@suse.com - -- update to 7.50.0 - Changes: - * http: add CURLINFO_HTTP_VERSION and %{http_version} - Bugfixes: - * openssl: fix build with OPENSSL_NO_COMP - * cmake: Added missing mbedTLS support - * URL parser: allow URLs to use one, two or three slashes - * curl: fix -q [regression] - * openssl: Use correct buffer sizes for error messages - * curl: fix SIGSEGV while parsing URL with too many globs - * vtls: fix ssl session cache race condition - * http: Fix HTTP/2 connection reuse [regression] - * checksrc: Add LoadLibrary to the banned functions list - * configure: occasional ignorance of --enable-symbol-hiding with GCC - * http2: test17xx are the first real HTTP/2 tests - * resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS - * curl_multi_socket_action.3: rewording - * CURLOPT_POSTFIELDS.3: Clarify what happens when set empty - * cmake: Fix build with winldap - * openssl: fix cert check with non-DNS name fields present - * curl.1: mention the units for the progress meter - * openssl: use more 'const' to fix build warnings with 1.1.0 branch - * cmake: now using BUILD_TESTING=ON/OFF - * vtls: Only call add/getsession if session id is enabled - * headers: forward declare CURL, CURLM and CURLSH as structs - * configure: improve detection of CA bundle path on FreeBSD - * SFTP: set a generic error when no SFTP one exists - * curl_global_init.3: expand on the SSL and WIN32 bits purpose - * conn: don't free easy handle data in handler->disconnect - * cookie.c: Fix misleading indentation - * library: Fix memory leaks found during static analysis - * CURLMOPT_SOCKETFUNCTION.3: fix typo - * curl_global_init: moved the "IPv6 works" check here - * connect: disable TFO on Linux when using SSL - * vauth: Fixed memory leak due to function returning without free -- refresh libcurl-ocloexec.patch -- disable tests 1139 and 1140 which fail due to missing manpage - * add curl-disable_failing_tests.patch -- ship http2_server.pl for testing - * add 0001-tests-distribute-the-http2-server.pl-script-too.patch - -------------------------------------------------------------------- -Tue Jun 14 11:47:27 UTC 2016 - astieger@suse.com - -- curl 7.49.1: - * http2: use HTTP/2 in the HTTP/1.1-alike response - * ssh: fix build for libssh2 before 1.2.6 - * a number of bug and build fixes -- curl 7.49.0: - * schannel: Add ALPN support - * SSH: support CURLINFO_FILETIME - * SSH: new CURLOPT_QUOTE command "statvfs" - * wolfssl: Add ALPN support - * http2: added --http2-prior-knowledge - * http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE - * libcurl: added CURLOPT_CONNECT_TO - * curl: added --connect-to - * libcurl: added CURLOPT_TCP_FASTOPEN - * curl: added --tcp-fastopen - * curl: remove support for --ftpport, -http-request and --socks - * a number of bug and build fixes -- update upstream signing key and download URLs -- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream - -------------------------------------------------------------------- -Mon Jun 6 10:18:29 UTC 2016 - idonmez@suse.com - -- Depend on libssh2 >= 1.6.0 since curl depends on the - libssh2_scp_recv2 symbol now. Fixes boo#983170 - -------------------------------------------------------------------- -Thu May 5 18:53:47 UTC 2016 - alarrosa@suse.com - -- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch. - Fixes "Network is unreachable" errors in valid situations when ipv6 - is not available but ipv4 is working fine. This also fixes the same - error from happening in applications using libcurl4 (like zypper). - (bsc#915846) - -------------------------------------------------------------------- -Thu Mar 31 17:25:29 UTC 2016 - idonmez@suse.com - -- Update to 7.48.0 - * configure: --with-ca-fallback: use built-in TLS CA fallback - * TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS - * getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION - * Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0 -- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff, - superseded by --with-ca-fallback configure option. - -------------------------------------------------------------------- -Thu Mar 17 10:58:24 UTC 2016 - astieger@suse.com - -- curl 7.47.1: - * getredirect.c: fix variable name - * tool_doswin: silence unused function warning - * curl.1: Explain remote-name behavior if file already exists - * sasl_sspi: Fix memory leak in domain populate - * openssl: Fix signed/unsigned mismatch warning in X509V3_ext - -------------------------------------------------------------------- -Fri Jan 29 21:17:56 UTC 2016 - mpluskal@suse.com - -- Enable PSL (Publix Suffix List) -- Make building more verbose - -------------------------------------------------------------------- -Wed Jan 27 13:10:50 UTC 2016 - vcizek@suse.com - -- update to 7.47.0 - * fixes CVE-2016-0755 (bsc#962983) - (NTLM credentials not-checked for proxy connection re-use) - * drop curl-fix-zsh-completion.patch (upstream) - Changes: - * version: Add flag CURL_VERSION_PSL for libpsl - * http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only - * curl: use 2TLS by default - * curl --expect100-timeout: added - * Add .dir-locals and set c-basic-offset to 2 (for emacs) - -------------------------------------------------------------------- -Wed Jan 6 13:18:33 UTC 2016 - idonmez@suse.com - -- Fix path to curl in zsh.pl to unbreak _curl completion - * curl-fix-zsh-completion.patch - -------------------------------------------------------------------- -Wed Dec 2 12:18:24 UTC 2015 - idonmez@suse.com - -- Update to 7.46.0 - * Added CURLOPT_STREAM_DEPENDS - * Added CURLOPT_STREAM_DEPENDS_E - * Added CURLOPT_STREAM_WEIGHT - * Added CURLFORM_CONTENTLEN - * oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, - POP3 and SNMP -* Many bugfixes, see http://curl.haxx.se/changes.html#7_46_0 for the - complete list. - -------------------------------------------------------------------- -Mon Oct 19 09:35:04 UTC 2015 - vcizek@suse.com - -- revert the curl-config change for bsc#900419 until we have a better - fix, because it was breaking builds of other packages - -------------------------------------------------------------------- -Sun Oct 18 21:43:16 UTC 2015 - crrodriguez@opensuse.org - -- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2) - -------------------------------------------------------------------- -Sat Oct 10 06:58:35 UTC 2015 - mpluskal@suse.com - -- Update to 7.45.0 - * added CURLOPT_DEFAULT_PROTOCOL - * added new tool option --proto-default - * getinfo: added CURLINFO_ACTIVESOCKET - * turned CURLINFO_* option docs as stand-alone man pages - * curl: point out unnecessary uses of -X in verbose mode -- Drop curl-disable_failing_tests.patch as it is now part of - upstream - -------------------------------------------------------------------- -Wed Aug 26 07:29:40 UTC 2015 - vcizek@suse.com - -- drop a hack that made curl-config print only -lcurl (bsc#900419) - * --as-needed is used by default now - -------------------------------------------------------------------- -Fri Aug 14 09:02:40 UTC 2015 - vcizek@suse.com - -- update to 7.44.0 - http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA - examples: added http2-serverpush.c - http2: added curl_pushheader_byname() and curl_pushheader_bynum() - docs: added CODE_OF_CONDUCT.md - curl: Add --ssl-no-revoke to disable certificate revocation checks - libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS - makefile: Added support for VC14 -- dropped unexpire-test46.patch (upstream) - -------------------------------------------------------------------- -Tue Aug 11 10:02:18 UTC 2015 - schwab@suse.de - -- unexpire-test46.patch: Unexpire test 46 - -------------------------------------------------------------------- -Fri Jul 31 08:22:39 UTC 2015 - normand@linux.vnet.ibm.com - -- do not run flaky tests for any architecture (bnc#940009) - at least test 1510 do fail for i586 and ppc64le - -------------------------------------------------------------------- -Fri Jul 3 08:29:55 UTC 2015 - vcizek@suse.com - -- fix a typo in curl-secure-getenv.patch (bsc#936676) - -------------------------------------------------------------------- -Fri Jun 19 13:07:44 UTC 2015 - mpluskal@suse.com - -- Update to 7.43.0 - * Added CURLOPT_PROXY_SERVICE_NAME - * Added CURLOPT_SERVICE_NAME - * New curl option: --proxy-service-name - * Mew curl option: --service-name - * New curl option: --data-raw - * Added CURLOPT_PIPEWAIT - * Added support for multiplexing transfers using HTTP/2, enable - this with the new CURLPIPE_MULTIPLEX bit for - CURLMOPT_PIPELINING - * HTTP/2: requires nghttp2 1.0.0 or later - * scripts: add zsh.pl for generating zsh completion - * curl.h: add CURL_HTTP_VERSION_2 - * CVE-2015-3236: lingering HTTP credentials in connection re-use - * CVE-2015-3237: SMB send off unrelated memory contents -- Disable HTTP/2 as it would create build cycle - -------------------------------------------------------------------- -Wed May 20 15:18:12 UTC 2015 - vcizek@suse.com - -- enable HTTP/2 support -- make the testsuite failure fatal - * added curl-disable_failing_tests.patch - * added groff to BuildRequires to enable builtin manual (test 1026) - -------------------------------------------------------------------- -Wed Apr 29 08:32:11 UTC 2015 - vcizek@suse.com - -- update to 7.42.1 - * fixes CVE-2015-3153 (bnc#928533) - - sensitive HTTP server headers also sent to proxies -- rename curl-devel to libcurl-devel in baselibs.conf - -------------------------------------------------------------------- -Wed Apr 22 08:03:02 UTC 2015 - vcizek@suse.com - -- update to 7.42.0 - * refresh libcurl-ocloexec.patch -- fixes security vulnerabilities: - * CVE-2015-3143 (bnc#927556) - - Re-using authenticated connection when unauthenticated - * CVE-2015-3144 (bnc#927608) - - host name out of boundary memory access - * CVE-2015-3145 (bnc#927607) - - cookie parser out of boundary memory access - * CVE-2015-3148 (bnc#927746) - - Negotiate not treated as connection-oriented - -------------------------------------------------------------------- -Tue Mar 24 12:49:35 UTC 2015 - lnussel@suse.de - -- don't hardcode /etc/ssl/certs. Use openssl's default instead - (curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff) - -------------------------------------------------------------------- -Thu Feb 26 09:37:22 UTC 2015 - sor.alexei@meowr.ru - -- update to 7.41.0: - * Changes: - NetWare build: added TLS-SRP enabled build - winbuild: Added option to build with c-ares - Added --cert-status - Added CURLOPT_SSL_VERIFYSTATUS - sasl: implement EXTERNAL authentication mechanism - -------------------------------------------------------------------- -Sat Feb 14 18:29:37 UTC 2015 - mpluskal@suse.com - -- Re-enable metalink supoort -- Use pkgconfig() style dependencies - -------------------------------------------------------------------- -Thu Jan 8 09:55:11 UTC 2015 - vcizek@suse.com - -- update to 7.40.0: - * fixes CVE-2014-8150 (bnc#911363) - * Changes: - http_digest: Added support for Windows SSPI based authentication - version info: Added Kerberos V5 to the supported features - Makefile: Added VC targets for WinIDN - config-win32: Introduce build targets for VS2012+ - SSL: Add PEM format support for public key pinning - smtp: Added support for the conversion of Unix newlines during mail send - smb: Added initial support for the SMB/CIFS protocol - Added support for HTTP over unix domain sockets, - via CURLOPT_UNIX_SOCKET_PATH and --unix-socket - sasl: Added support for GSS-API based Kerberos V5 authentication - -------------------------------------------------------------------- -Thu Jan 1 23:08:25 UTC 2015 - meissner@suse.com - -- build with PIE - -------------------------------------------------------------------- -Fri Nov 14 15:29:07 UTC 2014 - vcizek@suse.com - -- update to 7.39.0: -- changes: - SSLv3 is disabled by default - CURLOPT_COOKIELIST: Added "RELOAD" command - build: Added WinIDN build configuration options to Visual Studio projects - ssh: improve key file search - SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey - vtls: remove QsoSSL support, use gskit! - mk-ca-bundle: added SHA-384 signature algorithm - docs: added many examples for libcurl opts and other doc improvements - build: Added VC ssh2 target to main Makefile - MinGW: Added support to build with nghttp2 - NetWare: Added support to build with nghttp2 - build: added Watcom support to build with WinSSL - build: Added optional specific version generation of VC project files - ... and a bunch of bugfixes -- refreshed libcurl-ocloexec.patch -- removed gpg-offline verification -- spec-cleaned curl.spec - -------------------------------------------------------------------- -Thu Oct 23 15:13:30 UTC 2014 - crrodriguez@opensuse.org - -- Ensure the curl command line tool always require - the same libcurl it was used for build, even expert users - got confused. - -------------------------------------------------------------------- -Wed Sep 10 09:07:59 UTC 2014 - vcizek@suse.com - -- update to 7.38.0 - * fixes CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991) - * cookie leaks with IP address as domain and TLDs respectively - Changes: - supports HTTP/2 draft-14 - CURLE_HTTP2 is a new error code - CURLAUTH_NEGOTIATE is a new auth define - CURL_VERSION_GSSAPI is a new capability bit - no longer use fbopenssl for anything - schannel: use CryptGenRandom for random numbers - axtls: define curlssl_random using axTLS's PRNG - cyassl: use RNG_GenerateBlock to generate a good random number - findprotocol: show unsupported protocol within quotes - version: detect and show LibreSSL - version: detect and show BoringSSL - imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI - http2: requires nghttp2 0.6.0 or later - Bugfixes: - SECURITY ADVISORY: cookie leak with IP address as domain - SECURITY ADVISORY: cookie leak for TLDs - And many other fixes - -------------------------------------------------------------------- -Thu Aug 28 21:59:59 UTC 2014 - andreas.stieger@gmx.de - -- curl 7.37.1: - This release includes many bugfixes and the following changes: - * bits.close: introduce connection close tracking - * darwinssl: Add support for --cacert - * polarssl: add ALPN support - * docs: Added new option man pages - -------------------------------------------------------------------- -Thu Jun 12 11:45:03 UTC 2014 - vcizek@suse.com - -- update to 7.37.0 - This release includes many bugfixes and the following changes: - * URL parser: IPv6 zone identifiers are now supported - * CURLOPT_PROXYHEADER: set headers for proxy-only - * CURLOPT_HEADEROPT: added - * curl: add --proxy-header - * sasl: Added support for DIGEST-MD5 via Windows SSPI - * sasl: Added DIGEST-MD5 qop-option validation in native challange handling - * imap: Expanded mailbox SEARCH support to use URL query strings [7] - * imap: Extended FETCH support to include PARTIAL URL specifier [7] - * nss: implement non-blocking SSL handshake - * build: Reworked Visual Studio project files - * poll: enable poll on darwin13 - * mk-ca-bundle: added -p - * libtests: add a wait_ms() function - - dropped patches: - * curl-mkhelp.patch (upstream) - * curl-test815.patch (upstream) - -------------------------------------------------------------------- -Fri Apr 11 06:51:54 UTC 2014 - vcizek@suse.com - -- remove the useless BuildRequires that were meant for debugging only - -------------------------------------------------------------------- -Wed Apr 9 11:40:19 UTC 2014 - vcizek@suse.com - -- update to 7.36 - * fixes CVE-2014-0138 (bnc#868627) and CVE-2014-0139 (bnc#868629) - * NEW FEATURES: - ntlm: Added support for NTLMv2 - tool: Added support for URL specific options - openssl: add ALPN support - gtls: add ALPN support - nss: add ALPN and NPN support - added CURLOPT_EXPECT_100_TIMEOUT_MS - tool: add --no-alpn and --no-npn - added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN - http2: build with current nghttp2 version - openssl: info message with SSL version used - * dropped curl-test172_cookie_expiration.patch (upstream) - * added patches to make it build: - - curl-mkhelp.patch - - curl-test815.patch - -------------------------------------------------------------------- -Thu Mar 13 13:53:08 CET 2014 - kukuk@suse.de - -- Disable BuildRequires for openssh, only needed for test suite, - but the test suite isn't able to start sshd anyways. - Solves the problem that openssh checkins triggers a nearly full - rebuild, too. - -------------------------------------------------------------------- -Tue Feb 4 15:17:18 UTC 2014 - vcizek@suse.com - -- update to 7.35.0 - * security fix: - CVE-2014-0015: re-use of wrong HTTP NTLM connection (bnc#858673) - * changes: - imap/pop3/smtp: Added support for SASL authentication downgrades - imap/pop3/smtp: Extended the login options to support multiple auth mechanisms - TheArtOfHttpScripting: major update, converted layout and more - mprintf: Added support for I, I32 and I64 size specifiers - makefile: Added support for VC7, VC11 and VC12 - SSL: protocol version can be specified more precisely - imap/pop3/smtp: Added graceful cancellation of SASL authentication - Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts - base64: Added validation of base64 input strings when decoding - curl_easy_setopt: Added the ability to set the login options separately - smtp: Added support for additional SMTP commands - curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals - nss: allow to use TLS > 1.0 if built against recent NSS - SECURITY: added this document to describe our security processes - parseconfig: warn if unquoted white spaces are detected - * and many bugfixes -- fix test failure because of an expired cookie (bnc#862144) - * added curl-test172_cookie_expiration.patch -- refresh libcurl-ocloexec.patch - -------------------------------------------------------------------- -Fri Nov 29 15:30:23 UTC 2013 - vcizek@suse.com - -- update to 7.33.0 - * fixes CVE-2013-4545 (bnc#849596) - = curl: ssl cert checks unclear behaviour - o test code for testing the event based API - o CURLM_ADDED_ALREADY: new error code - o test TFTP server: support "writedelay" within - o krb4 support has been removed - o imap/pop3/smtp: added basic SASL XOAUTH2 support - o Pass password to OpenSSL engine by user interface - o c-ares: Add support for various DNS binding options - o cookies: add expiration - o curl: added --oauth2-bearer option - -------------------------------------------------------------------- -Mon Aug 12 05:29:34 UTC 2013 - crrodriguez@opensuse.org - -- curl 7.32.0 -* curl: allow timeouts to accept decimal values -* CURLOPT_XFERINFOFUNCTION: introducing a new progress callback -* SIGPIPE: ignored while inside the library -* OpenSSL: check for read errors -* configure: automake 1.14 compatibility tweak -* curl_multi_wait: set revents for extra fds -* global dns cache: didn't work (regression) -* mk-ca-bundle.1: don't install on make install - - -------------------------------------------------------------------- -Mon Jul 1 18:56:33 UTC 2013 - coolo@suse.com - -- avoid cycle between curl and krb5 by using krb5-mini-devel - -------------------------------------------------------------------- -Mon Jun 24 14:00:11 UTC 2013 - vcizek@suse.com - -- update to 7.31.0 - * includes fix for CVE-2013-2174 (bnc#824517) - * SECURITY VULNERABILITY: curl_easy_unescape() may parse data - beyond the end of the input buffer [26] - * Changes: - darwinssl: add TLS session resumption - darwinssl: add TLS crypto authentication - imap/pop3/smtp: Added support for ;auth= in the URL - imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD - usercertinmem.c: add example showing user cert in memory - url: Added smtp and pop3 hostnames to the protocol detection list - imap/pop3/smtp: Added support for enabling the SASL initial response - curl -E: allow to use ':' in certificate nicknames - -------------------------------------------------------------------- -Fri Apr 12 11:36:47 UTC 2013 - vcizek@suse.com - -- update to 7.30.0 - includes security fixes for CVE-2013-0249 and CVE-2013-1944 - (bugs bnc#814655 and bnc#802411 respectively) - (dropped curl-CVE-2013-0249.patch) -- Changes: - imap: Changed response tag generation to be completely unique - imap: Added support for SASL-IR extension - imap: Added support for the list command - imap: Added support for the append command - imap: Added custom request parsing - imap: Added support to the fetch command for UID and SECTION properties - imap: Added parsing and verification of the UIDVALIDITY mailbox attribute - imap/pop3/smtp: Added support for the STARTTLS capability - checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets - curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag - Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS - for new multi interface connection handling - Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, - CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL - and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control - test: offer "automake" output and check for perl better - always-multi: always use non-blocking internals - imap: Added support for sasl digest-md5 authentication - imap: Added support for sasl cram-md5 authentication - imap: Added support for sasl ntlm authentication - imap: Added support for sasl login authentication - imap: Added support for sasl plain text authentication - imap: Added support for login disabled server capability - mk-ca-bundle: add -f, support passing to stdout and more - writeout: -w now supports remote_ip/port and local_ip/port -- refreshed patches - -------------------------------------------------------------------- -Sun Feb 17 17:04:34 UTC 2013 - crrodriguez@opensuse.org - -- Add curl-secure-getenv.patch: Use secure_getenv if available. - libcurl might be linked to a program where "secure execution" is - required. - -------------------------------------------------------------------- -Thu Feb 7 10:54:15 UTC 2013 - vcizek@suse.com - -- fixed CVE-2013-0249 (bnc#802411) -- refreshed patches - -------------------------------------------------------------------- -Fri Jan 11 21:34:38 CET 2013 - sbrabec@suse.cz - -- Break build loop and make GPG signature verification optional. - -------------------------------------------------------------------- -Tue Nov 27 20:05:00 CET 2012 - sbrabec@suse.cz - -- Verify GPG signature. - -------------------------------------------------------------------- -Tue Nov 20 23:43:24 UTC 2012 - crrodriguez@opensuse.org - -- Curl 7.28.1 -* FTP: prevent the multi interface from blocking Obsoletes - curl-ftp-prevent-the-multi-interface-from-blocking.patch -* don't send '#' fragments when using proxy -* OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack -* TFTP: handle resend -* memory leak: CURLOPT_RESOLVE with multi interface -* SSL: Several SSL-backend related fixes - -------------------------------------------------------------------- -Sun Nov 4 19:57:33 UTC 2012 - gber@opensuse.org - -- added curl-ftp-prevent-the-multi-interface-from-blocking.patch in - order to prevent the multi interface from blocking when using ftp - and the remote end responds very slowly (sf#3579064) - -------------------------------------------------------------------- -Sun Jul 29 22:14:25 UTC 2012 - crrodriguez@opensuse.org - -- Curl 7.27.0 -* support metalinks -* Add sasl authentication support -* various bugfixes -- Fix previous change, _GNU_SOURCE --> AC_USE_SYSTEM_EXTENSIONS - -------------------------------------------------------------------- -Mon Jul 9 13:12:24 UTC 2012 - dnh@opensuse.org - -- define _GNU_SOURCE for oS/SLES <= 11.4, as O_CLOEXEC is - defined inside a ifdef __USE_GNU - -------------------------------------------------------------------- -Sat May 12 23:24:56 UTC 2012 - jengelh@inai.de - -- Update to new upstream release 7.25.0 -* Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, - CURLOPT_TCP_KEEPINTVL -* use new library-side TCP_KEEPALIVE options -* Added a new CURLOPT_MAIL_AUTH option -* Added support for --mail-auth -* (for more see the shipped CHANGES file) - -------------------------------------------------------------------- -Wed Feb 8 00:45:18 UTC 2012 - crrodriguez@opensuse.org - -- Problem with the c-ares backend, workaround for [bnc#745534] - -------------------------------------------------------------------- -Thu Feb 2 18:47:10 UTC 2012 - crrodriguez@opensuse.org - -- Update to version curl 7.24.0 -- refresh patches to fix broken build - -------------------------------------------------------------------- -Wed Jan 18 13:49:56 CET 2012 - dmueller@suse.de - -- use the rpmoptflags unconditionally, don't do own compiler flag - magic. Fixes debuginfo package built - -------------------------------------------------------------------- -Wed Dec 28 10:30:28 UTC 2011 - mmarek@suse.cz - -- Package /usr/share/aclocal to avoid build dependency on automake. - -------------------------------------------------------------------- -Wed Nov 30 22:39:35 UTC 2011 - crrodriguez@opensuse.org - -- Use O_CLOEXEC in library code. - -------------------------------------------------------------------- -Tue Nov 29 11:51:38 UTC 2011 - jengelh@medozas.de - -- Remove redundant/unwanted tags/section (cf. specfile guidelines) - -------------------------------------------------------------------- -Tue Nov 29 08:20:23 UTC 2011 - idoenmez@suse.de - -- Use original source tarball - -------------------------------------------------------------------- -Mon Nov 28 12:00:00 UTC 2011 - opensuse@dstoecker.de - -- Update to version 7.23.1: - + Empty headers can be sent in HTTP requests by terminating with a semicolon - + SSL session sharing support added to curl_share_setopt() - + Added support to MAIL FROM for the optional SIZE parameter - + smtp: Added support for NTLM authentication - + curl tool: code split into tool_*.[ch] files - + lots of bugfixes -------------------------------------------------------------------- -Mon Oct 3 15:44:17 UTC 2011 - dimstar@opensuse.org - -- Update to version 7.22.0: - + Added CURLOPT_GSSAPI_DELEGATION - + Added support for NTLM delegation to Samba's winbind daemon - helper ntlm_auth - + Display notes from setup file in testcurl.pl - + BSD-style lwIP TCP/IP stack experimental support on Windows - + OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available - + --delegation was added to set CURLOPT_GSSAPI_DELEGATION - + nss: start with no database if the selected database is broken - + telnet: allow programatic use on Windows - + for a list of bugfixes, see - http://curl.haxx.se/changes.html#7_22_0 -- Drop curl-openssl-release-buffers.patch: fixed upstream. -- Add curl-fix-m4.patch: Use 'x' in configure scripts. Fixes issues - when configure is run with -Werror -Wall. - -------------------------------------------------------------------- -Sun Sep 18 00:10:42 UTC 2011 - jengelh@medozas.de - -- Remove redundant tags/sections from specfile -- Use %_smp_mflags for parallel build - -------------------------------------------------------------------- -Fri Sep 16 17:22:44 UTC 2011 - jengelh@medozas.de - -- Add curl-devel to baselibs - -------------------------------------------------------------------- -Mon Aug 15 05:05:01 UTC 2011 - crrodriguez@opensuse.org - -- Use SSL_MODE_RELEASE_BUFFERS if available, accepted - in upstream as commit 3d919440c80333c496fb - -------------------------------------------------------------------- -Tue Jul 12 06:46:02 UTC 2011 - coolo@novell.com - -- remove support for old suse_versions - -------------------------------------------------------------------- -Mon Jul 11 11:40:17 CEST 2011 - pth@suse.de - -- Update to 7.21.7: - - Fix libcurl inappropriate GSSAPI delegation. Full details at - http://curl.haxx.se/docs/adv_20110623.html - - Some other minor fixes. - -- Use the lzma compressed tarball provided upstreams. - -------------------------------------------------------------------- -Fri May 20 16:25:34 UTC 2011 - crrodriguez@opensuse.org - -- remove unintented LDFLAGS from the spec file - -------------------------------------------------------------------- -Fri May 20 15:37:54 UTC 2011 - crrodriguez@opensuse.org - -- Update to 7.21.6 -* curl-config: fix --version -* use HTTPS properly after CONNECT -* SFTP: close file before post quote operations - -------------------------------------------------------------------- -Thu Apr 14 17:02:19 UTC 2011 - crrodriguez@opensuse.org - -- bnc#598574 has been fixed in upstream commit 8ab137b2bc9630ce20f4 - already, so enable c-ares support again. - -------------------------------------------------------------------- -Sat Apr 9 20:42:27 UTC 2011 - crrodriguez@opensuse.org - -- Support openSSL compiled without SSLv2 support -- Update to version 7.21.4 - * SMTP: add brackets for MAIL FROM - * multi: connect fail => use next IP address - * pubkey_show: allocate buffer to fit any-size result - * Curl_do: avoid using stale conn pointer - * tftpd test server: avoid buffer overflow report from glibc - * OpenSSL get_cert_chain: support larger data sets - * SCP/SFTP transfers: acknowledge speedcheck - * connect problem: use UDP correctly - * OpenSSL: improved error message on SSL_CTX_new failures - * HTTP: memory leak on multiple Location: - * curl.1: typo in -v description - * CURLOPT_SOCKOPTFUNCTION: return proper error code --keepalive-time - * file: add support for CURLOPT_TIMECONDITION - * multi: fix CURLM_STATE_TOOFAST for multi_socket -------------------------------------------------------------------- -Fri Oct 22 16:37:03 UTC 2010 - cristian.rodriguez@opensuse.org - -- Update to version 7.21.2 - * curl -T: ignore file size of special files - * Added GOPHER protocol support - * Added mk-ca-bundle.vbs script - * c-ares build now requires c-ares >= 1.6.0 - * --remote-header-name security vulnerability fixed - * multi: support the timeouts correctly, fixes known bug #62 - * multi: use timeouts properly for MAX_RECV/SEND_SPEED - * negotiation: Wrong proxy authorization - * multi: avoid sending multiple complete messages - * cmdline: make -F type= accept ;charset= - * RESUME_FROM: clarify what ftp uploads do - * http: handle trailer headers in all chunked responses - * Curl_is_connected: use correct errno - * progress: callback for POSTs less than MAX_INITIAL_POST_SIZE - * Link curl and the test apps with -lrt explicitly when necessary - * chunky parser: only rewind stream internally if needed - * remote-header-name: don't output filename when NULL - * Curl_timeleft: avoid returning "no timeout" by mistake - * timeout: use the correct start value as offset - * FTP: fix wrong timeout trigger - * rtsp: avoid SIGSEGV on malformed header - * LDAP: Support for tunnelling queries through HTTP proxy - * curl_easy_duphandle: clone the c-ares handle correctly - * support URL containing colon without trailing port number - * parsedate: allow time specified without seconds - * curl_easy_escape: don't escape "unreserved" characters - * SFTP: avoid downloading negative sizes - * Lots of GSS/KRB FTP fixes - * TFTP: Work around tftpd-hpa upload bug - * libcurl.m4: several fixes - * HTTP: remove special case for 416 - * globbing: fix crash on unballanced open brace - -------------------------------------------------------------------- -Wed Jun 2 14:12:54 UTC 2010 - lnussel@suse.de - -- allowing switching to nss instead of openssl via bcond - -------------------------------------------------------------------- -Mon May 10 01:12:22 UTC 2010 - crrodriguez@opensuse.org - -- disable c-ares support while bnc598574 is fixed. - -------------------------------------------------------------------- -Sat Apr 24 10:58:50 UTC 2010 - coolo@novell.com - -- buildrequire pkg-config to fix provides - -------------------------------------------------------------------- -Fri Apr 23 00:53:19 UTC 2010 - crrodriguez@opensuse.org - -- Update to libcurl 7.20.1 - * off-by-one in the chunked encoding trailer parser - * CURLOPT_CERTINFO memory leak - * threaded resolver double free when closing curl handle - * url_multi_remove_handle() caused use after free - * SSL possible double free when reusing curl handle - * alarm()-based DNS timeout bug - -------------------------------------------------------------------- -Wed Mar 24 18:39:57 UTC 2010 - crrodriguez@opensuse.org - -- enable libssh2 support unconditionally. - -------------------------------------------------------------------- -Wed Mar 10 13:46:45 UTC 2010 - crrodriguez@opensuse.org - -- enable libcares support unconditionally. - -------------------------------------------------------------------- -Sat Feb 13 21:39:56 CET 2010 - dimstar@opensuse.org - -- Update to version 7.20.0: - * support SSL_FILETYPE_ENGINE for client certificate - * curl-config can now show the arguments used when building curl - * non-blocking TFTP - * send Expect: 100-continue for POSTs with unknown sizes - * added support for IMAP(S), POP3(S), SMTP(S) and RTSP - * added new curl_easy_setopt() options for SMTP and RTSP - * added --mail-from and --mail-rcpt for SMTP - * VMS build system enhancements - * added support for the PRET ftp command - * curl supports --ssl and --ssl-reqd - * added -J/--remote-header-name for using server-provided - filename with -O - * enhanced asynchronous DNS lookups - * symbol CURL_FORMAT_OFF_T is obsoleted - * many bugfixes - -------------------------------------------------------------------- -Tue Jan 26 11:33:14 CET 2010 - mmarek@suse.cz - -- updated to 7.19.7 - * -T. is now for non-blocking uploading from stdin - * SYST handling on FTP for OS/400 FTP server cases - * libcurl refuses to read a single HTTP header longer than 100K - * added the --crlfile option to curl - * many bugfixes - - -------------------------------------------------------------------- -Mon Jan 11 11:38:16 CET 2010 - meissner@suse.de - -- add baselibs.conf as source - -------------------------------------------------------------------- -Thu Aug 13 21:30:37 CEST 2009 - mmarek@suse.cz - -- updated to 7.19.6 - * CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges - * Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, - CURLOPT_SSH_KEYDATA - * CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be - told to ignore error responses when used with FTP - * fixed CVE-2009-2417 (matching certificates with embedded NUL - bytes) - * many other bugfixes - -------------------------------------------------------------------- -Tue May 19 15:03:25 CEST 2009 - mmarek@suse.cz - -- remove the Obsoletes: curl-ca-bundle, it breaks parallel - installation of older libcurl packages (bnc#484044). - -------------------------------------------------------------------- -Tue May 19 15:00:02 CEST 2009 - mmarek@suse.cz - -- updated to 7.19.5 - * libcurl now closes all dead connections whenever you attempt to - open a new connection - * libssh2's version number can now be figured out run-time - instead of using the build-time fixed number - * CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK - * curl can now upload with resume even when reading from a pipe - * a build-time configured curl_socklen_t is now used instead of - socklen_t -- by default, don't abort if the testsuite fails. - - -------------------------------------------------------------------- -Thu Mar 5 11:12:41 CET 2009 - mmarek@suse.cz - -- don't run autoreconf -fi as it breaks on older distros and - upstream uses recent autotools already. - -------------------------------------------------------------------- -Mon Mar 2 15:44:14 CET 2009 - mmarek@suse.cz - -- updated to 7.19.4 - * don't follow redirects to file:// and scp:// by default; add - new curl_easy_setopt options CURLOPT_PROTOCOLS and - CURLOPT_REDIR_PROTOCOLS to specify which protocols are allowed - and which protocols are allowed to redirect to (bnc#475103, - CVE-2009-0037) - * Added CURLOPT_NOPROXY and the corresponding --noproxy - * the OpenSSL-specific code disables TICKET (rfc5077) which is - enabled by default in openssl 0.9.8j - * Added CURLOPT_TFTP_BLKSIZE - * Added CURLOPT_SOCKS5_GSSAPI_SERVICE and - CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options - --socks5-gssapi-service and --socks5-gssapi-nec - * Improved IPv6 support when built with with c-ares >= 1.6.1 - * Added CURLPROXY_HTTP_1_0 and --proxy1.0 - * Added docs/libcurl/symbols-in-versions - * Added CURLINFO_CONDITION_UNMET - * Added support for Digest and NTLM authentication using GnuTLS - * CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry - the CWD even when MKD fails - * GnuTLS initing moved to curl_global_init() - * CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and - CURLOPT_PROXYAUTH - * pkg-config can now show supported_protocols and - supported_features - * Added CURLOPT_CERTINFO and CURLINFO_CERTINFO - * Added CURLOPT_POSTREDIR - * Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests - on them - * configure --disable-proxy disables proxy support - * Added CURLOPT_USERNAME and CURLOPT_PASSWORD - * --interface now works with IPv6 connections on glibc systems - * Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD - - - -------------------------------------------------------------------- -Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - -- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - (bnc#437293) - -------------------------------------------------------------------- -Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - -- obsolete old -XXbit packages (bnc#437293) - -------------------------------------------------------------------- -Mon Sep 15 11:26:06 CEST 2008 - mmarek@suse.cz - -- only buildrequire stunnel when built --with stunnel - -------------------------------------------------------------------- -Thu Sep 11 09:20:08 CEST 2008 - mmarek@suse.cz - -- test 279 no longer fails with runtests.pl -b - -------------------------------------------------------------------- -Tue Sep 2 14:23:51 CEST 2008 - mmarek@suse.cz - -- updated to 7.19.0 - * curl_off_t gets its size/typedef somewhat differently than - before. This _may_ cause an ABI change for you. See - /usr/share/doc/packages/curl/README.curl_off_t for a full - explanation. (Should not affect our package as it has LFS - enabled) - * Added CURLINFO_PRIMARY_IP - * Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE - * Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR - * curl's option parser for boolean options reworked - * Added --remote-name-all - * Added CURLINFO_APPCONNECT_TIME - * Added test selection by key word in runtests.pl - * the curl tool's -w option support the %{ssl_verify_result} - variable - * Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL - according to RFC4007 - * Support --append on SFTP uploads (not with OpenSSH, though) - * Added curlbuild.h and curlrules.h to the external library - interface - * lots of bugfixes - -------------------------------------------------------------------- -Wed Jun 4 18:05:43 CEST 2008 - mmarek@suse.cz - -- updated to 7.18.2 - * CURLFORM_STREAM was added - * CURLOPT_NOBODY is now supported over SFTP - * curl can now run on Symbian OS - * curl -w redirect_url and CURLINFO_REDIRECT_URL - * added curl_easy_send() and curl_easy_recv() - * some bugfixes - -------------------------------------------------------------------- -Sat May 17 19:22:10 CEST 2008 - coolo@suse.de - -- fix renaming of xxbit packages - -------------------------------------------------------------------- -Mon Apr 28 11:30:24 CEST 2008 - mmarek@suse.cz - -- disable c-ares support again until bnc#381709 is fixed -- build with libssh2 support in the devel:libraries:c_c++ project - -------------------------------------------------------------------- -Fri Apr 11 14:22:20 CEST 2008 - mmarek@suse.cz - -- build with c-ares support -- fixed build for older dists - -------------------------------------------------------------------- -Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - -- added baselibs.conf file to build xxbit packages - for multilib support - -------------------------------------------------------------------- -Wed Apr 2 13:53:43 CEST 2008 - mmarek@suse.de - -- obsolete curl-ca-bundle by the library package - -------------------------------------------------------------------- -Mon Mar 31 10:16:30 CEST 2008 - mmarek@suse.cz - -- updated to 7.18.1 - * minor fixes since last update - -------------------------------------------------------------------- -Fri Mar 21 17:42:35 CET 2008 - mmarek@suse.cz - -- updated to cvs snapshot 20080321 - * added support for HttpOnly cookies - * we no longer distribute or install a ca cert bundle - * SSLv2 is now disabled by default for SSL operations - * the test509-style setting URL in callback is officially no - longer supported - * support a full chain of certificates in a given PKCS12 - certificate - * resumed transfers work with SFTP - * added type checking macros for curl_easy_setopt() and - curl_easy_getinfo(), watch out for new warnings in code using - libcurl (needs gcc-4.3 and currently only works in C mode) - * curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() - and curl_multi_setopt() uses are now checked to use exactly - three arguments - - -------------------------------------------------------------------- -Mon Mar 10 11:03:56 CET 2008 - mmarek@suse.cz - -- clean up curl-config --libs output, thanks to Cristian Rodríguez - for pointing it out - -------------------------------------------------------------------- -Fri Mar 7 11:03:25 CET 2008 - mmarek@suse.cz - -- build with gssapi support (thanks to Michael Calmer) - -------------------------------------------------------------------- -Mon Feb 18 15:00:12 CET 2008 - mmarek@suse.cz - -- removed Requires: openssl-certs - doesn't exist on older dists - and is required by libopenssl otherwise -- allow to build the package even if the testsuite fails - -------------------------------------------------------------------- -Fri Feb 8 10:21:10 CET 2008 - mmarek@suse.cz - -- use /etc/ssl/certs instead of own curl-ca-bundle.crt - * more up-to-date ca cert collection (bnc#334690) - * allows for easier updates of ca certs - -------------------------------------------------------------------- -Tue Jan 29 10:01:27 CET 2008 - mmarek@suse.cz - -- updated to 7.18.0 - * --data-urlencode - * CURLOPT_PROXY_TRANSFER_MODE - * --no-keepalive - now curl does connections with keep-alive - enabled by default - * --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl) - * --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl) - * curl_easy_pause() - * CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA - * --keepalive-time - * curl --help output was re-ordered - * bugfixes -- fixed test553 to work with different port number - -------------------------------------------------------------------- -Thu Jan 10 16:21:34 CET 2008 - mmarek@suse.cz - -- only print -lcurl in curl-config to reduce dependencies - -------------------------------------------------------------------- -Tue Dec 11 17:59:57 CET 2007 - mmarek@suse.cz - -- backported the CURLOPT_PROXY_TRANSFER_MODE patch [#306272#c26] - -------------------------------------------------------------------- -Fri Nov 16 12:06:39 CET 2007 - mmarek@suse.cz - -- fixed the testsuite on hosts that have no IPv6 support [#341994] - curl-testsuite-safely-skip-http-ipv6.patch - curl-testsuite-remember-broken-servers.patch -- added stunnel to BuildRequires to enable SSL tests - -------------------------------------------------------------------- -Tue Oct 30 09:14:04 CET 2007 - mmarek@suse.cz - -- updated to 7.17.1 - * automatically append ";type=" when using HTTP proxies for - FTP urls [#306272] - * improved NSS support - * added --proxy-negotiate - * added --post301 and CURLOPT_POST301 - * builds with c-ares 1.5.0 - * added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 - * renamed CURLE_SSL_PEER_CERTIFICATE to - CURLE_PEER_FAILED_VERIFICATION - * added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA - * CULROPT_COOKIELIST supports "FLUSH" - * added CURLOPT_COPYPOSTFIELDS - * added --static-libs to curl-config - * many bugfixes, inc. fix for bug #332917 - -------------------------------------------------------------------- -Thu Oct 11 16:19:56 CEST 2007 - mszeredi@suse.de - -- Add missing dependency (openldap2-devel) for libcurl-devel - -------------------------------------------------------------------- -Mon Oct 8 17:28:01 CEST 2007 - mmarek@suse.cz - -- updated to 7.17.0 - * curl_easy_setopt() now allocates strings passed to it - * LDAP libraries are now linked "regularly" and not with dlopen - (the strict-aliasing patch can go away) - * HTTP transfers have the download size info "available" earlier - * FTP transfers have the download size info "available" earlier - * several error codes and options were marked as obsolete and - subject to future removal (set CURL_NO_OLDIES to see if your - application is using them) - * some bugfixes (see /usr/share/doc/packages/curl/RELEASE-NOTES) -- added fixes for some post-7.17 bugs -- removed some less useful %%doc files - -------------------------------------------------------------------- -Fri Sep 14 09:20:35 CEST 2007 - mmarek@suse.cz - -- set transfer mode (binary/ascii) when retrieving ftp:// urls via - an http proxy (curl-ftp-httpproxy.patch) [#306272] - -------------------------------------------------------------------- -Wed Aug 29 12:25:59 CEST 2007 - mmarek@suse.cz - -- s/openssl-devel/libopenssl-devel/ [#305815] - -------------------------------------------------------------------- -Fri Aug 3 13:53:05 CEST 2007 - mmarek@suse.cz - -- updated to 7.16.4 - * added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS - * improved hashing of sockets for the multi_socket API - * ftp kerberos5 support added - * some bugfixes (see /usr/share/doc/packages/curl/RELEASE-NOTES) -- fixed libcurl-devel Provides: [#293401] - - -------------------------------------------------------------------- -Mon Jul 9 10:35:48 CEST 2007 - mmarek@suse.cz - -- updated to 7.16.3 - * many bugfixes - * support for running multiple testsuites in paralell -- removed lfs patch leftover - -------------------------------------------------------------------- -Mon Jun 4 10:16:40 CEST 2007 - mmarek@suse.cz - -- install libcurl.m4 [#275462] - -------------------------------------------------------------------- -Fri Jun 1 11:57:28 CEST 2007 - dmueller@suse.de - -- fix obsoletes for alpha3 update -- fix ldconfig call - -------------------------------------------------------------------- -Wed May 23 16:22:39 CEST 2007 - bk@suse.de - -- updated to 7.16.2 (lots of fixes, fixes a segfault in git-http) - -------------------------------------------------------------------- -Fri May 4 14:55:41 CEST 2007 - mmarek@suse.cz - -- also avoid non-versioned obsoletes - -------------------------------------------------------------------- -Mon Apr 16 10:49:55 CEST 2007 - mmarek@suse.de - -- avoid non-versioned provides -- removed old curl_ssl provides/obsoletes from 7.1 times - -------------------------------------------------------------------- -Mon Apr 2 17:38:04 CEST 2007 - rguenther@suse.de - -- split off libcurl4 and curl-ca-bundle packages, rename curl-devel - to libcurl-devel - -------------------------------------------------------------------- -Sat Mar 31 18:53:00 CEST 2007 - rguenther@suse.de - -- add zlib-devel BuildRequires - -------------------------------------------------------------------- -Fri Feb 16 16:07:34 CET 2007 - mmarek@suse.cz - -- better patch for #246179 - -------------------------------------------------------------------- -Fri Feb 16 14:04:38 CET 2007 - mmarek@suse.cz - -- fix CURLOPT_RANGE reset for ftp transfers - [#246179] (ftp_range.patch) -- updated to 7.16.1 (other bugfixes) - -------------------------------------------------------------------- -Fri Jan 26 09:55:19 CET 2007 - mmarek@suse.cz - -- remove libcurl.a and libcurl.la (rationale: there are security - updates of curl from time to time, so statically linking it is - not acceptable) - -------------------------------------------------------------------- -Thu Jan 25 15:36:29 CET 2007 - mmarek@suse.cz - -- fixed strict aliasing warnings - -------------------------------------------------------------------- -Tue Dec 19 14:59:34 CET 2006 - mmarek@suse.cz - -- updated to 7.16.0 - * removed CURLOPT_SOURCE_* options and --3p* command line option - (breaks python-curl atm) - * for a complete list of changes, see - /usr/share/doc/packages/curl/RELEASE-NOTES - -------------------------------------------------------------------- -Tue Aug 15 11:23:58 CEST 2006 - mmarek@suse.cz - -- configure with --enable-hidden-symbols to compile libcurl with - -fvisibility=hidden, exporting only symbols from the API - -------------------------------------------------------------------- -Tue Aug 15 10:41:28 CEST 2006 - mmarek@suse.cz - -- updated to version 7.15.5 - * added --ftp-ssl-reqd - * modified the prototype for the socket callback set with - CURLMOPT_SOCKETFUNCTION - * added curl_multi_assign() - * added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user - * added a vcproj file for building libcurl - * added curl_formget() - * added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE - * Made -K on a file that couldn't be read cause a warning to be displayed - * some bugfixes -- dropped epsv-firewall.patch which was intergrated in 7.15.2 - -------------------------------------------------------------------- -Sat Jul 1 21:28:06 CEST 2006 - cthiel@suse.de - -- update to version 7.15.4, changes & fixes for this version: - * NTLM2 session response support - * CURLOPT_COOKIELIST set to "SESS" clears all session cookies - * CURLINFO_LASTSOCKET returned sockets are now checked more before - returned - * curl-config got a --checkfor option to compare version numbers - * line end conversions for FTP ASCII transfers - * curl_multi_socket() API added (still mostly untested) - * conversion callback options for EBCDIC <=> ASCII conversions - * added CURLINFO_FTP_ENTRY_PATH - * less blocking for the multi interface during (Open)SSL connect - negotiation - * builds fine on cygwin - * md5-sess with Digest authentication - * dict with letters such as space in a word - * dict with url-encoded words in the URL - * libcurl.m4 when default=yes but no libcurl was found - * numerous bugs fixed in the TFTP code - * possible memory leak when adding easy handles to multi stack - * TFTP works in a more portable fashion (== on more platforms) - * WSAGetLastError() is now used (better) on Windows - * GnuTLS non-block case that could cause data trashing - * deflate code survives lack of zlib header - * CURLOPT_INTERFACE works with hostname - * configure runs fine with ICC - * closed control connection with FTP when easy handle was removed from - multi - * curl --trace crash when built with VS2005 - * SSL connect time-out - * improved NTLM functionality - * following redirects with more than one question mark in source URL - * fixed debug build crash with -d - * generates a fine AIX Toolbox RPM spec - * treat FTP AUTH failures properly - * TFTP transfers could trash data - * -d + -G combo crash - -------------------------------------------------------------------- -Wed Jun 14 17:36:10 CEST 2006 - mmarek@suse.cz - -- fixed syntax error in configure - -------------------------------------------------------------------- -Sun May 28 16:16:33 CEST 2006 - cthiel@suse.de - -- update to version 7.15.3, changes & fixes for this version: - * added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD - * TFTP Packet Buffer Overflow Vulnerability (CVE-2006-1061) - * properly detecting problems with sending the FTP command USER - * wrong error message shown when certificate verification failed - * multi-part formpost with multi interface crash - * the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged - * "SSL: couldn't set callback" is now treated as a less serious problem - * Interix build fix - * fixed curl "hang" when out of file handles at start - * prevent FTP uploads to URLs with trailing slash - -- changes & fixes in 7.15.2 - * Support for SOCKS4 proxies (added --socks4) - * CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET added - * CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE (--local-port) added - * Dropped support for the LPRT ftp command - * Gopher is now officially abandoned as a protocol (lib)curl tries to - support - * curl_global_init() and curl_global_cleanup() are now using a refcount so - that it is now legal to call them multiple times. See updated info for - details - * two bugs concerning using curl_multi_remove_handle() before the transfer - was complete - * multi-pass authentication and compressed content - * minor format string mistake in the GSS/Negotiate code - * cached DNS entries could remain in the cache too long - * improved GnuTLS check in configure - * re-used FTP connections when the second request didn't do a transfer - * plain --limit-rate [num] means bytes - * re-creating a dead connection is no longer counted internally as a - followed redirect and thus prevents a weird error that would occur if a - FTP connection died on an attempted re-use - * Try PASV after failing to connect to the port the EPSV response - contained - * -P [IP] with non-local address with ipv6-enabled curl - * -P [hostname] with ipv6-disabled curl - * libcurl.m4 was updated - * configure no longer warns if the current path contains a space - * test suite kill race condition - * FTP_SKIP_PASV_IP and FTP_USE_EPSV when doing FTP over HTTP proxy - * Doing a second request with FTP on the same bath path, would make - libcurl confuse what current working directory it had - * FTP over HTTP proxy now sends the second CONNECT properly - * numerous compiler warnings and build quirks for various compilers have - been addressed - * supports name and passwords up to 255 bytes long, embedded in URLs - * the HTTP_ONLY define disables the TFTP support - -- removed curl-7.15.1-CVE-2006-1061.patch, included upstream -- removed curl-7.15.1-aliasing.patch - -------------------------------------------------------------------- -Tue Mar 14 12:35:53 CET 2006 - mmarek@suse.cz - -- fix buffer overflow in TFTP code - [#157874] (CVE-2006-1061.patch) - -------------------------------------------------------------------- -Wed Feb 15 02:53:15 CET 2006 - ro@suse.de - -- added libidn-devel to requires of devel package - -------------------------------------------------------------------- -Mon Feb 13 16:32:40 CET 2006 - mmarek@suse.cz - -- build with libidn support - [#150313] - -------------------------------------------------------------------- -Fri Jan 27 01:07:37 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Mon Jan 23 17:20:59 CET 2006 - mmarek@suse.cz - -- fallback to PASV if some firewall doesn't let an EPSV connection - trough - -------------------------------------------------------------------- -Thu Jan 12 15:45:18 CET 2006 - mmarek@suse.cz - -- build with -fstack-protector -- add dependency on curl = %%{version} to curl-devel - -------------------------------------------------------------------- -Tue Jan 10 15:24:29 CET 2006 - mmarek@suse.cz - -- remove non-existent path /usr/ssl, which caused -L/usr/ssl/lib to - appeared in curl-config output -- use make -j - -------------------------------------------------------------------- -Tue Dec 13 13:23:13 CET 2005 - mmarek@suse.cz - -- updated to 7.15.1, fixing previous vulnerabilities - -------------------------------------------------------------------- -Thu Oct 13 16:00:00 CEST 2005 - mmarek@suse.cz - -- fix stack buffer overflow in lib/http_ntlm.c [#128065] - -------------------------------------------------------------------- -Mon Oct 10 14:20:12 CEST 2005 - mmarek@suse.cz - -- updated to 7.14.1 -- updated curl-7.14.1-aliasing.patch - -------------------------------------------------------------------- -Mon Jun 20 16:38:34 CEST 2005 - anicka@suse.cz - -- update to 7.14.0 -- remove obsolete patch curl-ntlm.patch - -------------------------------------------------------------------- -Tue Apr 12 16:37:59 CEST 2005 - tcrhak@suse.cz - -- packaged curl-ca-bundle.crt (bug #64301) - -------------------------------------------------------------------- -Thu Feb 24 10:07:13 CET 2005 - meissner@suse.de - -- enable make test. fixed test 241 to use ::1 directly. - -------------------------------------------------------------------- -Tue Feb 22 10:46:21 CET 2005 - mcihar@suse.cz - -- fix buffer overflow in NTLM (bug #65752) - -------------------------------------------------------------------- -Tue Feb 8 18:36:38 CET 2005 - mcihar@suse.cz - -- update to 7.13.0 - -------------------------------------------------------------------- -Wed Aug 11 11:31:07 CEST 2004 - tcrhak@suse.cz - -- update to 7.12.0 - -------------------------------------------------------------------- -Wed Apr 28 19:57:41 CEST 2004 - tcrhak@suse.cz - -- strict aliasing fix - -------------------------------------------------------------------- -Tue Mar 16 17:31:01 CET 2004 - tcrhak@suse.cz - -- fix for lfs for in transfer.c (bug #36040) - -------------------------------------------------------------------- -Wed Feb 25 19:29:05 CET 2004 - tcrhak@suse.cz - -- ignore leading slashes of url-path in URLs like - ftp://user@name//url-path, i.e don't change to the - root directory (RFC 1738, bug #34471) - -------------------------------------------------------------------- -Tue Feb 10 17:39:28 CET 2004 - tcrhak@suse.cz - -- update to version 7.11.0 - -------------------------------------------------------------------- -Sat Jan 10 16:13:21 CET 2004 - adrian@suse.de - -- add %defattr and %run_ldconfig - -------------------------------------------------------------------- -Wed Nov 05 16:20:21 CET 2003 - tcrhak@suse.cz - -- added large file support, patch lfs [bug #32411] - -------------------------------------------------------------------- -Thu Sep 04 17:48:46 CEST 2003 - tcrhak@suse.cz - -- require zlib-devel, openssl-devel and glibc-devel in curl-devel [bug #29881] - -------------------------------------------------------------------- -Fri Aug 08 09:39:30 CEST 2003 - tcrhak@suse.cz - -- terminate array of directory components by NULL (bug #28351, patch dirs) - -------------------------------------------------------------------- -Wed Jul 23 19:36:56 CEST 2003 - tcrhak@suse.cz - -- update to version 7.10.5 - -------------------------------------------------------------------- -Tue Jun 3 01:24:42 CEST 2003 - ro@suse.de - -- remove unpackaged files from buildroot - -------------------------------------------------------------------- -Wed Nov 27 17:27:13 CET 2002 - tcrhak@suse.cz - -- update to version 7.10.2 -- moved curl-config.1.gz to the devel subpackage [bug #21966] - -------------------------------------------------------------------- -Sat Jul 13 17:25:58 CEST 2002 - tcrhak@suse.cz - -- update to version 7.9.8 -- added automake - -------------------------------------------------------------------- -Fri Jan 18 17:45:31 CET 2002 - tcrhak@suse.cz - -- used macros %{_lib} and %{_libdir} -- update to 7.9.2 - -------------------------------------------------------------------- -Fri Oct 19 08:38:40 CEST 2001 - ro@suse.de - -- do not pack shared library into both, main and devel package - -------------------------------------------------------------------- -Mon Oct 8 11:35:52 CEST 2001 - tcrhak@suse.cz - -- update to version 7.9 - -------------------------------------------------------------------- -Fri Sep 21 11:46:09 CEST 2001 - adostal@suse.cz - -- fix manual in man.patch - -------------------------------------------------------------------- -Tue Aug 21 16:10:10 CEST 2001 - adostal@suse.cz - -- update to version 7.8.1 - -------------------------------------------------------------------- -Wed Jul 18 10:21:13 CEST 2001 - adostal@suse.cz - -- files devel fixed - -------------------------------------------------------------------- -Mon Jul 2 17:51:34 CEST 2001 - adostal@suse.cz - -- update to version 7.8 - -------------------------------------------------------------------- -Wed Jun 13 17:33:41 CEST 2001 - ro@suse.de - -- fixed to compile with new autoconf - -------------------------------------------------------------------- -Mon Apr 9 14:39:03 CEST 2001 - cihlar@suse.cz - -- update to version 7.7.1 - -------------------------------------------------------------------- -Tue Mar 6 10:03:05 CET 2001 - cihlar@suse.cz - -- update to version 7.6.1 - -------------------------------------------------------------------- -Wed Jan 3 09:13:15 CET 2001 - cihlar@suse.cz - -- fixed Provides and Obsoletes also for curl-devel - -------------------------------------------------------------------- -Tue Dec 19 07:16:38 CET 2000 - cihlar@suse.cz - -- fixed name -- added Obsoletes: curl_ssl - -------------------------------------------------------------------- -Mon Dec 18 15:13:25 CET 2000 - cihlar@suse.cz - -- changed to ssl support - -------------------------------------------------------------------- -Thu Nov 16 14:25:18 CET 2000 - cihlar@suse.cz - -- renamed curldev -> curl-devel -- update to version 7.4.2 - -------------------------------------------------------------------- -Tue Oct 17 09:16:16 CEST 2000 - cihlar@suse.cz - -- update to version 7.4.1 - security bug fixed - -------------------------------------------------------------------- -Wed Aug 30 09:34:32 CEST 2000 - cihlar@suse.cz - -- package created - diff --git a/curl-mini.spec b/curl-mini.spec deleted file mode 100644 index 52b5db7..0000000 --- a/curl-mini.spec +++ /dev/null @@ -1,232 +0,0 @@ -# -# spec file for package curl-mini -# -# Copyright (c) 2020 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -##### WARNING: please do not edit this auto generated spec file. Use the curl.spec! ##### -%define bootstrap 1 -##### WARNING: please do not edit this auto generated spec file. Use the curl.spec! ##### -%define mini -mini -%if 0%{?bootstrap} -%bcond_with testsuite -%else -%bcond_without testsuite -%endif -%bcond_with mozilla_nss -# need ssl always for python-pycurl -%bcond_without openssl -Name: curl-mini -Version: 7.68.0 -Release: 0 -Summary: A Tool for Transferring Data from URLs -License: curl -URL: https://curl.haxx.se/ -Source: https://curl.haxx.se/download/curl-%{version}.tar.xz -Source2: https://curl.haxx.se/download/curl-%{version}.tar.xz.asc -Source3: baselibs.conf -Source4: https://daniel.haxx.se/mykey.asc#/curl.keyring -Patch0: libcurl-ocloexec.patch -Patch1: dont-mess-with-rpmoptflags.diff -Patch2: curl-secure-getenv.patch -Patch3: ignore_runtests_failure.patch -# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled -Patch4: curl-disabled-redirect-protocol-message.patch -Patch5: curl-use_OPENSSL_config.patch -BuildRequires: libtool -BuildRequires: pkgconfig -Requires: libcurl4%{?mini} = %{version} -%if !0%{?bootstrap} -BuildRequires: groff -BuildRequires: lzma -BuildRequires: openldap2-devel -BuildRequires: pkgconfig(krb5) -BuildRequires: pkgconfig(libidn2) -BuildRequires: pkgconfig(libmetalink) -BuildRequires: pkgconfig(libnghttp2) -BuildRequires: pkgconfig(libpsl) -BuildRequires: pkgconfig(libssh) -BuildRequires: pkgconfig(zlib) -# avoid our own libcurl4 pulled in by cmake -#!BuildRequires: libcurl4-mini -%else -Requires: this-is-only-for-build-envs -Conflicts: curl -# The -mini package is sufficient for the build hosts -Provides: curl = %{version} -%endif -%if %{with openssl} -BuildRequires: pkgconfig(libssl) -%endif -%if %{with mozilla_nss} -BuildRequires: mozilla-nss-devel -%endif -#BuildRequires: openssh -%if 0%{?_with_stunnel:1} -# used by the testsuite -BuildRequires: stunnel -%endif - -%description -Curl is a client to get documents and files from or send documents to a -server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, -TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work -without user interaction or any kind of interactivity. - -%package -n libcurl4%{?mini} -Summary: Library for transferring data from URLs -%if 0%{?bootstrap} -Requires: this-is-only-for-build-envs -Conflicts: libcurl4 -Provides: libcurl4 = %{version} -%endif - -%description -n libcurl4%{?mini} -The cURL shared library for accessing data using different -network protocols. - -%package -n libcurl%{?mini}-devel -Summary: Development files for the curl library -Requires: glibc-devel -Requires: libcurl4%{?mini} = %{version} -# curl-devel (v 7.15.5) was last used in 10.2 -Provides: curl-devel <= 7.15.5 -Obsoletes: curl-devel < 7.16.2 -%if 0%{?bootstrap} -Requires: this-is-only-for-build-envs -Conflicts: libcurl-devel -Provides: libcurl-devel = %{version}-%{release} -%endif - -%description -n libcurl%{?mini}-devel -Curl is a client to get documents and files from or send documents to a -server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, -DICT, TELNET, LDAP, or FILE). The command is designed to work without -user interaction or any kind of interactivity. - -%prep -%setup -q -n curl-%{version} -%patch0 -p1 -%patch1 -%patch2 -%ifarch ppc ppc64 ppc64le -%patch3 -p1 -%endif -%patch4 -p1 -%patch5 -p1 - -# disable new failing test 1165 -echo "1165" >> tests/data/DISABLED - -%build -# curl complains if macro definition is contained in CFLAGS -# see m4/xc-val-flgs.m4 -CPPFLAGS="-D_FORTIFY_SOURCE=2" -CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//') -export CPPFLAGS CFLAGS -export CFLAGS="$CFLAGS -fPIE" -export LDFLAGS="$LDFLAGS -pie" -autoreconf -fiv -# local hack to make curl-config --libs stop printing libraries it depends on -# (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, -# will hopefully change in the future) -sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure -%configure \ - --enable-ipv6 \ -%if %{with openssl} - --with-ssl \ - --with-ca-fallback \ - --without-ca-path \ - --without-ca-bundle \ -%else - --without-ssl \ -%if %{with mozilla_nss} - --with-nss \ -%endif -%endif -%if !0%{?bootstrap} - --with-gssapi=%{_libexecdir}/mit \ - --with-libidn2 \ - --with-libssh \ - --with-libmetalink \ -%endif - --enable-hidden-symbols \ - --disable-static \ - --enable-threaded-resolver - -# if this fails, the above sed hack did not work -./libtool --config | grep -q link_all_deplibs=no -# enable-hidden-symbols needs gcc4 and causes that curl exports only its API -make %{?_smp_mflags} V=1 - -%if %{with testsuite} -%check -pushd tests -make %{?_smp_mflags} -# make sure the testsuite runs don't race on MP machines in autobuild -if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then - . /.buildenv -fi -if test -z "$BUILD_INCARNATION"; then - BUILD_INCARNATION=0 -fi - -base=$((8990 + $BUILD_INCARNATION * 20)) -# bug940009 do not run flaky tests for any architecture -# at least test 1510 do fail for i586 and ppc64le -perl ./runtests.pl -a -b$base '!flaky' || exit - -popd -%endif - -%install -%make_install -rm -f %{buildroot}%{_libdir}/libcurl.la -install -Dm 0644 docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal/libcurl.m4 -pushd scripts -%make_install -popd - -%post -n libcurl4%{?mini} -p /sbin/ldconfig -%postun -n libcurl4%{?mini} -p /sbin/ldconfig - -%files -%doc README RELEASE-NOTES -%doc docs/{BUGS,FAQ,FEATURES,RESOURCES,TODO,TheArtOfHttpScripting} -%{_bindir}/curl -%{_datadir}/zsh/site-functions/_curl -%{_mandir}/man1/curl.1%{?ext_man} -%dir %{_datadir}/zsh -%dir %{_datadir}/zsh/site-functions -%dir %{_datadir}/fish/ -%dir %{_datadir}/fish/vendor_completions.d/ -%{_datadir}/fish/vendor_completions.d/curl.fish - -%files -n libcurl4%{?mini} -%license COPYING -%{_libdir}/libcurl.so.4* - -%files -n libcurl%{?mini}-devel -%{_bindir}/curl-config -%{_includedir}/curl -%dir %{_datadir}/aclocal/ -%{_datadir}/aclocal/libcurl.m4 -%{_libdir}/libcurl.so -%{_libdir}/pkgconfig/libcurl.pc -%{_mandir}/man1/curl-config.1%{?ext_man} -%{_mandir}/man3/* -%doc docs/libcurl/symbols-in-versions - -%changelog diff --git a/curl.changes b/curl.changes index 49279a5..717938f 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Feb 18 14:11:29 UTC 2020 - Dominique Leuenberger + +- Eliminate curl-mini: The reason for this to exist was that cmake + pulled in curl into too many places, causing build cycles. A new + cmake-mini was generated, eliminating that need. + ------------------------------------------------------------------- Wed Jan 8 09:54:50 UTC 2020 - Pedro Monreal Gonzalez @@ -8,7 +15,7 @@ Wed Jan 8 09:54:50 UTC 2020 - Pedro Monreal Gonzalez ${ORIG_SPEC}-mini.spec -cp ${ORIG_SPEC}.changes ${ORIG_SPEC}-mini.changes -#cp ${ORIG_SPEC}-rpmlintrc ${ORIG_SPEC}-mini-rpmlintrc - -osc service localrun format_spec_file