Accepting request 856452 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to 7.74.0 * Changes: hsts: add experimental support for Strict-Transport-Security * Bugfixes: - Inferior OCSP verification [bsc#1179593, CVE-2020-8286] - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285] - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284] - Revert "multi: implement wait using winsock events" - openssl: free mem_buf in error path - ntlm: avoid malloc(0) on zero length user and domain - ngtcp2: use the minimal version of QUIC supported by ngtcp2 - ngtcp2: advertise h3 ALPN unconditionally - file: avoid duplicated code sequence - openssl: guard against OOM on context creation - docs: document the 8MB input string limit for curl_easy_escape and curl_easy_setopt() - hsts: add read/write callbacks - hsts: add support for Strict-Transport-Security - alt-svc: enable by default - checksrc: warn on empty line before open brace - connect: repair build without ipv6 availability - curl.se: new home - ftp: retry getpeername for FTP with TCP_FASTOPEN - gnutls: fix memory leaks (certfields memory wasn't released) - http: pass correct header size to debug callback for chunked post - libssh2: fix transport over HTTPS proxy - openssl: guard against OOM on context creation - openssl: use OPENSSL_init_ssl() with >= 1.1.0 - Revert "multi: implement wait using winsock events" - socks: check for DNS entries with the right port number OBS-URL: https://build.opensuse.org/request/show/856452 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=288
2020-12-19 18:24:38 +00:00 · 2020-12-19 18:24:38 +00:00 · 4faea07c93
commit 4faea07c93
parent 2871dab525
9 changed files with 85 additions and 76 deletions
--- a/curl-7.73.0.tar.xz
+++ b/curl-7.73.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7c4c7ca4ea88abe00fea4740dcf81075c031b1d0bb23aff2d5efde20a3c2408a
-size 2394228
--- a/curl-7.73.0.tar.xz.asc
+++ b/curl-7.73.0.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl+GkkYACgkQXMkI/bce
-EsI5vwf+NwIw3Jmn9lW7/VHNgFWB1Qa0gB4KlDISM2qG9CHzeIW8K50g2JiIAuLa
-CVOfuMi/jg1r2INRLErZzdGDtD71TzjaEv6A/dxWL+k5/ieFxmH5iC80rYWi8EE9
-sv/bx8vEq8ikIqqV7KxYPlX8xMJBMfCs+TNQbzYM3WUDMLYJLpuNiWrzS6h8+mPq
-4w8qYyrNI5x/J3HSJuzyoJy0ueQOQ6CaZwV/ViGBLmFkMKgsAXJu9ImRMmJXKAk5
-MLiVUKI1KpHJNHZS5pLIP5wrjIN3z7FIRxThJ6f/IqUF1mIc6MNnqcER6lBtxeq4
-SuRq9Dx5W2en/g+I5iic8GwkDD+U6A==
-=W3Yh
-----END PGP SIGNATURE-----
--- a/curl-7.74.0.tar.xz
+++ b/curl-7.74.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b
+size 2400972
--- a/curl-7.74.0.tar.xz.asc
+++ b/curl-7.74.0.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl/QcZ8ACgkQXMkI/bce
+EsJYnggAs5MbJByXsUEI3LzdRvjb2s/dNS/+ubJ98GL+ed8uVsLmGxdF0fS9EPVX
+KoaYbaZwjZJH43+UyqtoFr4GQKhxxhcyZi3477s9Ws9x60yEA21oIggkQLF6X+E
+OEymG0YmNUn/6vvWizCWZtE7TkoWAXEzPLyVbBzoFzfmgzxiQ9//usKCaDh/nCWA
+kouxubBJbpdjk8KTnVf5HMP5PJKs9LeiVh9B2F+Rq1cEvzLrxNlDYptEgH/ml5Sd
+WsWeWttngs2pnZu0pMQNGhdXp6XC5lteN21C1/3hy3KVFUnkqaA+1IHm39wBE73j
+Bmnoi36d+Ub6ZT3Va84Dp/tWJ65Xig==
+=9ka/
+-----END PGP SIGNATURE-----
--- a/curl-disabled-redirect-protocol-message.patch
+++ b/curl-disabled-redirect-protocol-message.patch
@ -10,8 +10,8 @@ Index: curl-7.63.0/lib/url.c
 +       !(data->set.redir_protocols & p->protocol)) {
       /* nope, get out */
 -      ;
-+       failf(data, "Redirect to protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
-+	     protostr);
+       failf(data, "Redirect to protocol \"%s\" not supported or disabled in "
+             LIBCURL_NAME, protostr);
 +
 +       return CURLE_UNSUPPORTED_PROTOCOL;
 +    }
--- a/curl-use_OPENSSL_config.patch
+++ b/curl-use_OPENSSL_config.patch
@ -1,32 +0,0 @@
-This basically reverts  https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a
-
-Index: curl-7.65.2/lib/vtls/openssl.c
-===================================================================
--- curl-7.65.2.orig/lib/vtls/openssl.c
-+++ curl-7.65.2/lib/vtls/openssl.c
-@@ -1026,22 +1026,12 @@ static int Curl_ossl_init(void)
-   ENGINE_load_builtin_engines();
- #endif
- 
-/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and
-   0.9.8e */
-#ifndef CONF_MFLAGS_DEFAULT_SECTION
-#define CONF_MFLAGS_DEFAULT_SECTION 0x0
-#endif
-
-#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
-  CONF_modules_load_file(NULL, NULL,
-                         CONF_MFLAGS_DEFAULT_SECTION|
-                         CONF_MFLAGS_IGNORE_MISSING_FILE);
-#endif
-
- #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
-     !defined(LIBRESSL_VERSION_NUMBER)
-  /* OpenSSL 1.1.0+ takes care of initialization itself */
-+  OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
- #else
-+  OPENSSL_config(NULL);
-+
-   /* Lets get nice error messages */
-   SSL_load_error_strings();
- 
--- a/curl.changes
+++ b/curl.changes
@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Mon Dec 14 15:25:07 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 7.74.0 
+  * Changes:
+    hsts: add experimental support for Strict-Transport-Security
+  * Bugfixes:
+    - Inferior OCSP verification  [bsc#1179593, CVE-2020-8286]
+    - FTP wildcard stack overflow [bsc#1179399, CVE-2020-8285]
+    - trusting FTP PASV responses [bsc#1179398, CVE-2020-8284]
+    - Revert "multi: implement wait using winsock events"
+    - openssl: free mem_buf in error path
+    - ntlm: avoid malloc(0) on zero length user and domain
+    - ngtcp2: use the minimal version of QUIC supported by ngtcp2
+    - ngtcp2: advertise h3 ALPN unconditionally
+    - file: avoid duplicated code sequence
+    - openssl: guard against OOM on context creation
+    - docs: document the 8MB input string limit for curl_easy_escape
+      and curl_easy_setopt()
+    - hsts: add read/write callbacks
+    - hsts: add support for Strict-Transport-Security
+    - alt-svc: enable by default
+    - checksrc: warn on empty line before open brace
+    - connect: repair build without ipv6 availability
+    - curl.se: new home
+    - ftp: retry getpeername for FTP with TCP_FASTOPEN
+    - gnutls: fix memory leaks (certfields memory wasn't released)
+    - http: pass correct header size to debug callback for chunked post
+    - libssh2: fix transport over HTTPS proxy
+    - openssl: guard against OOM on context creation
+    - openssl: use OPENSSL_init_ssl() with >= 1.1.0
+    - Revert "multi: implement wait using winsock events"
+    - socks: check for DNS entries with the right port number
+    - tool_operate: --retry for HTTP 408 responses too
+    - tool_operate: bail out proper on errors during parallel transfers
+    - urlapi: don't accept blank port number field without scheme
+    - urlapi: URL encode a '+' in the query part
+    - vquic/ngtcp2.h: define local_addr as sockaddr_storage
+- Update check section:
+  * runtests now supports dynamically base64 encoded sections in tests
+  * Replace env interpreter for perl and python3
+- Remove curl-use_OPENSSL_config.patch since the OpenSSL initialization
+  has been updated to use OPENSSL_init_ssl() with >= 1.1.0
+
+-------------------------------------------------------------------
+Tue Oct 20 10:33:34 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Update patches to fix compiling warnings:
+  * curl-disabled-redirect-protocol-message.patch
+  * libcurl-ocloexec.patch
+- Enable test 1165
+
 -------------------------------------------------------------------
 Wed Oct 14 21:29:48 UTC 2020 - Pedro Monreal <pmonreal@suse.com>

--- a/curl.spec
+++ b/curl.spec
@ -21,21 +21,20 @@
 # need ssl always for python-pycurl
 %bcond_without openssl
 Name:           curl
-Version:        7.73.0
+Version:        7.74.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl
-URL:            https://curl.haxx.se/
-Source:         https://curl.haxx.se/download/curl-%{version}.tar.xz
-Source2:        https://curl.haxx.se/download/curl-%{version}.tar.xz.asc
+URL:            https://curl.se
+Source:         https://curl.se/download/curl-%{version}.tar.xz
+Source2:        https://curl.se/download/curl-%{version}.tar.xz.asc
 Source3:        baselibs.conf
 Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch2:         curl-secure-getenv.patch
 # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
-Patch4:         curl-disabled-redirect-protocol-message.patch
-Patch5:         curl-use_OPENSSL_config.patch
+Patch3:         curl-disabled-redirect-protocol-message.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
@ -92,18 +91,14 @@ user interaction or any kind of interactivity.
 %patch0 -p1
 %patch1
 %patch2
-%patch4 -p1
-%patch5 -p1
-
-# disable new failing test 1165
-echo "1165" >> tests/data/DISABLED
+%patch3 -p1

 %build
 # curl complains if macro definition is contained in CFLAGS
 # see m4/xc-val-flgs.m4
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
 CFLAGS=$(echo "%{optflags}" | sed -e 's/-D_FORTIFY_SOURCE=2//')
-export CPPFLAGS CFLAGS
+export CPPFLAGS
 export CFLAGS="$CFLAGS -fPIE"
 export LDFLAGS="$LDFLAGS -pie"
 autoreconf -fiv
@ -135,25 +130,17 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
 # if this fails, the above sed hack did not work
 ./libtool --config | grep -q link_all_deplibs=no
 # enable-hidden-symbols needs gcc4 and causes that curl exports only its API
-make %{?_smp_mflags} V=1
+%make_build

 %if %{with testsuite}
 %check
 pushd tests
-make %{?_smp_mflags} V=1
-# make sure the testsuite runs don't race on MP machines in autobuild
-if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then
-	. /.buildenv
-fi
-if test -z "$BUILD_INCARNATION"; then
-	BUILD_INCARNATION=0
-fi
+%make_build

-base=$((8990 + $BUILD_INCARNATION * 20))
-# bug940009 do not run flaky tests for any architecture
-# at least test 1510 do fail for i586 and ppc64le
-perl ./runtests.pl -a -v -p -b$base '!flaky' || exit
+find -type f -name "*.pl" -exec sed -i 's|#!.*/usr/bin/env perl|#!/usr/bin/perl|' "{}" +
+find -type f -name "*.py" -exec sed -i 's|#!.*/usr/bin/env python.*|#!/usr/bin/python3|' "{}" +

+perl ./runtests.pl -a -v -p '!flaky' || exit
 popd
 %endif

@ -170,7 +157,7 @@ popd

 %files
 %doc README RELEASE-NOTES CHANGES
-%doc docs/{BUGS.md,FAQ,FEATURES,TODO,TheArtOfHttpScripting.md}
+%doc docs/{BUGS.md,FAQ,FEATURES.md,TODO,TheArtOfHttpScripting.md}
 %{_bindir}/curl
 %{_datadir}/zsh/site-functions/_curl
 %{_mandir}/man1/curl.1%{?ext_man}
--- a/libcurl-ocloexec.patch
+++ b/libcurl-ocloexec.patch
@ -68,12 +68,14 @@ Index: curl-7.69.0/lib/connect.c
 ===================================================================
 --- curl-7.69.0.orig/lib/connect.c
 +++ curl-7.69.0/lib/connect.c
-@@ -1529,7 +1529,7 @@ CURLcode Curl_socket(struct connectdata
+@@ -1529,7 +1529,9 @@ CURLcode Curl_socket(struct connectdata
   }
   else
     /* opensocket callback not set, so simply create the socket now */
 -    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
-+    *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol);
+    *sockfd = socket(addr->family,
+                     addr->socktype | SOCK_CLOEXEC,
+                     addr->protocol);
 
   if(*sockfd == CURL_SOCKET_BAD)
     /* no socket, no connection */